Telindus 1423 SHDSL Router

Telindus 1423 SHDSL Router

User and reference manual

Version: 1.5 - 204892

Telindus Technical Publications – Geldenaaksebaan 335 - B-3001 Leuven - Belgium – Tel. +32 16 382011
ii Telindus 1423 SHDSL Router Copyright, safety and statements
User and reference manual

Document properties

Subject Telindus 1423 SHDSL Router

Manual type User and reference manual

Version 1.5

Code 204892

Modification date 22 June 2006 ©Telindus

Copyright notice

The information and descriptions contained in this publication are the property of Telindus. Such infor-
mation and descriptions must not be copied or reproduced by any means, or disseminated or distributed
without the express prior written permission of Telindus.
This publication could include technical inaccuracies or typographical errors, for which Telindus never
can or shall be held liable. Changes are made periodically to the information herein; these changes will
be incorporated in new editions of this publication. Telindus may make improvements and/or changes in
the product(s) described in this publication at any time, without prior notice.

Safety requirements

Carefully read the safety instructions, installation precautions and connection precautions as stated in
chapter 2 - Installing and connecting the Telindus 1423 SHDSL Router on page 11.
Telindus 1423 SHDSL Router Copyright, safety and statements iii
User and reference manual

Statements

www.telindusproducts.com → Telindus Access Solutions → Products → Choose a product → Down-

loads → Certificates

Hereby, Telindus declares that this Telindus 1423 SHDSL Router complies with the essential require-
ments and other relevant provisions of Directive 1999/5/EC.

Hierbij verklaart Telindus dat deze Telindus 1423 SHDSL Router overeenstemt met de essentiële vere-
isten en andere relevante bepalingen van Richtlijn 1999/5/EC.

Par la présente, Telindus déclare que ce Telindus 1423 SHDSL Router est en conformité avec les exi-
gences essentielles et autres articles applicables de la Directive 1999/5/EC.

Hiermit, Telindus erklärt daß dieser Telindus 1423 SHDSL Router in Fügsamkeit ist mit den wesentli-
chen Anforderungen und anderen relevanten Bereitstellungen von Direktive 1999/5/EC.

Mediante la presente, Telindus declara que el Telindus 1423 SHDSL Router cumple con los requisitos
esenciales y las demás prescripciones relevantes de la Directiva 1999/5/CE.

A Telindus declara que o Telindus 1423 SHDSL Router cumpre os principais requisitos e outras dis-
posições da Directiva 1999/5/EC.

Col presente, Telindus dichiara che questo Telindus 1423 SHDSL Router è in acquiescenza coi requisiti
essenziali e stipulazioni attinenti ed altre di Direttivo 1999/5/EC.

Με το παρόν η Telindus δηλώνει ότι το Telindus 1423 SHDSL Router είναι συµµορφούµενο µε τις
βασικές απαιτήσεις και µε τις υπόλοιπες σχετικές διατάξες της οδηγίας 1999/5/EC.
iv Telindus 1423 SHDSL Router Copyright, safety and statements
User and reference manual

Environmental information

The crossed-out wheeled bin means that within the European Union the product must be taken to separate
collection at the product end of life. This applies to the device but also to any accessories marked with this
symbol. Do not dispose of these products as unsorted municipal waste.
If you need more information on the collection, reuse and recycling systems, please contact your local waste
administration. You can also contact us for more information on the environmental specifications of our products.

De doorgestreepte container wil zeggen dat binnen de Europese gemeenschap het product voor gescheiden afvalverzameling
moet worden aangeboden aan het einde van de levensduur van het product. Dit geldt voor het toestel, maar ook voor alle
toebehoren dia van dit symbool voorzien zijn. Bied deze producten niet aan bij het gewone huisvuil.
Indien u meer informatie wenst over de systemen voor inzameling, hergebruik en recyclage, gelieve dan uw lokale afvaldiensten
te contacteren. U kan ook ons contacteren wanneer u informatie wenst over de milieu aspecten van onze producten.

Le symbole de la poubelle sur roues barrée d’une croix signifie que ce produit doit faire l’objet d’une collecte sélective en fin de
vie au sein de l’Union Européenne. Cette mesure s’applique non seulement à vorte appareil mais également à tout autre
accessoire marqué de ce symbole. Ne jetez pas ces produits dans les ordures ménagères non sujettes au tri sélectif.
Si vous souhaitez plus d'information concernant les systèmes de collecte, de réutilisation et de recyclage, veuillez contactez votre
service de gestion de déchets local. Vous pouvez également nous contacter pour obtenir plus d’information au sujet des
spécifications environnementales de nos produits.

Das Symbol der durchgestrichenen Abfalltonne auf Rädern bedeutet dass das Produkt in der Europäischen Union einer
getrennten Mülsammlung zugeführt werden muss. Dies gilt sowohl für das Produkt selbst, als auch für alle mit diesem Symbol
gekennzeichneten Zubehörteile. Diese Produkte dürfen nicht über den unsortierten Hausmüll entsorgt werden.
Wenn Sie mehr Informationen brauchen über die Sammlung und Recycling Systemen, bitte konsultieren Sie Ihre örtliche Abfälle
Verwaltung. Für mehr Informationen über die Umweltaspekten unserer Produkte, wenden Sie sich an unserer Kundendienst.
Telindus 1423 SHDSL Router Preface v
User and reference manual

Documentation set

The documentation set of the Telindus 1423 SHDSL Router currently consists of the following:

Document Description

Telindus 1423 SHDSL Router
manual (this manual)
This is the manual you are reading now.
It shows you how to install and connect the Telindus 1423 SHDSL
Router and gives you a basic configuration. It also contains a com-
plete description of all the configuration, status, performance and
alarm parameters for look-up purposes.

maintenance and manage- The Telindus 1423 SHDSL Router can be maintained and managed
ment application manuals by a variety of maintenance and management tools. Refer to 1.4 -
Maintenance and management tools on page 8 for an introduction on
these tools and for a reference to the manual of these tools.

cable documents A wide variety of cables exist to connect the Telindus 1423 SHDSL
Router. The Data cables document (PDF) and the Management
cables document (PDF) describe these cables.

All these documents, together with the free maintenance tool TMA and the firmware of the Telindus
devices, can be found on the Telindus Access Products distribution CD that is delivered with all Telindus
products.

Organisation of this manual

This manual contains the following main parts:

Part This part …

User manual shows you how to install and connect the Telindus 1423 SHDSL Router. It also
gives a basic configuration of the Telindus 1423 SHDSL Router.

Reference manual gives more detailed information on the Telindus 1423 SHDSL Router, such as
software download procedures, technical specifications, etc. It also contains a
complete description of all the configuration, status, performance and alarm
parameters for look-up purposes.

Annex gives additional information, such as product sales codes.

Refer to the Table of contents on page x for a detailed overview of this manual.
vi Telindus 1423 SHDSL Router Preface
User and reference manual

Typographical conventions

The following typographical conventions are used in this manual:

The format … indicates …

Normal normal text.

Italic • new or emphasised words

• application windows, buttons and fields. E.g. In the Filename field enter …
Computer text you have to enter at the DOS or CLI prompt, computer output and code
examples.
E.g. NOK,1,1,Invalid command.
Computer Bold text you have to enter at the DOS or CLI prompt when it is part of a mix of com-
puter input and output.
E.g.
/o1003:"Edit Configuration"
>get sysName
sysName = "Orchid 1003 LAN"
/o1003:"Edit Configuration"
>

Narrow containment tree objects and attributes of a device when they are mentioned in
the normal text. I.e. when they are not a part of computer input or output.
E.g. Use the sysName attribute in order to …

<Narrow> containment tree objects or attributes or part of them that are variable. I.e.
depending on the product version, used interface, etc. the names of these
objects or attributes are slightly different.
E.g. topObject/<modularIf>/someAttribute means that the name of the object
<modularIf> depends on which modular interface you use. For example, v35 in
case of a V.35 interface, g703 in case of a G.703 interface, etc.

Blue references to other parts in the manual.

E.g. “Refer to xx - Title for more information”.

Blue underline • a hyperlink to a web site. E.g. www.telindus.com

• a reference to another manual. E.g. “Refer to the TMA manual (PDF) for
more information”. The abbreviation between brackets is an indication of the
file format (PDF = Portable Document Format / CHM = Compiled HTML
Help).
Telindus 1423 SHDSL Router Preface vii
User and reference manual

Graphical conventions

The following icons are used in this manual:

Icon Name This icon indicates …

Remark remarks or useful tips.

Caution text to be read carefully in order to avoid damage to the device.

Warning text to be read carefully in order to avoid injury.

DIP switch a DIP switch or strap table.

Basic attribute a basic attribute in the containment tree of the Telindus 1423 SHDSL
Router.

Advanced attribute an advanced attribute in the containment tree of the Telindus 1423
SHDSL Router.

Structured attribute a structured attribute within another attribute in the containment tree
of the Telindus 1423 SHDSL Router.

Action an action in the containment tree of the Telindus 1423 SHDSL

Router.
viii Telindus 1423 SHDSL Router Preface
User and reference manual

Reading a DIP switch table

At several places in this manual DIP switch tables are shown. To enable you to read such a table in a
correct manner it is explained below.
A DIP switch table has the following layout:

The following table explains the DIP switch configuration table layout:

Number This position displays …

1 the DIP switch icon.

2 the DIP switch name.

3 the DIP switch position on the DIP switch bank.

The abbreviations mean the following:
DS1 no. 1: DIP switch bank number 1, switch position number 1

4 the possible settings of the DIP switch: on and off. The default setting is printed in bold.

5 the function associated with the corresponding DIP switch setting.

Reading an attribute string

At several places in this manual attribute strings are shown. To enable you to read such a string in a
correct manner it is explained below.
An attribute string has the following layout:

The following table explains the attribute string layout:

Number This position displays …

1 the attribute icon. It indicates that the string which follows is an attribute string. Refer to
Graphical conventions on page vii for more information.

2 the attribute name and its position in the containment tree.

3 the default value of a configuration attribute.

Telindus 1423 SHDSL Router Preface ix
User and reference manual

TDRE version

The Telindus Dynamic Routing Engine (TDRE) is a feature-rich operating system that guarantees a com-
mon feature set across the different Telindus product lines and a uniform support by maintenance and
management tools.
This manual describes the features, containment tree and attributes of the TDRE version 11.5.

Audience

This manual is intended for computer-literate people, who have a working knowledge of computing and
networking principles.

Your feedback

Your satisfaction about this purchase is an extremely important priority to all of us at Telindus. Accord-
ingly, all electronic, functional and cosmetic aspects of this new unit have been carefully and thoroughly
tested and inspected. If any fault is found with this unit or should you have any other quality-related com-
ment concerning this delivery, please submit the Quality Comment Form on our web page at
www.telindusproducts.com/quality.
x Telindus 1423 SHDSL Router Table of contents
User and reference manual

Table of contents

User manual............................................................................................ 1
1 Introducing the Telindus 1423 SHDSL Router ..................................................3
1.1 What is the Telindus 1423 SHDSL Router? ............................................................... 4
1.2 Telindus 1423 SHDSL Router applications ................................................................ 5
1.3 Telindus 1423 SHDSL Router family overview .......................................................... 7
1.4 Maintenance and management tools ......................................................................... 8
1.5 Maintenance and management tools connection possibilities ................................. 10

2 Installing and connecting the Telindus 1423 SHDSL Router.........................11

2.1 Safety instructions .................................................................................................... 12
2.2 Unpacking ................................................................................................................ 13
2.3 Selecting a site ......................................................................................................... 14
2.4 Mounting the Telindus 1423 SHDSL Router to a wall .............................................. 15
2.5 Connection precautions............................................................................................ 17
2.6 Connecting the Telindus 1423 SHDSL Router......................................................... 18
2.7 The front panel LED indicators................................................................................. 24

3 DIP switches of the Telindus 1423 SHDSL Router .........................................29

3.1 The Telindus 1423 SHDSL Router motherboard ..................................................... 30
3.2 DIP switches of the Telindus 1423 SHDSL Router .................................................. 31
3.3 Straps of the Telindus 1423 SHDSL Router............................................................. 32
3.4 Opening and closing the housing ............................................................................. 33

4 Maintaining the Telindus 1423 SHDSL Router ................................................35

4.1 Maintaining the Telindus 1423 SHDSL Router with TMA......................................... 36
4.2 Introducing the management terminology ................................................................ 42
4.3 The objects in the Telindus 1423 SHDSL Router containment tree......................... 46
4.4 Adding an object to the containment tree................................................................. 50
4.5 Telindus 1423 SHDSL Router attribute overview..................................................... 55

5 Basic configuration ...........................................................................................57

5.1 What is an interface?................................................................................................ 58
5.2 Configuring IP addresses ......................................................................................... 59
5.3 Configuring the SHDSL line ..................................................................................... 73
5.4 Enabling EOC message exchange .......................................................................... 76
5.5 Configuring passwords............................................................................................. 84
5.6 Executing configuration actions................................................................................ 86
5.7 Configuring the major features of the Telindus 1423 SHDSL Router....................... 90
5.8 Troubleshooting the Telindus 1423 SHDSL Router ................................................. 91

6 Setting up ISDN connections............................................................................93

6.1 Explaining profiles and dial maps............................................................................. 94
6.2 How to configure a dial-up ISDN connection on a BRI interface?.......................... 100
6.3 How to configure a leased line ISDN connection on a BRI interface? ................... 106
6.4 How to configure callback? .................................................................................... 108
Telindus 1423 SHDSL Router Table of contents xi
User and reference manual

7 Configuring the encapsulation protocols......................................................113

7.1 Selecting an encapsulation protocol....................................................................... 114
7.2 Configuring ATM encapsulation ............................................................................. 115
7.3 Configuring Frame Relay encapsulation ................................................................ 140
7.4 Configuring PPP encapsulation.............................................................................. 155
7.5 Configuring HDLC encapsulation ........................................................................... 181
7.6 Configuring an error test......................................................................................... 183

8 Configuring routing .........................................................................................185

8.1 Introducing routing.................................................................................................. 186
8.2 Enabling routing on an interface............................................................................. 187
8.3 Configuring static routes......................................................................................... 188
8.4 Configuring policy based routing ............................................................................ 196
8.5 Configuring RIP ...................................................................................................... 201
8.6 Configuring OSPF .................................................................................................. 210
8.7 Configuring address translation.............................................................................. 219
8.8 Configuring traffic and priority policy on the router................................................. 237
8.9 Configuring VRRP .................................................................................................. 255

9 Configuring bridging .......................................................................................263

9.1 Introducing bridging................................................................................................ 264
9.2 Configuring bridging ............................................................................................... 274
9.3 Configuring traffic and priority policy on the bridge ................................................ 285

10 Configuring the additional features ...............................................................289

10.1 Configuring DHCP.................................................................................................. 290
10.2 Configuring the access restrictions ........................................................................ 296
10.3 Configuring VLANs................................................................................................. 308
10.4 Configuring VLANs on the 4 port Ethernet switch .................................................. 316
10.5 Configuring L2TP tunnels....................................................................................... 324
10.6 Configuring IP security ........................................................................................... 334
10.7 Configuring RADIUS .............................................................................................. 355
10.8 Configuring QoS..................................................................................................... 365
10.9 Configuring the stateful inspection firewall ............................................................. 376

11 Configuration examples ..................................................................................401

11.1 Step-by-step example: LAN extension over ATM with ISDN back-up.................... 402
11.2 LAN extension over a PDH/SDH network .............................................................. 422
11.3 LAN extension over a Frame Relay network.......................................................... 424
11.4 Connecting a LAN to the Internet using NAT and PAT .......................................... 426
11.5 Using PAT with a minimum of official IP addresses ............................................... 428
11.6 Combining bridging and routing in a network ......................................................... 431
xii Telindus 1423 SHDSL Router Table of contents
User and reference manual

Reference manual .............................................................................. 433

12 Configuration attributes ..................................................................................435
12.1 Configuration attribute overview............................................................................. 436
12.2 General configuration attributes ............................................................................. 445
12.3 LAN interface configuration attributes .................................................................... 451
12.4 WAN interface configuration attributes................................................................... 466
12.5 Encapsulation configuration attributes ................................................................... 468
12.6 SHDSL line configuration attributes ....................................................................... 497
12.7 End and repeater configuration attributes .............................................................. 508
12.8 BRI configuration attributes .................................................................................... 510
12.9 Profiles configuration attributes .............................................................................. 519
12.10Dial maps configuration attributes .......................................................................... 547
12.11Bundle configuration attributes............................................................................... 552
12.12Router configuration attributes ............................................................................... 557
12.13Bridge configuration attributes................................................................................ 652
12.14SNMP configuration attributes................................................................................ 665
12.15Management configuration attributes ..................................................................... 667

13 Status attributes ..............................................................................................679

13.1 Status attribute overview ........................................................................................ 680
13.2 General status attributes ........................................................................................ 689
13.3 LAN interface status attributes ............................................................................... 693
13.4 WAN interface status attributes.............................................................................. 702
13.5 Encapsulation status attributes .............................................................................. 705
13.6 SHDSL line status attributes .................................................................................. 728
13.7 End and repeater status attributes ......................................................................... 733
13.8 BRI status attributes ............................................................................................... 737
13.9 AUX status attributes.............................................................................................. 749
13.10Profile status attributes........................................................................................... 752
13.11Dial maps status attributes ..................................................................................... 754
13.12Bundle status attributes.......................................................................................... 757
13.13Router status attributes .......................................................................................... 765
13.14Bridge status attributes........................................................................................... 808
13.15Management status attributes ................................................................................ 815
13.16File system status attributes................................................................................... 820
13.17Operating system status attributes......................................................................... 830
Telindus 1423 SHDSL Router Table of contents xiii
User and reference manual

14 Performance attributes ...................................................................................833

14.1 Performance attributes overview............................................................................ 834
14.2 General performance attributes.............................................................................. 841
14.3 LAN interface performance attributes..................................................................... 843
14.4 WAN interface performance attributes ................................................................... 848
14.5 Encapsulation performance attributes.................................................................... 849
14.6 SHDSL line performance attributes........................................................................ 862
14.7 End and repeater performance attributes............................................................... 866
14.8 BRI performance attributes .................................................................................... 867
14.9 AUX performance attributes ................................................................................... 872
14.10Dial maps performance attributes .......................................................................... 873
14.11Bundle performance attributes ............................................................................... 875
14.12Router performance attributes................................................................................ 878
14.13IP traffic policy performance attributes ................................................................... 900
14.14Bridge performance attributes ................................................................................ 902
14.15Management performance attributes ..................................................................... 908
14.16Operating system performance attributes .............................................................. 911

15 Alarm attributes ...............................................................................................915

15.1 Alarm attributes overview ....................................................................................... 916
15.2 Introducing the alarm attributes.............................................................................. 919
15.3 General alarms....................................................................................................... 922
15.4 LAN interface alarms.............................................................................................. 924
15.5 WAN interface alarms ............................................................................................ 925
15.6 SHDSL line alarms ................................................................................................. 926
15.7 SHDSL line pair alarms .......................................................................................... 927
15.8 End and repeater alarms........................................................................................ 929
15.9 BRI alarms.............................................................................................................. 931
15.10B-channel alarms ................................................................................................... 932
15.11AUX alarms ............................................................................................................ 933
15.12Bundle alarms ........................................................................................................ 934
15.13Router alarms......................................................................................................... 935

16 TMA sub-system picture .................................................................................937

17 Auto installing the Telindus 1423 SHDSL Router .........................................939

17.1 Introducing the auto-install protocols...................................................................... 940
17.2 Auto-install on the LAN interface............................................................................ 942
17.3 Auto-install on the WAN interface .......................................................................... 947
17.4 Creating a configuration file.................................................................................... 954
17.5 Restoring a configuration file.................................................................................. 961
xiv Telindus 1423 SHDSL Router Table of contents
User and reference manual

18 Downloading software ....................................................................................965

18.1 What is boot and application software?.................................................................. 966
18.2 Downloading application software using TMA........................................................ 967
18.3 Downloading application software using TFTP ...................................................... 968
18.4 Downloading application software using TML ........................................................ 969
18.5 Downloading application software using FTP ........................................................ 970
18.6 Downloading application software in boot mode .................................................... 971
18.7 Downloading files to the file system ....................................................................... 972

19 Technical specifications .................................................................................973

19.1 SHDSL line specifications ...................................................................................... 974
19.2 Basic Rate ISDN interface specifications ............................................................... 976
19.3 LAN interface specifications ................................................................................... 977
19.4 4 port Ethernet switch specifications ...................................................................... 977
19.5 Control connector specifications ............................................................................ 978
19.6 IP address assignment and auto-provisioning ....................................................... 979
19.7 ATM encapsulation specifications .......................................................................... 980
19.8 Frame Relay encapsulation specifications ............................................................. 981
19.9 PPP encapsulation specifications .......................................................................... 981
19.10Other WAN encapsulation specifications ............................................................... 981
19.11IP routing specifications ......................................................................................... 982
19.12Bridging specifications............................................................................................ 984
19.13Network address translation specifications ............................................................ 985
19.14Tunnelling and VPN specifications......................................................................... 986
19.15Priority and traffic policy specifications................................................................... 987
19.16Routing and bridging performance specifications .................................................. 989
19.17Firewall specifications ............................................................................................ 989
19.18Access security specifications................................................................................ 990
19.19Maintenance and management specifications ....................................................... 990
19.20Memory specifications............................................................................................ 991
19.21Power requirements ............................................................................................... 991
19.22Dimensions............................................................................................................. 991
19.23Safety compliance .................................................................................................. 992
19.24Over-voltage and over-current protection compliance ........................................... 992
19.25EMC compliance .................................................................................................... 992
19.26Environmental compliance ..................................................................................... 992

Annex .................................................................................................. 993

Annex A:common TCP and UDP numbers ..........................................................995

Annex B:product information ...............................................................................997

Index .................................................................................................... 999

 Telindus 1423 SHDSL Router 1
User manual

User manual
2 Telindus 1423 SHDSL Router
User manual
Telindus 1423 SHDSL Router Chapter 1 3
User manual Introducing the Telindus 1423 SHDSL Router

1 Introducing the Telindus 1423 SHDSL Router

This chapter gives an introduction to the Telindus 1423 SHDSL Router. The following gives an overview
of this chapter:
• 1.1 - What is the Telindus 1423 SHDSL Router? on page 4
• 1.2 - Telindus 1423 SHDSL Router applications on page 5
• 1.3 - Telindus 1423 SHDSL Router family overview on page 7
• 1.4 - Maintenance and management tools on page 8
• 1.5 - Maintenance and management tools connection possibilities on page 10
4 Telindus 1423 SHDSL Router Chapter 1
User manual Introducing the Telindus 1423 SHDSL Router

1.1 What is the Telindus 1423 SHDSL Router?

The Telindus 1423 SHDSL Router is a professional state-of-the-art multi-port router with built-in SHDSL
line interface offering symmetric full-duplex transmission up to 2.3 Mbps over a single two-wire uncon-
ditioned, unshielded twisted-pair cable.
The line speed can be automatically adapted to optimise the throughput as a function of the character-
istics of the local loop. To achieve even higher speeds (up to 4.6 Mbps) or a longer reach, a 2-line pair
version is also available.
The basic unit features one DSL interface, a four port 10/100Base-T Ethernet switch, and an additional
independent 10/100Base-T connection. The latter can be used for creating a DMZ (Demilitarised zone)
or for backup purposes.
Additional models offer the possibility for securing the DSL connection using up to two Basic Rate ISDN
connections (four B channels).
The Telindus 1423 SHDSL Router can be used as CPE in combination with any Telindus or third-party
DSLAM (Digital Subscriber Line Access Multiplexer), and in point-to-point configurations.
Selected models, featuring a hardware based encryption accelerator, can also be used in combination
with traditional Frame Relay or PPP based access networks.
Fully supported by the TDRE (Telindus Dynamic Routing Engine), the unit supports advanced features
such as IP Quality of Service, IP Virtual Private Networks and support for VLANs. With a routing per-
formance of approximately 45.000 pps, the Telindus 1423 SHDSL Router is capable to handle any type
of multimedia or delay-sensitive traffic. This makes the Telindus 1423 SHDSL Router the ideal access
device for connecting business users, offering secured managed IP services at the highest possible
speeds.
The equipment supports different management interfaces on different levels of the network. At the local
level it is possible to manage the equipment over a management console interface by means of a PC
maintenance tool, a command line interface or a menu driven interface.
On IP level the equipment supports Telnet, SNMP, HTTP or TFTP/FTP. In this way it is possible to inte-
grate the unit in any existing network management environment.
At the network level it is possible to manage the access network with a stand-alone element manager or
with an element manager integrated into HP OpenView.
The Telindus 1423 SHDSL Router supports auto-install features over the WAN network. This makes it
ideally suited for plug-and-play installation at customer premises while the configuration is prepared at
a central site.
Telindus 1423 SHDSL Router Chapter 1 5
User manual Introducing the Telindus 1423 SHDSL Router

1.2 Telindus 1423 SHDSL Router applications

Below some examples of Telindus 1423 SHDSL Router applications are shown.

Point-to-point LAN interconnection

LAN extension over a network

LAN to Internet connection

LAN extension over a network with ISDN back-up

6 Telindus 1423 SHDSL Router Chapter 1
User manual Introducing the Telindus 1423 SHDSL Router

DSLAM set-up with ISDN back-up

Telindus 1423 SHDSL Router Chapter 1 7
User manual Introducing the Telindus 1423 SHDSL Router

1.3 Telindus 1423 SHDSL Router family overview

The following gives an overview of the standard Telindus 1423 SHDSL Router versions:

SHDSL line pairs

Real time clock

ISDN BRI ports
Ethernet ports

encapsulation
accelerator
Hardware
Standard
version

WAN
1423 SHDSL 1P 1P 1 0 no no ATM

1423 SHDSL 2P 2P 1 0 no no ATM

1423 SHDSL 1P 2ETH4P 1P 1+4 0 no no ATM

1423 SHDSL 2P 2ETH4P 2P 1+4 0 no no ATM

1423 SHDSL 1P 2ETH4P HWA 1P 1+4 0 yes yes ATM, PPP, FR,
HDLC, ET

1423 SHDSL 2P 2ETH4P HWA 2P 1+4 0 yes yes ATM, PPP, FR,
HDLC, ET

1423 SHDSL 1P 2ETH4P ISDN HWA 1P 1+4 2 yes yes ATM, PPP, FR,
HDLC, ET

1423 SHDSL 2P 2ETH4P ISDN HWA 2P 1+4 2 yes yes ATM, PPP, FR,
HDLC, ET
8 Telindus 1423 SHDSL Router Chapter 1
User manual Introducing the Telindus 1423 SHDSL Router

1.4 Maintenance and management tools

The Telindus 1423 SHDSL Router is manageable in many different ways. This section gives a quick
overview of the various maintenance and management tools.

Maintenance or Description and reference

management
tool

TMA TMA (Telindus Maintenance Application) is a free Windows software package with
a comprehensive graphical user interface that enables you to control the Telindus
products completely. I.e. to access their configuration attributes and look at status,
performance and alarm information.
Refer to 4 - Maintaining the Telindus 1423 SHDSL Router on page 35 and the TMA
manual (PDF) for more information.

TMA Element TMA Element Management is a management application designed to monitor

Management large numbers of Telindus devices. It combines the easy to use graphical interface
of the stand-alone version of TMA with an event-logging application called the Ele-
ment Viewer.
Refer to the TMA Element Management manual (PDF/CHM) for more information.

TMA for HP TMA for HP OpenView is the management application that runs on the widely
OpenView spread network management platform HP OpenView. It combines the easy to use
graphical interface of the stand-alone version of TMA with the advantages and fea-
tures of HP OpenView.
Refer to the TMA for HP OpenView manual (PDF) for more information.

TMA CLI TMA CLI (TMA Command Line Interface) enables you to use its commands in
scripts in order to automate management actions. This is particularly useful in
large networks. TMA CLI is a complementary product to TMA, TMA Element Man-
agement and TMA for HP OpenView.
Refer to the TMA CLI manual (PDF) for more information.

ATWIN ATWIN is a menu-driven user interface. You can read and change all attributes as
with TMA, but in a more basic, textual representation using a VT100 terminal.
Refer to the Maintenance tools manual (PDF) for more information.

CLI CLI is also a Command Line Interface, although not so extensive as TMA CLI.
Experienced users who are familiar with the syntax can access the Telindus
devices more quickly than with TMA or ATWIN.
Refer to the Maintenance tools manual (PDF) for more information.

Web Interface The Web Interface is an ATWIN alike menu-driven user interface. You can read
and change all attributes as with TMA, but in a more basic representation using a
web browser.
Refer to the Maintenance tools manual (PDF) for more information.

Note that the HTTP interfaces are not only available on port 80, but also on
port 8080. This allows connecting to the HTTP interfaces in case a NAT
service is defined on port 80.
Telindus 1423 SHDSL Router Chapter 1 9
User manual Introducing the Telindus 1423 SHDSL Router

Maintenance or Description and reference

management
tool

SNMP You can manage the Telindus 1423 SHDSL Router through SNMP using any
SNMP browser. The Telindus 1423 SHDSL Router supports MIB2 and a private
MIB, including traps.
The private MIB comes with your copy of TMA. After installation of the TMA data
files, the private MIB file is available in directory C:\Program Files\TMA\snmp1 with
the name <filename>.mib2.
Refer to 12.14 - SNMP configuration attributes on page 665 and the documenta-
tion of your SNMP browser for more information.

Easy Configura- The Easy Configurator allows you to add HTML pages on top of the standard Web
tor Interface by adding a set of specific files on the file system of the Telindus 1423
SHDSL Router. These files can be made either by Telindus or by the customer
itself.
The goal is to offer a simple, custom made web interface which allows only to
change or show those parameters that are relevant for a certain application or cus-
tomer.
Refer to the Maintenance tools manual (PDF) for more information.

Note that the HTTP interfaces are not only available on port 80, but also on
port 8080. This allows connecting to the HTTP interfaces in case a NAT
service is defined on port 80.

1. The first part of the directory path may be different if you did not choose the default path during
the installation of the TMA data files.
2. The filename is product dependent. To determine which MIB file corresponds with which prod-
uct, refer to the models.nms file (located in C:\Program Files\TMA\model1).
10 Telindus 1423 SHDSL Router Chapter 1
User manual Introducing the Telindus 1423 SHDSL Router

1.5 Maintenance and management tools connection possibilities

The following table gives an overview of all the maintenance and management tools and how you can
connect them with the Telindus 1423 SHDSL Router:

Maintenance or manage- Tool - Telindus 1423 SHDSL Tool - management concentra-

ment tool Router connection tor connection1

Serial2 IP3 Serial2 IP3

CLI X4 X5 X4 X5

ATWIN X4 X5 X4 X5

TMA X X X X

TMA CLI X X X X

TMA Element Management X X

TMA for HP OpenView X X

SNMP6 X X

Web Interface7 X X

1. Examples of management concentrators are the Orchid 1003 LAN, the Telindus 1030 Router
series, the Telindus 2300 SHDSL series, etc. Refer to their corresponding manuals for more
information on how to set these devices up as management proxy.
2. A serial connection is a connection between the COM port of your PC and the control connec-
tor of the Telindus 1423 SHDSL Router using a male-female DB9 cable.
3. An IP connection is a connection between your PC and the Telindus 1423 SHDSL Router over
an IP network.
4. Using a VT100 terminal (emulation program).
5. Using Telnet.
6. Using an SNMP browser.
7. Using a web browser.
Telindus 1423 SHDSL Router Chapter 2 11
User manual Installing and connecting the Telindus 1423 SHDSL Router

2 Installing and connecting the Telindus 1423 SHDSL

Router
First this chapter gives some important safety instructions. Then it explains how to install and connect
the Telindus 1423 SHDSL Router.

You are advised to read this chapter from the beginning to the end, without skipping any part. By doing
so, your Telindus 1423 SHDSL Router will be completely installed and ready for configuration when you
reach the end of this chapter.

The following gives an overview of this chapter:

• 2.1 - Safety instructions on page 12
• 2.2 - Unpacking on page 13
• 2.3 - Selecting a site on page 14
• 2.4 - Mounting the Telindus 1423 SHDSL Router to a wall on page 15
• 2.5 - Connection precautions on page 17
• 2.6 - Connecting the Telindus 1423 SHDSL Router on page 18
• 2.7 - The front panel LED indicators on page 24
12 Telindus 1423 SHDSL Router Chapter 2
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.1 Safety instructions

IMPORTANT SAFETY INSTRUCTIONS

Disconnect the power supply before installing, adjusting or servicing the unit.

WICHTIGE SICHERHEITSINSTRUKTIONEN

Vor sämtlichen Arbeiten am Gerät (Installation, Einstellungen, Reparaturen etc.) sollten Sie den
Netzstecker aus der Steckdose ziehen.

SAFETY WARNING

To avoid damage to the unit, please observe all procedures described in this chapter.

SICHERHEITSBESTIMMUNGEN

Um eine Beschädigung des Gerätes zu verhindern, beachten Sie bitte unbedingt die Sicherheitsbestim-
mungen die in diesem Abschnitt beschrieben werden.

Ensure that the unit and its connected equipment all use the same power and ground, to reduce noise
interference and possible safety hazards caused by differences in ground or earth potentials.
Telindus 1423 SHDSL Router Chapter 2 13
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.2 Unpacking

Checking the shipping carton

Rough handling during shipping causes most early failures. Before installation, check the shipping car-
ton for signs of damage:
• If the shipping carton is damaged, please place a claim with the carrier company immediately.
• If the shipping carton is undamaged, do not dispose of it in case you need to store the unit or ship it
in the future.

Package contents

The box should contain the following items:

• Telindus 1423 SHDSL Router
• RJ45-RJ12 adapter plug
• RJ45-RJ12 SHDSL line cable
• TMA CD-ROM (including this User and Reference manual in PDF format)

Optionally (depending which sales item you ordered):

• external power supply with power cord
14 Telindus 1423 SHDSL Router Chapter 2
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.3 Selecting a site

WARNING

Always place the unit on its feet without blocking the air vents.
Do not stack multiple units directly onto each other, as stacking can cause heat build-up that could dam-
age the equipment.

ACHTUNG

Stellen Sie das Gerät niemals seitlich, sondern nur auf den Füßen auf und achten Sie darauf, daß die
Lüftungsschlitze an der Seitenverkleidung frei bleiben.
Stapeln Sie nicht mehrere Geräte direkt übereinander, dies kann zu einem Hitzestau führen.

Install the unit in an area free of extreme temperatures, humidity, shock and vibration. Position it so that
you can easily see and access the front panel and its control indicators. Leave enough clearance at the
back for cables and wires. Position the unit within the correct distances for the different accesses and
within 2m of a power outlet.
Telindus 1423 SHDSL Router Chapter 2 15
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.4 Mounting the Telindus 1423 SHDSL Router to a wall

The Telindus 1423 SHDSL Router can be mounted to the wall. In order to do so, proceed as follows:

Step Action

1 Drill two holes in the wall, according to the following specifications:

• hole diameter: 4 mm
• distance between the holes:
- in case of the PBOX05 housing: 120 mm
- in case of the PBOX06 housing: 60 mm
• hole depth: at least 25 mm

2 Insert two wall plugs in the holes. The plugs should have the following dimensions:
• diameter: 4 mm
• length: 20 mm

3 Screw two square hooks (steel zinc plated and white epox) in the plugs. The square
hooks should have the following dimensions:

4 Slide the Telindus 1423 SHDSL Router over the hooks until it touches the wall, as shown
in the figure below.

5 Slide the Telindus 1423 SHDSL Router down until it is firmly attached, as shown in the
figure below.
16 Telindus 1423 SHDSL Router Chapter 2
User manual Installing and connecting the Telindus 1423 SHDSL Router
Telindus 1423 SHDSL Router Chapter 2 17
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.5 Connection precautions

ESD WARNING

The circuit boards are sensitive to electrostatic discharges (ESD) and should be handled with care. It is
advisable to ensure an optimal electrical contact between yourself, the working area and a safety ground
before touching any circuit board. Take special care not to touch any component or connector on the
circuit board.

EMC WARNING

The Telindus access products are fully EMC compliant. To ensure compliance with EMC directive 89/
336/EEC, shielded cables or ferrite beads have to be used.

NOTE

This unit may be powered by an IT power system.

The connectors of the Telindus 1423 SHDSL Router should only be connected to the following circuit
types:

Connector name Connector label Connector type Circuit type

SHDSL line connector LINE RJ45 TNV-1

LAN connector LAN RJ45 SELV

ISDN line connector BACKUP RJ45 TNV-3

control connector CTRL subD-9 SELV

• SELV (Safety Extra Low Voltage): local connection (e.g. PC to Telindus 1423 SHDSL Router) or
leased line inside the building.
• TNV-1 (Telecom Network Voltage): leased line outside the building.
• TNV-2: PSTN from PABX inside the building.
• TNV-3: PSTN from operator PABX outside the building.
18 Telindus 1423 SHDSL Router Chapter 2
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.6 Connecting the Telindus 1423 SHDSL Router

This section explains how to connect the Telindus 1423 SHDSL Router. The following gives an overview
of this section:
• 2.6.1 - Rear view of the Telindus 1423 SHDSL Router on page 19
• 2.6.2 - The different parts of the Telindus 1423 SHDSL Router on page 20
• 2.6.3 - Connecting the Telindus 1423 SHDSL Router - an example on page 22
Telindus 1423 SHDSL Router Chapter 2 19
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.6.1 Rear view of the Telindus 1423 SHDSL Router

The following figure shows the back panel of the most complete Telindus 1423 SHDSL Router version,
being the Telindus 1423 SHDSL Router 2ETH-4P ISDN-BRI HWA:
20 Telindus 1423 SHDSL Router Chapter 2
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.6.2 The different parts of the Telindus 1423 SHDSL Router

The following table gives an overview of the parts located at the back of the Telindus 1423 SHDSL
Router and reveals their function:

Label Function

LINE This RJ45 connector is the SHDSL line connector.

Connect one side of an SHDSL line cable (not included) to the LINE connector of the Tel-
indus 1423 SHDSL Router and the other side to an SHDSL outlet.

For optimum performance, the used line pairs have to be properly twisted pairs.

Refer to 19.1 - SHDSL line specifications on page 974 for the pin lay-out of this connec-
tor.

LAN 1 These RJ45 connectors are the Ethernet LAN connectors (there are 1, 4 or 4+1 Ethernet
LAN connectors depending on the Telindus 1423 SHDSL Router version).
LAN 2
Connect one side of an Ethernet LAN cable (not included) to the LAN connector of the
Telindus 1423 SHDSL Router and the other side to an Ethernet network outlet. Each LAN
interface supports 10/100 Mbps auto-sense and auto cross-over.
Refer to 19.3 - LAN interface specifications on page 977 for the pin lay-out of this con-
nector.

BACKUP These RJ45 connectors are the ISDN connectors.

Connect one side of an ISDN cable (not included) to the BACKUP connector(s) of the
Telindus 1423 SHDSL Router and the other side to an ISDN outlet.
Refer to …
• 19.2 - Basic Rate ISDN interface specifications on page 976 for the ISDN specifica-
tions of this connector.

RESET This a reset switch.

Use an object with a fine tip (e.g. a pencil) to press the switch. If you press the switch for
…
• 1 second, then the Telindus 1423 SHDSL Router reboots.
• 5 seconds or more, then the Telindus 1423 SHDSL Router reboots and loads the pre-
configuration (if present, else the Telindus 1423 SHDSL Router loads the default con-
figuration. Refer to 5.6.5 - Loading the preconfiguration on page 89 for more
information on the preconfiguration).

CTRL This female 9-pins subD connector is the control connector.

You can connect this connector to a COM port of your PC with a straight male-female
DB9 cable (not included). This enables you to manage the Telindus 1423 SHDSL Router
locally, using TMA, CLI, ATWIN etc.
You can also connect this connector to a management concentrator, also for manage-
ment purposes.
Refer to 19.5 - Control connector specifications on page 978 for the pin lay-out of this
connector.

OFF This is the on/off switch.

Telindus 1423 SHDSL Router Chapter 2 21
User manual Installing and connecting the Telindus 1423 SHDSL Router

Label Function

9 VDC This is the power input. Insert the plug of the external power supply in this socket.
Refer to 19.21 - Power requirements on page 991 for the power specifications of the Tel-
indus 1423 SHDSL Router.

This is the earth stud. Connect the earth wire to this stud.
Contact the appropriate electrical inspection authority or an electrician if you are uncer-
tain that suitable grounding is available.
22 Telindus 1423 SHDSL Router Chapter 2
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.6.3 Connecting the Telindus 1423 SHDSL Router - an example

The following figure shows a typical Telindus 1423 SHDSL Router set-up:

In this set-up …
• the LINE connector is connected to an SHDSL line outlet using an SHDSL line cable. In this way the
Telindus 1423 SHDSL Router is connected to the WAN. You can, for example, connect the Telindus
1423 SHDSL Router to a remote network over a leased line. Refer to 1.2 - Telindus 1423 SHDSL
Router applications on page 5 for some typical applications.
• one of the LAN connectors is connected to an Ethernet hub using an Ethernet LAN cable. In this way
the Telindus 1423 SHDSL Router is connected to your local network (LAN).
• the BACKUP connector is connected to an ISDN outlet using an ISDN line cable. In this way you can
create a back-up path should the SHDSL line go down.
Telindus 1423 SHDSL Router Chapter 2 23
User manual Installing and connecting the Telindus 1423 SHDSL Router

• the CTRL connector is connected to the COM port of a computer using a straight male - female DB9
cable. In this way you can, for example, manage the Telindus 1423 SHDSL Router locally using TMA
(CLI), CLI, ATWIN, etc.
• the external power supply is connected to the power input.

For optimum performance, the used line pairs have to be properly twisted pairs.
24 Telindus 1423 SHDSL Router Chapter 2
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.7 The front panel LED indicators

This section gives an overview of the front panel LEDs and what they indicate. The following gives an
overview of this section:
• 2.7.1 - Introducing the front panel LEDs on page 25
• 2.7.2 - The power LED (PWR, green) on page 26
• 2.7.3 - The line link LED (LINE LNK, green) on page 26
• 2.7.4 - The line back-up LED (LINE BACKUP, green) on page 26
• 2.7.5 - The line data LED (LINE ACT, green) on page 27
• 2.7.6 - The LAN LED (LAN ACT, green) on page 27f
Telindus 1423 SHDSL Router Chapter 2 25
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.7.1 Introducing the front panel LEDs

When all the connections are made and the Telindus 1423 SHDSL Router is powered, the LEDs on the
front panel reflect the actual status of the device.
The following figure shows the front panel LED indicators of the most complete Telindus 1423 SHDSL
Router version, being the Telindus 1423 SHDSL Router 2ETH-4P ISDN-BRI HWA:

LED states

One front panel LED can reflect different status modes by the way it lights up. The front panel LEDs can
light up as follows:

LED state LED duty cycle Description

continuously off 0% The LED never lights up.

continuously on 100 % The LED lights up continuously.

blinking 50 % The LED is as much lit as it is out.

flashing 20 % The LED only lights up during 20% of the time.

mostly off - The LED occasionally lights up, without a fixed duty cycle.

mostly on - The LED occasionally goes out, without a fixed duty cycle.

monitoring - The LED lights up irregularly. For instance, it lights up on

detection of a certain signal. I.e. it monitors this signal.
26 Telindus 1423 SHDSL Router Chapter 2
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.7.2 The power LED (PWR, green)

The power LED indicates the following:

LED status Description

continuously off No DC input power is available.

blinking The self test, performed during the boot sequence, failed. In this condition, the
ACT LEDs are continuously on.

continuously on The Telindus 1423 SHDSL Router is powered and the boot sequence has been
completed successfully.
In case the Telindus 1423 SHDSL Router remains in boot mode, also the ACT
LEDs are continuously on to indicate this special state. Refer to 18.1 - What is boot
and application software? on page 966 for more information on boot mode.

2.7.3 The line link LED (LINE LNK, green)

This LED reflects the status of the DSL line:

LED status Description

continuously off No response on the handshake. E.g. nothing is connected to the line.

blinking The handshake is in progress.

continuously on The handshake was successful. Layer 1 is up.

2.7.4 The line back-up LED (LINE BACKUP, green)

This LED reflects the status of the ISDN1 line:

LED status Description

continuously off ISDN interface: S-bus connection not active (no LAPD)

blinking ISDN interface: LAPD protocol up1, no B channels active

continuously on ISDN interface: at least one B channel active2

1. on at least 1 ISDN interface in case there are 2 ISDN interfaces

2. on any ISDN interface in case there are 2 ISDN interfaces

1. If present.
Telindus 1423 SHDSL Router Chapter 2 27
User manual Installing and connecting the Telindus 1423 SHDSL Router

2.7.5 The line data LED (LINE ACT, green)

This LED reflects the status of the user data on both the DSL and ISDN1 line:

LED status Description

continuously off Layer 2 is down or, in case of IP routing, the IP connection is down.

blinking Layer 2 is up but, in case of IP routing, the IP connection is down.

monitoring Layer 2 is up and, in case of IP routing, the IP connection is also up and user data
is present (both transmit and receive data).

continuously on Layer 2 is up and, in case of IP routing, the IP connection is also up but no user
data is present. Or the Telindus 1423 SHDSL Router is in boot mode.

An IP connection means …
• a WAN IP address is obtained from IPCP or DHCP and the line is up.
or
• a static WAN IP address is configured, PPP negotiation was successful (if used) and the line is up.

If the IP or PPPoE/PPPoA session drops, the light remains green as long as a line connection is still
present. The light starts to blink when the line attempts to reconnect and DHCP or PPPoE/PPPoA fails.

2.7.6 The LAN LED (LAN ACT, green)

This LED reflects the status of the link and monitors the user data on the LAN interface:

LED status Description

continuously off Nothing is connected to the LAN interface.

monitoring The Ethernet link is up and there is network activity on the LAN.

continuously on The Ethernet link is up, but there is no network activity on the LAN.

1. If present.
28 Telindus 1423 SHDSL Router Chapter 2
User manual Installing and connecting the Telindus 1423 SHDSL Router
Telindus 1423 SHDSL Router Chapter 3 29
User manual DIP switches of the Telindus 1423 SHDSL Router

3 DIP switches of the Telindus 1423 SHDSL Router

This chapter locates the DIP switches on the Telindus 1423 SHDSL Router motherboard. It gives an
overview of their function and it explains how to change their settings.
The following gives an overview of this chapter:
• 3.1 - The Telindus 1423 SHDSL Router motherboard on page 30
• 3.2 - DIP switches of the Telindus 1423 SHDSL Router on page 31
• 3.3 - Straps of the Telindus 1423 SHDSL Router on page 32
• 3.4 - Opening and closing the housing on page 33

Default settings are printed in bold.

30 Telindus 1423 SHDSL Router Chapter 3
User manual DIP switches of the Telindus 1423 SHDSL Router

3.1 The Telindus 1423 SHDSL Router motherboard

The figure below shows the position of the DIP switches and straps on the Telindus 1423 SHDSL Router
motherboard:
Telindus 1423 SHDSL Router Chapter 3 31
User manual DIP switches of the Telindus 1423 SHDSL Router

3.2 DIP switches of the Telindus 1423 SHDSL Router

Refer to 3.4 - Opening and closing the housing on page 33 to find out how to open the housing in order
to change the DIP switch settings.

DIP switch bank DS1

The following table gives an overview of the DIP switches on DIP switch bank DS1:

DIP switch name DS1 no. Setting Function

boot mode 1 on Normal operation.

off Start up in boot mode.

Refer to 18.6 - Downloading application
software in boot mode on page 971.

load default 2 on Normal operation.

configuration
off Load default configuration.
Refer to 5.6.4 - Loading the default con-
figuration using a DIP switch on
page 88.

DIP switch bank DS2 and DS3

These DIP switch banks apply on the ISDN interface of the Telindus 1423 SHDSL Router. With these
DIP switch banks you can set the ISDN line impedance …
• either to 100 Ω,
• or to a high impedance.

DS3 applies on ISDN interface 1 and DS2 applies on ISDN interface 2.

The following table gives an overview of the DIP switches on DS2 and DS3:

DIP switch name DS3 (line 1) / Setting Function

DS2 (line 2) no.

ISDN line imped- 1 and 2 on 100 Ω line impedance.

ance
off High line impedance.
32 Telindus 1423 SHDSL Router Chapter 3
User manual DIP switches of the Telindus 1423 SHDSL Router

3.3 Straps of the Telindus 1423 SHDSL Router

Using strap ST4, you can configure the interconnection between the signal ground and the protective
ground (earth):

Strap settings Connection Description

position 1 disconnected By default, the signal ground is disconnected from the

earth. This avoids problems which might occur when the
earth potential of the Telindus 1423 SHDSL Router and the
connected application is not the same. In such a situation
earth current loops may induce distortion on the transmitted
data, resulting in transmission errors.

position 2 connected Sometimes it is not possible to connect the application

directly to the earth. In that case you can earth the applica-
tion through the Telindus 1423 SHDSL Router by connect-
ing the Telindus 1423 SHDSL Router to the earth and
setting the strap in position 2.
Also the opposite situation might occur: it is not possible to
earth the Telindus 1423 SHDSL Router. In that case you
can earth the Telindus 1423 SHDSL Router through the
application by connecting the application to the earth and
setting the strap in position 2.
Telindus 1423 SHDSL Router Chapter 3 33
User manual DIP switches of the Telindus 1423 SHDSL Router

3.4 Opening and closing the housing

When you want to change the DIP switch settings of the Telindus 1423 SHDSL Router, you have to open
and close the housing of the Telindus 1423 SHDSL Router. This section explains how to do so.

Opening the housing

To open the housing of the Telindus 1423 SHDSL Router, proceed as follows:

Step Action

1 Disconnect the external power supply.

2 Unscrew the two screws located at the back of the

housing.

3 Remove the cover as follows:

1. Carefully lift the back of the cover a
few centimetres.
2. Gently pull the cover backwards
from under the nose of the housing.

Closing the housing

To close the housing of the Telindus 1423 SHDSL Router, proceed as follows:

Step Action

1 Replace the cover as follows:

1. Gently push the cover under the
nose of the housing.
2. Lower the back of the cover.
3. Push the back of the cover down,
clicking cover and bottom together.

2 Fasten the two screws located at the back of the

housing.

3 Reconnect the external power supply.

34 Telindus 1423 SHDSL Router Chapter 3
User manual DIP switches of the Telindus 1423 SHDSL Router
Telindus 1423 SHDSL Router Chapter 4 35
User manual Maintaining the Telindus 1423 SHDSL Router

4 Maintaining the Telindus 1423 SHDSL Router

Once you installed the Telindus 1423 SHDSL Router, you can proceed with the configuration of the Tel-
indus 1423 SHDSL Router. You can do this using any of the maintenance or management tools intro-
duced in 1.4 - Maintenance and management tools on page 8.
This chapter briefly highlights one of those tools: the Telindus Maintenance Application (TMA). It intro-
duces TMA and describes how to start a session on the Telindus 1423 SHDSL Router. It also introduces
the terminology concerning the management of a Telindus device. Furthermore, it explains why and how
to add an object to the containment tree.
The following gives an overview of this chapter:
• 4.1 - Maintaining the Telindus 1423 SHDSL Router with TMA on page 36
• 4.2 - Introducing the management terminology on page 42
• 4.3 - The objects in the Telindus 1423 SHDSL Router containment tree on page 46
• 4.4 - Adding an object to the containment tree on page 50
• 4.5 - Telindus 1423 SHDSL Router attribute overview on page 55
36 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router

4.1 Maintaining the Telindus 1423 SHDSL Router with TMA

First, this section introduces TMA. Then it describes how to start a session on the Telindus 1423 SHDSL
Router. The following gives an overview of this section:
• 4.1.1 - What is TMA? on page 37
• 4.1.2 - How to connect TMA? on page 37
• 4.1.3 - Connecting with TMA through the control connector on page 38
• 4.1.4 - Connecting with TMA over an IP network on page 40
Telindus 1423 SHDSL Router Chapter 4 37
User manual Maintaining the Telindus 1423 SHDSL Router

4.1.1 What is TMA?

TMA is the acronym for Telindus Maintenance Application. TMA is a free Windows software package
that enables you to maintain the Telindus 1423 SHDSL Router, i.e. to access its configuration attributes
and look at status, performance and alarm information using a user friendly graphical user interface.
TMA is an excellent tool for complete control of the Telindus access devices. When using TMA in com-
bination with a network management system such as HP OpenView, complete networks can be man-
aged from one central site.
Consult the TMA manual (PDF) to find out how to install TMA and to get acquainted with the user inter-
face.

You will need a new version of the model file distribution if changes have been made to the attributes of
the Telindus 1423 SHDSL Router. The most recent model files and TMA engine can always be down-
loaded from the Telindus web site at www.telindusproducts.com/TMA.

4.1.2 How to connect TMA?

There are two ways to establish a connection between the computer running TMA and the Telindus 1423
SHDSL Router:
• through a serial connection, i.e. through the control connector of the Telindus 1423 SHDSL Router.
Refer to 4.1.3 - Connecting with TMA through the control connector on page 38.
• through an IP connection, i.e. through the LAN connector of the Telindus 1423 SHDSL Router. Refer
to 4.1.4 - Connecting with TMA over an IP network on page 40.
38 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router

4.1.3 Connecting with TMA through the control connector

To established a connection between TMA and the Telindus 1423 SHDSL Router through the control
connector, proceed as follows:

Step Action

1 Connect a serial port of your com-

puter (e.g. COM1) through a
straight DB9 male - female cable
with the control connector of the
Telindus 1423 SHDSL Router.

2 Start TMA.

3 In the TMA window, either …

• select from the menu bar: Connect →
Device…
• or press the short-cut key: Ctrl+N
• or click on the Connect to device button:

The Connect… (to a device) window is displayed

as in the following figure:

4 In the Connect… (to a device) window, specify the following:

• Select the option Serial and specify the COM port of your computer to which the Tel-
indus 1423 SHDSL Router is connected.
• If previously a password has been configured in the Telindus 1423 SHDSL Router
then also fill in the password field.

5 Click on the Next > button.

⇒The second Connect… window is displayed.
Telindus 1423 SHDSL Router Chapter 4 39
User manual Maintaining the Telindus 1423 SHDSL Router

Step Action

6 In the Connect… (select a device) window, pro-

ceed as follows to connect to the …
• local Telindus 1423 SHDSL Router: select On
device.
• remote Telindus 1423 SHDSL Router:
- Select After device.
- Enter 1 in the NMS address field.
- Select Relative.
- If previously a password has been config-
ured in the remote Telindus 1423 SHDSL
Router then also fill in the password field.

You can only connect to a remote Telin-

dus 1423 SHDSL Router if the data link is up.

7 Click on the Finish button.

8 After a couple of seconds, the attributes of the Telindus 1423 SHDSL Router appear in
the TMA window.
40 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router

4.1.4 Connecting with TMA over an IP network

To established a connection between TMA and the Telindus 1423 SHDSL Router over an IP network,
proceed as follows:

Step Action

1 Connect the IP network

to …
• the network port of
your PC,
• the LAN connector of
the Telindus 1423
SHDSL Router.

2 Start TMA.

3 In the TMA window, either …

• select from the menu bar: Connect →
Device…
• or press the short-cut key: Ctrl+N
• or press on the Connect to device button:

The Connect… (to a device) window is being dis-

played as in the following figure:

4 In the Connect… (to a device) window, specify the following:

• Select the option IP address and enter the IP address of the Telindus 1423 SHDSL
Router.
• If a password has previously been configured in the Telindus 1423 SHDSL Router
then also fill in the password field.

Before you are able to establish a connection over an IP network, you have to con-
figure an IP address and a default gateway in the Telindus 1423 SHDSL Router.
You can do this by first connecting TMA to the Telindus 1423 SHDSL Router through the
control connector, and then configuring an IP address and a default gateway. Refer to
the 5.2 - Configuring IP addresses on page 59.

5 Click on the Next > button.

⇒The second Connect… window is displayed.
Telindus 1423 SHDSL Router Chapter 4 41
User manual Maintaining the Telindus 1423 SHDSL Router

Step Action

6 In the Connect… (select a device) window, pro-

ceed as follows to connect to the …
• local Telindus 1423 SHDSL Router: select On
device.
• remote Telindus 1423 SHDSL Router:
- Select After device.
- Enter 1 in the NMS address field.
- Select Relative.
- If previously a password has been config-
ured in the remote Telindus 1423 SHDSL
Router then also fill in the password field.

You can only connect to a remote Telin-

dus 1423 SHDSL Router if the data link is up.

7 Click on the Finish button.

8 After a couple of seconds, the attributes of the Telindus 1423 SHDSL Router appear in
the TMA window.
42 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router

4.2 Introducing the management terminology

This section briefly introduces the terminology concerning the management of a Telindus device. It
explains terms such as containment tree, group, object, attribute, value and action.
The following gives an overview of this section:
• 4.2.1 - Graphical representation of the containment tree on page 43
• 4.2.2 - Containment tree terminology on page 44
Telindus 1423 SHDSL Router Chapter 4 43
User manual Maintaining the Telindus 1423 SHDSL Router

4.2.1 Graphical representation of the containment tree

The most comprehensible graphical representation of the containment tree is given in TMA. The follow-
ing figure depicts the TMA window displaying a containment tree:

Refer to 4.2.2 - Containment tree terminology on page 44 for an explanation of the terms associated with
the containment tree.
44 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router

4.2.2 Containment tree terminology

Refer to 4.2.1 - Graphical representation of the containment tree on page 43 for a figure of a containment
tree.
The following table explains the terminology associated with the containment tree:

Term Description

containment tree The containment tree represents the hierarchical structure of the Telindus 1423
SHDSL Router. It is composed of a number of objects that are ordered in a tree.
This tree resembles a Windows directory structure:
• it is also a levelled structure, with nodes which can be expanded or reduced.
• the containment tree objects can be compared with file folders.
• the objects contain attributes like file folders contain files.

object An object represents a physical interface, an application or a combination of both.

Each object has its own set of attributes.

parent and child Some objects are not present in the containment tree by default. If you want to use
object the features associated with such an object, then you have to add the object first.
You always add an object under another object. The object you add is called the
child object. The object under which you add this child object is called the parent
object.
Objects which you can add are also often referred to as user-instantiatable objects.

index name Of some objects more than one object is present in the containment tree. The dif-
ferent objects are distinguished from one another by adding an index. E.g. linePair[1]
and linePair[2], where 1 and 2 are the indexes. Also child objects are given an index
(by the user when adding the object).
An index name is also often referred to as index, instance value or instance name.

attribute An attribute is a parameter related to a certain object. It has a certain value.

value An attribute has a certain value which is …

• changeable in case of a configuration attribute (provided you have write
access).
• read only in case of a status, performance and alarm attribute.

structured value Some attribute values contain underlying values: a structured value. These values
are displayed in the structured value window. If an attribute contains structured val-
ues, then a bit string, <Table> or <Struct> is displayed after the attribute:
• a bit string is a series of bits. The value of each of these bits can be 0 or 1, on
or off, enabled or disabled.
• a table contains columns and rows. Each column contains an attribute (which,
on its turn, can have a structured value). Each row is an entry in the table.
• a structure contains columns but only one row. A structure could be compared
to an attribute which contains several “sub-attributes”.

A structured value is also often referred to as bit string, table, structure or complex
value.
Telindus 1423 SHDSL Router Chapter 4 45
User manual Maintaining the Telindus 1423 SHDSL Router

Term Description

element An element is an attribute within a structured value. In other words, they could be
considered as “sub-attributes”.

group Groups assemble a set of attributes related by functionality. There are four groups
in TMA, which correspond with the four tabs in the attribute window:
• configuration,
• status,
• performance,
• alarms.

action A group in combination with an object may have actions assigned to them. These
actions are displayed in the action window.
46 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router

4.3 The objects in the Telindus 1423 SHDSL Router containment

tree

The following table lists the different objects of the Telindus 1423 SHDSL Router containment tree. It
also specifies whether the objects are present by default, whether you have to add them yourself or
whether they are added automatically.

> telindus1423Router

>> lanInterface1

>> lanInterface12

>> lanInterface22

>> wanInterface

>>> atm

>>> frameRelay3

>>> ppp3

>>> hdlc3

>>> line

>>>> linePair[ ]4

>>> repeater[ ]5

>>> end5

>> bri[1]6

>>> bChannel[1]

>>>> ppp

>>> bChannel[2]

1. This object is present in case there is only one LAN interface.

2. These objects are present in case there are 2 LAN interfaces.
3. The presence of this object depends on the Telindus 1423 SHDSL Router version.
4. In case of a Telindus 1423 SHDSL Router 2 pair version, two linePair[ ] objects are present.
5. Not present by default. Only appears when setting the eocHandling attribute. Refer to 5.4.3 -
Controlling the standard EOC message exchange on page 78.
6. Only present on the Telindus 1423 SHDSL Router ISDN version.
Telindus 1423 SHDSL Router Chapter 4 47
User manual Maintaining the Telindus 1423 SHDSL Router

>>>> ppp

>>> leasedLine[ ]10

>>>> frameRelay

>>>> ppp

>>>> hdlc

>>>> errorTest

>> bri[2]7

>>> bChannel[1]

>>>> ppp

>>> bChannel[2]

>>>> ppp

>>> leasedLine[ ]10

>>>> frameRelay

>>>> ppp

>>>> hdlc

>>>> errorTest

>> profiles6

>>> dial

>>>> defaultIsdn

>>>> isdn[ ]8

>>> encapsulation

>>>> defaultPpp

7. Only present on the Telindus 1423 SHDSL Router ISDN version with 2 ISDN interfaces.
8. The default profile is always present (the default… objects). However, additional profiles can be
added. Refer to 6.3.1 - How to create a profile? on page 196.
48 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router

>>>> ppp[ ]8

>>> forwardingMode

>>>> defaultRouting

>>>> routing[ ]8

>>> policy

>>>> traffic

>>>>> ipTrafficPolicy[ ]10

>>>>> bridgingTrafficPolicy[ ]10

>>>> priority

>>>>> priorityPolicy[ ]10

>> dialMaps6

>> bundle

>>>> pppBundle[ ]10

>>>> isdnBundle[ ]9

>> router

>>> tunnels

>>> defaultNat

>>> nat[ ]10

>>> manualSA[ ]10

>>> ikeSA[ ]10

>>> routingFilter[ ]10

>>> ospf

9. Not present by default. Only appears when a PPP bundle on an ISDN interface is set up.
10.Not present by default, has to be added. The index name is user defined. Refer to 4.4 - Adding
an object to the containment tree on page 50.
Telindus 1423 SHDSL Router Chapter 4 49
User manual Maintaining the Telindus 1423 SHDSL Router

>>>> area10

>>> firewall

>> bridge

>>> bridgeGroup

>>> vpnBridgeGroup[ ]10

>>> accessList[ ]10

>> snmp

>> management

>>> loopBack

>> fileSystem

>> operatingSystem
50 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router

4.4 Adding an object to the containment tree

This section explains why and how you can add an object to the containment tree. It then explains why
and how to refer to this object.
The following gives an overview of this section:
• 4.4.1 - Why add an object to the containment tree? on page 51
• 4.4.2 - How to add an object to the containment tree? on page 52
• 4.4.3 - Referring to an added object on page 54
Telindus 1423 SHDSL Router Chapter 4 51
User manual Maintaining the Telindus 1423 SHDSL Router

4.4.1 Why add an object to the containment tree?

Why can you add an object to the containment tree?

Some objects are not present in the containment tree by default but you can add them yourself because
…
• in this way the containment tree remains clear and surveyable,
• you possibly do not need the functions associated with such an object,
• you possibly need several of these objects so you can add as many objects as you like.

When do you have to add an object to the containment tree?

If you want to use the features associated with such an object, then you have to add the object first.

Which objects can be added to the containment tree?

Section 4.3 - The objects in the Telindus 1423 SHDSL Router containment tree on page 46 gives you
an overview of all the objects in the containment tree. It also tells you which objects have to be added
before you can use them.
52 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router

4.4.2 How to add an object to the containment tree?

The section shows you, for each maintenance tool, how to add an object to the containment tree. The
following section, 4.4.3 - Referring to an added object on page 54, shows you how you can “refer” to this
added object somewhere else in the containment tree.

Adding an object in TMA

Step Action

1 Right click on the parent object (e.g. router).

⇒A pop-up menu appears.
2 In the pop-up menu, select Add Child… and select the child object you want to add (e.g.
routingFilter).
⇒A pop-up window appears.
3 In the pop-up window, type the index name (i.e. the instance value) for the child object
(e.g. my_filter) and click on OK.
⇒The new child object is created (e.g. routingFilter[my_filter]).

Adding an object in (TMA) CLI

Step Action

1 Enter the parent object (e.g. select router).

2 Type the following command: set {select childObjectName[instanceValue]{}}

where instanceValue is a string of your choice.
(e.g. set {select routingFilter[my_filter]{}})
⇒The new child object is created.
Telindus 1423 SHDSL Router Chapter 4 53
User manual Maintaining the Telindus 1423 SHDSL Router

Adding an object in ATWIN

Step Action

1 Enter the parent object (e.g. go to the router object and press the enter key).
⇒The ATWIN window shows the sub-objects and attributes of the parent object.
2 Go to the line displaying the string <CREATE INSTANCE> and the name of the object you
want to add (e.g. routingFilter <CREATE INSTANCE>) and press the enter key.
⇒A new window appears, displaying the string Give the instanceValue.

3 Press the enter key and type the index name (i.e. the instance value) for the child object
(e.g. my_filter) and press the enter key again.
⇒The new child object is created (e.g. >.routingFilter [name:my_filter]).

Adding an object in the Web Interface

Step Action

1 Enter the parent object (e.g. select the router object and double-click it or click on Open).
⇒The Web Interface window shows the sub-objects and attributes of the parent
object.

2 Select the line displaying the string <CREATE INSTANCE> and the name of the object you
want to add (e.g. routingFilter <CREATE INSTANCE>) and double-click it or click on
Open.
⇒A new window appears, displaying the string Give the instanceValue.

3 Type the index name (i.e. the instance value) for the child object (e.g. my_filter) and click
on exit.
⇒The new child object is created (e.g. >.routingFilter [name:my_filter]).
54 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router

4.4.3 Referring to an added object

What is referring to an added object?

If at a certain place in the containment tree you want to apply the function associated with an object you
added, then you have to refer to this object.

How to refer to an added object?

Some attributes allow you to enter the index name (i.e. the instance value you assigned to the object) of
an added object. By doing so, the function associated with this object is applied there.

Example

Suppose you create a routingFilter object with the index name my_filter. The containment tree then looks as
follows:

Now, you want to use this filter on the LAN interface. In that case, in the ip/rip structure in the lanInterface
object, enter the index name of the routingFilter object under the element “filter”. This looks as follows:
Telindus 1423 SHDSL Router Chapter 4 55
User manual Maintaining the Telindus 1423 SHDSL Router

4.5 Telindus 1423 SHDSL Router attribute overview

The reference part of this manual explains all the attributes of the Telindus 1423 SHDSL Router. One
chapter describes one group of attributes:
• chapter 12 - Configuration attributes on page 435,
• chapter 13 - Status attributes on page 679,
• chapter 14 - Performance attributes on page 833,
• chapter 15 - Alarm attributes on page 915.
56 Telindus 1423 SHDSL Router Chapter 4
User manual Maintaining the Telindus 1423 SHDSL Router
Telindus 1423 SHDSL Router Chapter 5 57
User manual Basic configuration

5 Basic configuration
This chapter shows you how to configure the very basics of the Telindus 1423 SHDSL Router. This will
allow you to access the Telindus 1423 SHDSL Router over an IP connection with, for example, TMA. It
also explains how to configure passwords on the Telindus 1423 SHDSL Router. Furthermore, there is a
section on configuration actions, i.e. how to activate a configuration, how to load the default configura-
tion, etc. Another section redirects you to the explanation of the major features of the Telindus 1423
SHDSL Router. The last section briefly explains what to check should you experience trouble when
installing, configuring or operating the Telindus 1423 SHDSL Router.
The following gives an overview of this chapter:
• 5.1 - What is an interface? on page 58
• 5.2 - Configuring IP addresses on page 59
• 5.3 - Configuring the SHDSL line on page 73
• 5.4 - Enabling EOC message exchange on page 76
• 5.5 - Configuring passwords on page 84
• 5.6 - Executing configuration actions on page 86
• 5.7 - Configuring the major features of the Telindus 1423 SHDSL Router on page 90
• 5.8 - Troubleshooting the Telindus 1423 SHDSL Router on page 91

Refer to the Reference manual on page 433 for a complete overview of all the attributes of the Telindus
1423 SHDSL Router.
58 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

5.1 What is an interface?

The term interface, as it is used in this manual, can be divided into two groups:

Interface type Description

physical A physical interface is an interface to which you can physically connect a cable. So
a physical interface has a physical connector. It also has some configuration
attributes that control the behaviour of the interface.
For example:
• The control interface (CTRL). It has a female 9-pins subD connector to which
you can connect a male 9-pins subD connector for maintenance purposes. It
has configuration attributes such as ctrlPortProtocol, cms2Address, etc.
• The LAN interface (LAN). It has a female RJ45 connector to which you can con-
nect a male RJ45 connector to connect to an Ethernet network. It has configu-
ration attributes such as ip, vlan, etc.

Other examples are the station clock interface, the alarm interfaces, the xDSL line
interfaces, etc.

logical A logical interface is an interface to which you can not physically connect a cable.
So a logical interface has no physical connector. However, it is part of the physical
interface, but on a higher level. One physical interface can “contain” several logical
interfaces. A logical interface also has some configuration attributes that control
the behaviour of the interface.
For example:
• An ATM PVC on an xDSL line. The xDSL line is the physical interface (it has a
physical connector) whereas the ATM PVC is the logical interface (it is located
on a higher level, i.e. layer 2 protocol level). You can have several ATM PVCs
on one xDSL line.
• a VLAN on the LAN interface. The LAN interface is the physical interface and
the VLAN is the logical interface.

Other examples are L2TP tunnels, links in a multi-link bundle, bridge groups, etc.
Telindus 1423 SHDSL Router Chapter 5 59
User manual Basic configuration

5.2 Configuring IP addresses

The first thing you have to configure are the IP addresses of the Telindus 1423 SHDSL Router. First this
section lists which mechanisms there are to obtain an IP address automatically. Then it shows you, for
each interface, where you can find the IP related parameters. Finally this section explains these IP
related parameters.
The following gives an overview of this section:
• 5.2.1 - Automatically obtaining an IP address on page 60
• 5.2.2 - Where to find the IP parameters? on page 61
• 5.2.3 - Explaining the ip structure on page 63
• 5.2.4 - Configuring an IP address on the LAN interface on page 71
60 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

5.2.1 Automatically obtaining an IP address

Obtaining an IP address on the LAN interface

The Telindus 1423 SHDSL Router supports several protocols to automatically obtain an IP address on
its LAN interface. Refer to 17 - Auto installing the Telindus 1423 SHDSL Router on page 939 for more
information on auto-install.

Obtaining an IP address on the WAN interface

In case of …
• ATM, refer to …
- 7.2.3 - Automatically obtaining IP addresses in ATM on page 127.
- 17.3.2 - Auto-install in case of ATM on page 949.
• Frame Relay, refer to …
- 7.3.3 - Automatically obtaining IP addresses in Frame Relay on page 147.
- 17.3.3 - Auto-install in case of Frame-Relay on page 950.
• PPP(oA), refer to 7.4.2 - Automatically obtaining IP addresses in PPP on page 160.

An IP address that is obtained using a dynamic procedure is not displayed in the configuration window,
but can be found in the status window.
Telindus 1423 SHDSL Router Chapter 5 61
User manual Basic configuration

5.2.2 Where to find the IP parameters?

The following table shows where you can find the IP parameters of the different IP interfaces:

Interface Location of the IP parameters

LAN interface In the ip structure of the lanInterface object: telindus1423Router/lanInterface/ip.

Important remark

If you set the configuration attribute telindus1423Router/lanInterface/mode to bridg-

ing, then the settings of the configuration attribute telindus1423Router/lanInterface/ip are
ignored. As a result, if you want to manage the Telindus 1423 SHDSL Router via
IP, you have to configure an IP address in the bridgeGroup object instead:
telindus1423Router/bridge/bridgeGroup/ip.

VLAN on the In the ip structure of the vlan table which is located in the lanInterface object:
LAN interface telindus1423Router/lanInterface/vlan/ip.

ATM PVC In the ip structure of the pvcTable which is located in the atm object: telindus1423Router/
wanInterface/channel[wan_1]/atm/pvcTable/ip.

PPP link In the ip structure of the ppp object: telindus1423Router/wanInterface/channel[wan_1]/ppp/ip.

Frame Relay You can find the ip structure on two levels:

PVC
• in the frameRelay object: telindus1423Router/wanInterface/channel[wan_1]/frameRelay/ip.
• in the dlciTable attribute: telindus1423Router/wanInterface/channel[wan_1]/frameRelay/
dlciTable/ip.
Section 7.3.4 - Configuring IP addresses in Frame Relay on page 148 explains
why you can configure the IP parameters on two different levels.

PPP link In the ip structure of the routing forwarding profile: telindus1423Router/profiles/forward-

(ISDN interface ingMode/defaultRouting/ip.
in dial-up)

PPP link In the ip structure of the ppp object: telindus1423Router/bri[ ]/leasedLine[ ]/ppp/ip.
(ISDN interface
in leased line)

Frame Relay You can find the ip structure on two levels:

PVC • in the frameRelay object: telindus1423Router/bri[ ]/leasedLine[ ]/frameRelay.
(ISDN interface
• in the dlciTable attribute: telindus1423Router/bri[ ]/leasedLine[ ]/frameRelay/ip.
in leased line)
Section 7.3.4 - Configuring IP addresses in Frame Relay on page 148 explains
why you can configure the IP parameters on two different levels.

L2TP tunnel In the ip structure of the l2tpTunnels table which is located in the tunnels object:
telindus1423Router/ip/router/tunnels/l2tpTunnels/ip.

IPSEC L2TP In the ip structure of the ipsecL2tpTunnels table which is located in the tunnels object:
tunnel telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels/ip.

bridge group In the ip structure of the bridgeGroup object: telindus1423Router/bridge/bridgeGroup/ip.

management In the ipAddress attribute of the loopback object: telindus1423Router/management/loopback/

loopback ipAddress.
62 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

Refer to 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip structure.
Telindus 1423 SHDSL Router Chapter 5 63
User manual Basic configuration

5.2.3 Explaining the ip structure

Because the ip structure occurs in several objects, it is described here once and referenced where nec-
essary. Refer to 5.2.2 - Where to find the IP parameters? on page 61 for the location of the ip structure.

This section lists all the elements that can be present in the ip structure. However, depending on the inter-
face, it is possible that not all of these elements are present.

The ip structure contains the following elements:

Element Description

address Use this element to assign an IP address to the inter- Default:0.0.0.0

face. The address should belong to the subnet the Range: up to 255.255.255.255
interface is connected to.

If you do not explicitly configure a local IP address using the address element,
then it can be learned. Refer to 5.2.1 - Automatically obtaining an IP address
on page 60.
An IP address that is obtained using a dynamic procedure is not displayed in the
configuration window, but can be found in the status window.

netMask Use this element to assign an IP subnet mask to the Default:255.255.255.0

interface. The subnet mask defines the number of IP Range: up to 255.255.255.255
devices that may be present on the corresponding IP
segment.

sNet Use this element to add the interface to a secure net- Default:<opt>
work (SNet) so that it can be controlled by a (virtual) Range: choice, see below
firewall.
The sNet element is a choice element. The first part of the sNet element has the fol-
lowing values:
• name. Select this value if you want to add the interface to
one of the standard secure networks. In the second part
of the sNet element, use the drop-down box to select one
of the standard SNets: corp, dmz or internet.
Note that if you select the value <opt> (default), then the
interface is not added to a secure network.

• custom. Currently, you can only select standard secure net-

works. In future releases of the TDRE, it will be possible to
select custom created SNets.

Refer to 10.9 - Configuring the stateful inspection firewall on page 376 for more
information.

dhcpClient Use this element to enable or disable the sending of Default:enabled

DHCP client requests on the interface. Range: enabled / disabled
64 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

Element Description

secondaryIp Use this element to create additional virtual networks Default:<empty>

on the same Ethernet interface. Range: table, see below
The secondaryIp table contains the elements address and netMask. See above for an
explanation of these elements.

remote Use this element to assign an IP address to the Default:0.0.0.0

remote end of a connection (e.g. the remote end of an Range: up to 255.255.255.255
L2TP tunnel, a PPP link, etc.).

If you do not explicitly configure a remote IP address using the remote ele-
ment, then it can be learned. Refer to 5.2.1 - Automatically obtaining an IP
address on page 60.
An IP address that is obtained using a dynamic procedure is not displayed in the
configuration window, but can be found in the status window.

addrPool This element is only present in an ISDN routing for- Default:<empty>

warding profile (e.g. defaultRouting). Range: <choice, see below>
Use this element to let the Telindus 1423 SHDSL Router pick IP addresses out of
an IP address pool (refer to What is an IP address pool?) and use these IP
addresses as local and/or remote IP address of a PPP link. You can pick an IP
address either out of …
• a list. First, select the string “list” using the first part of the addrPool
value. Then, in the second part of the addrPool value, type the
name of the list you previously created in the addrPools table.
Refer to telindus1423Router/ip/router/addrPools on page 576.
or
• an interval. First, select the string “interval” using the first
part of the addrPool value. Then, in the second part of the
addrPool value, type the name of the interval you previously
created in the addrPools table Refer to telindus1423Router/ip/router/addrPools on
page 576.

What is an IP address pool?

An IP address pool is a collection of IP addresses from which the Telindus 1423

SHDSL Router can pick an IP address and assign it to an interface. There are two
types of IP pools:
• an IP list pool. You create a list of IP addresses by entering them in a table. The
Telindus 1423 SHDSL Router picks a local and remote IP address out of this
table. You can create an IP list pool using the configuration attribute addrPools.
Refer to telindus1423Router/ip/router/addrPools on page 576. Note again than an IP list
pool is for both local and remote IP addresses.
• an IP interval pool. You define a range of IP addresses. The Telindus 1423
SHDSL Router picks a remote IP address out of this range. You can create an
IP interval pool using the configuration attribute addrPools. Refer to
telindus1423Router/ip/router/addrPools on page 576. Note again that an IP interval pool
is for remote IP addresses only.
Telindus 1423 SHDSL Router Chapter 5 65
User manual Basic configuration

Element Description

acceptLocAddr In case of a PPP link, it is possible to learn the local IP Default:enabled

address from the remote side. Use the acceptLocAddr Range: enabled / disabled
element to determine whether to accept or reject the
learned IP address.
The acceptLocAddr element has the following values:
• enabled. If the remote side is able to give an IP address, then the local IP
address is learned from the remote side. Even if you explicitly configure a local
IP address (e.g. using the address element). In other words, if the acceptLocAddr
element is set to enabled, then the local IP address that has been configured is
overruled by the one that has been learned.
• disabled. The local IP address can not be learned from the remote side.

Also see 7.4.2 - Automatically obtaining IP addresses in PPP on page 160.

An IP address that is obtained using a dynamic procedure is not displayed

in the configuration window, but can be found in the status window.

acceptRemAddr In case of a PPP link, it is possible to learn the remote Default:enabled

IP address from the remote side. Use the acceptRem- Range: enabled / disabled
Addr element to determine whether to accept or reject
the learned IP address.
The acceptRemAddr element has the following values:
• enabled. If the remote side is able to give an IP address, then the remote IP
address is learned from the remote side. Even if you explicitly configure a
remote IP address (e.g. using the remote element). In other words, if the accep-
tRemAddr element is set to enabled, then the remote IP address that has been
configured is overruled by the one that has been learned.
• disabled. The remote IP address can not be learned from the remote side.

Also see 7.4.2 - Automatically obtaining IP addresses in PPP on page 160.

An IP address that is obtained using a dynamic procedure is not displayed

in the configuration window, but can be found in the status window.

unnumbered In case you do not explicitly configure a local IP Default:<empty>

address for a PPP(oA) link using the address or addrPool Range: 0 … 24 characters
element, then you can use the unnumbered element to
"borrow" the IP address of another interface for which an IP address is already
configured, thereby conserving network and address space.
Do this by entering the interface name as unnumbered element
value.
66 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

Element Description

gatewayPreference In case you do not explicitly configure a local or Default:80

remote IP address for a PPP(oA) link using the address Range: 0 … 90
and remote or addrPool element, then these addresses
can be learned from the remote side. What is more, this route is automatically
installed as default route to the remote. In that case you can use the
gatewayPreference element to set the preference of this default route. Refer to the
element preference on page 560 for more information.
Note that if you set the gatewayPreference element to 0, then the route is not installed.

mtu Use this element to set the Maximum Transmission Default:1500

Unit of the interface. Range: 500 … 1650

What is MTU?

The Maximum Transmission Unit (MTU) is the largest size packet or frame, spec-
ified in octets (eight-bit bytes), that can be sent in a packet- or frame-based net-
work (e.g. the Internet).
In case of the Internet, it is the Transmission Control Protocol (TCP) that uses the
MTU to determine the maximum size of each packet in any transmission. An MTU
that is too large may result in retransmissions if the packet encounters a router that
cannot handle that large a packet. An MTU that is too small results in relatively
more header overhead and more acknowledgements that have to be sent and
handled.
The Ethernet standard MTU is 1500. The Internet de facto standard MTU is 576,
but ISPs often suggest using 1500. For protocols other than TCP, different MTU
sizes may apply.

IP packets with a size larger than the MTU and with the DF (Don’t Fragment)
bit set are dropped and an ICMP destination unreachable (type 3, code 4)
message is sent.

rip Use this element to configure the RIP related param- Default:-
eters of the interface. Range: structure, see below
Refer to 8.5.3 - Explaining the rip structure on page 205 for a detailed description
of the rip structure.
Telindus 1423 SHDSL Router Chapter 5 67
User manual Basic configuration

Element Description

trafficPolicy Use this element to apply a traffic policy on the routed Default:<empty>
data on the interface. Range: 0 … 24 characters
Do this by entering the index name of the traffic policy you want to use. You can
create the traffic policy itself by adding a trafficPolicy object and by configuring the
attributes in this object.

Example

If you created a trafficPolicy object with index name my_traffic_policy

(i.e. trafficPolicy[my_traffic_policy]) and you want to apply this traffic
policy here, then enter the index name as value for the trafficPol-
icy element.
Refer to …
• 8.8 - Configuring traffic and priority policy on the router on page 237 for more
information on policies.
• 10.2 - Configuring the access restrictions on page 296 for more information on
outbound access lists.

dialPolicy This element is only present in an ISDN routing for- Default:<empty>

warding profile (e.g. defaultRouting). Range: 0 … 24 characters
Use this element to apply a dial policy on the routed data on the interface. Refer to
What is a dial policy? on page 68.
Do this by entering the index name of the traffic policy you want to acts as dial pol-
icy. You can create the traffic policy itself by adding a trafficPolicy object and by con-
figuring the attributes in this object.

Example

If you created a trafficPolicy object with index name my_traffic_policy

(i.e. trafficPolicy[my_traffic_policy]) and you want to apply this traffic
policy here as dial policy, then enter the index name as value for
the dialPolicy element.
Refer to 8.8 - Configuring traffic and priority policy on the router on page 237 for
more information on policies.

What is a dial policy?

Whereas a traffic policy determines which kind of traffic is allowed to go over the
connection once it is up, a dial policy determines which kind of traffic is allowed to
bring the connection up.
So if, for example, you define a dial policy that allows HTTP traffic only and a traffic
policy that allows HTTP and FTP traffic on e.g. an ISDN dial-up connection, then
only HTTP traffic will bring the connection up (and not the FTP traffic), but once it
is up also the FTP traffic is allowed to go over it.
68 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

Element Description

accessPolicy Use this element to apply an access policy on the Default:<empty>

routed data on the interface. Range: 0 … 24 characters
Whereas by using the trafficPolicy element you can apply an outbound access list on
the interface, you can apply an inbound access list on the interface by using the
accessPolicy element.
Do this by entering the index name of the traffic policy you want to use. You can
create the traffic policy itself by adding a trafficPolicy object and by configuring the
attributes in this object.

Example

If you created a trafficPolicy object with index name my_traffic_policy

(i.e. trafficPolicy[my_traffic_policy]) and you want to apply this traffic
policy here, then enter the index name as value for the trafficPol-
icy element.
Refer to 10.2 - Configuring the access restrictions on page 296 for more informa-
tion on inbound access lists.

mgmtAccess Use this element to enable or disable management Default:enabled

access through this interface. Range: enabled / disabled
If you set the mgmtAccess attribute to disabled, then you can not access the protocol
stack through this interface.

directedBroadcasts Use this element to enable (forward) or disable (dis- Default:enabled

card) directed broadcasts. Range: enabled / disabled

What is a directed broadcast?

A directed broadcast is an IP packet destined for a complete (sub-)network. For

example, a packet destined for all devices on subnetwork 192.168.48.0 with sub-
net mask 255.255.255.0 has destination address 192.168.48.255. I.e. all ones in
the subnet area of the IP address.

icmpRedirects Use this element to enable or disable the transmission Default:enabled

of ICMP messages. Range: enabled / disabled

What is an ICMP redirect?

If icmpRedirects is enabled and if the Telindus 1423 SHDSL Router receives an IP

packet on the interface for which …
• the next hop gateway is on the same interface,
• the next hop address is in the same subnet as the source,
… then it sends an ICMP message to the originator of the packet to inform him that
a better (shorter) route exists.
Telindus 1423 SHDSL Router Chapter 5 69
User manual Basic configuration

Element Description

igmp Use this element to configure the multicasting IGMP Default:disabled

protocol. Range: enumerated, see below
The igmp element has the following values:
• disabled. IGMP is disabled on this interface.
• proxy.
- IGMP join and leave messages are transmitted on this interface according
to the multicast member list.
- Multicast frames are always forwarded on this interface.
• router.
- IGMP join and leave messages are interpreted on this interface and the mul-
ticast member list is adapted accordingly.
- Multicast frames are forwarded on this interface if they are present in the
multicast member list.

Refer to What is IGMP? and IGMP topology on page 770 for more information on
IGMP.

helpers Use this element to enable broadcast forwarding. Default:<empty>

Limited IP broadcasts (address 255.255.255.255) Range: table, see below
and (sub-)network broadcasts for a directly connected network are normally not
forwarded by the Telindus 1423 SHDSL Router. However, client / server applica-
tions often use these broadcasts during start-up to discover the server on the net-
work. If the server is on a remote LAN, then the detection may fail.
Therefore, if you configure a helper IP address, the received broadcasts address
is replaced by this helper IP address and the packets are re-routed using the des-
tination address. Multiple helper IP addresses can be configured.

The Telindus 1423 SHDSL Router only substitutes addresses for the proto-
cols which are selected in the helperProtocols attribute. Refer to
telindus1423Router/ip/router/helperProtocols on page 565.
70 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

Element Description

nat Use this element to enable Network Address Transla- Default:<empty>

tion on the interface. Range: 0 … 24 characters
Do this by entering the name of the NAT object you want to apply:
• If you want to apply the NAT settings as defined in the router/defaultNat
object, then enter the string “default“ as value for the nat element.
• If you want to apply the NAT settings as defined in a NAT object you
added yourself (e.g. router/nat[myNat]), then enter the index name of the
NAT object (in this case “myNat”) as value for the nat element.

Refer to …
• 8.7 - Configuring address translation on page 219 for more information on NAT.
• 12.12.2 - NAT configuration attributes on page 583 for a detailed description of
the NAT configuration attributes.

Important remark

If you want to enable NAT on an interface but you also want that the inter-
face is inspected by the firewall, then enable NAT in the policies of the firewall and
not in the ip structure of the interface.
Telindus 1423 SHDSL Router Chapter 5 71
User manual Basic configuration

5.2.4 Configuring an IP address on the LAN interface

When configuring an IP address on the LAN interface, there are two different scenarios:
• The LAN interface mode is bridging (the configuration attribute telindus1423Router/lanInterface/mode is set
to bridging). This is the default setting.
• The LAN interface mode is routing (the configuration attribute telindus1423Router/lanInterface/mode is set
to routing).

LAN interface mode = bridging

In this case the settings of the configuration attribute telindus1423Router/lanInterface/ip are ignored. If you
want to manage the Telindus 1423 SHDSL Router via IP, then you have to configure an IP address in
the bridgeGroup object instead: telindus1423Router/bridge/bridgeGroup/ip.
Suppose you want to assign IP address 10.0.8.210 with subnet mask 255.255.252.0 to the LAN inter-
face, then configure the appropriate attributes as follows:
72 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

LAN interface mode = routing

In this case the settings of the configuration attribute telindus1423Router/lanInterface/ip are used.
Suppose you want to assign IP address 10.0.8.210 with subnet mask 255.255.252.0 to the LAN inter-
face, then configure the appropriate attributes as follows:
Telindus 1423 SHDSL Router Chapter 5 73
User manual Basic configuration

5.3 Configuring the SHDSL line

When you want to establish a line connection successfully, you have to configure some line attributes.
This section shows you which line attributes are essential. It also gives more information on how to select
a line speed (range). Then it explains the concept power back-off. Finally it explains how to configure the
Embedded Operations Channel (EOC) handling.
The following gives an overview of this section:
• 5.3.1 - Essential SHDSL line configuration attributes on page 74
• 5.3.2 - Selecting an SHDSL line speed (range) on page 75
• 5.3.3 - Power back-off on page 75
• 5.3.4 - Compatibility with other SHDSL devices on page 75
74 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

5.3.1 Essential SHDSL line configuration attributes

To establish a line connection successfully, it is essential to set the following configuration attributes cor-
rect:

Attribute Purpose of the attribute

telindus1423Router/wanInterface/line/channel on page 498 For synchronisation purposes, one unit has to be

defined as central and its remote counterpart as
remote.
The channel attribute also influences the clocking
of the Telindus 1423 SHDSL Router.

telindus1423Router/wanInterface/line/region on page 498 For correct operation, select the correct SHDSL
standard. Normally, the auto setting should suf-
fice.

telindus1423Router/wanInterface/line/timingMode on For compatibility with other SHDSL devices,

page 499 select the correct timing mode.
The timingMode attribute also influences the clock-
ing of the Telindus 1423 SHDSL Router.

In case of a Telindus 1423 SHDSL Router 1pair For a successful and qualitative line connection,
version, use: select an appropriate speed (range).
• telindus1423Router/wanInterface/line/minSpeed on Refer to 5.3.2 - Selecting an SHDSL line speed
page 502 (range) on page 75 for more information on the
• telindus1423Router/wanInterface/line/maxSpeed on speed (range).
page 502
In case of a Telindus 1423 SHDSL Router 2 pair
version, use:
• telindus1423Router/wanInterface/line/minSpeed2P on
page 503
• telindus1423Router/wanInterface/line/maxSpeed2P on
page 503

Refer to 12.6 - SHDSL line configuration attributes on page 497 for a complete overview of the line con-
figuration attributes.
Telindus 1423 SHDSL Router Chapter 5 75
User manual Basic configuration

5.3.2 Selecting an SHDSL line speed (range)

Selecting a speed range

The Telindus 1423 SHDSL Router features auto speed negotiation according to ITU-T G.994.1. During
this negotiation the Telindus 1423 SHDSL Router selects a speed within the range from the minimum
speed up to the maximum speed as set with the minSpeed(2P) and maxSpeed(2P) attributes.

Important remark

In case of a Telindus 1423 SHDSL Router 2 pair version, define a speed range either on the central or
on the remote Telindus 1423 SHDSL Router, but not on both. Else the 2 line pairs could train at a differ-
ent speed which is not allowed.

Selecting a fixed speed

If you set the minSpeed(2P) and maxSpeed(2P) attribute to the same value, then the Telindus 1423 SHDSL
Router operates at a fixed speed.

Fall-back speed

When you define a speed range, the Telindus 1423 SHDSL Router will always try to operate at the max-
imum speed. If the remote does not allow that speed or the signal quality deteriorates, then the Telindus
1423 SHDSL Router tries to select the second speed down the range. If also this speed fails, the Telin-
dus 1423 SHDSL Router again lowers its speed. It does this until it reaches the minimum speed.

5.3.3 Power back-off

The Telindus 1423 SHDSL Router features power back-off. Power back-off is a part of the ITU-T G.991.2
SHDSL recommendation. It reduces the maximum transmit power level if the line conditions are suffi-
ciently good to operate at a lower transmit level.
Power back-off is performed by default (no configuration attribute). During the ITU-T G.994.1 hand-
shake, the two sides of the line mutually agree on the transmit level. The transmit level is lowered
between 0 and 6 dB in steps of 1dB.

5.3.4 Compatibility with other SHDSL devices

The Telindus 1423 SHDSL Router can be used in combination with other (Telindus) SHDSL devices.
The document “Interoperability for Telindus SHDSL products” (PDF) gives an overview of the interoper-
ability.
76 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

5.4 Enabling EOC message exchange

This section introduces EOC message exchange and shows you how to enable this feature.
The following gives an overview of this section:
• 5.4.1 - Standard versus proprietary EOC message exchange on page 77
• 5.4.2 - Controlling the proprietary EOC message exchange on page 77
• 5.4.3 - Controlling the standard EOC message exchange on page 78
• 5.4.4 - none or passiveWhich standard EOC information is retrieved? on page 80
Telindus 1423 SHDSL Router Chapter 5 77
User manual Basic configuration

5.4.1 Standard versus proprietary EOC message exchange

On the Telindus SHDSL devices you can distinguish two types of EOC message exchange:
• standard EOC message exchange. These are the messages as defined in the SHDSL standard
G.991.2. They are sent through the Embedded Operations Channel (EOC).
• proprietary EOC message exchange. This is the proprietary O10 management protocol. This is also
sent through the Embedded Operations Channel (EOC).

5.4.2 Controlling the proprietary EOC message exchange

The proprietary EOC message exchange can be controlled by the configuration attribute
telindus1423Router/wanInterface/line/management on page 506. The management attribute has the following values:

Value Description

transparent No management data is forwarded over the SHDSL line. The data is passed trans-
parently over the line.

o10Management This forwards the proprietary Telindus O10 protocol over the SHDSL line. This
allows you to manage the remote SHDSL device (and possibly other Telindus
devices connected to the SHDSL device).

pathManagement This forwards path management information over the SHDSL line. This allows you
to manage complete paths instead of managing individual devices (i.e. elements).
For more information on path management, refer to the TMA Path Management
manual (PDF).

o10-PathManage- This forwards both the proprietary Telindus O10 protocol as the path management
ment information over the SHDSL line.
78 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

5.4.3 Controlling the standard EOC message exchange

The standard EOC message exchange can be controlled by the configuration attribute telindus1423Router/
wanInterface/line/eocHandling on page 506. The eocHandling attribute has the following values:

Value Description

passive The Telindus 1423 SHDSL Router does not send any standard EOC messages.
However, the Telindus 1423 SHDSL Router does respond on standard EOC mes-
sages it receives.
Also, after getting into data state, no proprietary EOC messages will be sent for the
first 2 minutes, unless the Telindus 1423 SHDSL Router received a Telindus spe-
cific frame from the other side (e.g. O10 data, or a test or configuration frame).

This is the preferred value when connecting the Telindus 1423 SHDSL
Router to the Telindus 2300 Series.

none Except for discovery probes, the Telindus 1423 SHDSL Router does not send
standard EOC messages. However, the Telindus 1423 SHDSL Router does
respond on standard EOC messages it receives.

discovery The Telindus 1423 SHDSL Router “scans” the SHDSL line. For every device it dis-
covers, it adds an object to the containment tree. Refer to Discovering devices on
inventory
the SHDSL line.
info
Then the Telindus 1423 SHDSL Router retrieves information from these devices
and displays it in the corresponding objects. Exactly which information is retrieved
depends on the setting of the eocHandling attribute. Refer to 5.4.4 - none or passive-
Which standard EOC information is retrieved? on page 80.

alarmConfiguration Also in this case the Telindus 1423 SHDSL Router “scans” the SHDSL line, adds
the objects to the containment tree and retrieves information from the devices.
Refer to Discovering devices on the SHDSL line and 5.4.4 - none or passiveWhich
standard EOC information is retrieved? on page 80.
Additionally, the central1 SHDSL device forces the remote2 SHDSL device to use
the link alarm thresholds lineAttenuationOn and signalNoiseOn as configured on the
central device. In other words, the settings of the lineAttenuationOn and signalNoiseOn
on the central device overrule those of the remote device.

1. The central device is the device on which the channel attribute is set to central.
2. The remote device is the device on which the channel attribute is set to remote.
Telindus 1423 SHDSL Router Chapter 5 79
User manual Basic configuration

Discovering devices on the SHDSL line

When you change the eocHandling attribute from none or passive to any other value, the Telindus 1423
SHDSL Router starts “scanning” the SHDSL line in order to determine which devices are present
between itself and its remote counterpart.
When the scan is finished, some new objects are added to the containment tree1 on the same level as
the line object:
• If one or more repeaters are present on the SHDSL line, a repeater[ ] object is added for every repeater.
• For the remote counterpart, an end object is added.

For example, suppose you have a link with a Crocus SHDSL as central
device, a Telindus 1423 SHDSL Router as remote device and one Crocus
SHDSL Repeater in between. Suppose you set the eocHandling attribute to
discovery. In that case one repeater[ ] object and an end object is added to the
containment tree as can be seen in the figure.

1. It can take up to 5 minutes before the new objects appear in the containment tree.
80 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

5.4.4 none or passiveWhich standard EOC information is retrieved?

As said in 5.4.3 - Controlling the standard EOC message exchange on page 78, exactly which standard
EOC information is retrieved from the remote SHDSL device(s) depends on the setting of the eocHandling
attribute.
This section gives an overview in which case which information is retrieved:
• Standard EOC status information on page 81
• Standard EOC performance information on page 82
• Standard EOC alarm information on page 83
Standard EOC status information Does the attribute or element display relevant information in case eocHandling is set to … ?

Object Attribute none discovery inventory info alarmConfiguration

telindus1423Router/ (Element)
User manual

line eocAlarmThresholds No. The value is • On the central1: yes. The values are those as set in the linkA- Yes. The values are
(lineAttenuation, signal- always 0.0. larmThresholds attribute. those as set in the linkA-
Noise) • On the remote2: no. The value is always 0.0. larmThresholds attribute
on the central device.3
Telindus 1423 SHDSL Router

numDiscoveredRepeaters Yes.

repeater[ ] vendorId No repeater[ ] or Yes.

or (countryCode, provider- end object is cre-
Code, vendorSpecific) ated.
end
vendorModel No. Yes.

vendorSerial No. Yes.

vendorSoftVersion No. Yes.

eocSoftVersion Yes.

shdslVersion Yes.

eocState Yes.

eocAlarmThresholds No. The value is always 0.0. Yes. The values are Yes. The values are
(lineAttenuation, signal- those as set in the linkA- those as set in the linkA-
Noise) larmThresholds attribute larmThresholds attribute
on the remote device. on the central device.

repeater[ ]/linePair[ ] lineAttenuation No repeater[ ] or No. The value is always 0.0. Yes. The values are the actual line attenuation
or end object is cre- and signal noise as measured on the remote
signalNoise
ated. device.
end/linePair[ ]

1. The central device is the device on which the channel attribute is set to central.
Basic configuration

2. The remote device is the device on which the channel attribute is set to remote.
Chapter 5 81

3. Refer to 5.4.3 - Controlling the standard EOC message exchange on page 78 for more information on the alarmConfiguration value.
Standard EOC performance information Does the attribute or element display relevant information in case eocHandling is set to … ?

Object Attribute none discovery inventory info alarmConfiguration

telindus1423Router/
User manual

repeater[ ]/linePair[ ] lineParameters No repeater[ ] or No. The value is always 0.0. Yes. The values are the same as those on the
or end object is cre- remote device.
performance
ated. Note that in this case the sysUpTime is not the
end/linePair[ ] h2LineParameters
elapsed time since the last cold boot, but the
82 Telindus 1423 SHDSL Router

h2Performance elapsed time since the creation of the repeater[ ] or

h24LineParameters end object.

h24Performance

d7LineParameters

d7Performance
Basic configuration
Chapter 5
Standard EOC alarm information Does the attribute or element display relevant information in case eocHandling is set to … ?

Object Attribute none discovery inventory info alarmConfiguration

telindus1423Router/
User manual

line/linePair[ ] lineAttenuation The thresholds as configured in the linkAlarmThresholds attribute on the local device The thresholds as con-
are used to generate the alarms. figured in the linkAlarm-
signalNoise
Thresholds attribute on
the central1 device are
Telindus 1423 SHDSL Router

used to generate the

alarms2.

repeater[ ]/linePair[ ] lineAttenuation No repeater[ ] or No alarms are generated. The thresholds as con- The thresholds as con-
or end object is cre- figured in the linkAlarm- figured in the linkAlarm-
signalNoise
ated. Thresholds attribute on Thresholds attribute on
end/linePair[ ]
the local device are the central device are
used to generate the used to generate the
alarms. alarms.

errSecRatioExceeded The thresholds as con-

figured in the linkAlarm-
sevErrSecRatioExceeded
Thresholds attribute on
the local device are
used to generate the
alarms.

1. The central device is the device on which the channel attribute is set to central.
2. Refer to 5.4.3 - Controlling the standard EOC message exchange on page 78 for more information on the alarmConfiguration value.
Basic configuration
Chapter 5 83
84 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

5.5 Configuring passwords

This section shows you how to create a (list of) password(s) with associated access level in the security
table. It also explains how to correct the security table in case of error or in case you forgot your pass-
word. Furthermore, this section shows you how to enter the passwords in the different maintenance
tools.
The following gives an overview of this section:
• 5.5.1 - Creating passwords in the security table on page 85
• 5.5.2 - Entering passwords in the different management tools on page 85
Telindus 1423 SHDSL Router Chapter 5 85
User manual Basic configuration

5.5.1 Creating passwords in the security table

In order to avoid unauthorised access to the Telindus 1423 SHDSL Router and the network you can cre-
ate a list of passwords with associated access levels in the security table. Do this using the security
attribute. Refer to telindus1423Router/security on page 447.

5.5.2 Entering passwords in the different management tools

Now that you created a (list of) password(s) in the Telindus 1423 SHDSL Router, you have to enter these
passwords every time you want to access the Telindus 1423 SHDSL Router with one of the maintenance
or management tools.
The following table explains how to enter passwords in the different maintenance or management tools:

Maintenance or man- How to enter the password?

agement tool

TMA Enter the password in the Connect… window.

TMA CLI, TMA for HP Use the application TmaUserConf.exe to create a TMA user and assign a
OpenView and TMA password to this user. The password should correspond with a password
Element Management configured in the device.
Refer to the manual of TMA CLI manual (PDF), TMA for HP OpenView man-
ual (PDF) or TMA Element Management manual (PDF/CHM) for more infor-
mation.

CLI You are prompted to enter the password when the session starts.

ATWIN You are prompted to enter the password when the CLI session starts. Then
you can start an ATWIN session.

Web Interface You are prompted to enter the password when the session starts.

SNMP Define the password as community string. If no passwords are defined, then
you can use any string as community string.

TML Enter the password after the destination filename. Separate password and
filename by a ‘?’.
Example: tml –fsourcefile@destinationfile?pwd

(T)FTP Enter the password after the destination filename. Separate password and
filename by a ‘?’.
Example: put sourcefile destinationfile?pwd
86 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

5.6 Executing configuration actions

This section shows you how to execute actions on the configuration. The following gives an overview of
this section:
• 5.6.1 - What are the different configuration types? on page 87
• 5.6.2 - Activating the configuration on page 88
• 5.6.3 - Loading the default configuration on page 88
• 5.6.4 - Loading the default configuration using a DIP switch on page 88
• 5.6.5 - Loading the preconfiguration on page 89
Telindus 1423 SHDSL Router Chapter 5 87
User manual Basic configuration

5.6.1 What are the different configuration types?

This section explains the different configuration types that are present in the Telindus 1423 SHDSL
Router.

Which are the configuration types?

Three types of configuration are present in the Telindus 1423 SHDSL Router:
• the non-active configuration
• the active configuration
• the default configuration.
• the preconfiguration.

Explaining the configuration types

When you configure the Telindus 1423 SHDSL Router, the following happens:

Phase Action Result

1 Connect the computer running the mainte- The non-active configuration is displayed
nance tool to the Telindus 1423 SHDSL on the screen.
Router.

2 Modify the non-active configuration. The modifications have no immediate influ-

ence on the active configuration currently
used by the Telindus 1423 SHDSL Router.

3 Complete the modifications on the non- The non-active configuration has to be acti-
active configuration. vated.

4 In case of … The non-active configuration becomes the

active configuration.
• TMA, click on the TMA button Send all
attributes to device: .

• any other maintenance tool than the

graphical user interface based TMA
(e.g. ATWIN, CLI, Web Interface, Easy-
Connect terminal, TMA CLI), then exe-
cute the Activate Configuration action.

Which are the configuration actions?

You can execute the following actions on the configuration:

• telindus1423Router/Activate Configuration on page 449
• telindus1423Router/Load Default Configuration on page 449
• telindus1423Router/Load Preconfiguration on page 449
• telindus1423Router/Load Saved Configuration on page 450
88 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

5.6.2 Activating the configuration

As explained in section 5.6.1 - What are the different configuration types? on page 87, when you finished
configuring the Telindus 1423 SHDSL Router you have to activate the configuration changes you made.
In case of …
• TMA, click on the TMA button Send all attributes to device: .

• any other maintenance tool than the graphical user interface based TMA (e.g. ATWIN, CLI, Web
Interface, EasyConnect terminal, TMA CLI), then execute the Activate Configuration action.

5.6.3 Loading the default configuration

If you install the Telindus 1423 SHDSL Router for the first time, all configuration attributes have their
default values (except if a preconfiguration is present, refer to 5.6.5 - Loading the preconfiguration on
page 89). If the Telindus 1423 SHDSL Router has already been configured but you want to start from
scratch, then you can revert to the default configuration.
You can load the default configuration using the Load Default Configuration …
• action. Refer to telindus1423Router/Load Default Configuration on page 449.
• DIP switch. Refer to 5.6.4 - Loading the default configuration using a DIP switch on page 88.

5.6.4 Loading the default configuration using a DIP switch

The following procedure shows how to load the default configuration using the Load Default Configura-
tion DIP switch on the Telindus 1423 SHDSL Router PCB:

Step Action

1 Disconnect the power supply and open the housing as described in 3.4 - Opening and
closing the housing on page 33.

2 Set the Load default configuration DIP switch to off.

Refer to 3.1 - The Telindus 1423 SHDSL Router motherboard on page 30 to locate this
DIP switch bank.

3 Replace the cover without fastening the screws and reconnect the power supply.
⇒The Telindus 1423 SHDSL Router reboots and loads the default configuration.
4 Activate the loaded default configuration:
1. Open a TMA session on the Telindus 1423 SHDSL Router. Refer to 4.1 - Maintaining
the Telindus 1423 SHDSL Router with TMA on page 36.
2. Execute the Activate Configuration action.

5 Again, disconnect the power supply and open the housing.

6 Reset the Load default configuration DIP switch to on.

7 Properly replace the cover as described in 3.4 - Opening and closing the housing on
page 33 and reconnect the power supply.

Always reboot the Telindus 1423 SHDSL Router after changing the DIP switches.
Telindus 1423 SHDSL Router Chapter 5 89
User manual Basic configuration

5.6.5 Loading the preconfiguration

In some cases, the Telindus 1423 SHDSL Router is preconfigured when it leaves the factory. In that case
a file named “precfg.cms” is present on the file system1. This means that not all attributes have their
default values, but some will have a preconfigured value. Now, if the Telindus 1423 SHDSL Router has
already been configured a couple of times, then you have the possibility to revert to the preconfiguration.
You can load the preconfiguration using the Load Preconfiguration action. Refer to telindus1423Router/Load
Preconfiguration on page 449.

Note that if no preconfiguration is present (i.e. the precfg.cms file is not present on the file system), then
this action does nothing.

1. If this file is not present, then no preconfiguration is present. If you want, you could create your
own preconfiguration by placing a custom made “precfg.cms” configuration file on the file sys-
tem.
90 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration

5.7 Configuring the major features of the Telindus 1423 SHDSL

Router

The following list shows you where you can find an introduction to and a basic configuration of the most
important features of the Telindus 1423 SHDSL Router:
• 6 - Setting up ISDN connections on page 93
• 7 - Configuring the encapsulation protocols on page 113
• 8 - Configuring routing on page 185
• 9 - Configuring bridging on page 263
• 10 - Configuring the additional features on page 289 (e.g. configuring DHCP, access lists, VLANs,
L2TP tunnels, etc.)
Telindus 1423 SHDSL Router Chapter 5 91
User manual Basic configuration

5.8 Troubleshooting the Telindus 1423 SHDSL Router

If you experience trouble when installing, configuring or operating the Telindus 1423 SHDSL Router,
then check the following:

Check Description

power Is the Telindus 1423 SHDSL Router powered properly?

connections Are all the necessary cables connected to the Telindus 1423 SHDSL Router? Are
they connected to the correct connectors of the Telindus 1423 SHDSL Router? Are
they connected properly? Did you use the correct cables (straight, crossed, …)?
Refer to 2.6 - Connecting the Telindus 1423 SHDSL Router on page 18.

other devices Are the devices that are connected to the Telindus 1423 SHDSL Router working
properly (are they powered, are they operational, …)?

LEDs What indicate the LEDs of the Telindus 1423 SHDSL Router? Do they indicate a
fault condition?
Refer to 2.7 - The front panel LED indicators on page 24.

messages What messages are displayed in the messages table? This table displays informa-
tive and error messages.
Refer to telindus1423Router/messages on page 691.

status What indicate the status attributes of the Telindus 1423 SHDSL Router? What is
the status of the different interfaces (up, down, testing, …)?
Refer to 13 - Status attributes on page 679.

performance What indicate the performance attributes of the Telindus 1423 SHDSL Router?
What is the performance of the different interfaces (does the data pass the inter-
face, is the interface up or down, when did it go up or down, …)?
Refer to 14 - Performance attributes on page 833.

alarms What indicate the alarm attributes of the Telindus 1423 SHDSL Router? What is
the alarm status of the different interfaces (link down, errors, …)?
Refer to 15 - Alarm attributes on page 915.
92 Telindus 1423 SHDSL Router Chapter 5
User manual Basic configuration
Telindus 1423 SHDSL Router Chapter 6 93
User manual Setting up ISDN connections

6 Setting up ISDN connections

This chapter is only relevant in case your Telindus 1423 SHDSL Router is equipped with ISDN inter-
faces. Refer to 1.3 - Telindus 1423 SHDSL Router family overview on page 7.

The way you have to set up an ISDN connection depends on the type of ISDN connection you want to
set up. If you want to set up a …
• dial-up ISDN connection, then you have to make use of ISDN profiles and dial maps.
• leased line ISDN connection, then you have to add a leased line ISDN object and configure the con-
figuration attributes in this object.

So this chapter introduces the concept of profiles and dial maps and describes how to create profiles
and dial maps in order to make up a complete configuration for a dial-up ISDN connection to/from a par-
ticular destination. It also describes how to set up a leased line ISDN connection.
The following gives an overview of this chapter:
• 6.1 - Explaining profiles and dial maps on page 94
• 6.2 - How to configure a dial-up ISDN connection on a BRI interface? on page 100
• 6.3 - How to configure a leased line ISDN connection on a BRI interface? on page 106
• 6.4 - How to configure callback? on page 108

Refer to the Reference manual on page 433 for a complete overview of the attributes of the Telindus
1423 SHDSL Router.
94 Telindus 1423 SHDSL Router Chapter 6
User manual Setting up ISDN connections

6.1 Explaining profiles and dial maps

This section introduces the concept of profiles and dial maps. The following gives an overview of this
section:
• 6.1.1 - What is a profile? on page 95
• 6.1.2 - Which profiles are there? on page 95
• 6.1.3 - What is a default and a custom profile? on page 96
• 6.1.4 - How to link the different profiles together? on page 96
• 6.1.5 - What is a dial map? on page 97
• 6.1.6 - How does a dial map work? on page 98
Telindus 1423 SHDSL Router Chapter 6 95
User manual Setting up ISDN connections

6.1.1 What is a profile?

To allow a flexible configuration of a dial-up ISDN connection to a remote ISDN device, the Telindus
1423 SHDSL Router makes use of (configuration) profiles. This means that you can create one or more
profiles and apply them on connections to one or more ISDN destinations. For example, you can create
only one encapsulation profile and apply this profile on connections to all ISDN destinations.
The advantage is that if several ISDN destinations require the same configuration, you do not have to
configure these connections over and over again. Instead, you create one profile and apply it to all ISDN
destinations. Profiles are extra advantageous because of the dynamic nature of dial-up ISDN connec-
tions (ISDN connections are set up when they are needed and disconnected when they are no longer
needed).

6.1.2 Which profiles are there?

There are three different profiles:

Profile Description

dial Using this profile you can configure the ISDN related parameters of the dial-
up connection. So in this profile you will find configuration attributes such as
idleTimeOut, callTimeOut, etc.
The dial profiles their location in the containment tree is:
telindus1423Router/profiles/dial

encapsulation Using this profile you can configure the PPP encapsulation related parame-
ters of the connection. So in this profile you will find configuration attributes
such as linkMonitoring, authentication, etc.
The encapsulation profiles their location in the containment tree is:
telindus1423Router/profiles/encapsulation

forwarding Using this profile you can configure the forwarding related parameters of the
connection. On the ISDN interfaces, only a routing forwarding profile can be
set up1. So in this profile you will find configuration attributes such as ip, etc.
The forwarding profiles their location in the containment tree is:
telindus1423Router/profiles/forwardingMode

1. The ISDN interfaces can only operate in routing mode, not in bridging mode. The reason for
not supporting bridging mode is that the risk is too high that the ISDN connections stay up per-
manently due to broadcasts and multicasts.
96 Telindus 1423 SHDSL Router Chapter 6
User manual Setting up ISDN connections

6.1.3 What is a default and a custom profile?

The default profile

The dial, encapsulation and forwardingMode objects always contain a sub-object which has the string “default”
in its name. More specifically dial/defaultIsdn, encapsulation/defaultPpp, forwardingMode/defaultRouting. These are
what we call the default profiles.

The custom profile

Under the dial, encapsulation and forwardingMode objects you can also add additional sub-objects. More spe-
cifically dial/isdn[ ], encapsulation/ppp[ ], forwardingMode/routing[ ]. These are what we call the custom profiles.

The profile attributes

The default and custom profiles on their turn contain the actual configuration attributes. Change these
attributes to create a specific configuration profile.

6.1.4 How to link the different profiles together?

Setting up profiles only is not enough. In some way, you have to “link” the dial, encapsulation and for-
warding profiles together in order to make up a complete configuration for a dial-up ISDN connection to/
from a particular destination. This is done by means of a dial map. Refer to 6.1.5 - What is a dial map?
on page 97 for more information.
Telindus 1423 SHDSL Router Chapter 6 97
User manual Setting up ISDN connections

6.1.5 What is a dial map?

As said before, setting up profiles only is not enough. You have to be able to “link” the dial, encapsulation
and forwarding profiles together in order to make up a complete configuration for a dial-up ISDN con-
nection to/from a particular destination. What is more, you have to be able to specify the telephone num-
bers to dial in, out or both. This is done by means of a dial map.
A dial map is an entry that you create in the dialMaps/mapping table (refer to telindus1423Router/dialMaps/map-
ping on page 548 for a complete description of this table). It is in such a row of the mapping table that you
specify which profiles have to be used, which telephone numbers have to be used, etc.
The following shows an entry in the mapping table in which the profiles my_isdn, my_ppp and my_routing are
used.
98 Telindus 1423 SHDSL Router Chapter 6
User manual Setting up ISDN connections

6.1.6 How does a dial map work?

So in the dialMaps/mapping table you can create entries (called dial maps) which actually make up a com-
plete configuration for an ISDN dial-up connection to/from a particular destination. This, however, does
not mean that when you create such an entry that the dial-up ISDN connection is immediately activated.
As opposed to a leased line (ISDN) connection, a dial-up ISDN connection is only activated when it is
needed.
So when is the ISDN connection needed? Let’s consider the following example:
• You have two networks: LAN 1 and LAN 2.
• You have to make a connection from network LAN 1 to network LAN 2, but only on certain occasions
(e.g. only for back-up purposes).
• Therefore, you do not want to use a leased line connection, but you want an ISDN dial-up link.

In order to realise this set-up, you have to configure three major things:
• Configure the necessary profiles (dial, encapsulation and forwarding).
• Create a dial map (i.e. an entry in the dialMaps/mapping table) which contains the necessary telephone
numbers to dial out and which groups the necessary profiles to make up the ISDN connection.
• Create an entry in the routing table towards network LAN 2.

Now, what happens if there is data on network LAN 1 that is destined for network LAN 2. In that case
the Telindus 1423 SHDSL Router does the following:
• The router checks the routing table for a route to LAN 2.
• The router finds an entry in the routing table which points to an entry in the dialMaps/mapping table (in
our example this is my_dialMap).
• The router sets up an ISDN call to number 0123456789 using the profiles as specified in the dial map.
Telindus 1423 SHDSL Router Chapter 6 99
User manual Setting up ISDN connections

The interaction between the routingTable, the dialMaps/mapping table and the different profiles is shown
again in the following screenshots.
100 Telindus 1423 SHDSL Router Chapter 6
User manual Setting up ISDN connections

6.2 How to configure a dial-up ISDN connection on a BRI inter-

face?

Refer to 6.1 - Explaining profiles and dial maps on page 94 for an introduction on profiles and dial maps.
If you want to create a complete configuration for a dial-up ISDN connection on a BRI interface to/from
a particular destination, then proceed as follows:

Step Action

1 Create a profile

Create a dial, encapsulation and forwarding profile. This determines the configuration of
the ISDN connection.
Refer to 6.2.1 - How to create a profile? on page 101.

2 Create a dial map

Create a dial map. This links the different profiles you created in step 1 together and
specifies the dial-in/out numbers etc.
Refer to 6.2.2 - How to create a dial map? on page 103.

3 Create a route

Create a route in the routing table which “points” to the dial map you created in step 2. If
traffic is destined for this route, then the Telindus 1423 SHDSL Router sets up an ISDN
connection using the parameters you entered in the dial map.
Refer to 6.2.3 - How to create a route that points to a dial map? on page 105.
Telindus 1423 SHDSL Router Chapter 6 101
User manual Setting up ISDN connections

6.2.1 How to create a profile?

In order to create a profile, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to

the object …
• profiles/dial if you want to create (a) dial profile(s).
• profiles/encapsulation if you want to create (an) encapsulation
profile(s).
• profiles/forwardingMode if you want to create (an) forwarding
profile(s).

2 Under these objects, you find a sub-object with the string

“default” in its name. This is the default profile.
If you want to set up …
• a default profile, then configure the attributes in the
“default” sub-object.
• a custom profile, then first add a sub-object (refer to
4.4 - Adding an object to the containment tree on
page 50). Then configure the attributes in this “cus-
tom” sub-object.

Refer to …
• 12.9.1 - ISDN dial profile configuration attributes on
page 520 for more information on the configuration attributes of the ISDN dial profile.
• 12.9.2 - Encapsulation profile configuration attributes on page 525 for more informa-
tion on the configuration attributes of the encapsulation profile.
• 12.9.3 - Forwarding profile configuration attributes on page 529 for more information
on the configuration attributes of the forwarding profile.

3 Create a dial map and use the profiles you just created in this dial map. Refer to 6.2.2 -
How to create a dial map? on page 103.
If you create a dial map for the first time, then initially it uses the default profiles. However,
you can change this to a custom profile.

Remark

In case of the …
• encapsulation and forwarding profiles, the profile settings are only taken into account when the con-
nection is being set up. Should you change the profile settings while several connections that make
use of this profile are active, then they continue with the previous settings. Only new connections will
be set up using the new profile settings.
• ISDN profile, changes in the profile settings immediately take effect.
102 Telindus 1423 SHDSL Router Chapter 6
User manual Setting up ISDN connections

Example: creating a default profile

Suppose you want to create one encapsula-

tion profile for all ISDN connections. In that
case it is sufficient to configure the configura-
tion attributes in the profiles/encapsulation/default-
Ppp object. E.g. set the compression attribute to
predictor1.

Example: creating a custom profile

Suppose that for most of the ISDN

connections the default encapsulation
profile suffices, but that one ISDN con-
nection requires a specific configura-
tion of the encapsulation. In that case,
you can create a custom encapsula-
tion profile for that particular ISDN
connection. Do this by adding an
encapsulation profile object and con-
figuring the configuration attributes in
this object. E.g. suppose you add an
encapsulation profile object with index
name my_ppp and that in this object you set the authentication attribute to pap and the authenPeriod attribute
to 30m.
Telindus 1423 SHDSL Router Chapter 6 103
User manual Setting up ISDN connections

6.2.2 How to create a dial map?

In order to create a dial map, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the attribute dialMaps/mapping.

2 In the mapping table, create an entry (i.e. add a row to the table). This entry is called a dial
map.

3 Configure the elements in the dial map. The most essential elements are:
• the name element. This is the name of the dial map. This name has to be used in the
routing table in order to refer to this dial map.
• the remoteTelNrs table. These are the telephone numbers that are used to dial in and
out.
• the callDirection element. This determines whether a call can be an incoming, outgoing
or an incoming + outgoing call.
• the dial, encapsulation and forwardingMode elements. These determine which profile is
used on this dial map.

Refer to telindus1423Router/dialMaps/mapping on page 548 for a detailed description of the dial

map elements.
104 Telindus 1423 SHDSL Router Chapter 6
User manual Setting up ISDN connections

Example: creating a dial map

Suppose you have the following set-up:

In the dial map you want to configure the following:

• You want to give the dial map the name: my_dialMap.
• You want to use the telephone number 0123456789 as dial out number.
• You want to make dial out connections only, not dial in connections.
• You want to use the default dial and forwarding profile.
• You want to use a custom encapsulation profile. The object that you created for this is called
ppp[my_ppp].

In this case, the dial map entry in the dialMaps/mapping table would look as follows:
Telindus 1423 SHDSL Router Chapter 6 105
User manual Setting up ISDN connections

6.2.3 How to create a route that points to a dial map?

In order to create a route that points to a dial map, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the attribute router/routingTable.

2 In the routingTable, create an entry (i.e. add a row to the table).

3 Configure the elements in the route entry. The most essential elements are:
• the network element. This is the IP address of the destination network.
• the mask element. This is the network mask of the destination network.
• the gateway element. This is the IP address of the next router on the path to the desti-
nation network. However, this element is optional since in most cases you do not
know the IP address of the remote router. So if you want, you can leave the gateway
element at its default value (being 0.0.0.0)
• the interface element. This is the interface through which the destination network can
be reached. In this case, the interface is a dial map. So you have to enter the dial map
name in the interface element.

Refer to telindus1423Router/ip/router/routingTable on page 560 for a detailed description of the

routing table elements.

Example: creating a route that points to a dial map

Suppose you have the following set-up:

You want that LAN 2 is reachable over an ISDN connection, so you create a dial map. Suppose this dial
map has the name my_dialMap. In this case, the route entry in the router/routingTable would look as follows:
106 Telindus 1423 SHDSL Router Chapter 6
User manual Setting up ISDN connections

6.3 How to configure a leased line ISDN connection on a BRI inter-

face?

Instead of setting up a dial-up ISDN connection on the ISDN BRI interfaces, you can also set up a leased
line ISDN connection.
If you want to create a complete configuration for a leased line ISDN connection, then proceed as fol-
lows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to

the bri[ ] object and add a leasedLine[ ] object underneath (refer to
4.4 - Adding an object to the containment tree on page 50).

2 In the bri[ ] object, use the dialAllowed

attribute to determine whether the
BRI interface can be used in both
leased line and dial-up mode or in
leased line mode only.
Set the dialAllowed attribute to:
• yes, to allow both leased line and dial-up operation.
• no, to allow leased line operation only.

3 In the bri[ ]/leasedLine[ ] object, use the channelAllocation attribute to activate the BRI channels.
Do this by setting the corresponding channel in the channelAllocation structure to on.

Depending which channels you activate, you can comply with the following standards:
• 64S: B1 channel
• 64S2: B1+B2 channel
• TS01: B1+D channel
• TS02: B1+B2+D channel

4 In the bri[ ]/leasedLine[ ] object, use the encapsulation attribute to select an encapsulation pro-
tocol that has to be used on the leased line ISDN connection.
Telindus 1423 SHDSL Router Chapter 6 107
User manual Setting up ISDN connections

Step Action

5 Depending which encapsulation protocol you selected, config-

ure the attributes related to this encapsulation protocol. You
can find these attributes in the objects located under the bri[ ]/
leasedLine[ ] object.
108 Telindus 1423 SHDSL Router Chapter 6
User manual Setting up ISDN connections

6.4 How to configure callback?

This section explains what callback is and how to set it up. The following gives an overview of this sec-
tion:
• 6.4.1 - Introducing callback on page 109
• 6.4.2 - Configuring callback on page 111
Telindus 1423 SHDSL Router Chapter 6 109
User manual Setting up ISDN connections

6.4.1 Introducing callback

What is callback?

Callback is a PPP LCP extension (refer to RFC 1570). It provides a method to request a dial-up peer to
call back. This option might be used for many diverse purposes, such as savings on toll charges.
When callback is successfully negotiated, and authentication is complete, the authentication phase pro-
ceeds directly to the termination phase, and the link is disconnected. Then, the peer re-establishes the
link, without negotiating callback.
The Telindus 1423 SHDSL Router supports two types of callback:
• authentication.
• E.164 number.

What is authentication callback?

Authentication callback is based on PPP authentication. This works as follows:

1. The peer requesting the callback dials the peer responding to the callback.
2. The callback is negotiated and authentication is done.
3. The call is terminated.
4. The responder calls back. The number the responder dials back to is listed in a database that links
authentication names to telephone numbers.
5. Authentication is done. If the authentication is successful, then the call remains up. Else the call is
terminated.

In case of authentication callback, the Telindus 1423 SHDSL Router can only act as requester, not as
responder (you can not create a database linking authentication names to callback telephone numbers).
110 Telindus 1423 SHDSL Router Chapter 6
User manual Setting up ISDN connections

What is E.164 number callback?

In case of E.164 number callback, the callback number is communicated during the callback negotiation.
This works as follows:
1. The peer requesting the callback dials the peer responding to the callback.
2. The callback is negotiated and the callback number is communicated to the responder.
3. The call is terminated.
4. The responder calls back using the number he received from the requestor.

Note that in this case no authentication is done. This means that you can never be sure that the
responder is the same device you contacted in the first step of the callback sequence.
Telindus 1423 SHDSL Router Chapter 6 111
User manual Setting up ISDN connections

6.4.2 Configuring callback

Refer to 6.4.1 - Introducing callback on page 109 for an introduction.

To configure callback, proceed as follows:

Step Action

1 Set up profiles and dial maps as explained in 6.2 - How to configure a dial-up ISDN con-
nection on a BRI interface? on page 100.

2 In the PPP encapsulation profile, set the callback attribute either to

authentication or e164Number:
• authentication. The callback is based on PPP authentication. Refer
to What is authentication callback? on page 109.
In this case, you also have to configure PPP authentication cor-
rectly (refer to 7.4 - Configuring PPP encapsulation on page 155).
• e164Number. The callback number is communicated during the callback negotiation.
Refer to What is E.164 number callback? on page 110.

3 In the ISDN dial profile, you can adapt the callback time-out by changing the value of the
callInterval attribute.

Set the callback time-out big enough so that the device that has to call back has
enough time to do so.
112 Telindus 1423 SHDSL Router Chapter 6
User manual Setting up ISDN connections
Telindus 1423 SHDSL Router Chapter 7 113
User manual Configuring the encapsulation protocols

7 Configuring the encapsulation protocols

This chapter introduces the encapsulation protocols that can be used on the Telindus 1423 SHDSL
Router and lists the attributes you can use to configure the encapsulation protocols.

Note that these encapsulation protocols cannot only be used on the xDSL line but, if your Telindus 1423
SHDSL Router is equipped with (an) ISDN interface(s), also on the ISDN interface(s).
The protocols Frame Relay, PPP and HDLC are only relevant for TDM operation.
Refer to 1.3 - Telindus 1423 SHDSL Router family overview on page 7 for more information about which
protocols are available on which Telindus 1423 SHDSL Router version.

The following gives an overview of this chapter:

• 7.1 - Selecting an encapsulation protocol on page 114
• 7.2 - Configuring ATM encapsulation on page 115
• 7.3 - Configuring Frame Relay encapsulation on page 140
• 7.4 - Configuring PPP encapsulation on page 155
• 7.5 - Configuring HDLC encapsulation on page 181
• 7.6 - Configuring an error test on page 183

Refer to the Reference manual on page 433 for a complete overview of the attributes of the Telindus
1423 SHDSL Router.
114 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.1 Selecting an encapsulation protocol

Selecting an encapsulation protocol on the SHDSL line

On the SHDSL line, you can choose between several encapsulation protocols. So first select the encap-
sulation protocol you want to use. Do this using the encapsulation attribute. Refer to telindus1423Router/wan-
Interface/encapsulation on page 467.
Once you selected an encapsulation protocol you can configure it as described in this chapter.

Selecting an encapsulation protocol on the ISDN interface

If your Telindus 1423 SHDSL Router is equipped with an ISDN interface, then you can set up two types
of ISDN connections:
• A dial-up ISDN connection. In this case, you cannot choose between several encapsulation proto-
cols. The encapsulation protocol is always PPP. You can configure it as described in this chapter.
• A leased line connection. In this case, you can choose between several encapsulation protocols. So
first select the encapsulation protocol you want to use. Do this using the encapsulation attribute. Refer
to telindus1423Router/bri[ ]/leasedLine[ ]/encapsulation on page 517.
Once you selected an encapsulation protocol you can configure it as described in this chapter.
Telindus 1423 SHDSL Router Chapter 7 115
User manual Configuring the encapsulation protocols

7.2 Configuring ATM encapsulation

This section introduces the ATM encapsulation protocol and gives a short description of the attributes
you can use to configure this encapsulation protocol.
The following gives an overview of this section:
• 7.2.1 - Introducing ATM on page 116
• 7.2.2 - Configuring ATM PVCs on page 125
• 7.2.3 - Automatically obtaining IP addresses in ATM on page 127
• 7.2.4 - Configuring IP addresses in ATM on page 128
• 7.2.5 - Configuring the VPI and VCI on page 129
• 7.2.6 - Configuring UBR on page 130
• 7.2.7 - Configuring VBR-nrt on page 131
• 7.2.8 - Configuring VBR-rt on page 132
• 7.2.9 - Configuring CBR on page 133
• 7.2.10 - ATM PVC bandwidth assignment on page 134
• 7.2.11 - Configuring bridged/routed Ethernet/IP over ATM (RFC 2684) on page 136
• 7.2.12 - Configuring Classical IP (IPoA) on page 137
• 7.2.13 - Configuring PPP over ATM (PPPoA) on page 138
• 7.2.14 - Configuring PPP over Ethernet (PPPoE) on page 139
116 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.2.1 Introducing ATM

What is ATM?

ATM is a cell-switching and multiplexing technology that combines the benefits of circuit switching (guar-
anteed capacity and constant transmission delay) with those of packet switching (flexibility and efficiency
for intermittent traffic). It provides scalable bandwidth. Because of its asynchronous nature, ATM is more
efficient than synchronous technologies, such as time-division multiplexing (TDM).
With TDM, each user is assigned a time slot, and no other station can send in that time slot. If a station
has much data to send, it can send only when its time slot comes up, even if all other time slots are
empty. However, if a station has nothing to transmit when its time slot comes up, the time slot is sent
empty and is wasted. Because ATM is asynchronous, time slots are available on demand with informa-
tion identifying the source of the transmission contained in the header of each ATM cell.

What is VPI and VCI?

ATM networks are fundamentally connection-oriented, which means that a virtual channel must be set
up across the ATM network prior to any data transfer. (A virtual channel is roughly equivalent to a Per-
manent Virtual Circuit or PVC.)
Two types of ATM connections exist:
• virtual paths, which are identified by Virtual Path Identifiers (VPIs).
• virtual channels, which are identified by the combination of a VPI and a Virtual Channel Identifier
(VCI).

A virtual path is a bundle of virtual channels, all of which are switched transparently across the ATM net-
work based on the common VPI. All VPIs and VCIs, however, have only local significance across a par-
ticular link and are remapped, as appropriate, at each switch.
A transmission path is the physical media that transports virtual channels and virtual paths. The following
figure illustrates how VCs concatenate to create VPs, which, in turn, traverse the media or transmission
path.
Telindus 1423 SHDSL Router Chapter 7 117
User manual Configuring the encapsulation protocols

What are the ATM layers?

The ATM reference model is composed of the following ATM layers:

Layer Description

physical layer Analogous to the physical layer of the OSI reference model, the ATM physical
layer manages the medium-dependent transmission.

ATM layer Combined with the ATM adaptation layer, the ATM layer is roughly analogous to
the data link layer of the OSI reference model. The ATM layer is responsible for
the simultaneous sharing of virtual circuits over a physical link (cell multiplexing)
and passing cells through the ATM network (cell relay). To do this, it uses the VPI
and VCI information in the header of each ATM cell.

ATM Adaptation Combined with the ATM layer, the AAL is roughly analogous to the data link layer
Layer (AAL) of the OSI model. The AAL is responsible for isolating higher-layer protocols from
the details of the ATM processes. The adaptation layer prepares user data for con-
version into cells and segments the data into 48-byte cell payloads.
At present, the four types of AAL recommended by the ITU-T are AAL1, AAL2,
AAL3/4, and AAL5:
• AAL1 is used for connection-oriented, delay-sensitive services requiring con-
stant bit rates, such as uncompressed video and other isochronous traffic.
• AAL2 is used for connection-oriented services that support a variable bit rate,
such as some isochronous video and voice traffic.
• AAL3/4 (merged from two initially distinct adaptation layers) supports both con-
nectionless and connection-oriented links but is used primarily for the transmis-
sion of SMDS packets over ATM networks.
• AAL5 supports connection-oriented VBR services and is used predominantly
for the transfer of classical IP over ATM and LANE traffic. AAL5 uses SEAL and
is the least complex of the current AAL recommendations. It offers low band-
width overhead and simpler processing requirements in exchange for reduced
bandwidth capacity and error-recovery capability.

higher layers Finally, the higher layers residing above the AAL accept user data, arrange it into
packets, and hand it to the AAL.
118 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

What are ATM service categories?

The Traffic Management Specification Version 4.0 defines five ATM service categories that describe the
traffic transmitted by users onto a network and the Quality of Service (QoS) that a network needs to pro-
vide for that traffic. The five service categories are:
• Constant Bit Rate (CBR)
• Variable Bit Rate real-time (VBR-rt)
• Variable Bit Rate non-real-time (VBR-nrt)
• Available Bit Rate (ABR)
• Unspecified Bit Rate (UBR)
The Telindus 1423 SHDSL Router supports CBR, VBR-rt, VBR-nrt and UBR.

Which are the ATM service category traffic parameters?

The traffic parameters with which you can configure the ATM service categories are:

Traffic parame- Description

ter

PCR The Peak Cell Rate (PCR) is the maximum rate at which you expect to transmit
data. Obviously, the maximum possible PCR is the physical speed of the cus-
tomer's access circuit into the ATM service provider.

SCR The Sustainable Cell Rate (SCR) is the sustained rate at which you expect to
transmit data. Consider the SCR to be the true bandwidth of a PVC and not the
long-term average traffic rate.

MBS The Maximum Burst Size (MBS) is the amount of time or the duration at which the
router exceeds the SCR (in other words, it declares how many cells can be trans-
mitted at a rate higher then SCR). Calculate this time in seconds using the follow-
ing formula:
T = (burst cells x 424 bits per cell) / (PCR - SCR)
MBS will accommodate temporary bursts or short spikes in the traffic pattern. For
example, an MBS of 100 cells allows a burst of three MTU-size Ethernet frames.
It is important that you factor longer duration bursts into the SCR.

What is UBR?

The Unspecified Bit Rate (UBR) service category is a "best effort" service intended for non-critical appli-
cations, which do not require tightly constrained delay and delay variation, nor a specified quality of serv-
ice. UBR sources are expected to transmit non-continuous bursts of cells. UBR service supports a high
degree of statistical multiplexing among sources.
UBR service does not specify traffic related service guarantees. Specifically, UBR does not include the
notion of a per-connection negotiated bandwidth. There may not be any numerical commitments made
as to the cell loss ratio experienced by a UBR connection, or as to the cell transfer delay experienced by
cells on the connection: available bandwidth depends on other traffic on the connection.
The only traffic parameter you have to configure in case of UBR is the PCR. The PCR only provides an
indication of a physical bandwidth limitation within a PVC.
Examples of applications which can be seen as appropriate targets for the UBR service category are:
data transfer, messaging, etc.
Telindus 1423 SHDSL Router Chapter 7 119
User manual Configuring the encapsulation protocols

The following figure shows the PCR, SCR and MBS relationship:

What is VBR-nrt?

The non-real time VBR service category is intended for applications which have bursty traffic character-
istics and do not have tight constraints as to delay and delay variation. For those cells which are trans-
ferred within the traffic contract, the application expects a low Cell Loss Ratio (CLR). For all cells, it
expects a bound on the Cell Transfer Delay (CTD). Non-real time VBR service may support statistical
multiplexing of connections.
The traffic parameters you have to configure in case of VBR-nrt are:
• the Sustainable Cell Rate (SCR)
• the Peak Cell Rate (PCR)
• the Maximum Burst Size (MBS)

Examples of applications which can be seen as appropriate targets for the VBR-nrt service category are:
response-time critical transaction processing applications (e.g. airline reservations, banking transac-
tions, process monitoring), etc.
The following figure shows the PCR, SCR and MBS relationship:

What is VBR-rt?

The real-time VBR service category is intended for time-sensitive applications, (i.e., those requiring
tightly constrained delay and delay variation), as would be appropriate for voice and video applications.
Sources are expected to transmit at a rate which varies with time. Equivalently, the source can be
described as "bursty".
Cells which are delayed beyond the value specified by CTD are assumed to be of significantly less value
to the application. Real-time VBR service may support statistical multiplexing of real-time sources.
120 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

The traffic parameters you have to configure in case of VBR-rt are:

• the Sustainable Cell Rate (SCR)
• the Peak Cell Rate (PCR)
• the Maximum Burst Size (MBS)

Examples of applications which can be seen as appropriate targets for the VBR-rt service category are:
some classes of multimedia communications (e.g. compressed audio, interactive multimedia), etc.
The following figure shows the PCR, SCR and MBS relationship:

What is CBR?

The CBR service category is used by connections that request a fixed (static) amount of bandwidth,
characterized by a Peak Cell Rate (PCR) value that is continuously available during the connection life-
time, independent from other traffic on the network. The source may emit cells at or below the PCR at
any time, and for any duration (or may be silent).
This category is intended for real-time applications, i.e., those requiring tightly constrained Cell Transfer
Delay (CTD) and Cell Delay Variation (CDV), but is not restricted to these applications. It would be
appropriate for voice and video applications, as well as for Circuit Emulation Services (CES).
The basic commitment made by the network is that once the connection is established, the negotiated
QoS is assured to all cells conforming to the relevant conformance tests. It is assumed that cells which
are delayed beyond the value specified by Cell Transfer Delay (CTD) may be of significantly less value
to the application.
The only traffic parameter you have to configure in case of CBR is the PCR.
Examples of applications which can be seen as appropriate targets for the CBR service category are:
video conferencing, interactive audio (e.g., telephony), audio/video distribution (e.g. television, distance
learning), audio/video retrieval (e.g. video-on-demand, audio library)
Telindus 1423 SHDSL Router Chapter 7 121
User manual Configuring the encapsulation protocols

The following figure shows the PCR, SCR and MBS relationship:

What is multi-protocol over ATM (MPoA)?

As its name implies, multi-protocol encapsulation over ATM provides mechanisms for carrying traffic
other than just IP. Several different protocols can be used on top of ATM:
• Bridged/routed Ethernet/IP over ATM (formerly RFC 1483, now RFC 2684). This protocol makes the
router appear as a LAN device to the operating system.
• IP over ATM (IPoA, RFC 1577, similar to RFC 2684). Also in this case the protocol makes the router
appear as a LAN device to the operating system.
• Point to Point Protocol Over ATM ( PPPoA, RFC 2364). PPP provides session setup, user authenti-
cation (login), and encapsulation for upper layer protocols such as IP. The use of PPP makes the
router appear as a dial device to the operating system.
• Point to Point Protocol Over Ethernet (PPPoE, RFC 2516). This protocol makes the router appear as
a LAN device to the operating system. It allows multiple devices on an Ethernet to share a common
connection to the remote network (e.g. the Internet).
122 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

Which are the multi-protocol over ATM encapsulation mechanisms?

As said before, you can encapsulate several protocols in ATM. The mechanisms to do this are:

MPoA encapsulation Description

mechanism

Logical Link Control In this method, multiple protocol types can be carried across a single con-
(LLC) encapsulation nection with the type of encapsulated packet identified by a standard LLC/
SNAP header.

Virtual Connection Mul- In this method, only a single protocol is carried across an ATM connection,
tiplexing with the type of protocol implicitly identified at connection setup.

LLC encapsulation is provided to support routed and bridged protocols. In this encapsulation format,
PDUs from multiple protocols can be carried over the same virtual connection. The type of protocol is
indicated in the packet's SNAP header. By contrast, the virtual connection multiplexing method allows
for transport of just one protocol per virtual connection.
The following table gives an overview of which multi-protocol mechanism can be used for which higher
layer protocol encapsulation.

higherLayerProtocol multiProtocolMech

rfc2684 llcEncapsulation +
vcMultiplexing

ppp llcEncapsulation +
vcMultiplexing

pppOverEthernet llcEncapsulation
Telindus 1423 SHDSL Router Chapter 7 123
User manual Configuring the encapsulation protocols

What is PPPoA (RFC 2364)?

PPP over ATM adaptation layer 5 (AAL5) uses AAL5 as the framed protocol. It relies on RFC 2684, oper-
ating in either Logical Link Control Encapsulation or Virtual Connection Multiplexing mode. A Customer
Premises Equipment (CPE) device encapsulates the PPP session based on this RFC for transport
across the xDSL loop and the Digital Subscriber Line Access Multiplexer (DSLAM).

What is PPPoE over ATM (RFC 2516)?

PPP over Ethernet (PPPoE) over ATM actually combines three protocols: Ethernet, PPP and ATM. The
Ethernet is encapsulated in PPP which, on its turn, is encapsulated in ATM:
• The Ethernet protocol provides the ability to connect a network of hosts over a simple bridging access
device to a remote access concentrator.
• The PPP protocol provides the ability that each host utilises its own PPP stack and that the user is
presented with a familiar user interface. Access control, billing and type of service can be done on a
per-user basis, rather than on a per-site basis.
• The ATM protocol provides service-provider digital subscriber line (DSL) support.

What is PPPoE (RFC 2516)?

PPP over Ethernet (PPPoE) provides the ability to connect a network of hosts over a simple bridging
access device to a remote access concentrator. With this model, each host utilises its own PPP stack
and the user is presented with a familiar user interface. Access control, billing and type of service can
be done on a per-user basis, rather than on a per-site basis.
PPPoE has two distinct stages:
• a discovery stage.
• a PPP session stage.

When a host wants to initiate a PPPoE session, it must first perform discovery to identify the Ethernet
MAC address of the peer and establish a PPPoE session ID. While PPP defines a peer-to-peer relation-
ship, discovery is inherently a client-server relationship. In the discovery process, a host (the client) dis-
covers an access concentrator (the server). Based on the network topology, there may be more than
one access concentrator that the host can communicate with. The discovery stage allows the host to
discover all access concentrators and then select one. When discovery completes successfully, both the
host and the selected access concentrator have the information they will use to build their point-to-point
connection over Ethernet.
The discovery stage remains stateless until a PPP session is established. Once a PPP session is estab-
lished, both the host and the access concentrator must allocate the resources for a PPP virtual interface.
124 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

What are OAM LoopBack (LB) cells?

The ATM protocol features OAM LoopBack (LB) cells. These are used to verify whether a Virtual Chan-
nel/Path is truly up or down. This can be done on two levels:
• on Virtual Path (VP) level by using OAM F4 LB cells. The relevant configuration attributes can be
found in the vp table.
• on Virtual Channel (VC) level by using OAM F5 LB cells. The relevant configuration attributes can be
found in the pvcTable.

The Telindus 1423 SHDSL Router always responds to OAM LB cells received from the peer ATM device
(both segment and end-to-end cells). However, when OAM LB is activated, the Telindus 1423 SHDSL
Router only sends end-to-end OAM LB request cells.

What is CLP?

The Cell Loss Priority (CLP) indicates whether the cell should be discarded if it encounters extreme con-
gestion as it moves through the network. If the CLP bit equals 1, the cell should be discarded in prefer-
ence to cells with the CLP bit equal to 0.

What is EFCI?

The Explicit Forward Congestion Indication (EFCI) indicates whether a cell containing user data experi-
enced congestion as it moved through the network.
Telindus 1423 SHDSL Router Chapter 7 125
User manual Configuring the encapsulation protocols

7.2.2 Configuring ATM PVCs

Refer to 7.2.1 - Introducing ATM on page 116 for an introduction.

In an ATM network you can set-up PVCs. A PVC allows direct connectivity between sites. In this way, a
PVC is similar to a leased line. A PVC guarantees availability of a connection and does not require call
setup procedures between the ATM switches.
To configure an ATM PVC, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the atm object, select the
pvcTable attribute and add one or more entries to this table.

Use this attribute to set up ATM PVCs. Add a row to the pvcTable for each ATM PVC you
want to create.

2 Configure the elements of the ATM PVC you just created. These elements are:
• name. Use this element to assign an administrative name to the ATM PVC.
• adminStatus. Use this element to activate (up) or deactivate (down) the ATM PVC.
• mode. Use this element to determine whether, for the corresponding ATM PVC, the
packets are treated by the routing process, the bridging process or both.
• priorityPolicy. Use this element to apply a priority policy on the ATM PVC. Refer to 8.8.7
- Applying a priority policy on an interface on page 249 for more information.
• ip. Use this element to configure the IP related parameters of the ATM PVC. Refer to
5.2.3 - Explaining the ip structure on page 63 for more information.
• bridging. Use this element to configure the bridging related parameters of the ATM PVC
in case the PVC is in bridging mode (i.e. in case the mode element is set to bridging).
Refer to 9.2.6 - Explaining the bridging structure on page 281 for more information.
• atm. Use this element to configure the ATM specific parameters of the ATM PVC.
Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm on page 472 for more
information.
• ppp. Use this element to configure the PPP related parameters of the ATM PVC in
case you want to run PPP over ATM. Refer to 12.5.3 - PPP configuration attributes on
page 487 for a detailed description of the elements in the ppp structure.

Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable on page 470 for a detailed

description of the pvcTable.
126 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

Example - configuring ATM PVCs_

The following figure gives an example of a local Ethernet segment connected to three different networks
through three different PVCs:

The following screenshot shows (part of) the pvcTable of the set-up depicted in the figure above:
Telindus 1423 SHDSL Router Chapter 7 127
User manual Configuring the encapsulation protocols

7.2.3 Automatically obtaining IP addresses in ATM

Obtaining a local IP address

In case of ATM, the Telindus 1423 SHDSL Router can perform an auto-install (refer to 17 - Auto installing
the Telindus 1423 SHDSL Router on page 939). This includes obtaining a local IP address of the ATM
PVC. However, even if no auto-install is performed the Telindus 1423 SHDSL Router runs the following
sequence to obtain a local IP address of the ATM PVC:

Obtaining a remote IP address

If the ATM network supports the InARP (Inverse Address Resolution Protocol) protocol, then the Telin-
dus 1423 SHDSL Router can learn the remote IP address of an ATM PVC.
128 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.2.4 Configuring IP addresses in ATM

To configure IP addresses on an ATM PVC, proceed as follows:

Step Action

1 In the pvcTable, select the ip structure.

2 In the ip structure, configure the following elements:

• address. Use this element to assign an IP address to the local end of the ATM PVC.
• netMask. Use this element to assign an IP subnet mask to the local end of the ATM
PVC.
• remote. Use this element to assign an IP address to the remote end of the ATM PVC.
• unnumbered. In case you do not explicitly configure a local IP address for an ATM PVC,
then you can use this element to "borrow" the IP address of another interface for
which an IP address is already configured.

Refer to …
• 5.2.3 - Explaining the ip structure on page 63 for a complete description of the ip structure.
• Example - configuring ATM PVCs_ on page 126 for an example.
Telindus 1423 SHDSL Router Chapter 7 129
User manual Configuring the encapsulation protocols

7.2.5 Configuring the VPI and VCI

Refer to 7.2.1 - Introducing ATM on page 116 for an introduction on VPI and VCI.
To configure the VPI and VCI of an ATM PVC, proceed as follows:

Step Action

1 In the pvcTable, select the atm structure.

2 In the atm structure, configure the following elements:

• vpi. Use this element to set the Virtual Path Identifier (VPI) of the
ATM PVC.
• vci. Use this element to set the Virtual Channel Identifier (VCI) of
the ATM PVC.

Refer to …
• telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm on page 472 for a complete description of the
atm structure.
• Example - configuring ATM PVCs_ on page 126 for an example.
130 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.2.6 Configuring UBR

Refer to 7.2.1 - Introducing ATM on page 116 for an introduction on UBR and related traffic parameters.
To configure UBR on an ATM PVC, proceed as follows:

Step Action

1 In the pvcTable, select the atm structure.

2 In the atm structure, set the serviceCategory element to ubr.

3 In the atm structure, configure the UBR related traffic parameters.

The only parameter you have to configure in case of UBR is the
Peak Cell Rate (PCR). The PCR only provides an indication of a
physical bandwidth limitation within a PVC.

Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm on page 472 for a complete description

of the atm structure.
Telindus 1423 SHDSL Router Chapter 7 131
User manual Configuring the encapsulation protocols

7.2.7 Configuring VBR-nrt

Refer to 7.2.1 - Introducing ATM on page 116 for an introduction on VBR-nrt and related traffic parame-
ters.
To configure VBR-nrt on an ATM PVC, proceed as follows:

Step Action

1 In the pvcTable, select the atm structure.

2 In the atm structure, set the serviceCategory element to vbt-nrt.

3 In the atm structure, configure the VBR-nrt related traffic parameters:

• the Peak Cell Rate (PCR).
• the Sustainable Cell Rate (SCR).
• the Maximum Burst Size (MBS).

The PCR and MBS must be understood only as mechanisms to reduce latency and not
as a way to increase bandwidth. Thus, the PCR and MBS allow you to accommodate
short duration bursts of traffic without packet drops taking place. If long duration bursts
exist often in your specific traffic pattern, they should be taken under account when
choosing the value for SCR.

Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm on page 472 for a complete description

of the atm structure.

Calculating the burst size

From the MBS it is possible to figure out how many time, in seconds, the Telindus 1423 SHDSL Router
will be able to transmit at PCR, by means of the following equation:
T = (MBS x 424 bits per cell) / (PCR - SCR)

So suppose the SCR and PCR are known to be 64 kbps and 256 kbps and suppose you set the MBS to
…
• 45 cells, then T = 100 ms which means you can have bursts up to approximately 3 kbytes.
• 90 cells, then T = 200 ms which means you can have bursts up to approximately 6 kbytes.
132 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.2.8 Configuring VBR-rt

Refer to 7.2.1 - Introducing ATM on page 116 for an introduction on VBR-rt and related traffic parame-
ters.
To configure VBR-rt on an ATM PVC, proceed as follows:

Step Action

1 In the pvcTable, select the atm structure.

2 In the atm structure, set the serviceCategory element to vbt-rt.

3 In the atm structure, configure the VBR-rt related traffic parameters:

• the Peak Cell Rate (PCR).
• the Sustainable Cell Rate (SCR).
• the Maximum Burst Size (MBS).

The PCR and MBS must be understood only as mechanisms to reduce latency and not
as a way to increase bandwidth. Thus, the PCR and MBS allow you to accommodate
short duration bursts of traffic without packet drops taking place. If long duration bursts
exist often in your specific traffic pattern, they should be taken under account when
choosing the value for SCR.

Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm on page 472 for a complete description

of the atm structure.

Calculating the burst size

From the MBS it is possible to figure out how many time, in seconds, the Telindus 1423 SHDSL Router
will be able to transmit at PCR, by means of the following equation:
T = (MBS x 424 bits per cell) / (PCR - SCR)

So suppose the SCR and PCR are known to be 64 kbps and 256 kbps and suppose you set the MBS to
…
• 45 cells, then T = 100 ms which means you can have bursts up to approximately 3 kbytes.
• 90 cells, then T = 200 ms which means you can have bursts up to approximately 6 kbytes.
Telindus 1423 SHDSL Router Chapter 7 133
User manual Configuring the encapsulation protocols

7.2.9 Configuring CBR

Refer to 7.2.1 - Introducing ATM on page 116 for an introduction on CBR and related traffic parameters.
To configure CBR on an ATM PVC, proceed as follows:

Step Action

1 In the pvcTable, select the atm structure.

2 In the atm structure, set the serviceCategory element to cbr.

3 In the atm structure, configure the CBR related traffic parameters.

The only parameter you have to configure in case of CBR is the
Peak Cell Rate (PCR).
134 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.2.10 ATM PVC bandwidth assignment

Bridging and routing

When selecting a certain service category for an ATM PVC, the Telindus 1423 SHDSL Router assigns
a certain amount of bandwidth to this ATM PVC. The amount of bandwidth that is assigned by the Tel-
indus 1423 SHDSL Router does not necessarily correspond with the amount of bandwidth that you con-
figured.
The way the Telindus 1423 SHDSL Router assigns bandwidth depends on factors such as available
memory, the service category, the minimum bandwidth, etc. The most important factors are:

Factor Description

service category The higher the importance of the requested service category, the closer the
importance assigned bandwidth comes to the requested bandwidth. The importance of the
service categories in descending order is as follows:
1. CBR (high)
2. VBR-rt
3. VBR-nrt
4. UBR (low)
Examples:
• Suppose you select the service category UBR and you set the PCR to 8 kbps.
In that case, it is possible that instead of 8 kbps, 16 kbps is assigned to the ATM
PVC.
• Suppose you select the service category CBR and you set the PCR to 8 kbps.
In that case, it is possible that instead of 8 kbps, 9 kbps is assigned to the ATM
PVC.

minimum The higher the requested bandwidth, the closer the assigned bandwidth comes to
requested band- the requested bandwidth.
width
Examples:
• Suppose you select the service category UBR and you set the PCR to 8 kbps.
In that case, it is possible that instead of 8 kbps, 16 kbps is assigned to the ATM
PVC. This is a deviation of 50%.
• Suppose you select the service category UBR and you set the PCR to 1024
kbps. In that case, it is possible that instead of 1024 kbps, 1032 kbps is
assigned to the ATM PVC. This is a deviation of only +- 0.8%.
Telindus 1423 SHDSL Router Chapter 7 135
User manual Configuring the encapsulation protocols

The amount of bandwidth that is assigned can be checked in the ATM status attributes.

Switching

In case of switched ATM PVCs, there is no QoS translation between source and destination. This would
imply that when a switched ATM PVC comes through, it would get as much bandwidth as necessary to
serve the incoming data stream. This would mean that if the switched ATM PVC carries a high bandwidth
data stream, that the existing bridged or routed ATM PVCs (on the same physical interface) may suffer
from this, even if their service category is CBR.
To avoid this, the priority configuration element has been added to the ATM switching table. Using this
element, you can define in which “service category” the switched ATM PVC falls.

Switched ATM PVC priority Corresponding “service category”

high CBR

medium VBR-rt

low VBR-nrt

You can define a different priority for each switched ATM PVC. However, all switched ATM PVCs that
have the same priority are treated equally.
Examples:
• Setting the priority of a switched ATM PVC to high, makes it of equal priority as a bridged or routed
ATM PVC with service category CBR. So both ATM PVCs will be treated equally as it comes to band-
width assignment.
• Setting the priority of a switched ATM PVC to high, makes it of higher priority as a bridged or routed
ATM PVC with service category VBR. So when the switched ATM PVC comes through, it will be given
priority over the bridged or routed ATM PVC.
136 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.2.11 Configuring bridged/routed Ethernet/IP over ATM (RFC 2684)

Refer to 7.2.1 - Introducing ATM on page 116 for an introduction on bridged/routed Ethernet/IP over
ATM.
To configure bridged/routed Ethernet/IP (multi-protocol) over ATM on an ATM PVC, proceed as follows:

Step Action

1 In the pvcTable, select the atm structure.

2 In the atm structure, set the higherLayerProtocol element to rfc2684.

By selecting this value you indicate that different types of protocol
data units (PDUs) may be present in the traffic on this interface.

3 Also in the atm structure, set the multiProtocolMech element to the

desired encapsulation mechanism.
By selecting one of these two values you indicate how the different
types of protocol data units (PDUs) have to be encapsulated in
ATM AAL type 5.
In case of …
• llcEncapuslation, all the different PDU types are carried over a single PVC. In this case,
the different PDU types can be distinguished from one another by the information in
the Logical Link Control (LLC) header.
• vcMultiplexing, each PDU type is carried over a separate PVC. So in this case, you have
to set up as many PVCs as there are PDU types in your traffic. What is more, the
remote application has to know which PVC carries which PDU type.

Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm on page 472 for a complete description

of the atm structure.
Telindus 1423 SHDSL Router Chapter 7 137
User manual Configuring the encapsulation protocols

7.2.12 Configuring Classical IP (IPoA)

Refer to 7.2.1 - Introducing ATM on page 116 for an introduction on IP over ATM.
Classical IP (RFC 1577) is one of the first commonly used encapsulations of IP over ATM. The encap-
sulation method is the same as described in RFC 2684 (formerly RFC 1483). The IP traffic is encapsu-
lated without Ethernet header. Inverse ARP is in use for the resolution of IP addresses to PVC channels.
To configure Classical IP on an ATM PVC, proceed as follows:

Step Action

1 In the pvcTable, set the mode element to routing.

2 In the pvcTable, select the atm structure.

3 In the atm structure, set the higherLayerProtocol element to rfc2684.

4 Also in the atm structure, set the multiProtocolMech element to the

desired encapsulation mechanism: llcEncapuslation or vcMultiplexing.

Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm on page 472 for a complete description

of the atm structure.

Note that Inverse ARP is always in use. Therefore there is no dedicated attribute to enable or disable
InARP.
138 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.2.13 Configuring PPP over ATM (PPPoA)

Refer to 7.2.1 - Introducing ATM on page 116 for an introduction on PPP over ATM.
To configure PPP over ATM on an ATM PVC, proceed as follows:

Step Action

1 In the pvcTable, select the atm structure.

2 In the atm structure, set the higherLayerProtocol element to ppp.

3 Also in the atm structure, set the multiProtocolMech element to the

desired encapsulation mechanism: llcEncapuslation or vcMultiplexing.

4 In the pvcTable, select the ppp structure.

5 In the ppp structure, configure the PPP elements (link monitoring, authentication, etc.).
Refer to …
• 7.4 - Configuring PPP encapsulation on page 155 for more information on configuring
PPP.
• 12.5.3 - PPP configuration attributes on page 487 for a detailed description of the ele-
ments in the ppp structure.
Telindus 1423 SHDSL Router Chapter 7 139
User manual Configuring the encapsulation protocols

7.2.14 Configuring PPP over Ethernet (PPPoE)

Refer to 7.2.1 - Introducing ATM on page 116 for an introduction on PPP over Ethernet.
To configure PPP over Ethernet on an ATM PVC, proceed as follows:

Step Action

1 In the pvcTable, select the atm structure.

2 In the atm structure, set the higherLayerProtocol element to pppOver-

Ethernet.

3 Also in the atm structure, set the multiProtocolMech element to llcEnca-

puslation.

4 In the pvcTable, select the ppp structure.

5 In the ppp structure, configure the PPP elements (link monitoring, authentication, etc.).
Refer to …
• 7.4 - Configuring PPP encapsulation on page 155 for more information on configuring
PPP.
• 12.5.3 - PPP configuration attributes on page 487 for a detailed description of the ele-
ments in the ppp structure.
140 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.3 Configuring Frame Relay encapsulation

This section introduces the Frame Relay encapsulation protocol and gives a short description of the
attributes you can use to configure this encapsulation protocol.
The following gives an overview of this section:
• 7.3.1 - Introducing Frame Relay on page 141
• 7.3.2 - Configuring Frame Relay DLCIs on page 145
• 7.3.3 - Automatically obtaining IP addresses in Frame Relay on page 147
• 7.3.4 - Configuring IP addresses in Frame Relay on page 148
• 7.3.5 - Configuring LMI on page 151
• 7.3.6 - Configuring CIR and EIR on page 152
• 7.3.7 - Enabling Frame Relay fragmentation on page 154
Telindus 1423 SHDSL Router Chapter 7 141
User manual Configuring the encapsulation protocols

7.3.1 Introducing Frame Relay

What is Frame Relay?

Frame Relay is a networking protocol that works at the bottom two levels of the OSI reference model:
the physical and data link layers. It is an example of packet-switching technology, which enables end
stations to dynamically share network resources.
Frame Relay devices fall into the following two general categories:
• Data Terminal Equipment (DTEs), which include terminals, personal computers, routers, and
bridges.
• Data Circuit Equipment (DCEs), which transmit the data through the network and are often carrier-
owned devices.

What is a DLCI?

Frame Relay networks transfer data using one of the following connection types:
• Switched Virtual Circuits (SVCs), which are temporary connections that are created for each data
transfer and then are terminated when the data transfer is complete (not a widely used connection).
• Permanent Virtual Circuits (PVCs), which are permanent connections.

The Telindus 1423 SHDSL Router makes use of Permanent Virtual Circuits. The Data Link Connection
Identifier (DLCI) is a value assigned to each virtual circuit and DTE device connection point in the Frame
Relay WAN. Two different connections can be assigned the same value within the same Frame Relay
WAN, one on each side of the virtual connection.

What is LMI?

A set of Frame Relay enhancements exists, called the Local Management Interface (LMI). The LMI
enhancements offer a number of features (referred to as extensions) for managing complex networks,
including:
• global addressing,
• virtual circuit status messages,
• multicasting.
LMI provides a status mechanism which gives an on-going status report on the DLCIs. These status
reports are exchanged between the Frame Relay access device (or Frame Relay DTE or user) and
Frame Relay node (or Frame Relay DCE or network).
142 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

At regular intervals (typically every 1 minute), the Frame Relay user (e.g. a router) sends Full Status
Enquiry messages to the Frame Relay network (e.g. a Frame Relay switch). On its turn, the Frame Relay
network sends a Full Status Response to the Frame Relay user. In this response the Frame Relay net-
work reports which DLCIs are configured at its side and which of these DLCIs are up or down. Until the
first Full Status Enquiry exchange has occurred, the Frame Relay user does not know which DLCIs are
active and so no data transfer can take place.
At smaller intervals (typically every 10 seconds), the Frame Relay user sends Status Enquiry messages
to the Frame Relay network. On its turn, the Frame Relay network sends a Status Response to the
Frame Relay user. In this response the Frame Relay network only reports which DLCIs are up or down.
There are various LMI versions: LMI rev.1, ANSI T1.617 Annex D, Q.933 Annex A, etc. To ensure inter-
operability when your network consists of equipment from different vendors, the same version of LMI
protocol must be at each end of the Frame Relay link.

What is CIR and BC?

• CIR = BC / TC
• The Committed Information Rate (CIR) is the specified amount of guaranteed bandwidth (measured
in bits per second) on a Frame Relay service. Typically, when purchasing a Frame Relay service the
customer can specify the CIR level he wishes. The Frame Relay network provider guarantees that
traffic not exceeding this level will be delivered.
• The Committed Burst (BC) is the maximum amount of data (in bits) that the network agrees to trans-
fer, under normal conditions, during a time interval TC.

What is EIR and BE?

• EIR = BE / TC
• The Excess Information Rate (EIR) is the specified amount of unguaranteed bandwidth (measured
in bits per second) on a Frame Relay service. It is the traffic in excess of the CIR. This traffic may also
be delivered, but this is not guaranteed.
• The Excess Burst (BE) is the maximum amount of uncommitted data (in bits) in excess of BC that a
Frame Relay network can attempt to deliver during a time interval TC. Generally, BE data is delivered
with a lower probability than BC, and the network treats it as discard eligible.

What is TC?

The measurement interval (TC) is the time over which rates and burst sizes are measured. In general,
the duration of TC is proportional to the burstiness of traffic.
The following figure shows the relationship between BC, BE and TC:
Telindus 1423 SHDSL Router Chapter 7 143
User manual Configuring the encapsulation protocols

What is DE?

When the CIR is exceeded, all subsequent frames get marked Discard Eligible by setting the Discard
Eligible (DE) bit in the Frame Relay header. This is performed at the local Frame Relay switch. If con-
gestion occurs at a node in the Frame Relay network, packets marked DE are the first to be dropped.
Upon detecting congestion, a Frame Relay switch will send a Backward Explicit Congestion Notifier
(BECN) message back to the source. If the source (e.g. the router) has sufficient intelligence to process
this message, it may throttle back to the CIR.

What is BECN?

Backward Explicit Congestion Notification (BECN) is a bit set by a Frame Relay network in frames trav-
elling in the opposite direction of frames encountering a congested path. DTEs receiving frames with the
BECN bit set can request that higher-level protocols take flow control action as appropriate.

What is FECN?

Forward Explicit Congestion Notification (FECN) is a bit set by a Frame Relay network to inform DTEs
receiving the frame that congestion was experienced in the path from source to destination. DTEs receiv-
ing frames with the FECN bit set can request that higher-level protocols take flow-control action as
appropriate.

What is interface Frame Relay fragmentation?

Interface fragmentation is used in order to allow real-time and data frames to share the same (physical)
interface. The fragmentation is strictly local to the interface and provides the proper delay and delay var-
iation based upon the logical speed of the interface (the logical speed of an interface may be slower than
the physical clocking rate if a channelised physical interface is used). Since fragmentation is local to the
interface, the network can take advantage of the higher internal trunk speeds by transporting the com-
plete frames, which is more efficient than transporting a larger number of smaller fragments.
Interface fragmentation is also useful when there is a speed mismatch between the two DTEs at the ends
of a VC. It also allows the network to proxy for a DTE that does not implement end-to-end fragmentation.
Refer to What is end-to-end Frame Relay fragmentation? on page 144.
Interface fragmentation is not transparent to the Frame Relay network. I.e. the Frame Relay switches in
the network have to “understand” Frame Relay fragmentation.

Interface fragmentation is provisioned on an interface-by-interface basis. When Interface fragmentation

is used on an interface, then all frames on all DLCIs (including DLCI 0) are preceded by the fragmenta-
tion header.

Refer to FRF.12 for more information on Frame Relay fragmentation.

144 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

What is end-to-end Frame Relay fragmentation?

End-to-end Frame Relay fragmentation is used on DLCIs only. It is most useful when peer Frame Relay
DTEs wish to exchange both real-time and non-real-time traffic using slower interface(s), but either one
or both (physical) interfaces does not support interface Frame Relay fragmentation. Refer to What is
interface Frame Relay fragmentation? on page 143.
End-to-end Frame Relay fragmentation is transparent to the Frame Relay network. I.e. the Frame Relay
switches in the network do not have to “know” about the fragmentation.

Because DLCI 0 is never carried end-to-end, it is never fragmented using end-to-end Frame Relay frag-
mentation.

Refer to FRF.12 for more information on Frame Relay fragmentation.

What is MLFR?

Multilink Frame Relay (MLFR) provides physical interface emulation for Frame Relay devices. The emu-
lated physical interface consists of one or more physical links, called "bundle links", aggregated together
into a single "bundle" of bandwidth. This service provides a frame-based inverse multiplexing function,
sometimes referred to as an "IMUX".
The bundle provides the same order-preserving service as a physical layer for frames sent on a data link
connection. In addition, the bundle provides support for all Frame Relay services based on UNI and NNI
standards.
Refer to FRF.16 for more information on multilink Frame Relay.

What is LIP?

The Link Integrity Protocol (LIP) features a set of control messages to insure the integrity of a Frame
Relay bundle. These messages are:

LIP message Description

Add Link The Add Link message notifies the peer endpoint that the local endpoint supports
frame processing. The message includes information required to verify bundle
membership and detect loopbacks. Both ends of a bundle link generate this mes-
sage when a bundle link endpoint is ready to become operational.

Add Link The Add Link Acknowledge message notifies the peer endpoint that the local end-
Acknowledge point has received a valid Add Link message.

Add Link Reject The Add Link Reject message notifies the peer endpoint that the local endpoint
has received an invalid Add Link message.

Hello The Hello message notifies the peer endpoint that the local endpoint remains in
the state up. Both ends of a bundle link generate this message on a periodic basis.

Hello Acknowl- The Hello Acknowledge message notifies the peer that the local endpoint has
edge received a valid Hello message.

Remove Link The Remove Link message notifies the peer that the local end layer management
function is removing the bundle link from bundle operation.

Remove Link The Remove Link Acknowledge message notifies the peer that the local end has
Acknowledge received a Remove Link message.
Telindus 1423 SHDSL Router Chapter 7 145
User manual Configuring the encapsulation protocols

7.3.2 Configuring Frame Relay DLCIs

Refer to 7.3.1 - Introducing Frame Relay on page 141 for an introduction.

If the Frame Relay network supports LMI, then the Telindus 1423 SHDSL Router can learn its active and
inactive DLCIs. If the Frame Relay network also supports the InARP (Inverse Address Resolution Pro-
tocol) protocol, the Telindus 1423 SHDSL Router can learn the IP address of the corresponding router
for each DLCI.
If neither LMI nor InARP is supported by the Frame Relay network you can configure the DLCIs yourself
using the dlciTable.
To configure a Frame Relay DLCI, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the frameRelay object, select
the dlciTable attribute and add one or more entries to this table.

Use this attribute to set up Frame Relay DLCIs. Add a row to the dlciTable for each Frame
Relay DLCI you want to create.

2 Configure the elements of the Frame Relay DLCI you just created. These elements are:
• name. Use this element to assign an administrative name to the Frame Relay DLCI.
• adminStatus. Use this element to activate (up) or deactivate (down) the Frame Relay
DLCI.
• mode. Use this element to determine whether, for the corresponding Frame Relay
DLCI, the packets are treated by the routing process, the bridging process or both.
• priorityPolicy. Use this element to apply a priority policy on the Frame Relay DLCI. Refer
to 8.8.7 - Applying a priority policy on an interface on page 249 for more information.
• ip. Use this element to configure the IP related parameters of the Frame Relay DLCI.
Refer to 5.2.3 - Explaining the ip structure on page 63 for more information.
• bridging. Use this element to configure the bridging related parameters of the Frame
Relay DLCI in case the DLCI is in bridging mode (i.e. in case the mode element is set
to bridging). Refer to 9.2.6 - Explaining the bridging structure on page 281 for more infor-
mation.
• frameRelay. Use this element to configure the Frame Relay specific parameters of the
Frame Relay DLCI. Refer to telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciT-
able/frameRelay on page 481 for more information.

Refer to telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable on page 480 for a

detailed description of the dlciTable.
146 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

Example - configuring Frame Relay DLCIs

The following figure gives an example of a local Ethernet segment connected to three different networks
through three different DLCIs:

The following screenshot shows (part of) the dlciTable of the set-up depicted in the figure above:
Telindus 1423 SHDSL Router Chapter 7 147
User manual Configuring the encapsulation protocols

7.3.3 Automatically obtaining IP addresses in Frame Relay

Obtaining a local IP address

In case of Frame Relay, the Telindus 1423 SHDSL Router can perform an auto-install (refer to 17.3.3 -
Auto-install in case of Frame-Relay on page 950). This includes obtaining a local IP address of the
Frame Relay DLCI. However, even if no auto-install is performed the Telindus 1423 SHDSL Router runs
the following sequence to obtain a local IP address of the Frame Relay DLCI:

Obtaining a remote IP address

If the Frame Relay network supports the InARP (Inverse Address Resolution Protocol) protocol, then the
Telindus 1423 SHDSL Router can learn the remote IP address of an Frame Relay DLCI.
148 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.3.4 Configuring IP addresses in Frame Relay

When you use Frame Relay encapsulation on the WAN interface, you can configure the IP related
parameters on two levels:

Using the ip structure in the … Use this structure to configure the IP related parameters of …

frameRelay object. all the DLCIs for which …

• in the dlciTable no IP address is defined for that specific DLCI,
• and the mode element is set to routing or routingAndBridgning.

In other words, use this attribute to globally configure the IP param-

eters of the DLCIs. Refer to Example - DLCI global IP.

dlciTable attribute. one specific DLCI. Refer to Example - DLCI specific IP.

Refer to 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip structure.
Telindus 1423 SHDSL Router Chapter 7 149
User manual Configuring the encapsulation protocols

Example - DLCI global IP

Suppose you have the following set-up:

If you consider Router A, then for this router …

• two DLCIs are configured in the frameRelay/dlciT-
able, being DLCI 16 and DLCI 17,
• no IP addresses are specifically configured for
these DLCIs,
• in the frameRelay/ip attribute a global IP address
is configured for the DLCIs, being 10.0.0.3.

The characteristics of a set-up with a global IP address for the DLCIs are:
• Broadcasts are copied and sent over all DLCIs (that use the global IP address). E.g. pinging
10.0.0.255 results in a reply from 10.0.0.1, 10.0.0.2 and 10.0.0.3.
• Pinging 10.0.0.3 results in a reply when LMI is up.
• Routes learned over one DLCI are not passed to other DLCIs. E.g. a route learned over DLCI 16 is
not passed to DLCI 17. This means that split horizon is applicable.
• RIP only functions if the network is fully meshed. I.e. if every router is directly connected to its neigh-
bour with a DLCI (as in the example above).
150 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

Example - DLCI specific IP

Suppose you have the following set-up:

If you consider Router A, then for this router …

• two DLCIs are configured in the frameRelay/dlciTable, being DLCI 16 and DLCI 17,
• an IP address is specifically configured per DLCI in the frameRelay/dlciTable/ip attribute,
• no global IP address is configured for the DLCIs.

The characteristics of a set-up with a specific IP address for each DLCI are:
• Each DLCI is an IP interface.
• Pinging 10.1.0.1 results in a reply when the DLCI is up.
• Routes learned over one DLCI are passed to other DLCIs. E.g. a route learned over DLCI 16 is
passed to DLCI 17. This means that split horizon is not applicable.
Telindus 1423 SHDSL Router Chapter 7 151
User manual Configuring the encapsulation protocols

7.3.5 Configuring LMI

Refer to 7.3.1 - Introducing Frame Relay on page 141 for an introduction on LMI.
To configure LMI, proceed as follows:

Step Action

1 In the frameRelay object, select the lmi

structure.

2 The most important elements in the lmi structure are:

• mode. Use this element to set the Frame Relay mode (user, network, auto or nni).
• type. Use this element to set the LMI variant. There are several standards for the LMI
protocol with small variations between them. Therefore you should configure the Tel-
indus 1423 SHDSL Router according to the standard that is used by your service pro-
vider.

Refer to telindus1423Router/wanInterface/channel[wan_1]/frameRelay/lmi on page 483 for a complete

description of the lmi structure.
152 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.3.6 Configuring CIR and EIR

Refer to 7.3.1 - Introducing Frame Relay on page 141 for an introduction on CIR and EIR.
As said before, CIR is the data rate which the user expects to pass into the Frame Relay network with
few problems. Note that the CIR is unrelated to the actual bit rate of the physical connection. A user could
have a physical connection operating at 2 Mbps, but a CIR across this physical connection of only 64
kbps. This would mean that the user’s average data rate would be 64 kbps, but data bursts up to 2 Mbps
would be possible (EIR).
To configure the CIR and EIR of a Frame Relay DLCI, proceed as follows:

Step Action

1 In the dlciTable, select the frameRelay

structure.

2 In the frameRelay structure, configure the following ele-

ments:
• cir. Use this element to set the Committed Informa-
tion Rate for the DLCI.
The cir is expressed in bps. Enter a multiple of 64000
bps as cir value (e.g. 2048000). The maximum value is the physical connection towards
the Frame Relay network. If the cir value is set to 0 (default), it means the complete
bandwidth may be used (no flow control).
• eir. Use this element to set the Excess Information Rate for the DLCI.
The eir is expressed in bps. Enter a multiple of 64000 bps as eir value (e.g. 2048000).
The maximum value is the physical connection towards the Frame Relay network. If
the eir value is set to 0 (default), it means no excess burst is allowed.
The bursts of data that are allowed are the CIR value + EIR value. I.e. If you want a
CIR of 1 Mbps and you want to allow bursts up to 1.5 Mbps, then set the CIR to
1024000 bps and the EIR to 512000 bps.

Important remarks

• Be careful not to over-dimension the CIR. I.e. do not let the sum of the CIRs of the DLCIs exceed the
bandwidth of the physical connection.
• When you do exceed the total bandwidth of the physical connection, then the Telindus 1423 SHDSL
Router first buffers the data. However, when the buffers of the Telindus 1423 SHDSL Router are com-
pletely filled up, it has to discard the “excess” data.
• To obtain an optimal QoS for links that contain both voice and data DLCIs, it is advisable to use CIR
for the voice DLCIs and EIR for the data DLCIs. This decreases the amount of data packets that are
queued in a single burst, thereby reducing the transmission delay for voice packets.
Telindus 1423 SHDSL Router Chapter 7 153
User manual Configuring the encapsulation protocols

Examples

Suppose you have a 2

Mbps physical connection
towards the Frame Relay
service provider and you
define 2 DLCIs:
• Suppose you assign to both DLCIs a CIR of 1 Mbps and an EIR of 0.
⇒In that case you have per DLCI a guaranteed bandwidth of 1 Mbps and no bursts are allowed.
• Suppose you assign to both DLCIs a CIR of 512 kbps and an EIR of 512 kbps.
⇒In that case you have per DLCI a guaranteed bandwidth of 512 kbps and you allow bursts up to 1
Mbps. This means that if on both DLCIs a burst up to 1 Mbps occurs at the same time, the speed
of the physical connection (2 Mbps) is still not exceeded (so no data is discarded). If however
somewhere else on the network a congestion occurs, it is possible that some of the “excess” data
is discarded (refer to What is DE? on page 143).
• Suppose you assign to both DLCIs a CIR of 1 Mbps and an EIR of 1 Mbps.
⇒In that case you have per DLCI a guaranteed bandwidth of 1 Mbps and you allow bursts up to 2
Mbps. Obviously, this means that if on both DLCIs a burst up to 2 Mbps occurs at the same time,
the speed of the physical connection (2 Mbps) is exceeded and some data is discarded. In that
case the principle of first come, first served is applied. I.e. the DLCI on which the burst occurred
first its data is passed on to the Frame Relay network. If however somewhere else on the network
a congestion occurs, it is still possible that some of the “excess” data is discarded.
• Suppose you assign to both DLCIs a CIR of 2 Mbps and an EIR of 0.
⇒In that case you over-dimensioned your CIR. You can not guarantee 2 Mbps of bandwidth for both
DLCIs, due to the bandwidth limit of 2 Mbps on the physical connection. Also in this case the prin-
ciple of first come, first served is applied. I.e. the DLCI which sends data first gets its data onto the
Frame Relay network.
154 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.3.7 Enabling Frame Relay fragmentation

Refer to 7.3.1 - Introducing Frame Relay on page 141 for an introduction on Frame Relay fragmentation.
There are different cases of fragmentation. How to enable fragmentation in each of these cases is shown
in the following table:

Case How to enable fragmentation?

1 Interface fragmentation on one interface

To enable Frame Relay fragmen-

tation on interface level and this
for one particular interface, pro-
ceed as follows:
1. Select the frameRelay object.
2. Select the fragmentation struc-
ture.
3. Set the interfaceFormat element to enabled.

2 End-to-end fragmentation on one interface

To enable Frame Relay frag-

mentation on end-to-end level
and this for one particular DLCI
on one particular interface, pro-
ceed as follows:
1. Select the frameRelay object.
2. Select the dlciTable.
3. Select the frameRelay struc-
ture.
4. Select the fragmentation struc-
ture.
5. Set the endToEndFormat element to enabled.
Telindus 1423 SHDSL Router Chapter 7 155
User manual Configuring the encapsulation protocols

7.4 Configuring PPP encapsulation

This section introduces the PPP encapsulation protocol and gives a short description of the attributes
you can use to configure this encapsulation protocol.
The following gives an overview of this section:
• 7.4.1 - Introducing PPP on page 156
• 7.4.2 - Automatically obtaining IP addresses in PPP on page 160
• 7.4.3 - Configuring IP addresses in PPP on page 162
• 7.4.4 - Imposing IP addresses on the remote in PPP on page 164
• 7.4.5 - Configuring link monitoring on page 165
• 7.4.6 - Configuring PAP on page 166
• 7.4.7 - How does PAP work? on page 167
• 7.4.8 - Configuring CHAP on page 169
• 7.4.9 - How does CHAP work? on page 170
• 7.4.10 - Use which name and secret attributes for PPP authentication? on page 172
• 7.4.11 - Setting up multilink PPP on page 173
• 7.4.12 - Enabling PPP fragmentation on page 176
• 7.4.13 - Setting up multiclass PPP on page 177
• 7.4.14 - Setting up MLPPP on a BRI interface in dial-up mode on page 180
156 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.4.1 Introducing PPP

What is PPP?

The Point-to-Point Protocol (PPP) originally emerged as an encapsulation protocol for transporting IP
traffic over point-to-point links. PPP also established a standard for assigning and managing IP
addresses, asynchronous and bit-oriented synchronous encapsulation, network protocol multiplexing,
link configuration, link quality testing, error detection, and option negotiation for added networking capa-
bilities.
Also refer to What is PPPoA (RFC 2364)? on page 123.

What is LCP, IPCP, BCP and CCP?

PPP provides a method for transmitting datagrams over serial point-to-point links, which include the fol-
lowing components:
• A method for encapsulating datagrams over serial links.
• An extensible Link Control Protocol (LCP) which provides a method of establishing, configuring,
maintaining, and terminating the point-to-point connection.
• A family of Network Control Protocols (NCPs) for establishing and configuring different network layer
protocols such as the IP Control Protocol (IPCP) and the Bridge Control Protocol (BCP).
• A Compression Control Protocol (CCP) for configuring, enabling and disabling data compression
algorithms on both ends of the point-to-point link.

The PPP handshake

PPP makes a handshake in two phases:

Phase Description

1 The Link Control Protocol (LCP) builds the link layer.

2 The Network Control Protocol (NCP, i.e. IPCP or BCP) builds the network layer.

What is PPP link monitoring?

PPP features link monitoring in order to whether the PPP link is truly up or down. If link monitoring is
enabled, then echo request packets are sent over the link at regular intervals. If on consecutive requests
no reply is given, then the PPP link is declared down. Data traffic is stopped until the PPP handshake
succeeds again.
Telindus 1423 SHDSL Router Chapter 7 157
User manual Configuring the encapsulation protocols

What is PAP?

The Password Authentication Protocol (PAP) is the most basic form of authentication (complies with RF
1334). It basically works the same way as a normal login procedure. The peer (the authenticating sys-
tem) authenticates itself by sending a username and password to the authenticator. The authenticator
compares this username and password to its secrets database. If the password matches, the peer is
authenticated and the session can be set up. PAP authentication can be performed in one direction or
in both directions.
The disadvantage of PAP is that it is vulnerable to eavesdroppers who may try to obtain the password
by listening in on the serial line, and to repeated trial and error attacks.

What is CHAP?

The Challenge Handshake Authentication Protocol (CHAP) is more secure than PAP.
With CHAP, the server (the authenticator) sends a randomly generated “challenge” string to the client
(the authenticating system). The client hashes the challenge string, its username and password using
the MD5 algorithm. This result is returned to the server. The server now performs the same computation
and compares this username and password to its secrets database. If the passwords match, the client
is authenticated and the session can be set up. CHAP authentication can be performed in one direction
or in both directions.
Another feature of CHAP is that it does not only requires the client to authenticate itself at start-up time,
but to do so at regular intervals. This to make sure the client has not been replaced by an intruder (for
instance by just switching lines).

What is MS-CHAP?

The Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is the Microsoft version of
CHAP and is an extension to RFC 1994. Like the standard version of CHAP, MS-CHAP is used for PPP
authentication. In this case, authentication occurs between a PC using Microsoft Windows and a router
or access server acting as a network access server (NAS).
The differences between the standard CHAP and MS-CHAP are:
• MS-CHAP is enabled by negotiating CHAP Algorithm 0x80 in LCP option 3, Authentication Protocol.
• The MS-CHAP Response packet is in a format designed to be compatible with Microsoft Windows.
This format does not require the authenticator to store a clear or reversibly encrypted password.
• MS-CHAP provides an authenticator-controlled authentication retry mechanism.
• MS-CHAP provides an authenticator-controlled change password mechanism.
• MS-CHAP defines a set a "reason for failure" codes returned in the Failure packet message field.
158 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

What is MS-CHAP v2?

MS-CHAP version 2 provides stronger security for remote access connections and also solves some
issues of MS-CHAP version 1:

MS-CHAP version 1 issue MS-CHAP version 2 solution

LAN Manager encoding of the response used for MS-CHAP v2 no longer allows LAN Manager
backward compatibility with older Microsoft encoded responses.
remote access clients is cryptographically weak.

LAN Manager encoding of password changes is MS-CHAP v2 no longer allows LAN Manager
cryptographically weak. encoded password changes.

Only one-way authentication is possible. The MS-CHAP v2 provides two-way authentication,

remote access client cannot verify that it is dialling also known as mutual authentication. The remote
in to its organisation's remote access server or a access client receives verification that the remote
masquerading remote access server. access server that it is dialling in to has access to
the user's password.

With 40-bit encryption, the cryptographic key is
based on the user's password. Each time the user
connects with the same password, the same cryp-
tographic key is generated.
With MS-CHAP v2, the cryptographic key is
always based on the user's password and an arbi-
trary challenge string. Each time the user con-
nects with the same password, a different
cryptographic key is used.

A single cryptographic key is used for data sent in With MS-CHAP v2, separate cryptographic keys
both directions on the connection. are generated for transmitted and received data.

What is MLPPP?

Multilink PPP (MLPPP) is a method of splitting, recombining, and sequencing datagrams across multiple
logical data links.
For all its strengths, PPP has one inherent limitation when it comes to network deployment: it is designed
to handle only one physical link at a time. MLPPP does away with this restriction. MLPPP is a higher-
level data link protocol that sits between PPP and the network protocol layer. It accommodates one or
more PPP links, with each PPP link representing either a separate physical WAN connection or a chan-
nel in a multi-channel switched service. MLPPP its ability to combine multiple lower-speed links into a
single, higher-speed data path is often referred to as WAN-independent or packet-based inverse multi-
plexing.
MLPPP negotiates configuration options the same way as conventional PPP. However, during the nego-
tiation process, one router or access device indicates to the other communicating device that it is willing
to combine multiple connections and treat them as a single physical pipe. It does this by sending along
a multilink option message as part of its initial LCP option negotiation.
Once a multilink session is successfully opened, MLPPP at the sending side receives network protocol
data units (PDUs) from higher-layer protocols or applications. It then fragments those PDUs into smaller
packets, adds an MLPPP header to each fragment and sends them over the available PPP links. On the
receiving end, the MLPPP software takes the fragmented packets from the different links, puts them in
their correct order based on their MLPPP headers and reconverts them to their original network-layer
PDUs.
Telindus 1423 SHDSL Router Chapter 7 159
User manual Configuring the encapsulation protocols

What is PPP fragmentation?

In case of MLPPP you can enable packet fragmentation. When packet fragmentation is not enabled,
packets are sent whole across the channels. When packet fragmentation is enabled, larger packets are
divided into smaller fragments and distributed over all the channels in use. Sending the packets in this
way reduces transit times. The receiver collects the fragments, reassembles them, and delivers them in
the original intended order.

What is multiclass PPP?

Multiclass PPP recovers some unused bits in the PPP multilink header to allow separate streams within
a single PPP session. This allows for Frame Relay like features within this PPP session. It also facilitates
QoS over a single PPP link. However, the number of sessions possible is small compared to Frame
Relay.

What is BAP?

The Bandwidth Allocation Protocol (BAP) can be used to manage the number of links in a multi-link bun-
dle. BAP defines datagrams to coordinate adding and removing individual links in a multi-link bundle, as
well as specifying which peer is responsible for various decisions regarding managing bandwidth during
a multi-link connection. The Bandwidth Allocation Control Protocol (BACP) is the associated control pro-
tocol for BAP. BACP defines control parameters for the BAP protocol to use.
160 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.4.2 Automatically obtaining IP addresses in PPP

Obtaining a local IP address

In case of PPP, the Telindus 1423 SHDSL Router can learn the local IP address of a PPP link.
Telindus 1423 SHDSL Router Chapter 7 161
User manual Configuring the encapsulation protocols

Obtaining a remote IP address

In case of PPP, the Telindus 1423 SHDSL Router can learn the remote IP address of a PPP link.
162 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.4.3 Configuring IP addresses in PPP

To configure IP addresses on a PPP(oA) link, proceed as follows:

Step Action

1 In case you set up a …

• PPP link on the WAN interface, then you have to configure the IP related parameters
using the ip structure in the wanInterface/channel[wan_1]/ppp object.
• PPPoA link on the WAN interface, then you actually configure the IP addresses on
ATM PVC level. So in that case, you have to configure the IP related parameters the
ip structure of the pvcTable.
• PPP link on a dial-up ISDN interface, then you have to configure the IP related param-
eters using the ip structure in the forwardingMode/(default)routing object.
• PPP link on a leased line ISDN interface, then you have to configure the IP related
parameters using the ip structure in the leasedLine[ ]/ppp object.

PPP link on WAN

In the ppp object, select the ip structure.

PPPoA link on WAN

In the atm object, select the pvcTable and then select

the ip structure.

PPP link on dial-up ISDN

In the profiles/forwardingMode/
(default)routing object, select the
ip structure.

PPP link on leased line ISDN

In the leasedLine[ ]/ppp object, select the ip

structure.
Telindus 1423 SHDSL Router Chapter 7 163
User manual Configuring the encapsulation protocols

Step Action

2 In the ip structure, configure the following elements:

• address. Use this element to assign an IP address to the local end of the PPP(oA) link.
• netMask. Use this element to assign an IP subnet mask to the local end of the PPP(oA)
link.
• remote. Use this element to assign an IP address to the remote end of the PPP(oA)
link.
• unnumbered. In case you do not explicitly configure a local IP address for an PPP(oA)
link, then you can use this element to "borrow" the IP address of another interface for
which an IP address is already configured.
• acceptLocAddr. Use this element to determine whether to accept or reject the local IP
address being imposed by the remote side.
• acceptRemAddr. Use this element to determine whether to accept or reject the remote
IP address being imposed by the remote side.

Refer to 5.2.3 - Explaining the ip structure on page 63 for a complete description of the ip
structure.
164 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.4.4 Imposing IP addresses on the remote in PPP

As can be seen in 7.4.2 - Automatically obtaining IP addresses in PPP on page 160, in case of PPP the
Telindus 1423 SHDSL Router can learn IP addresses from the remote side. What is more, in case of
PPP the Telindus 1423 SHDSL Router itself can impose IP addresses on the remote.
To impose IP addresses on the remote, proceed as follows:

Step Action

1 On the Telindus 1423 SHDSL Router, configure a local and remote IP address on the
PPP link.
Refer to 7.4.3 - Configuring IP addresses in PPP on page 162.

2 On the remote device (e.g. a Telindus 1031 Router), configure nor a local nor a remote
address on the PPP link.
⇒Once the PPP handshake reaches the IPCP stage, the Telindus 1031 Router will
declare to the Telindus 1423 SHDSL Router that it has no IP addresses on its PPP
link. The Telindus 1423 SHDSL Router on its turn will impose the local and remote
IP address of the PPP link on the Telindus 1031 Router.
⇒What is more, the Telindus 1031 Router adds a route towards the Telindus 1423
SHDSL Router. Also see the explanation of the element gatewayPreference on
page 66.

Note that the IP configuration attributes acceptLocAddr and acceptRemAddr on the Tel-
indus 1031 Router have to be set to enabled. Else the Telindus 1031 Router will
not accept the IP addresses imposed by the Telindus 1423 SHDSL Router.

Example - imposing IP addresses on the remote in PPP

Telindus 1423 SHDSL Router Chapter 7 165
User manual Configuring the encapsulation protocols

7.4.5 Configuring link monitoring

Refer to 7.4.1 - Introducing PPP on page 156 for an introduction on link monitoring.
To configure link monitoring on a PPP(oA) link, proceed as follows:

Step Action

1 PPP link on WAN

In the ppp object, select the linkMonitoring structure.

PPPoA link on WAN

In the atm object, select the pvcTable and then

select the linkMonitoring structure.

PPP link on dial-up ISDN

In the profiles/encapsula-
tion/(default)ppp object,
select the linkMonitoring
structure.

PPP link on leased

line ISDN

In the leasedLine[ ]/ppp object, select the

linkMonitoring structure.

2 The linkMonitoring structure contains the following elements:

• operation. Use this element to enable or disable link monitoring.
• interval. Use this element to set the time interval between two consecutive echo
requests.
• replyTimeOut. Use this element to set the time the Telindus 1423 SHDSL Router waits
for a reply on the echo request.
• failsPermitted. Use this element to set the number of echo requests that may fail before
the Telindus 1423 SHDSL Router declares the PPP link down.

Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/linkMonitoring on page 490 for a com-

plete description of the linkMonitoring structure.
166 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.4.6 Configuring PAP

Refer to 7.4.1 - Introducing PPP on page 156 for an introduction on PAP.

To configure PAP on a PPP(oA) link, proceed as follows:

Step Action

1 On the authenticating router, configure the PPP attributes authentication and authenPeriod.
• authentication. Use this attribute to set the PPP authentication to PAP.
• authenPeriod. Use this attribute to determine the interval at which the PPP link is
authenticated once it has been set up.

Refer to 12.5.3 - PPP configuration attributes on page 487 for a detailed description of
the ppp attributes.

2 On the peer router, configure the following attributes:

• sysName. Use this attribute to set the name of the peer. This is used in the authentica-
tion process. Alternatively, you can use the sessionName attribute. Refer to 7.4.10 - Use
which name and secret attributes for PPP authentication? on page 172 for more infor-
mation on what to use.
• sysSecret. Use this attribute to set the secret of the peer. This is used in the authenti-
cation process. Alternatively, you can use the sessionSecret attribute. Refer to 7.4.10 -
Use which name and secret attributes for PPP authentication? on page 172 for more
information on what to use.

3 Again on the authenticating router, go to the router object and configure the pppSecretTable.
In this table, enter the name and secret you configured on the peer in step 2. These are
used in the authentication process.

How exactly all these configuration attributes are used in the authentication process is explained in the
7.4.7 - How does PAP work? on page 167.
Telindus 1423 SHDSL Router Chapter 7 167
User manual Configuring the encapsulation protocols

7.4.7 How does PAP work?

Refer to 7.4.1 - Introducing PPP on page 156 for an introduction on PAP.

PAP authentication in one direction

The router authenticates after building its LCP layer and prior to building the IPCP layer. If the authenti-
cation succeeds, then the PPP link is built further until data can be sent. Else PPP starts its handshake
again.
Consider the following example: router A (the Telindus 1423 SHDSL Router) is the authenticator and
router B is the peer. Router A is configured for PAP authentication and router B is not. The authentication
process goes as follows:

Phase Description

1 Router B wants to establish a PPP link with router A (the Telindus 1423 SHDSL Router).

2 Router A asks router B to authenticate himself.

3 Router B sends its name1 and its secret2 to router A.

4 Router A looks up the name of router B in its pppSecretTable to find a corresponding secret.
If the secret found in the pppSecretTable matches the secret received from router B, then
the authentication succeeded and a PPP link is established. Else the authentication failed
and no PPP link is established.

1. Depending on how router B is configured, this can be its sysName or sessionName.

2. Depending on how router B is configured, this can be its sysSecret or sessionSecret.

The following figure shows the PAP authentication process:

168 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

PAP authentication in both directions

If PAP authentication is enabled on both routers, then they both request and respond to the authentica-
tion. If the remote router is a router from another vendor, then read the documentation in order to find
out how to configure the PAP name and secret values.
Telindus 1423 SHDSL Router Chapter 7 169
User manual Configuring the encapsulation protocols

7.4.8 Configuring CHAP

Refer to 7.4.1 - Introducing PPP on page 156 for an introduction on CHAP.

To configure CHAP on a PPP(oA) link, proceed as follows:

Step Action

1 On the authenticating router, configure the PPP attributes authentication and authenPeriod.
• authentication. Use this element to set the PPP authentication to CHAP (or MS-CHAP
or MS-CHAP v2).
• authenPeriod. Use this attribute to determine the interval at which the PPP link is
authenticated once it has been set up.

Refer to 12.5.3 - PPP configuration attributes on page 487 for a detailed description of
the ppp attributes.

2 On the peer router, configure the following attributes:

• sysName. Use this attribute to set the name of the peer. This is used in the authentica-
tion process. Alternatively, you can use the sessionName attribute. Refer to 7.4.10 - Use
which name and secret attributes for PPP authentication? on page 172 for more infor-
mation on what to use.
• sysSecret. Use this attribute to set the secret of the peer. This is used in the authenti-
cation process. Alternatively, you can use the sessionSecret attribute. Refer to 7.4.10 -
Use which name and secret attributes for PPP authentication? on page 172 for more
information on what to use.

3 Again on the authenticating router, go to the router object and configure the pppSecretTable.
In this table, enter the name and secret you configured on the peer in step 2. These are
used in the authentication process.

How exactly all these configuration attributes are used in the authentication process is explained in the
7.4.9 - How does CHAP work? on page 170.
170 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.4.9 How does CHAP work?

Refer to 7.4.1 - Introducing PPP on page 156 for an introduction on CHAP.

CHAP authentication in one direction

The router authenticates after building its LCP layer and prior to building the IPCP layer. If the authenti-
cation succeeds, then the PPP link is built further until data can be sent. Else PPP starts its handshake
again.
Consider the following example: router A (the Telindus 1423 SHDSL Router) is the authenticator and
router B is the peer. Router A is configured for CHAP authentication and router B is not. The authenti-
cation process goes as follows:

Phase Description

1 Router B wants to establish a PPP link with router A (the Telindus 1423 SHDSL Router).

2 Router A asks router B to authenticate himself. So router A sends a challenge packet

containing a random value to router B.

The challenge packet also contains the sysName of router A. If the peer (router B)
is also a Telindus Router, then it does nothing with it. Other vendors, however, may
use this sysName to determine which secret to use in the authentication process.
Check the vendor’s documentation.

3 Router B feeds the random value and its secret1 into the MD5 hash generator, resulting
in a hash value.

4 Router B sends a response packet containing the hash value and its name2.

5 Router A looks up the name of router B in its pppSecretTable to find a corresponding secret.
This secret found in the pppSecretTable and the random value router A sent in step 2 is fed
into the MD5 hash generator, resulting in a hash value. If this hash value equals the hash
value received from router B, then the authentication succeeded and a PPP link is estab-
lished. Else the authentication failed and no PPP link is established.

1. Depending on how router B is configured, this can be its sysSecret or sessionSecret.

2. Depending on how router B is configured, this can be its sysName or sessionName.
Telindus 1423 SHDSL Router Chapter 7 171
User manual Configuring the encapsulation protocols

The following figure shows the authentication process:

CHAP authentication in both directions

If CHAP authentication is enabled on both routers, then they both request and respond to the authenti-
cation. If the remote router is a router from another vendor, then read the documentation in order to find
out how to configure the CHAP name and secret values.
172 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.4.10 Use which name and secret attributes for PPP authentication?

Older firmware versions only used the sysName and the router/sysSecret attributes in their PPP authentica-
tion process. Newer firmware versions, however, have two new attributes for PPP authentication pur-
poses being: ppp/sessionName and ppp/sessionSecret. This enhancement allows you to define different
names and secrets for each PPP link (whereas before all PPP links used the same sysName and sysSecret
attribute).
So suppose you have several ATM PVCs on which you all run PPPoA, you can use a different name
and secret for each PPPoA link by configuring per PVC the sessionName and sessionSecret in the ppp struc-
ture of the atm/pvcTable attribute.
Refer to …
• telindus1423Router/sysName on page 446
• telindus1423Router/ip/router/sysSecret on page 564
• telindus1423Router/wanInterface/channel[wan_1]/ppp/sessionName on page 492
• telindus1423Router/wanInterface/channel[wan_1]/ppp/sessionSecret on page 492

Important remarks

• If on a PPP link authentication is enabled and the sessionName/sessionSecret attributes are not filled in,
then the sysName/sysSecret attributes are used in the PPP authentication process for that link.
• If on a PPP link authentication is enabled and the sessionName/sessionSecret attributes are filled in, then
the sysName/sysSecret attributes are ignored and are not used in the PPP authentication process for
that link.
• If you have several PPP links and you use a different name and secret for each link (using the ses-
sionName/sessionSecret attributes), then do not forget to add all these names and secrets in the
pppSecretTable of the authenticator.
• The sysName/sysSecret attributes do not serve as “back-up” for the sessionName/sessionSecret attributes.
This means that if for some reason authentication using the sessionName/sessionSecret attributes fails
(e.g. because the secrets do not match), then the authenticator does not restart the authentication
process using the sysName/sysSecret attributes instead.
• If you have several PPP links, it is allowed to use a specific name and secret on some of them (using
the sessionName/sessionSecret attributes) and use a general name and secret for the rest (using the
sysName/sysSecret attributes). In that case, make sure that for the latter the sessionName/sessionSecret
attributes are not configured (i.e. their value fields are empty).
Telindus 1423 SHDSL Router Chapter 7 173
User manual Configuring the encapsulation protocols

7.4.11 Setting up multilink PPP

MLPPP means running a PPP bundle over several physical interfaces. In case you only have one phys-
ical interface towards the WAN, setting up MLPPP seems a bit awkward. However, if you want to enable
PPP fragmentation or set up multiclass PPP links, then you have to set up a PPP bundle even if it means
setting up a bundle on just one physical interface. This because PPP fragmentation and multiclass PPP
are part of the MLPPP feature set.
Note that you can also set up MLPPP for a PPPoA link.

Setting up MLPPP on the SHDSL line

To set up MLPPP on a PPP link, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go

to the wanInterface object and set the encapsulation attribute
to ppp.

2 In the Telindus 1423 SHDSL Router contain-

ment tree, go to the wanInterface/ppp object and
set …
• the mode attribute to multiLink.
• the operation element in the linkMonitoring struc-
ture to enabled. This allows that when a mem-
ber (i.e. a PPP link) of the PPP bundle goes
down, the PPP bundle falls back to a lower
speed and vice versa.

3 Create a PPP bundle.

In the Telindus 1423 SHDSL Router containment tree,
go to the bundle object and add a pppBundle[ ] object underneath (refer to 4.4 - Adding an
object to the containment tree on page 50).
E.g. pppBundle[myPppBundle]
174 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

Step Action

4 Configure the attributes of the pppBundle[ ] object you just added. The most important
attributes are:
• members. Use this attribute to make the WAN interface a member of
the PPP bundle. Do this by adding one entry to the members table
and by typing “wan” as value of the interface element.
• ip. Use this attribute to configure the IP related parameters of the
PPP bundle.
• mode. Use this attribute to determine whether the packets are treated by the routing
process, the bridging process or both.

Refer to 12.11.1 - PPP bundle configuration attributes on page 553 for more information
on the configuration attributes of the PPP bundle.

Setting up MLPPP on a PPPoA link

To set up MLPPP on a PPPoA link, proceed as follows:

Step Action

1 Set up a PPPoA link. Refer to 7.2.13 - Configuring PPP over ATM (PPPoA) on page 138.

Note that it is important to set the operation element in the linkMonitoring structure to
enabled. This allows that when a member (i.e. a PPP link) of the PPP bundle goes
down, the PPP bundle falls back to a lower speed and vice versa.

2 Create a PPP bundle.

In the Telindus 1423 SHDSL Router containment tree,
go to the bundle object and add a pppBundle[ ] object underneath (refer to 4.4 - Adding an
object to the containment tree on page 50).
E.g. pppBundle[myPppBundle]

3 Configure the attributes of the pppBundle[ ] object you just added. The most important
attributes are:
• members. Use this attribute to make an ATM PVC (running PPPoA)
a member of the PPP bundle. Do this by adding an entry to the mem-
bers table and by typing the name of the ATM PVC as value of the
interface element.
• ip. Use this attribute to configure the IP related parameters of the PPP bundle.
• mode. Use this attribute to determine whether the packets are treated by the routing
process, the bridging process or both.

Refer to 12.11.1 - PPP bundle configuration attributes on page 553 for more information
on the configuration attributes of the PPP bundle.

Setting up MLPPP on a BRI interface in leased line mode

Telindus 1423 SHDSL Router Chapter 7 175
User manual Configuring the encapsulation protocols

To set up MLPPP on a BRI interface in leased line mode, proceed as follows:

Step Action

1 Configure the ISDN interface in leased line mode. Refer to 6.6 - How to configure a
leased line ISDN connection on a BRI interface?_ (Telindus 1034 Router only)_ on
page 203.

2 In the Telindus 1423 SHDSL Router containment tree, go to the leasedLine[ ] object and
set the encapsulation attribute to ppp.

4 In the Telindus 1423 SHDSL Router contain-

ment tree, go to the leasedLine[ ]/ppp object and set
…
• the mode attribute to multiLink.
• the operation element in the linkMonitoring struc-
ture to enabled. This allows that when a mem-
ber (i.e. a PPP link) of the PPP bundle goes
down, the PPP bundle falls back to a lower
speed and vice versa.

5 Create a PPP bundle.

In the Telindus 1423 SHDSL Router containment tree,
go to the bundle object and add a pppBundle[ ] object underneath (refer to 4.4 - Adding an
object to the containment tree on page 50).
E.g. pppBundle[myPppBundle]

6 Configure the attributes of the pppBundle[ ] object you just added. The most important
attributes are:
• members. Use this attribute to make the BRI interface in leased line
mode a part of the PPP bundle. Do this by adding one or more
entries to the members table and by typing the index name of the
leasedLine[ ] object as value of the interface element.
• ip. Use this attribute to configure the IP related parameters of the PPP bundle.
• mode. Use this attribute to determine whether the packets are treated by the routing
process, the bridging process or both.

Refer to 12.11.1 - PPP bundle configuration attributes on page 553 for more information
on the configuration attributes of the PPP bundle.
176 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.4.12 Enabling PPP fragmentation

Setting up multilink PPP (MLPPP) allows you to enable PPP fragmentation. Refer to 7.4.1 - Introducing
PPP on page 156 for an introduction on PPP fragmentation.

Important remark

Note that PPP fragmentation is actually a part of the MLPPP feature set. So in case you want to enable
PPP fragmentation, you actually have to set up a PPP bundle. Even if you want to enable PPP fragmen-
tation on just one interface!

To enable PPP fragmentation, proceed as follows:

Step Action

1 Set up MLPPP as described in 7.4.11 - Setting up multilink PPP on page 173.

Note that if you want to enable PPP fragmentation on just one interface, you have to cre-
ate a PPP bundle with just one member.

2 In the pppBundle[ ] object you created in step 1, set the fragmentation attribute to enabled.
Telindus 1423 SHDSL Router Chapter 7 177
User manual Configuring the encapsulation protocols

7.4.13 Setting up multiclass PPP

Setting up multilink PPP (MLPPP) allows you to set up multiclass PPP. Refer to 7.4.1 - Introducing PPP
on page 156 for an introduction on multiclass PPP.

Important remark

Note that multiclass PPP is actually a part of the MLPPP feature set. So in case you want to set up mul-
ticlass PPP, you actually have to set up a PPP bundle. Even if you want to enable multiclass PPP on
just one interface!

To set up multiclass PPP, proceed as follows:

Step Action

1 Set up MLPPP as described in 7.4.11 - Setting up multilink PPP on page 173.

Note that if you want to set up multiclass PPP on just one interface, you have to create a
PPP bundle with just one member.

2 In the pppBundle[ ] object you created in step 1, select the multiclassInterfaces attribute and
add one or more entries to this table.

Use this attribute to set up multiclass PPP links. Add a row to the multiclassInterfaces table
for each multiclass PPP link you want to create.
178 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

Step Action

3 Configure the elements of the multiclass PPP link you just created. These elements are:
• name. Use this element to assign an administrative name to the multiclass PPP link.
• adminStatus. Use this element to activate (up) or deactivate (down) the multiclass PPP
link.
• mode. Use this element to determine whether, for the corresponding multiclass PPP
link, the packets are treated by the routing process, the bridging process or the switch-
ing process.
• ip. Use this element to configure the IP related parameters of the multiclass PPP link.
Refer to 5.2.3 - Explaining the ip structure on page 63 for more information.
• bridging. Use this element to configure the bridging related parameters of the multiclass
PPP link in case the link is in bridging mode (i.e. in case the mode element is set to
bridging). Refer to 9.2.6 - Explaining the bridging structure on page 281 for more infor-
mation.
• multiclass. Use this element to configure the multiclass specific parameters of the mul-
ticlass PPP link. The multiclass element contains the following sub-elements:
- multiclass. Use this element to set a multiclass identifier for the multiclass PPP link.
- defaultQueue. Use this element to select a default queue. This allows you to easily
set up a traffic policy without having to create and apply traffic policy profiles. How-
ever, you still have to create and apply a priority policy profile to empty the queues.
Refer to 8.8.9 - The default queue attribute versus a traffic policy profile on
page 252 for more information.

Refer to telindus1423Router/bundle/pppBundle[ ]/multiclassInterfaces on page 555 for a detailed

description of the multiclassInterfaces table.
Telindus 1423 SHDSL Router Chapter 7 179
User manual Configuring the encapsulation protocols

Example - configuring multiclass PPP

Suppose you want to set up 2 multiclass PPP links on the WAN. In that case you have to create a PPP
bundle with only one member, being the WAN interface, and configure the relevant attributes in this bun-
dle. This is shown in the following figure:
180 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.4.14 Setting up MLPPP on a BRI interface in dial-up mode

Depending on the Telindus 1423 SHDSL Router version, 1 or 2 BRI interfaces are present (1.3 - Telindus
1423 SHDSL Router family overview on page 7). This allows you to set up multilink PPP (MLPPP) over
these interfaces. Refer to 7.4.1 - Introducing PPP on page 156 for an introduction on MLPPP.

Setting up MLPPP on a BRI interface in dial-up mode is a completely different procedure from setting up
MLPPP on a BRI interface in leased line mode. Refer to Setting up MLPPP on a BRI interface in leased
line mode on page 174.

To set up MLPPP on a BRI interface in dial-up mode, proceed as follows:

Step Action

1 Go to the PPP encapsulation profile under profiles/encapsulation. There you can either con-
figure the default profile, or add and configure a custom profile.
Refer to 6.3.1 - How to create a profile? on page 196.

2 In the PPP encapsulation profile set the configuration attribute connection to multiLink (this
is the default value).

3 Also in the PPP encapsulation profile, configure the configuration attribute multiLink. This
structure contains the following elements:
• initialChannels. Use this element to determine of how many B-channels you would like
that the multi-link PPP connection consists.
• bap. Use this element to enable, disable and fine-tune the Bandwidth Allocation Pro-
tocol (BAP).

Refer to 12.9.2 - Encapsulation profile configuration attributes on page 525 for detailed
information on these attributes.

4 Create a dial map and use the PPP encapsulation profile you configured in step 2 in this
dial map.
Refer to 6.3.2 - How to create a dial map? on page 198.

5 When the MLPPP link has been successfully set up, you will find the MLPPP status
attributes under the bundle object.
Telindus 1423 SHDSL Router Chapter 7 181
User manual Configuring the encapsulation protocols

7.5 Configuring HDLC encapsulation

This section introduces the HDLC encapsulation protocol and gives a short description of the attributes
you can use to configure this encapsulation protocol.
The following gives an overview of this section:
• 7.5.1 - Introducing HDLC on page 182
• 7.5.2 - Configuring HDLC on page 182
182 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols

7.5.1 Introducing HDLC

High-level Data Link Control (HDLC) encapsulation means that the Ethernet frames are put in an HDLC
frame without any additional encapsulation (such as Frame Relay or PPP). This means that there is no
protocol which monitors the status of the link, but it also means that there is no encapsulation overhead.
Because the Ethernet frames are directly encapsulated, only bridging is possible.

Important remark

The HDLC encapsulation on the Telindus 1423 SHDSL Router is compatible with the HDLC encapsula-
tion on the Crocus Bridge interface. It is however not compatible with the Cisco HDLC encapsulation.

7.5.2 Configuring HDLC

In case of HDLC encapsulation, the only thing that is configurable are some bridging parameters. Refer
to telindus1423Router/wanInterface/channel[wan_1]/hdlc/bridging on page 494.
Telindus 1423 SHDSL Router Chapter 7 183
User manual Configuring the encapsulation protocols

7.6 Configuring an error test

The Telindus 1423 SHDSL Router features an internal layer 2 error test pattern generator / detector. This
section explains how to set up an error test.
To set up an error test, proceed as follows:

Step Action

1 Set the encapsulation attribute to errorTest.

2 Go to the errorTest object, select the Configuration tab and configure the following attributes:
• testType. Use this attribute to select a test pattern. If you set the testType attribute to pro-
grammablePattern, then you can generate your own test pattern by typing a test pattern
in the programmablePattern attribute (see below).
• blockSize. Use this attribute to set the size of the test blocks.
• programmablePattern. Use this attribute to generate your own test pattern. Do this by typ-
ing a test pattern in the programmablePattern attribute and by setting the testType attribute
to programmablePattern.

3 Now select the Performance tab and execute the startTest action.
⇒The error test is started. You can monitor the results in the Status group and Perform-
ance group.

You can also inject errors by executing the injectError action.

4 To stop the error test, execute the stopTest action. You can then clear all the counters by
executing the clearCounter action.

Due to RAM limitations, it is possible that not all test patterns are supported. In that case the string ram-
Limit is displayed as value of the status attribute telindus1423Router/wanInterface/channel[wan_1]/errorTest/status.
184 Telindus 1423 SHDSL Router Chapter 7
User manual Configuring the encapsulation protocols
Telindus 1423 SHDSL Router Chapter 8 185
User manual Configuring routing

8 Configuring routing
This chapter introduces routing on the Telindus 1423 SHDSL Router and lists the attributes you can use
to configure routing. It also introduces the most important features of the router besides routing and lists
the attributes you can use to configure these features.
The following gives an overview of this chapter:
• 8.1 - Introducing routing on page 186
• 8.2 - Enabling routing on an interface on page 187
• 8.3 - Configuring static routes on page 188
• 8.4 - Configuring policy based routing on page 196
• 8.5 - Configuring RIP on page 201
• 8.6 - Configuring OSPF on page 210
• 8.7 - Configuring address translation on page 219
• 8.8 - Configuring traffic and priority policy on the router on page 237
• 8.9 - Configuring VRRP on page 255

Refer to the Reference manual on page 433 for a complete overview of the attributes of the Telindus
1423 SHDSL Router.
186 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.1 Introducing routing

What is routing?

Routing is the act of moving information across an internetwork from a source to a destination.

Routing versus bridging

Routing is often contrasted with bridging. At first sight, bridging might seem to do the same as routing.
The primary difference between the two is that bridging occurs at layer 2 (the link layer) of the OSI ref-
erence model, whereas routing occurs at Layer 3 (the network layer). In other words, bridging occurs at
a lower level and is therefore more of a hardware function whereas routing occurs at a higher level where
the software component is more important. And because routing occurs at a higher level, it can perform
more complex analysis to determine the optimal path for the packet.

Basic routing activities

Routing involves two basic activities:

• determining optimal routing paths,
• transporting information groups (typically called packets).

Determining the optimal routing path

In order to determine a routing path, routers initialise and maintain routing tables. These routing tables
contain a variety of information. For example:
• Destination/next hop associations tell a router that a particular destination can be reached optimally
by sending the packet to a particular router representing the "next hop" on the way to the final desti-
nation. When a router receives an incoming packet, it checks the destination address and attempts
to associate this address with a next hop.
• Desirability of a path. Routers use metrics to evaluate what path will be the best for a packet to travel.

Routers communicate with one another and maintain their routing tables through the transmission of a
variety of messages. The routing update message is one such message that generally consists of all or
a portion of a routing table. By analysing routing updates from all other routers, a router can build a
detailed picture of network topology.

Transporting packets

In most cases, a host determines that it must send a packet to another host. Having acquired a router's
address by some means, the source host sends a packet addressed specifically to a router's physical
(i.e. Media Access Control or MAC) address, this time with the protocol (i.e. network) address of the des-
tination host.
As it examines the packet's destination protocol address, the router determines that it either knows or
does not know how to forward the packet to the next hop. If the router does not know how to forward the
packet, it typically drops the packet. If the router knows how to forward the packet, however, it changes
the destination physical address to that of the next hop and transmits the packet.
The next hop may be the ultimate destination host. If not, the next hop is usually another router, which
executes the same switching decision process. As the packet moves through the internetwork, its phys-
ical address changes, but its protocol address remains constant.
Telindus 1423 SHDSL Router Chapter 8 187
User manual Configuring routing

8.2 Enabling routing on an interface

Refer to 8.1 - Introducing routing on page 186 for an introduction.

Per IP interface you can determine whether you perform routing, bridging or both. The following table
shows, for each IP interface, how to enable routing on this interface:

Interface How to enable routing?

LAN interface Set the mode attribute to routing or routingAndBridging. The mode attribute can be found
in the lanInterface object: telindus1423Router/lanInterface/mode.

Important remark

If you set the configuration attribute telindus1423Router/lanInterface/mode to bridg-

ing, then the settings of the configuration attribute telindus1423Router/lanInterface/ip are
ignored. As a result, if you want to manage the Telindus 1423 SHDSL Router via
IP, you have to configure an IP address in the bridgeGroup object instead:
telindus1423Router/bridge/bridgeGroup/ip.

VLAN on the Set the mode element to routing or routingAndBridging. The mode element can be found
LAN interface in the vlan table which is located in the lanInterface object: telindus1423Router/lanInter-
face/vlan/mode.

ATM PVC Set the mode element to routing or routingAndBridging. The mode element can be found
in the pvcTable table which is located in the atm object: telindus1423Router/wanInterface/
channel[wan_1]/atm/pvcTable/mode.

PPP link Set the mode element to routing or routingAndBridging. The mode element can be found
in the ppp object: telindus1423Router/wanInterface/channel[wan_1]/ppp/mode.

Frame Relay Set the mode element to routing or routingAndBridging. The mode element can be found
PVC in the dlciTable table which is located in the frameRelay object: telindus1423Router/wan-
Interface/channel[wan_1]/frameRelay/dlciTable/mode.

PPP link Create a routing forwarding profile and apply this profile in a dial map entry.
(ISDN interface
Refer to 6 - Setting up ISDN connections on page 93 for more information.
in dial-up)

PPP link Set the mode element to routing or routingAndBridging. The mode element can be found
(ISDN interface in the ppp object: telindus1423Router/bri[ ]/leasedLine[ ]/ppp/mode.
in leased line)

Frame Relay Set the mode element to routing or routingAndBridging. The mode element can be found
PVC in the dlciTable table which is located in the frameRelay object: telindus1423Router/bri[ ]/
(ISDN interface leasedLine[ ]/frameRelay/dlciTable/mode.
in leased line)

L2TP tunnel Set the mode element to routing or routingAndBridging. The mode element can be found
in the l2tpTunnels table which is located in the tunnels object: telindus1423Router/ip/router/
tunnels/l2tpTunnels/mode.

IPSEC L2TP Set the mode element to routing or routingAndBridging. The mode element can be found
tunnel in the ipsecL2tpTunnels table which is located in the tunnels object: telindus1423Router/ip/
router/tunnels/ipsecL2tpTunnels/mode.
188 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.3 Configuring static routes

This section introduces static routing and gives a short description of the attributes you can use to con-
figure static routing.
The following gives an overview of this section:
• 8.3.1 - Introducing static routing on page 189
• 8.3.2 - Configuring a default route on page 190
• 8.3.3 - Configuring the routing table on page 191
• 8.3.4 - Configuring the routing table - rules of thumb on page 194
• 8.3.5 - The rerouting principle on page 195
Telindus 1423 SHDSL Router Chapter 8 189
User manual Configuring routing

8.3.1 Introducing static routing

Static versus dynamic routing

The following table states the differences between static and dynamic routing:

Routing algo- Description

rithm

static Static routing algorithms are hardly algorithms at all, but are table mappings estab-
lished by the network administrator before the beginning of routing. These map-
pings do not change unless the network administrator alters them. Static routing
algorithms work well in environments where network traffic is relatively predictable
and where network design is relatively simple.

dynamic Because static routing systems cannot react to network changes, they generally
are considered unsuitable for today's large, constantly changing networks. Most of
the dominant routing algorithms today are dynamic routing algorithms, which
adjust to changing network circumstances by analysing incoming routing update
messages. If the message indicates that a network change has occurred, the rout-
ing software recalculates routes and sends out new routing update messages.
These messages permeate the network, stimulating routers to rerun their algo-
rithms and change their routing tables accordingly.
Also refer to …
• 8.5.1 - Introducing RIP on page 202.
• 8.6.1 - Introducing OSPF on page 211.

static and Dynamic routing algorithms can be supplemented with static routes where appro-
dynamic priate. A router of last resort (a router to which all unroutable packets are sent), for
example, can be designated to act as a repository for all unroutable packets,
ensuring that all messages are at least handled in some way.

What is a default route?

A default route is a route (also called gateway) that is used to direct packets addressed to networks not
explicitly listed in the routing table. A default route is also typically used when only one specific remote
network has to be reached.

What is a routing table?

The routing table is composed of a set of routes that are known to the router. It includes a list of known
addresses, as well as information to get a packet one router closer to its final destination. Routing tables
can be static (with routes manually entered by the network administrator) or dynamic (where routers
communicate to exchange connection and route information using e.g. RIP).
190 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.3.2 Configuring a default route

Refer to 8.3.1 - Introducing static routing on page 189 for an introduction on the default route.
To configure a default route, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router

containment tree, go to the router
object and select the defaultRoute attribute.

2 Configure the elements in the defaultRoute structure. The most important elements are:
• gateway. Use this element to specify the IP address of the next router that will route all
packets for which no specific (static or dynamic) route exists in the routing table.
• interface. Use this element to specify the interface through which the gateway can be
reached. Do this by typing the name of the interface as you assigned it using the con-
figuration attribute name (e.g. telindus1423Router/lanInterface/name). Note that this interface
can also be a DLCI, PVC, tunnel, etc.

Refer to telindus1423Router/ip/router/defaultRoute on page 559 for more information on.

Example - configuring a default route

Suppose network 1 is connected over a network of an operator to network 2. Network 1 only needs to
reach network 2. So for the router in network 1 it suffices to configure a default route towards network 2.

Configure the defaultRoute attribute of Router A as follows:

Telindus 1423 SHDSL Router Chapter 8 191
User manual Configuring routing

8.3.3 Configuring the routing table

Refer to 8.3.1 - Introducing static routing on page 189 for an introduction on the routing table.
To configure the routing table, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router

containment tree, go to the router object
and select the routingTable attribute.

2 Configure the elements in the routingTable:

• network. Use this element to specify the IP address of the destination network.
• mask. Use this element to specify the network mask of the destination network.
• gateway. Use this element to specify the IP address of the next router on the path to
the destination network.
• interface. Use this element to specify the interface through which the destination net-
work can be reached. Do this by typing the name of the interface as you assigned it
using the configuration attribute name (e.g. telindus1423Router/lanInterface/name). Note that
the “interface” can also be a DLCI, PVC, tunnel, etc.
• preference. Use this element to set the level of importance of the route.
• metric. Use this element to set with how much the metric parameter of a route has to
be incremented.

Refer to telindus1423Router/ip/router/routingTable on page 560 for more information.

192 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

Example - configuring a static route (WAN IP address is present)

Suppose network 1 is connected over a network of an operator to network 2. The two routers have an
IP address on their WAN interface.

To make network 192.168.48.0 reachable from network 192.168.47.0 and vice versa, you have to define
one static route in Router A and one static route in Router B. So configure the routingTable attribute of
Router A and B as follows:
Telindus 1423 SHDSL Router Chapter 8 193
User manual Configuring routing

Example - configuring a static route (WAN IP address is not present)

Suppose network 1 is connected over a network of an operator to network 2. The two routers do not have
an IP address on their WAN interface, only on their LAN interface.

To make network 192.168.48.0 reachable from network 192.168.47.0 and vice versa, you have to define
one static route in Router A and one static route in Router B. So configure the routingTable attribute of
Router A and B as follows:
194 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.3.4 Configuring the routing table - rules of thumb

The following table lists some rules when configuring the routingTable:

Rule Description

1 As a rule of thumb, one can say that the interface name has priority over the gateway.

2 In case you enter a correct (i.e. existing) interface name and in case it refers to a …
• point-to-point (PTP) interface, the route is always added to the routing table, no matter
which gateway (GW) is specified.
• multi-point (MP) interface, then …
- the route is only added to the routing table when a local gateway is specified.
- the route is not added to the routing table when no gateway is specified.
- a reroute occurs when no local gateway is specified.

3 In case you enter an incorrect interface name, the route is not added to the routing table.

4 In case you enter no interface name then …

• the route is added to the routing table when a local gateway is specified.
• the route is not added to the routing table when no gateway is specified.
• the route is not added to the routing table when the gateway lies within the configured
network route. For example: network = 10.0.0.0; mask = 255.255.255.0; gateway =
10.0.0.1.
• a reroute occurs when no local gateway is specified.

The following table summarises the above:

Interface name Gateway Result

correct none (0.0.0.0) • PTP: route added

• MP: route not added

correct local route added (always)

correct not local • PTP: route added1

• MP: rerouted

incorrect - route not added

no name local for an interface routed added

no name not local for an interface rerouted to gateway

Exception:
• GW = none (0.0.0.0) • route not added
• GW lies in configured net- • route not added
work route

1. In the routingTable status, the configured gateway will appear but for the routing itself the gate-
way is ignored.
Telindus 1423 SHDSL Router Chapter 8 195
User manual Configuring routing

8.3.5 The rerouting principle

What is the rerouting principle?

If the gateway of a route does not belong to the subnet of an interface, then the Telindus 1423 SHDSL
Router adds a special route. Then a second route look-up occurs, this time using the gateway field of
the route. This can be used as a back-up functionality as shown below.

Example

Suppose you have

the following set-up:

In the routing table,

the following routes
are defined:
• network
172.31.75.0 is
reachable via
172.31.77.10
• 172.31.77.10 is
reachable via
PVC A
(172.31.77.2)
• 172.31.77.10 is
also reachable
via PVC B
(172.31.77.6)

Now in order to reach network 172.31.75.0, PVC A is used. However, when PVC A goes down, the Tel-
indus 1423 SHDSL Router automatically uses PVC B in order to reach network 172.31.75.0. I.e. it auto-
matically “reroutes” and this without the need of a routing protocol.

Important remarks

• This only works for the entries of the routing table, not for the default gateway.
• This type of route is always up.
• In the status information, the interface element of such a route displays internal.
196 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.4 Configuring policy based routing

This section introduces the policy based routing and gives a short description of the attributes you can
use to configure policy based routing.
The following gives an overview of this section:
• 8.4.1 - Introducing policy based routing on page 197
• 8.4.2 - Setting up policy based routing on page 198
Telindus 1423 SHDSL Router Chapter 8 197
User manual Configuring routing

8.4.1 Introducing policy based routing

What is policy based routing?

Normal routing is based on the destination IP address. Policy based routing offers the possibility to
define different routing entries based on additional information. Traffic is routed to a certain interface or
gateway based on e.g. the source IP address, the IP protocol, etc.
198 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.4.2 Setting up policy based routing

Refer to 8.4.1 - Introducing policy based routing on page 197 for an introduction.
To configure policy based routing, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree,

go to the profiles/policy/traffic object and add an ipTraf-
ficPolicy[ ] object underneath (refer to 4.4 - Adding an
object to the containment tree on page 50).

2 Select a traffic policy method. Do this using the

method attribute in the traffic policy object you added
in step 1.
In case of policy based routing, you can only use
trafficShaping or tosMapped, not tosDiffServ.

3 Configure the policy criteria for the traffic policy method you selected in step 2.

If you choose then use the following attribute in the traffic policy object to
the method … configure the policy criteria:

trafficShaping, trafficShaping.
So using the elements in this table you can route traffic based on
IP source and destination address, TOS values, IP protocol, etc.

tosMapped, tos2QueueMapping.
So using the elements in this table you can route traffic based on
TOS values.

For more information on these attributes, refer to …

• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/trafficShaping on page 534.
• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/tos2QueueMapping on page 539.

4 Now you have to determine to which interface and gateway the traffic is routed. Do this
using the interface and gateway elements that you find in the traffic policy tables you config-
ured in step 3.
Telindus 1423 SHDSL Router Chapter 8 199
User manual Configuring routing

Example - configuring policy based routing

Suppose you have two networks which are interconnected over an ATM network. Network 1 carries a
mix of data and voice traffic. The traffic on this network is differentiated by setting the Type Of Service
(TOS) values in the IP packet headers (data = 0, voice = 10). When the traffic is routed from network 1
to network 2 you want that the data traffic and the voice traffic each go over a separate PVC.

Sketched in broad outlines, this is how you configure the above:

Step Action

1 Set up two ATM PVCs.

For example:
• Configure one ATM PVC that will carry the data traffic, e.g. pvcTable/name = dataPvc.
• Configure another ATM PVC that will carry the voice traffic, e.g. pvcTable/name =
voicePvc.

Since this is not the main subject of this example, refer for more information on creating
ATM PVCs to 7.2.2 - Configuring ATM PVCs on page 125.

2 Create and configure an IP traffic policy for policy based routing purposes.
For example:
• Create a trafficPolicy[myIpPol] object.
• Set the method attribute to tosMapped.
• In the tos2QueueMapping table, create two entries and define the startTos, endTos, interface
and gateway elements of each entry in such a way that the data traffic and the voice
traffic each go over a separate PVC.
200 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

The following figure shows how to configure policy based routing:

Telindus 1423 SHDSL Router Chapter 8 201
User manual Configuring routing

8.5 Configuring RIP

This section introduces the Routing Information Protocol (RIP) and gives a short description of the
attributes you can use to configure RIP.
The following gives an overview of this section:
• 8.5.1 - Introducing RIP on page 202
• 8.5.2 - Enabling RIP on an interface on page 203
• 8.5.3 - Explaining the rip structure on page 205
• 8.5.4 - Enabling RIP authentication on an interface on page 209
202 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.5.1 Introducing RIP

What is RIP?

The Routing Information Protocol (RIP) is a protocol that routers use to exchange dynamic routing infor-
mation. RIP can be enabled or disabled per interface.
There are two main RIP modes:

RIP mode Description

passive Received RIP updates are parsed, but no RIP updates are transmitted.

active RIP updates are transmitted and received.

How does RIP work?

When RIP is enabled, the Telindus 1423 SHDSL Router advertises every 30 seconds its routing infor-
mation to adjacent routers. It also receives the routing information from the adjacent routers. With this
information it adapts its routing table dynamically. If after 180 seconds no information about a certain
route has been received, then this route is declared down. If after an additional 120 seconds (i.e. 300
seconds in total) still no information about the route has been received, then this route is deleted from
the routing table.

RIP support

The Telindus 1423 SHDSL Router supports RIP protocol version 1, 1-compatible and 2. RIP version 1
is a very common routing protocol. Version 2 includes extra features like variable subnet masks and
authentication. Check which RIP version is used by the other routers in the network.

Currently, the RIPv2 routing protocol requires the use of an IP address on the WAN interface.

RIP authentication

For security reasons the RIP updates that are exchanged between routers can be authenticated. RIP
authentication can be enabled or disabled per interface.
Telindus 1423 SHDSL Router Chapter 8 203
User manual Configuring routing

8.5.2 Enabling RIP on an interface

Refer to …
• 8.3.1 - Introducing static routing on page 189 for a comparison between static and dynamic (e.g.
using RIP) routing.
• 8.5.1 - Introducing RIP on page 202 for an introduction on RIP.

To enable dynamic routing using RIP on an IP interface, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the router object and set the
routingProtocol attribute to rip.

This activates the general RIP process on the Telindus 1423 SHDSL Router. Now you
can activate or deactivate RIP per IP interface. Note that by default RIP is activated on
all IP interfaces.

2 Each IP interfaces has an ip structure. Within this ip structure you find a rip structure. Use
the following elements in the rip structure to activate or deactivate RIP per IP interface:
• mode. Use this element to set the transmission and/or reception of RIP updates on the
interface. By default the Telindus 1423 SHDSL Router transmits and receives RIP
updates on all interfaces.
• txVersion. Use this element to set the version of the RIP updates that are transmitted
on the interface.
• rxVersion. Use this element to set which version of received RIP updates is accepted
on the interface.

For example, the following shows the location of the rip structure on the LAN interface:

Refer to …
• 5.2.2 - Where to find the IP parameters? on page 61 for the location of the ip structure
on the different IP interfaces. The rip structure is located within the ip structure.
• 8.5.3 - Explaining the rip structure on page 205 for a detailed explanation of the rip
structure.
204 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

Example - configuring RIP

Suppose you want to activate RIP on the LAN interface. What is more, you want that the LAN interface
does not transmit RIP updates but only parses received RIP updates (passive RIP). Furthermore, you
only want to accept RIP version 1 updates on the LAN interface.
The following figure shows how to configure this:

Note that since in this example the mode element is set to passive, the txVersion element is ignored.
Telindus 1423 SHDSL Router Chapter 8 205
User manual Configuring routing

8.5.3 Explaining the rip structure

Because the rip structure occurs in several objects, it is described here once and referenced where nec-
essary. The rip structure is located within the ip structure. Refer to 5.2.2 - Where to find the IP parame-
ters? on page 61 for the location of the ip structure.
The rip structure contains the following elements:

Element Description

metric Use this element to determine with how much the Tel- Default:1
indus 1423 SHDSL Router increments the metric Range: 1 … 15
parameter of a route.
Routing information includes a metric parameter. Every time a router is passed,
this parameter is incremented. Also the Telindus 1423 SHDSL Router increments
the metric parameter (default by 1) before it writes the route in the routing table.
Hence, the metric parameter indicates for each route how many routers have to be
passed before reaching the network. When several routes to a single network exist
and they all have the same preference, then the route with the smallest metric
parameter is chosen.
However, using the metric element, you can increment the metric parameter by
more than 1 (up to a maximum of 15). You could do this, for instance, to indicate
that a certain interface is less desirable to route through. As a result, the Telindus
1423 SHDSL Router adds this value to the metric parameter of every route learnt
through that interface.
The metric parameter is also used to represent the directly connected subnets on
the LAN and WAN interfaces.

mode Use this element to set the transmission and/or recep- Default:active
tion of RIP updates on the interface. By default the Range: enumerated, see below
Telindus 1423 SHDSL Router transmits and receives
RIP updates on all interfaces.
The mode element has the following values:
• active. RIP updates are transmitted and received on this interface.
• passive. RIP updates are not transmitted on this interface, but received updates
are parsed.
• disabled. RIP updates are nor transmitted nor received on this interface.

txVersion Use this element to set the version of the RIP updates Default:rip2
that are transmitted on the interface. Range: enumerated, see below
The txVersion element has the following values:
• rip1. The transmitted RIP updates are RIP version 1 updates.
• rip2. The transmitted RIP updates are RIP version 2 updates.
• rip1-compatible. The contents of the RIP update packet is a RIP version 2 packet,
but it is encapsulated as a RIP version 1 packet. This allows some older imple-
mentations of RIP 1 to be interoperable with RIP 2.
206 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

Element Description

rxVersion Use this element to set which version of received RIP Default:rip2only
updates is accepted on the interface. Range: enumerated, see below
The rxVersion element has the following values:
• rip1only. Only RIP version 1 received RIP updates are accepted.
• rip2only. Only RIP version 2 received RIP updates are accepted.
• rip1&2. Both RIP version 1 and 2 received RIP updates are accepted.

If you want to accept RIP1-compatible updates on the interface, then set the
rxVersion attribute to rip1&2.

splitHorizon Use this element to enable or disable split horizon Default:poisonedReverse

operation. Range: enumerated, see below
The splitHorizon element has the following values:
• disabled. Split horizon is disabled.
• enabled. Split horizon is enabled.
Split horizon operation prevents that routing information exits the interface
through which the information was received in the first place. This optimises
communications among multiple routers, particularly when links are broken. It
also prevents routing loops.
• poisonedReverse. Poisoned reverse split horizon is used.
Whereas “simple” split horizon simply omits the routes learned from one neigh-
bour in updates sent to that neighbour, poisoned reverse split horizon includes
such routes in updates but sets their metrics to infinity.
Telindus 1423 SHDSL Router Chapter 8 207
User manual Configuring routing

Element Description

authentication Use this element to enable or disable RIP authentica- Default:disabled

tion. Range: enumerated, see below
Refer to 8.5.4 - Enabling RIP authentication on an interface on page 209 for more
information on RIP authentication.
The authentication element has the following values:
• disabled. No authentication is used.
• text. The authentication secret is exchanged in clear text.
• md5. Instead of sending the authentication secret together with the RIP
updates, it is hashed together with the routing information into a unique value.
This authentication is the most secure. This because it provides also protection
against tampering with the contents of a packet: both an incorrect password
and modified routing information result in different hash values.

Remarks

•If authentication is enabled (either text or md5), then only updates using that
authentication are processed. All other updates on that interface are discarded.
• If you use md5 and if for a certain interface multiple secrets are present in the
ripv2SecretTable, then the first entry in the ripv2SecretTable is used to transmit RIP
updates. Authentication of the received RIP updates is done by looking for the
first secret with a matching key.
• If you use text and if for a certain interface multiple secrets are present in the
ripv2SecretTable, then only the first entry in the ripv2SecretTable is used to transmit
and receive RIP updates.

filter Use this element to apply a filter on the RIP updates Default:<empty>
on the interface. Range: 0 … 24 characters
Do this by entering the index name of the filter you want to use. You can create the
filter itself by adding a routingFilter object and by configuring the attributes in this
object.

Example

If you created a routingFilter object with index name my_filter (i.e.

routingFilter[my_filter]) and you want to apply this filter here, then enter the
index name as value for the filter element.
Refer to …
• 12.12.7 - Routing filter configuration attributes on page 622 for more informa-
tion on RIP filtering.
• 4.4 - Adding an object to the containment tree on page 50 for more information
on adding objects.
208 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

Element Description

snapshot Use this element to enable or disable RIP snapshot Default:enabled

routing. This element is only present in the routing for- Range: enabled / disabled
warding profile.

What is RIP snapshot routing?

The use of RIP in combination with dial-up interfaces creates the problem that the
regular RIP updates can cause the interface to stay up, even if no other traffic is
sent over the link. This of course leads to unacceptable costs. RIP snapshot rout-
ing limits the number of updates that is sent to the bare minimum. In this case,
updates are only sent when changes occur in the routing table. This means that
routes that are learnt through a dial-up interface are no longer timed out.
Telindus 1423 SHDSL Router Chapter 8 209
User manual Configuring routing

8.5.4 Enabling RIP authentication on an interface

Refer to 8.5.1 - Introducing RIP on page 202 for an introduction on RIP authentication.
To enable RIP authentication on a certain interface, proceed as follows:

Step Action

1 In the rip structure, set the authentication element to …

• text. RIP authentication is enabled and the authentication secret is
sent along with the RIP updates in clear text.
• md5. RIP authentication is enabled and the authentication secret is
hashed together with the routing information into a unique value.

Refer to 8.5.3 - Explaining the rip structure on page 205.

2 In the Telindus 1423 SHDSL Router containment tree, go to the router object, select the
ripv2SecretTable attribute and add one or more entries to this table.

3 Configure the elements of an entry in the ripv2SecretTable attribute:

• keyId. Use this element to set a unique identifier for each secret.
• secret. Use this element to define the secret. This secret is sent with the RIP updates
on the specified interface. It is also used to authenticate incoming RIP updates.
• interface. Use this element to specify on which interface the secret is used. Do this by
typing the name of the interface as you assigned it using the configuration attribute
name (e.g. telindus1423Router/lanInterface/name). Note that the “interface” can also be a
DLCI, PVC, tunnel, etc. Entering the string “all” (default) means the secret is used on
all the interfaces.

Refer to telindus1423Router/ip/router/ripv2SecretTable on page 563 for more information.

210 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.6 Configuring OSPF

This section introduces the OSPF protocol. The following gives an overview of this section:
• 8.6.1 - Introducing OSPF on page 211
• 8.6.2 - Activating OSPF on page 216
• 8.6.3 - Enabling OSPF authentication on page 217
Telindus 1423 SHDSL Router Chapter 8 211
User manual Configuring routing

8.6.1 Introducing OSPF

What is OSPF?

The Open Shortest Path First (OSPF) protocol is an Interior Gateway Protocol used to distribute routing
information within a single Autonomous System.
On the Internet, an autonomous system (AS) is either a single network or a group of networks that is
controlled by a common network administrator (or group of administrators) on behalf of a single admin-
istrative entity (such as a university, a business enterprise, or a business division). An autonomous sys-
tem is also sometimes referred to as a routing domain.
Using OSPF, a host that obtains a change to a routing table or detects a change in the network imme-
diately multicasts the information to all other hosts in the network so that all will have the same routing
table information. Unlike the RIP in which the entire routing table is sent, the host using OSPF sends
only the part that has changed. With RIP, the routing table is sent to a neighbour host every 30 seconds.
OSPF multicasts the updated information only when a change has taken place.

What are the OSPF link states?

Rather than simply counting the number of hops, OSPF bases its path descriptions on "link states" that
take into account additional network information. That is why OSPF is called a link-state protocol. A link
can be seen as an interface on the router. The state of the link is a description of that interface and of its
relationship to its neighbouring routers. A description of the interface would include, for example, the IP
address of the interface, the mask, the type of network it is connected to, the routers connected to that
network and so on.
Each router in the Autonomous System originates one or more link state advertisements (LSAs). The
collection of LSAs forms the link-state database. Each separate type of LSA has a separate function.
There 4 distinct types of LSAs:

Link State Packets Description

Router-LSAs • Describes the state and cost of the router ‘s links (interfaces) to the area,
i.e. intra-area.
• Each router will generate a Router-LSA for all of its interfaces.

Network-LSAs Network-LSAs are generated by a Designated Router (DR) on a segment.

This information is an indication of all routers connected to a particular multi-
access segment such as Ethernet, Token Ring and FDDI (DRs will be dis-
cussed further down).

Summary-LSAs • Summary-LSA ‘s provide a way of condensing an area's routing informa-

tion.
• Summary-LSA ‘s describe networks in the Autonomous System, but out-
side of an area, i.e. inter-area. Summary links are generated by an Area
Border Router (ABR, ABRs will be discussed further down).
• By generating summary links, the network reachability information is
shared between areas. Normally, all information is injected into the back-
bone (area 0) and in turn the backbone will pass it on to other areas.
ABRs also have the task of propagating the reachability of the ASBR.
This is how routers know how to get to external routes in other Autono-
mous Systems.
212 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

Link State Packets Description

AS-external-LSAs • AS-external-LSAs provide a way of transparently advertising externally-

derived routing information throughout the Autonomous System
• AS-external-LSAs are an indication of networks outside of the AS. These
networks are injected into OSPF via redistribution. External links are
generated by an ASBR (ASBRs will be discussed further down). The
ASBR has the task of injecting these routes into an autonomous system.

What is the backbone area or area 0?

OSPF has special restrictions when multiple areas are involved. If more than one area is configured, one
of these areas has be to be area 0. This is called the backbone. When designing networks it is good
practice to start with area 0 and then expand into other areas later on.
The backbone has to be at the centre of all other areas, i.e. all areas have to be physically connected to
the backbone. The reasoning behind this is that OSPF expects all areas to inject routing information into
the backbone and in turn the backbone will disseminate that information into other areas.

What are areas and border routers?

OSPF uses flooding to exchange link-state updates between routers. Any change in routing information
is flooded to all routers in the network. Areas are introduced to put a boundary on the explosion of link-
state updates. All routers within an area have the exact link-state database.
A router that has all of its interfaces within the same area is called an internal router (IR).
Routers that belong to multiple areas, and connect these areas to the backbone area are called area
border routers (ABR). ABRs must therefore maintain information describing the backbone areas and
other attached areas.
Routers that act as gateways (redistribution) between OSPF and other routing protocols (e.g. RIP) are
called autonomous system boundary routers (ASBR).
In order to minimize the amount of information exchange on a particular segment, OSPF elects one
router to be a designated router (DR), and one router to be a backup designated router (BDR), on each
multi-access segment. The BDR is elected as a backup mechanism in case the DR goes down (the DR
and BDR are elected based upon their OSPF priority). The idea behind this is that routers have a central
point of contact for information exchange. Instead of each router exchanging updates with every other
router on the segment, every router exchanges information with the DR and BDR. The DR and BDR
relay the information to everybody else.
Telindus 1423 SHDSL Router Chapter 8 213
User manual Configuring routing

What are stub areas?

OSPF allows certain areas to be configured as stub areas. External networks, such as those redistrib-
uted from other protocols into OSPF, are not allowed to be flooded into a stub area. Routing from these
areas to the outside world is based on a default route. Configuring a stub area reduces the topological
database size inside an area and reduces the memory requirements of routers inside that area.
An area can be called a stub when there is a single exit point from that area or if routing to outside of the
area does not go via an optimal path. The latter description is just an indication that a stub area that has
multiple exit points, will have one or more area border routers injecting a default into that area.
All OSPF routers inside a stub area have to be configured as stub routers. This is because whenever an
area is configured as stub, all interfaces that belong to that area will start exchanging Hello packets with
a flag that indicates that the interface is stub. All routers that have a common segment have to agree on
that flag. If they don't, then they will not become neighbours and routing will not take effect.

What are NSSAs?

Not-so-stubby areas are a type of stub area in which external routes can be flooded.
OSPF areas flood all external routes across area borders. In the presence of large number of external
routes, this may be a problem, as external routes cannot be summarized at the ABRs. Stub areas are
designed to alleviate the problem by preventing external routes from being injected into the stub area,
and instead a default route is injected. Stub areas are incapable of carrying external routes (Type 5
LSAs), and hence are incapable of supporting ASBRs.
NSSAs allow for supporting ASBRs within the NSSA, while maintaining the same behaviour as stub
areas of not injecting external (Type 5) routes coming from the backbone. Thus NSSA routers benefit
from the significant reduction of external routes coming from the backbone, while having the capability
to carry a limited number of externals that originate in the NSSA.
To provide the ability of carrying external routes originated in the NSSA, a new LSA type was defined,
Type 7 LSA. It has the structure and semantics of a Type 5 (External) LSA, with a two differences:
• Type 7 LSAs can be originated and propagated within the NSSA, they do not cross area borders like
Type 5 LSAs do.
• Type 5 LSAs are not supported in NSSA; they can be neither originated nor propagated in NSSA.

In order to allow limited exchange of external information across an NSSA border, NSSA border routers
will translate selected Type-7 LSAs received from the NSSA into Type-5 LSAs. These Type-5 LSAs will
be flooded to all Type-5 capable areas. NSSA border routers may be configured with address ranges so
that multiple Type-7 LSAs may be aggregated into a single Type-5 LSA. The NSSA border routers that
perform translation are configurable. In the absence of a configured translator one is elected.
214 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

What are neighbours and adjacency?

Routers that share a common segment become neighbours on that segment. Neighbours are discov-
ered via the Hello protocol. Hello packets are sent periodically out of each interface using IP multicast.
Routers become neighbours as soon as they see themselves listed in the neighbour’s Hello packet. This
way, a two way communication is guaranteed.
Adjacency is the next step after the neighbouring process. Adjacent routers are routers that go beyond
the simple Hello exchange and proceed into the database exchange process. In order to minimize the
amount of information exchange on a particular segment, OSPF elects one router to be a designated
router (DR), and one router to be a backup designated router (BDR), on each multi-access segment
(refer to What are areas and border routers? on page 212).

What is OSPF cost?

The cost of an interface in OSPF is an indication of the overhead required to send packets across a cer-
tain interface. The cost of an interface is inversely proportional to the bandwidth of that interface. A
higher bandwidth indicates a lower cost. There is more overhead (higher cost) and time delays involved
in crossing a 56k serial line than crossing a 10M ethernet line.
The cost of an interface can either be calculated automatically, or the user can overrule the calculated
cost by using his own configuration so that some paths are given preference.
The formula used to calculate the cost is:
cost = reference bandwidth (in bps) / interface bandwidth (in bps)
The reference bandwidth can be set by the user.

Virtual links

Virtual links are used for two purposes:

• Linking an area that does not have a physical connection to the backbone.
• Patching the backbone in case discontinuity of area 0 occurs.
As mentioned earlier, area 0 has to be at the centre of all other areas. In some rare case where it is
impossible to have an area physically connected to the backbone, a virtual link is used. The virtual link
will provide the disconnected area a logical path to the backbone. The virtual link has to be established
between two ABRs that have a common area, with one ABR connected to the backbone.
Telindus 1423 SHDSL Router Chapter 8 215
User manual Configuring routing

OSPF authentication

It is possible to authenticate the OSPF packets so that routers can participate in routing domains based
on predefined passwords. By default, a router uses a Null authentication which means that routing
exchanges over a network are not authenticated. Two other authentication methods exist: Simple Pass-
word authentication and Message Digest authentication (MD-5):

Authentication Description

Null authentication No authentication is used.

Simple Password This allows a password (key) to be configured per interface. Interfaces of dif-
authentication ferent routers that want to exchange OSPF information will have to be con-
figured with the same key.

Message Digest This is a cryptographic authentication. A key (password) and key-id are con-
authentication (MD-5) figured on each router. The router uses an algorithm based on the OSPF
packet, the key, and the key-id to generate a "message digest" that gets
appended to the packet. Unlike the simple authentication, the key is not
exchanged over the wire.

OSPF authentication can be enabled or disabled per interface.

216 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.6.2 Activating OSPF

Refer to 8.6.1 - Introducing OSPF on page 211 for an introduction on OSPF.

OSPF does not need to be activated as such. By modifying the configuration attributes under the router/
ospf and router/ospf/Area[ ] objects, OSPF can be applied within an autonomous system. Refer to 12.12.6 -
OSPF configuration attributes on page 609.
The router/ospf/Area[ ] object is not present in the containment tree by default. If you want to use the feature
associated with this object, then add the object first. Refer to 4.4 - Adding an object to the containment
tree on page 50.
Telindus 1423 SHDSL Router Chapter 8 217
User manual Configuring routing

8.6.3 Enabling OSPF authentication

Refer to 8.6.1 - Introducing OSPF on page 211 for an introduction on OSPF authentication.
There are two authentication methods:
• simple password authentication. Refer to Enabling simple password authentication on page 217.
• MD-5 authentication. Refer to Enabling MD-5 authentication on page 218.

Enabling simple password authentication

To enable simple password authentication, proceed as follows:

Step Action

1 In the containment tree, go to the router/ospf/Area[ ] object, and select the networks configu-
ration attribute. In the authentication structure, set the authentication type element to text.

2 In the authentication text element, type the password.

218 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

Enabling MD-5 authentication

To enable MD-5 authentication, proceed as follows:

Step Action

1 In the containment tree, go to the router/ospf object and select the keyChains configuration
attribute. In the keyChains table, add a new chain.

2 In the chain table, set the elements correctly. Refer to telindus1423Router/ip/router/ospf/key-

Chains/chain on page 612.

3 In the containment tree, go to the router/ospf/Area[ ] object, and select the networks configu-
ration attribute. In the authentication structure, set the authentication type element to md5.

4 In the authentication keyChain element, type the name of the key chain that will be used.

In the screenshots above, the authentication structure is explained as being part of the networks table. Note
that the authentication structure is also present in the virtualLinks table.
Telindus 1423 SHDSL Router Chapter 8 219
User manual Configuring routing

8.7 Configuring address translation

This section explains Network Address Translation (NAT) and Port Address Translation (PAT). Firstly, it
gives an introduction. Secondly, a table is presented that will help you to determine which translation
method meets your requirements. Then this section teaches you how to configure NAT and PAT.
The following gives an overview of this section:
• 8.7.1 - Introducing address translation on page 220
• 8.7.2 - When use NAT and/or PAT on page 221
• 8.7.3 - Enabling PAT on an interface on page 222
• 8.7.4 - How does PAT work? on page 224
• 8.7.5 - PAT limitations and work-arounds on page 227
• 8.7.6 - Enabling NAT on an interface on page 228
• 8.7.7 - Adding multiple NAT objects on page 230
• 8.7.8 - How does NAT work? on page 232
• 8.7.9 - Combining PAT and NAT on page 234
• 8.7.10 - Easy NAT on PPP on page 234
220 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.7.1 Introducing address translation

What is address translation?

Address translation is used to translate private IP addresses into official IP addresses. This is also known
as IP masquerading.

Why use address translation?

Each device connected to the Internet must have an official (i.e. unique) IP address. The success of the
Internet has caused a lack of these official IP addresses. As a result, your Internet Service Provider (ISP)
may offer you only one or a small number of official IP addresses.
If the number of IP devices on your local network is larger than the number of official IP addresses, you
can assign test or private IP addresses to your local network. In that case, you have to configure your
access router to translate IP addresses using NAT or PAT.
Even when there are sufficient official IP addresses available, you may still choose to use NAT e.g. for
preserving previously assigned test addresses to all the devices on your local network.

What is NAT?

Network Address Translation (NAT) is an Internet standard that enables a local area network (LAN) to
use one set of IP addresses for internal traffic (private IP addresses) and a second set of addresses for
external traffic (official IP addresses). The access router (located where the LAN meets the Internet)
makes all necessary IP address translations. This is a dynamic process.
NAT serves three main purposes:
• Provides a type of firewall by hiding internal IP addresses.
• Enables a company to use more internal IP addresses. Since these are used internally only, there is
no possibility of conflict with IP addresses used by other companies and organizations.
• Allows a company to combine multiple ISDN connections into a single Internet connection.

The number of simultaneous users with Internet access is limited to the number of official IP addresses.

What is PAT?

Port Address Translation (PAT) is a type of Network Address Translation. During PAT, each computer
on LAN is translated to the same IP address, but with a different port number assignment.
Only outgoing TCP sessions are supported.

Private IP address range

The international authority IANA assigns the official (also called global) IP addresses. It has also defined
3 ranges of IP addresses for private use. This means that you can use these addresses without regis-
tration on your internal network, as long as you are not connected to the Internet.

Private IP address range Remarks

10.0.0.0 - 10.255.255.255 1 class A network

172.16.0.0 - 172.31.255.255 16 class B networks

192.168.0.0 - 192.168.255.255 256 class C networks

You can define (sub-)networks in these ranges for your private IP addresses.
Telindus 1423 SHDSL Router Chapter 8 221
User manual Configuring routing

8.7.2 When use NAT and/or PAT

Refer to 8.7.1 - Introducing address translation on page 220 for an introduction on NAT and PAT authen-
tication.
Check in the next table whether you need NAT and/or PAT:

No. of official IP No. of devices on local Use NAT of PAT? Refer to …

addresses network

1 more than 1 Use PAT. 8.7.3 - Enabling PAT on

an interface on page 222

k (> 1) more than k Use NAT in combination 8.7.9 - Combining PAT

with PAT. and NAT on page 234

at least k k (≥ 1) 1. No translation 1. Skip this section.

needed. 2. 8.7.6 - Enabling NAT
2. If you want translation, on an interface on
use NAT. page 228
222 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.7.3 Enabling PAT on an interface

Refer to 8.7.1 - Introducing address translation on page 220 for an introduction on PAT.
To enable PAT on a certain interface, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the router/defaultNat object. In
this object, configure the patAddress attribute.

Use this attribute to enter the official IP address that has to be used for the Port Address
Translation. Entering an address different from the default value 0.0.0.0 automatically ena-
bles the general PAT process. Now you can activate or deactivate PAT per IP interface.
Note that by default PAT is deactivated on all IP interfaces.

2 In the router/defaultNat object, configure the gateway attribute.

Use this attribute to define the gateway address of routes on which PAT should be
applied. If you do not configure the gateway attribute, then PAT is applied on all routes
through this interface.

3 Each IP interfaces has an ip structure. Use the following element in the ip structure to acti-
vate or deactivate PAT per IP interface:
• nat. Use this element to enable address translation on the interface with the official IP
addresses. Do this by entering the string “default“ as nat element value. By doing so,
the settings are applied as defined in the router/defaultNat object.

For example, the following shows the location of the ip structure on the LAN interface:

Refer to 5.2.2 - Where to find the IP parameters? on page 61 for the location of the ip
structure on the different IP interfaces.
Telindus 1423 SHDSL Router Chapter 8 223
User manual Configuring routing

Example - configuring PAT

Suppose your network is connected over a network of an operator to an Internet Service Provider (ISP).
You received only one single official IP address from you ISP, being 195.7.12.22.

The following shows how to enable PAT:

• In the router/defaultNat object, set the patAddress attribute to 195.7.12.22. In that case, the PAT address
is the same as the IP address that is used on the WAN interface.
• In the router/defaultNat object, set the gateway attribute to 195.7.12.254. If, however, you already defined
the router/defaultRoute attribute to be 195.7.12.254, then you can leave the gateway attribute empty. This
because if the gateway attribute is empty, then the defaultRoute attribute is taken as only gateway
addresses.
• In the ip structure of the WAN interface, type the string “default” as value of the nat element.
224 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.7.4 How does PAT work?

Again consider the network topology as depicted in 8.7.3 - Enabling PAT on an interface on page 222.
The following two paragraphs explain how the Telindus 1423 SHDSL Router treats the outgoing and
incoming traffic when PAT is applied:
• Outgoing traffic (to the Internet) on page 224.
• Incoming traffic (from the Internet) on page 226.

Outgoing traffic (to the Internet)

The Telindus 1423 SHDSL Router replaces the source address by its PAT address in all the traffic com-
ing from the local network and destined for the Internet. Depending on the IP transport protocol and the
number of simultaneous users accessing the Internet, the Telindus 1423 SHDSL Router takes different
actions:

Protocol

TCP Description This is a connection-oriented protocol: two devices communicating with the
TCP protocol build a session before exchanging user data. When they have
finished exchanging user data, the session is closed.
Examples of such applications are Telnet, HTTP and FTP. The TCP header
contains a port field indicating the higher-layer protocol.

Action When a session is started, a specific port number is assigned to this ses-
sion. All traffic from this session is assigned this specific port number.
The specific port number is freed within 5 minutes after the TCP session is
closed (i.e. after TCP Reset or TCP Finish is seen). If the session has not
been properly closed, the port number is freed 24 hours after the last ses-
sion traffic. This time is configurable (refer to telindus1423Router/ip/router/default-
Nat/tcpSocketTimeOut on page 586).

UDP Description This is a connection-less protocol: user data can be sent without first build-
ing a session.
Examples of such applications are SNMP and TFTP. Although TFTP is ses-
sion-oriented, it builds the session at a higher level and uses UDP for its
simplicity as transport protocol. The UDP header contains a port field indi-
cating the higher-layer protocol.

Action The source port number is replaced by a specific port number. All traffic
from this source IP address / port number pair is assigned this specific port
number.
If there is no traffic for 5 to 10 minutes, the specific port number is freed. If
the session has not been properly closed, the port number is freed 3 min-
utes after the last session traffic. This time is configurable (refer to
telindus1423Router/ip/router/defaultNat/udpSocketTimeOut on page 586).
Telindus 1423 SHDSL Router Chapter 8 225
User manual Configuring routing

Protocol

ICMP Description This is a connection-less protocol: user data can be sent without first build-
ing a session.
An example of such an application is ping. These protocols do not have port
numbers.

Action Each ICMP packet is forwarded towards the Internet. Each ICMP packet is
considered as a new session.
If there is no traffic for 5 to 10 minutes, the session is closed.
The fact that it is possible to open a total of 2048 simultaneous sessions
and that each ICMP packet is considered as a new session, implies that for
instance a continuous series of ping requests at a rate of one per second
will allocate between 300 and 600 sessions.
226 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

Incoming traffic (from the Internet)

Suppose the WAN IP network depicted in 8.7.3 - Enabling PAT on an interface on page 222 works in
numbered mode1. The incoming traffic from the Internet may be destined either for the local network, or
for the router itself. The router treats incoming traffic on the PAT address as follows:

Note that the Telindus 1423 SHDSL Router only answers to ICMP requests on the public address of its
WAN interface if the LAN interface is up. I.e. when the TCP/UDP sessions can really “cross” the Telindus
1423 SHDSL Router.

1. Numbered mode means that each WAN interface has an IP address. In that case, you need
the single official IP address for your WAN interface.
Telindus 1423 SHDSL Router Chapter 8 227
User manual Configuring routing

8.7.5 PAT limitations and work-arounds

PAT limitations

Port Address Translation has some limitations:

• Some TCP or UDP applications do not support port translation.
• Only outgoing sessions are supported. This implies that you can not access servers on your local net-
work over the Internet.
• Limited ICMP support.

PAT limitations work-arounds

Use the following attributes to partly overcome the PAT limitations:

Attribute Description

portTranslations You can find this attribute in the router/defaultNat object. Use this attribute to define
specific port number ranges that should not be translated when using PAT.
Refer to telindus1423Router/ip/router/defaultNat/portTranslations on page 584.

Example - configuring the portTranslations table

TMA is an example of an
application that does not
support port translation. If
you want to make TMA con-
nections from your local net-
work to the outside world, you have to list TMA port number 1728 in this table.
However, keep in mind that even then it is still not possible to have two simultane-
ous TMA sessions to the same outside world address.
If you do not want that UDP packets with port numbers in the range 2000 up to
3000 are sent to the outside world, then you also have to include those in the table.

servicesAvailable You can find this attribute in the router/defaultNat object. Use this attribute to define
specific port number ranges for incoming Internet traffic that should not be trans-
lated when using PAT. Instead it is sent to the corresponding private IP address.
Refer to telindus1423Router/ip/router/defaultNat/servicesAvailable on page 585.

Example - configuring the servicesAvailable table

In this example, a web

server with address
192.168.47.250 on the
local network is accessi-
ble from the Internet
although it has no official IP address.
228 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.7.6 Enabling NAT on an interface

Refer to 8.7.1 - Introducing address translation on page 220 for an introduction on NAT.
Despite the work-arounds offered by the previous two PAT configuration attributes to overcome the lim-
itations of PAT (refer to 8.7.5 - PAT limitations and work-arounds on page 227), there are situations
where PAT is inadequate. For example, it is not possible to have several web servers on your local net-
work. It is also impossible to run an application with fixed source port numbers on several local devices
that are connected simultaneously to a single Internet device. This can only be solved by using several
official IP addresses: Network Address Translation.
To enable NAT on a certain interface, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the router/defaultNat object or
add your own NAT object under the router object, e.g. router/nat[myNat] (refer to 4.4 - Adding
an object to the containment tree on page 50).

2 In the NAT object (default or user instantiated), select the addresses attribute and add one
or more entries to this table.

Use this attribute to enter all the official IP addresses that have to be used for Network
Address Translation. Entering an address in the addresses table automatically enables the
general NAT process. Now you can activate or deactivate NAT per IP interface. Note that
by default NAT is deactivated on all IP interfaces.

3 Configure the elements of the addresses table:

• officialAddress. Use this element to set the official IP address. These addresses are
used in the reverse order as they appear in the list.
• privateAddress. Use this element to set the private IP address, i.e. to permanently assign
an official IP address to a private address.
If you do not specify a private IP address, then NAT is applied dynamically. I.e. the
official IP address is used for any private source IP address.

4 In the NAT object (default or user instantiated), configure the gateway attribute.

Use this attribute to define the gateway address of routes on which NAT should be
applied. If you do not configure the gateway attribute, then NAT is applied on all routes
through this interface.
Telindus 1423 SHDSL Router Chapter 8 229
User manual Configuring routing

Step Action

5 Each IP interfaces has an ip structure. Use the following element in the ip structure to acti-
vate or deactivate NAT per IP interface:
• nat. Use this element to enable address translation on the interface with the official IP
addresses. Do this by entering the name of the NAT object you want to apply:
- If you want to apply the NAT settings as defined in the router/defaultNat
object, then enter the string “default“ as value for the nat element.
- If you want to apply the NAT settings as defined in a NAT object you
added yourself (e.g. router/nat[myNat]), then enter the index name of the
NAT object (in this case “myNat”) as value for the nat element.

For example, the following shows the location of the ip structure on the LAN interface:

Refer to 5.2.2 - Where to find the IP parameters? on page 61 for the location of the ip
structure on the different IP interfaces.

Important remark - using NAT on the LAN interface

Consider the following configuration:

• telindus1423Router/lanInterface/ip/address = 195.7.12.22
• telindus1423Router/router/defaultNat/addresses = { officialAddress = 195.7.12.22; privateAddress = <opt> }
• telindus1423Router/wanInterface/ppp/ip/address = 2.2.2.2

The above means that NAT is used on the LAN interface and the router uses the address 195.7.12.22
as official IP address.
The problem that arises here is that the router can no longer be managed via the LAN interface using
the management tool (TMA, Telnet, etc.). This because the NAT route has priority over the LAN route
and, because it is a NAT address, the router does not accept incoming traffic on the address
195.7.12.22.
The solution is to add the WAN IP address to the addresses table as private address:
telindus1423Router/router/addresses = { officialAddress = 195.7.12.22; privateAddress = 2.2.2.2 }. In that case, the
management tool “service” runs on the WAN IP address. This means however, that the WAN has to be
up.
230 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.7.7 Adding multiple NAT objects

It is possible to add multiple NAT objects (up to 5). This means that up to 5 interfaces can make use of
a dedicated NAT object.

Two or more interfaces pointing to one and the same NAT object is an invalid configuration of which the
result is unpredictable.

Example

Suppose on a Telindus 1421 SHDSL Router you …

• want to have 2 NAT objects: the default NAT object (router/defaultNat) and a user instantiated NAT
object (e.g. router/nat[myNat]).
• want to apply the default NAT object on the LAN interface and the user instantiated NAT object on
the WAN interface (and the WAN interface uses, for example, PPP).

Proceed as follows:

Step Action

1 In the Telindus 1421 SHDSL Router containment tree, go to the

router/defaultNat object and configure the attributes in this object to
your needs.
Refer to 12.12.2 - NAT configuration attributes on page 583.

2 In the Telindus 1421 SHDSL Router containment tree, go to the

router object an add a nat object underneath. E.g. router/nat[myNat].
Refer to 4.4 - Adding an object to the containment tree on page 50.

3 Configure the attributes in the router/nat[myNat] object to your needs.

Refer to 12.12.2 - NAT configuration attributes on page 583.

4 In the Telindus 1421 SHDSL Router containment tree, go to the lanInterface object and
select the ip structure. In the nat element of the ip structure enter the string “default”.

⇒The NAT settings as defined in the router/defaultNat object are applied on the LAN
interface.
Telindus 1423 SHDSL Router Chapter 8 231
User manual Configuring routing

Step Action

5 In the Telindus 1421 SHDSL Router containment tree, go to the wanInterface/ppp object and
select the ip structure. In the nat element of the ip structure enter the string “myNat”.

⇒The NAT settings as defined in the router/nat[myNat] object are applied on the WAN
interface.
232 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.7.8 How does NAT work?

Dynamically assigning official IP address

If a local station sends data to the Internet for the first time, NAT looks for an unused official IP address.
It assigns this official IP address to the local station. The amount of local stations that can have simulta-
neous Internet access equals the amount of NAT addresses you defined. If all sessions between a local
station and the Internet have been closed by the application (in case of TCP) or because of time-outs,
then the previously assigned official IP address is freed for another local station.

Statically assigning official IP address

Optionally, the NAT address entry may contain a corresponding private IP address. This allows to per-
manently assign an official IP address to a local station. This is useful for stations or servers that should
have Internet access at all times. Another example of permanently assigned official IP addresses is a
network where only a limited number of users has Internet access.

Incoming traffic on an official IP address

NAT only converts IP addresses and thus allows traffic in both directions. However, incoming traffic on
one of the official IP addresses can only be forwarded to the local network if a corresponding private IP
address has been configured.
Telindus 1423 SHDSL Router Chapter 8 233
User manual Configuring routing

Example - configuring NAT

Suppose your network is connected over a network of an operator to an Internet Service Provider (ISP).
You received 4 official IP address from you ISP, being 195.7.12.21 up to 195.7.12.24. You want to assign
one of these official addresses permanently to a web server which has private address 192.168.47.250.
All other official addresses have to be assigned dynamically.

The following shows how to enable NAT:

• In the router/defaultNat object, configure the addresses attribute as follows:

• In the router/defaultNat object, set the gateway attribute to 195.7.12.254. If, however, you already defined
the router/defaultRoute attribute to be 195.7.12.254, then you can leave the gateway attribute empty. This
because if the gateway attribute is empty, then the defaultRoute attribute is taken as only gateway
addresses.
• In the ip structure of the WAN interface, type the string “default” as value of the nat element.
234 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.7.9 Combining PAT and NAT

It is possible to use a combination of PAT and NAT. In that case the router first assigns NAT addresses
until they are all used. Then it uses PAT addresses for further translations.

Make sure the PAT address does not appear in the NAT address table.

8.7.10 Easy NAT on PPP

What is easy NAT on PPP?

Easy NAT on PPP means that in a typical client / ISP setup NAT will automatically be enabled without
the need to specifically configure NAT.
A typical client / ISP setup would be, for example, a Telindus 1421 SHDSL Router on the client side and
a Telindus 2400 on the ISP side connected over an SHDSL line.

What are the conditions for easy NAT on PPP?

The conditions for easy NAT on PPP are:

• A PPP (or PPPoA) connection between ISP and client.
• PPP interface on ISP router:
- The mode is routing.
- A local IP address may be configured, or it may be coming from the LAN (unnumbered).
- A remote IP address is imposed on the client router.
- NAT is disabled.
• PPP interface on client router:
- The mode is routing.
- No local nor remote IP address is configured.
- NAT is enabled (a reference is made to the defaultNat object).
• The defaultNat object on the client router:
- No PAT address is configured.
- No NAT address(es) is (are) configured.

What does easy NAT on PPP?

Once the conditions as stated above are met, the following happens:
• The client router learns the local and remote IP address of the PPP link from the ISP router.
• The client router adds a route towards the ISP router.
• The client router enables NAT on the PPP interface.
Telindus 1423 SHDSL Router Chapter 8 235
User manual Configuring routing

Example - easy NAT

Suppose you have the following setup:

Once the PPP link is up and running, you will see that …
• the client router learns the local and remote IP address of the PPP link from the ISP router. You can
check this by looking at the IP status of the PPP link:
236 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

• The client router adds a route towards the ISP router. You can check this by looking at the routing
table status:

• The client router enables NAT on the PPP interface. You can check this by looking at the NAT per-
formance. When a connection to the ISP is active, you will see that socketsFree attribute decreases
while the used sockets (xxxSocketsUsed) and allocation (xxxAllocs) attributes increase.
Telindus 1423 SHDSL Router Chapter 8 237
User manual Configuring routing

8.8 Configuring traffic and priority policy on the router

This section introduces traffic and priority policy and gives a short description of the attributes you can
use to configure these features on the router. It also shows you the difference with the traffic policy on
the bridge.
The following gives an overview of this section:
• 8.8.1 - Introducing traffic and priority policy on page 238
• 8.8.2 - Traffic and priority policy on routed and on bridged data on page 242
• 8.8.3 - How to configure a traffic and priority policy on the router? on page 243
• 8.8.4 - Creating a traffic policy on the router on page 244
• 8.8.5 - Applying a traffic policy on an interface of the router on page 246
• 8.8.6 - Creating a priority policy on page 247
• 8.8.7 - Applying a priority policy on an interface on page 249
• 8.8.8 - Configuring a traffic and priority policy on the router - an example on page 250
• 8.8.9 - The default queue attribute versus a traffic policy profile on page 252
238 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.8.1 Introducing traffic and priority policy

What is traffic and priority policy?

Because of the bursty nature of voice / video / data traffic, sometimes the amount of traffic exceeds the
speed of a link. At this point, the Telindus 1423 SHDSL Router has to decide what to do with this “excess”
of traffic:
• Buffer the traffic in a single queue and let the first packet in be the first packet out?
• Or put packets into different queues and service certain queues more often (also known as priority
queuing)?

These questions are dealt with by the traffic and priority policy mechanisms:
• The traffic policy determines, on traffic overload conditions, how and which queues are filled with the
“excess” data.
• The priority policy determines how and which queues are emptied.

What is a priority queuing?

Using the traffic and priority policy features you can perform priority queuing. This allows you to define
how traffic is prioritised in the network. E.g. to ensure that voice, video or other streaming media is serv-
iced before (or after) other traffic types, to ensure that web response traffic is routed before normal web
browsing traffic, etc.
Per interface (both physical and logical), there are 7 queues:

Queue Queue type Description

1-5 user configurable queue The user can decide which data goes into which queue.

6 low delay queue The user can decide which data goes into this queue. This
queue usually is addressed more often then the user con-
figurable queues.

7 system queue This queue is filled with mission critical data (e.g.link moni-
toring messages etc.) and has priority over all other queues.
Telindus 1423 SHDSL Router Chapter 8 239
User manual Configuring routing

What is DiffServ?

Differentiated Services (DiffServ) differentiates between multiple traffic flows. So, packets are marked,
and routers and switches can then make decisions based on those markings (e.g., dropping or forward-
ing decisions). You can mark packets either with IP Precedence or Differentiated Service Code Point
(DSCP) markings.

What is the TOS byte?

The Type Of Service (TOS) byte is an eight bit field inside an IPv4 header. Using these bits you can mark
packets either with IP Precedence or Differentiated Service Code Point (DSCP) markings. The TOS byte
is structured as follows:

0 1 2 3 4 5 6 7

precedence field TOS field unused

DSCP field unused

What is IP Precedence?

IP Precedence uses the precedence bits (3 leftmost bits) of the TOS byte (see RFC 791). So IP Prece-
dence markings can range from 0 to 7. However, values 6 and 7 should not be used since they are
reserved for network use. IP precedence is being phased out in favour of DSCP, but is supported by
many applications and routers.

What is DSCP?

Differentiated Services Code Point (DSCP) uses the DSCP bits (6 leftmost bits) of the TOS byte (see
RFC 2474). This offers a bigger granularity over IP Precedence, since 6 bits yield 64 possible values (0
to 63)1. The problem with so many values is that the value you choose to represent a certain level of
priority can be treated differently by a router under someone else’s administration.
To maintain relative levels of priority among devices, the Internet Engineering Task Force (IETF)
selected a subset of those 64 values for use. These values are called per-hop behaviours (PHBs),
because they indicate how packets should be treated by each router hop along the path from the source
to the destination.
The four categories of PHBs are:
• Best Effort (BE)
• Expedited Forwarding (EF)
• Assured Forwarding (AF)
• Class Selector (CS)

1. This also means that DSCP is not compatible with IP Precedence.

240 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

What is BE PHB?

Best Effort Per-Hop Behaviour (BE PHB) means that all DSCP bits are 0 (i.e. a DSCP value of 0).
Best Effort does not truly provide QoS, because there is no reordering of packets. Best Effort uses the
first-in first-out (FIFO) queuing strategy, where packets are emptied from a queue in the same order in
which they entered it.

What is EF PHB?

Expedited Forwarding Per-Hop Behaviour (EF PHB, see RFC 3246) has a DSCP value of 46. Latency-
sensitive traffic, such as voice, typically has an EF PHB.

What is AF PHB?

Assured Forwarding Per-Hop Behaviour (AF PHB, see RFC 2597) is the broadest category of PHBs.
These are shown in the following table:

AF PHB Low drop preference Medium drop preference High drop preference

class 1 AF11 (10) AF12 (12) AF13 (14)

001010 001100 001110

class 2 AF21 (18) AF22 (20) AF23 (22)

010010 010100 010110

class 3 AF31 (26) AF32 (28) AF33 (30)

011010 011100 011110

class 4 AF41 (34) AF42 (36) AF43 (38)

100010 100100 100110

Note that the AF PHBs are grouped into four classes. Within each AF PHB class there are three distinct
values which indicate a packet’s drop preference. Higher values in an AF PHB class are more likely to
be discarded during periods of congestion. For example, an AF13 packet is more likely to be discarded
than an AF11 packet.

Note that since IP Precedence only examines the 3 leftmost bits, all AF PHB class 1 values would be
interpreted by an IP Precedence aware router as an IP Precedence value of 1, AF PHB class 2 values
as an IP Precedence value of 2, etc.

What is CS PHB?

Class Selector Per-Hop Behaviour (CS PHB, see RFC 2474) is used for backward compatibility with IP
Precedence. This because, just like IP Precedence, CS PHB only examines the 3 leftmost bits of the
TOS byte.
Telindus 1423 SHDSL Router Chapter 8 241
User manual Configuring routing

What is the TOS field?

The TOS field is a four bit field in the TOS byte (see RFC 1349). Refer to What is the TOS byte? on
page 239. The TOS field lets values from 0 to 15 be assigned to request special handling of traffic (for
example, minimize delay, maximize throughput). The TOS field is being phased out in favour of DSCP.

What is IEEE 802.1P or COS?

The IEEE 802.1P signalling technique (also often referred to as Class Of Service, COS) is an IEEE
endorsed specification for prioritising network traffic at the datalink/MAC sub-layer (layer 2).
802.1P is a spin-off of the 802.1Q (VLAN tagging) standard and they work in tandem. The 802.1Q stand-
ard specifies a tag that appends to a MAC frame. The VLAN tag carries VLAN information. The VLAN
tag has two parts: The VLAN ID (12-bit) and prioritisation (3-bit). The prioritisation field was never defined
in the VLAN standard. The 802.1P implementation defines this prioritisation field.
242 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.8.2 Traffic and priority policy on routed and on bridged data

Refer to 8.8.1 - Introducing traffic and priority policy on page 238 for an introduction.

Traffic policy on routed and on bridged data

The traffic policy (i.e. the policy to fill the queues) is not the same for routed data as the one for bridged
data. The following table clarifies this:

In case … is enabled, then …

only routing the routed data is queued using the traffic

policy settings as configured in the ipTraf-
ficPolicy[ ] object under the profiles/policy/traf-
fic object.
Refer to 8.8.4 - Creating a traffic policy on the router on page 244.

only bridging the bridged data is queued using

the traffic policy settings as con-
figured in the bridgingTrafficPolicy[ ]
object under the profiles/policy/traf-
fic object.
Refer to 9.3.2 - Configuring a traffic policy on the bridge on page 287.

routing and bridging • the routed data is queued

using the traffic policy set-
tings as configured in the
ipTrafficPolicy[ ] object under
the profiles/policy/traffic object.
• the bridged data is queued using the traffic policy settings as configured
in the bridgingTrafficPolicy[ ] object under the profiles/policy/traffic object.

Priority policy on routed and on bridged data

The priority policy (i.e. the policy to empty the queues) is the same for
routed and bridged data. The queues are emptied using the priority
policy settings as configured in the priorityPolicy[ ] object under the pro-
files/policy/priority object.
Refer to 8.8.6 - Creating a priority policy on page 247.
Telindus 1423 SHDSL Router Chapter 8 243
User manual Configuring routing

8.8.3 How to configure a traffic and priority policy on the router?

Refer to 8.8.1 - Introducing traffic and priority policy on page 238 for an introduction.
To configure a traffic and priority policy for the routed data on a certain interface, proceed as follows:

Step Action

1 Create and configure a routing traffic policy.

Refer to 8.8.4 - Creating a traffic policy on the router on page 244.

2 Apply the routing traffic policy on the desired interface.

Refer to 8.8.5 - Applying a traffic policy on an interface of the router on page 246.

3 Create and configure a priority policy.

Refer to 8.8.6 - Creating a priority policy on page 247.

4 Apply the priority policy on the desired interface.

Refer to 8.8.7 - Applying a priority policy on an interface on page 249.
244 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.8.4 Creating a traffic policy on the router

Refer to 8.8.3 - How to configure a traffic and priority policy on the router? on page 243 for an overview
on how to configure a traffic and priority policy. To give you an idea of where you are in the process, the
following also gives a quick overview:
• → Create and configure a routing traffic policy. ← You are here.
• Apply the routing traffic policy on the desired interface.
• Create and configure a priority policy.
• Apply the priority policy on the desired interface.

To create and configure a traffic policy for the routed data on a certain interface, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree,

go to the profiles/policy/traffic object and add an ipTraf-
ficPolicy[ ] object underneath (refer to 4.4 - Adding an
object to the containment tree on page 50).

2 In the traffic policy object you just added, go to the

method attribute. Use this attribute to choose a traffic
policy method. This traffic policy is then used to
determine, on traffic overload conditions, how and
which queues are filled with the “excess” data.
Refer to telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method on page 532 for more infor-
mation.

3 Now, depending on which traffic policy method you selected, you have to configure the
actual policy criteria:

If you choose the then use the following attribute to configure the policy
method … criteria:

trafficShaping, • trafficShaping.
• dropLevels (only the dropLevel1 element).

tosDiffServ, dropLevels.

tosMapped, • tos2QueueMapping.
• dropLevels (only the dropLevel1 element).

For more information, refer to …

• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/trafficShaping on page 534.
• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/dropLevels on page 537.
• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/tos2QueueMapping on page 539.
Telindus 1423 SHDSL Router Chapter 8 245
User manual Configuring routing

Example - creating a traffic policy on the router

Suppose you create a traffic policy which uses the traffic shaping method to fill the queues, on traffic
overload conditions, with the “excess” data. Suppose you want to do this for the UDP protocol only.
The following figure shows how to configure this:
246 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.8.5 Applying a traffic policy on an interface of the router

Refer to 8.8.3 - How to configure a traffic and priority policy on the router? on page 243 for an overview
on how to configure a traffic and priority policy. To give you an idea of where you are in the process, the
following also gives a quick overview:
• Create and configure a routing traffic policy.
• → Apply the routing traffic policy on the desired interface. ← You are here.
• Create and configure a priority policy.
• Apply the priority policy on the desired interface.

To apply a traffic policy for the routed data on a certain interface, enter the index name of the earlier
created traffic policy object as value of the trafficPolicy element. The trafficPolicy element can be found in
the ip structure of the IP interface. Refer to 5.2.2 - Where to find the IP parameters? on page 61 for the
location of the ip structure on the different IP interfaces.

Example - applying a traffic policy on an interface of the router

Suppose you created and configured a traffic policy object with index name myTrafPol (i.e. trafficPol-
icy[myTrafPol]), and you want to apply this traffic policy on an L2TP tunnel you created earlier.
The following figure shows how to configure this:
Telindus 1423 SHDSL Router Chapter 8 247
User manual Configuring routing

8.8.6 Creating a priority policy

Whereas configuring a traffic policy for routed data is different than for bridged data, configuring a priority
policy is the same for both. In other words, the mechanism to fill the queues is different for routed data
than it is for bridged data, but the mechanism to empty the queues is the same for both routed and
bridged data.

Refer to 8.8.3 - How to configure a traffic and priority policy on the router? on page 243 for an overview
on how to configure a traffic and priority policy. To give you an idea of where you are in the process, the
following also gives a quick overview:
• Create and configure a traffic policy.
• Apply the traffic policy on the desired interface.
• → Create and configure a priority policy. ← You are here.
• Apply the priority policy on the desired interface.

To create and configure a priority policy for a certain interface, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment

tree, go to the profiles/policy/priority object and add a pri-
orityPolicy[ ] object underneath (refer to 4.4 - Adding an
object to the containment tree on page 50).

2 In the priority policy object you just

added, go to the algorithm attribute.
Use this attribute to determine how
and which queues are emptied.
Refer to telindus1423Router/profiles/pol-
icy/priority/priorityPolicy[ ]/algorithm on page 543 for more information.

3 Configure the other attributes in the priority policy object. The most important are:
• queueConfigurations. Use this attribute to …
- set the number of bytes/packets that is dequeued from the user configurable
queue when the queue is addressed.
- set the relative importance of the user configurable queues.
Refer to telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/queueConfigurations on
page 545 for more information.
• lowDelayQuotum. Use this attribute to set the number of bytes/packets that is dequeued
from the low delay queue when the queue is addressed.
Refer to telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/lowdelayQuotum on page 545 for
more information.
• bandwidth. Use this attribute to set the Committed Information Rate (CIR) per queue.
Refer to telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/bandwidth on page 546 for more
information.
248 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

Example - creating a traffic policy on the router

Suppose you create a priority policy which uses the round-robin algorithm to empty the queues.
The following figure shows how to configure this:
Telindus 1423 SHDSL Router Chapter 8 249
User manual Configuring routing

8.8.7 Applying a priority policy on an interface

Refer to 8.8.3 - How to configure a traffic and priority policy on the router? on page 243 for an overview
on how to configure a traffic and priority policy. To give you an idea of where you are in the process, the
following also gives a quick overview:
• Create and configure a traffic policy.
• Apply the traffic policy on the desired interface.
• Create and configure a priority policy.
• → Apply the priority policy on the desired interface. ← You are here.
To apply a priority policy on a certain interface, enter the index name of the earlier created priorityPolicy[ ]
object as value of the priorityPolicy attribute. The priorityPolicy attribute can be found in …
• telindus1423Router/lanInterface/priorityPolicy. So in this case you specify a priority policy for the LAN inter-
face.
• telindus1423Router/wanInterface/priorityPolicy. So in this case you specify a priority policy for the complete
WAN interface (i.e. also for all logical interfaces that are present on the WAN interface, such as ATM
PVCs, etc.).
• telindus1423Router/profiles/forwardingMode/defaultRouting/priorityPolicy. So in this case you can specify a prior-
ity policy for each ISDN link.
• telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/priorityPolicy. So in this case you can specify a
priority policy for each ATM PVC.
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable/priorityPolicy. So in this case you can spec-
ify a priority policy for each Frame Relay DLCI.

Example - applying a priority policy on an interface

Suppose you created and configured a priority policy object with index name myPrioPol (i.e. priorityPol-
icy[myPrioPol]), and you want to apply this priority policy on an ATM PVC profile you created earlier.
The following figure shows how to configure this:
250 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.8.8 Configuring a traffic and priority policy on the router - an example

Suppose you have two networks which are interconnected over an ATM network. Network 1 carries a
mix of data and voice traffic. The traffic on this network is differentiated by setting the Type Of Service
(TOS) values in the IP packet headers (data = 0, voice = 10). If congestion occurs when routing the traffic
from network 1 to network 2, then you want that the voice traffic is queued in the low delay queue and
that the data traffic is queued in queue 1. The algorithm that you want to use to empty the queues is the
low delay weighted fair queueing mechanism.

Sketched in broad outlines, this is how you configure the above:

Step Action

1 Create and configure an IP traffic policy and a priority policy.

For example:
• Create a trafficPolicy[myIpPol] object.
• Set the method attribute to tosMapped.
• In the tos2QueueMapping structure, create two entries and define the startTos, endTos and
interface elements of each entry. Also set the targetQueue for both types of traffic:
- the low delay queue for the voice.
- queue 1 for the data.
• Create a priorityPolicy[myPrioPol] object and set the algorithm attribute to lowDelayWeighted-
FairQueueing.

2 Set up the ATM PVC.

Since this is not the main subject of this example, refer for more information on setting
up an ATM PVC to 7.2.2 - Configuring ATM PVCs on page 125.

3 Create a route that “points” to the traffic policy you created earlier.
For example:
Create an entry in the routingTable attribute in which you specify that traffic destined for net-
work 192.168.48.0 has to be sent to the IP traffic policy you created earlier.
Telindus 1423 SHDSL Router Chapter 8 251
User manual Configuring routing

The following figure shows how to configure the traffic and priority policy you want to set up:
252 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.8.9 The default queue attribute versus a traffic policy profile

In case of a Frame Relay DLCIs and multiclass PPP links, it is possible to assign a default queue to the
link. This allows you to easily set up a traffic policy without having to create and apply a traffic policy
profile. As most setups that require QoS only split voice and data streams (often based on IP addresses
only), configuring such a setup becomes more straightforward.
To configure a default queue, proceed as follows:

Step Action

1 Create a …
• Frame Relay DLCI. Refer to 7.3.2 - Configuring Frame Relay DLCIs on page 145.
or
• multiclass PPP link. Refer to 7.4.13 - Setting up multiclass PPP on page 177.

2 In the dlciTable (Frame Relay) or the multiclassInterfaces table (PPP), set the defaultQueue ele-
ment to the desired queue (e.g. queue3).
⇒In case of an overload condition, this queue will be filled with the excess data.
3 Now you still have to create and apply a priority policy to empty the queue. Do this as
described in 8.8.6 - Creating a priority policy on page 247 and 8.8.7 - Applying a priority
policy on an interface on page 249.

The following figure shows where the defaultQueue attribute is located:

Telindus 1423 SHDSL Router Chapter 8 253
User manual Configuring routing

Example - configuring a default queue

Suppose you have a network connected to two other networks over a Frame Relay backbone. Network
1 carries a mix of data and voice traffic. You want that the data traffic is routed from network 1 to network
2 and that the voice traffic is routed from network 1 to network 3. If congestion should occur you want
that the data is queued in queue 1 and that the voice is queued in the low delay queue. The algorithm
that you want to use to empty the queues is the low delay weighted fair queueing mechanism.

Sketched in broad outlines, this is how you configure the above:

Step Action

1 Set up two Frame Relay DLCIs.

For example:
• Configure one Frame Relay DLCI that carries the data traffic, e.g. dlciTable/name = dat-
aDlci.
• Configure another Frame Relay DLCI that carries the voice traffic, e.g. dlciTable/name =
voiceDlci.

Since this is not the main subject of this example, refer for more information on creating
Frame Relay DLCIs to 7.3.2 - Configuring Frame Relay DLCIs on page 145.

2 Set the correct default queue for the DLCIs you just created. I.e. queue 1 for the data
DLCI and queue 6 (i.e. low delay queue) for the voice DLCI.

3 Create and apply a priority policy. The priority policy uses the low delay weighted fair
queueing mechanism to empty the queues.

4 Create routes to the other networks.

254 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

The following figure shows how to configure the traffic and priority policy you want to set up:
Telindus 1423 SHDSL Router Chapter 8 255
User manual Configuring routing

8.9 Configuring VRRP

This section introduces the Virtual Router Redundancy Protocol (VRRP) and gives a short description
of the attributes you can use to configure VRRP.
The following gives an overview of this section:
• 8.9.1 - Introducing VRRP on page 256
• 8.9.2 - Setting up VRRP on page 258
256 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.9.1 Introducing VRRP

What is VRRP?

VRRP is designed to eliminate the single point of failure inherent in the static default routed environment.
VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of
the VRRP routers on a LAN. The VRRP router controlling the IP address(es) associated with a virtual
router is called the Master, and forwards packets sent to these IP addresses. The election process pro-
vides dynamic fail-over in the forwarding responsibility should the Master become unavailable. Any of
the virtual router's IP addresses on a LAN can then be used as the default first hop router by end-hosts.
The advantage gained from using VRRP is a higher availability default path without requiring configura-
tion of dynamic routing or router discovery protocols on every end-host.

What is a VRRP router?

A router running VRRP. It may participate in one or more virtual routers.

What is a virtual router?

An abstract object managed by VRRP that acts as a default router for hosts on a shared LAN. It consists
of a Virtual Router Identifier and a set of associated IP address(es) across a common LAN. A VRRP
router may backup one or more virtual routers.

What is a master virtual router?

The VRRP router that is assuming the responsibility of forwarding packets sent to the IP address(es)
associated with the virtual router, and answering ARP requests for these IP addresses. Note that if the
IP address owner is available, then it will always become the master.

What is a backup virtual router?

The set of VRRP routers available to assume forwarding responsibility for a virtual router should the cur-
rent master fail.

What is a VRRP IP address owner?

The VRRP router that has the virtual router's IP address(es) as real interface address(es). This is the
router that, when up, will respond to packets addressed to one of these IP addresses for ICMP pings,
TCP connections, etc.

What is a VRRP primary IP address?

An IP address selected from the set of real interface addresses. One possible selection algorithm is to
always select the first address. VRRP advertisements are always sent using the primary IP address as
the source of the IP packet.
Telindus 1423 SHDSL Router Chapter 8 257
User manual Configuring routing

How is a master virtual router elected?

In a VRRP set-up as shown below, there is one master virtual router and one (or more) backup virtual
router.

The following shows how the master is elected:

258 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

8.9.2 Setting up VRRP

Refer to 8.9.1 - Introducing VRRP on page 256 for an introduction on VRRP.

To set up VRRP, proceed as follows:

Step Action

1 Enable VRRP on the interface(s) of your choice. Do this by setting the vrrp element in the
ip structure of the interface to enabled.
For example, if you want to enable VRRP on the LAN interface, then proceed as follows:
1. In the containment tree of the Telindus 1423 SHDSL Router, select the configuration
structure telindus1423Router/lanInterface/ip.
2. In the ip structure, set the element vrrp to enabled.

2 In the containment tree of the Telindus 1423 SHDSL Router, go to

the router object an add a vrrp object underneath. E.g. router/
vrrp[myVrrp].
Refer to 4.4 - Adding an object to the containment tree on page 50.

3 Configure the virtual router. Do this by configuring the attributes of the vrrp object. The
most important attributes are:
• vrId. Use this attribute to set the identification of the virtual router. Specify a number
between 1 and 255. The VRID has to be set the same on all participating routers.
• ipAddresses. Use this attribute to configure one or more IP addresses on the virtual
router.
• interfaces. Use this attribute to add (IP) interfaces to the virtual router and assign a pri-
ority to them. This priority is used in the master virtual router election process.
• criticals. Use this attribute to specify which interfaces must be up before a router may
be elected as master virtual router.

Refer to 12.12.8 - VRRP configuration attributes on page 624 for more information.
Telindus 1423 SHDSL Router Chapter 8 259
User manual Configuring routing

Example: VRRP master/backup with owner

Suppose you have two routers configured for VRRP:

Configure this setup as follows:

In the setup above, once Router A is configured for VRRP, it looks at the IP address of the virtual router
and compares it with the IP addresses of its own interface that is configured for VRRP on that VRID.
Since Router A owns the virtual router’s IP address, it declares itself the master and sends out an adver-
tisement to all of the other VRRP routers. The IP address owner is always the master as long as it is
available.
The host shown in the setup above is configured with the virtual router's IP address as its default gate-
way. The master forwards packets destined to remote subnets and responds to ARP requests. Since in
this example, the master is also the owner of the virtual router’s IP address, it also responds to ICMP
ping requests and IP datagrams destined for the virtual router’s IP address. The backup does not forward
any traffic on behalf of the virtual router, nor does it respond to ARP requests.
260 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing

If the master (in this case also the IP address owner) is not available, then the backup becomes the mas-
ter and takes over responsibility for packet forwarding and responding to ARP requests. However, since
this new master is not the IP address owner, it does not respond to ICMP ping requests and IP data-
grams destined to that address.
Each VRRP Router that is an IP address renter is configured with a priority between 1 and 254. Accord-
ing to the VRRP standard, an owner has a priority of 255.
It is not necessary for the virtual router IP address to be owned by one of the VRRP routers. In that case,
however, the election process to determine the master is different. The process involves comparing two
criteria:
• First, the VRRP router with the highest priority becomes the master.
• Second, if the priorities are the same, then the higher IP address wins and becomes the master.
Telindus 1423 SHDSL Router Chapter 8 261
User manual Configuring routing

Example: VRRP master/backup without owner

Suppose you have two routers configured for VRRP:

Configure this setup as follows:

In this case the VRRP configuration is identical, except for the priority. Router A has its priority set to
200, which when compared to Router B’s priority of 100, will ensure that Router A is the master. There
is no virtual router IP address owner in this configuration, since neither VRRP router has the virtual router
IP address configured on a real interface address. So, both VRRP routers are considered renters.
262 Telindus 1423 SHDSL Router Chapter 8
User manual Configuring routing
Telindus 1423 SHDSL Router Chapter 9 263
User manual Configuring bridging

9 Configuring bridging
This chapter introduces bridging on the Telindus 1423 SHDSL Router and lists the attributes you can
use to configure bridging.
The following gives an overview of this chapter:
• 9.1 - Introducing bridging on page 264
• 9.2 - Configuring bridging on page 274
• 9.3 - Configuring traffic and priority policy on the bridge on page 285

Refer to the Reference manual on page 433 for a complete overview of the attributes of the Telindus
1423 SHDSL Router.
264 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

9.1 Introducing bridging

This section introduces the bridging concept. The following gives an overview of this section:
• 9.1.1 - What is bridging? on page 265
• 9.1.2 - The self-learning and Transparent Spanning Tree bridge on page 266
• 9.1.3 - The Spanning Tree root bridge on page 267
• 9.1.4 - The Spanning Tree topology on page 268
• 9.1.5 - The Spanning Tree bridge port states on page 269
• 9.1.6 - The Spanning Tree Bridge Protocol Data Unit on page 270
• 9.1.7 - The Spanning Tree behaviour on page 271
• 9.1.8 - The Spanning Tree priority and cost on page 272
Telindus 1423 SHDSL Router Chapter 9 265
User manual Configuring bridging

9.1.1 What is bridging?

The Telindus 1423 SHDSL Router can be configured to act as a bridge. This enables you to split up your
LAN network into smaller parts or segments. This decreases the amount of data traffic on the separated
LAN segments and, consequently, increases the amount of available bandwidth.

Example

The following figure shows an example of bridging:

Data coming from network 1, will only be let through by the bridge if this data has a destination outside
network 1 or if it has a broadcast or multicast address. This means the bridge filters the data and
decreases the amount of data traffic on the separated LAN segments.
266 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

9.1.2 The self-learning and Transparent Spanning Tree bridge

The Telindus 1423 SHDSL Router features two bridging mechanisms:

• self-learning bridging,
• self-learning bridging in conjunction with the Transparent Spanning Tree (TST) algorithm, or briefly
Spanning Tree bridging.

Bridging principle Description

self-learning The bridge learns which data it has to forward to the other LAN segment and
which data it has to block. I.e. it builds its own bridging table.
In other words, you do not have to configure a bridging table with MAC
addresses of stations that are located on the separated LAN segments but that
have to be able to communicate with each other.

self-learning + TST This is based on the self-learning principle, but a protocol is used to implement
the TST algorithm.

Bridging loops

The primary goal of this algorithm is to avoid that bridging loops arise. A bridg-
ing loop occurs when two self-learning bridges are placed in parallel. This
results in data that keeps circling around as each bridge forwards the same
data.

The TST algorithm

Using the TST algorithm, bridges know of each others existence. By communi-
cating with each other, they establish one single path for reaching any particu-
lar network segment. If necessary, they may decide to disable some bridges in
the network in order to establish this single path.
This is a continuous process. So if a bridge fails, the remaining bridges will
reconfigure their bridging tables keeping each LAN segment reachable.
Telindus 1423 SHDSL Router Chapter 9 267
User manual Configuring bridging

9.1.3 The Spanning Tree root bridge

What is the root bridge?

Spanning Tree defines a tree with a root bridge and a loop-free path from the root to all bridges in the
extended network. The root bridge is the logical centre of the Spanning Tree topology.
Redundant data paths are forced into a stand-by (blocked) state. If a network segment in the spanning
tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topol-
ogy and activates the stand-by path.

How is a root bridge selected?

All bridges in the network participating in Spanning Tree gather information about other bridges in the
network. They do this through an exchange of data messages called Bridge Protocol Data Units
(BPDUs).
This exchange of messages results in the following phases:

Phase Description

1 The selection of a root bridge.

The bridge with the highest bridge priority (i.e. the lowest numerical priority value) is
selected as the root bridge. If all bridges are configured with the default priority (32768),
the bridge with the lowest MAC address becomes the root bridge.

2 The selection of a designated bridge for every bridged LAN segment.

3 The removal of loops in the bridged network by blocking bridge ports connected to redun-
dant links.
268 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

9.1.4 The Spanning Tree topology

The cost factor is used to calculate the distance from each port of a bridge to the root bridge. On the
basis of this, each port on a bridge is assigned one of the following states:

State Description

root port The port that is closest to the root bridge. Only one port on each bridge is assigned
as the root port.

designated port The port that connects to bridges further away from the root bridge. The root bridge
only has designated ports.

blocking If a port is not assigned a root port or a designated port state, they are assigned a
blocking state. Frames (with the exception of Configuration BPDUs) are not
accepted or transmitted by the port when it is in the blocking state. The port can
be said to be in stand-by.

An elementary example of a Spanning Tree topology is given in the figure below:

Telindus 1423 SHDSL Router Chapter 9 269
User manual Configuring bridging

9.1.5 The Spanning Tree bridge port states

Bridge port states

There are four possible states a bridge port can be in:

State A port in this state …

blocking • does no frame forwarding.

• does not incorporate station location into its address database (There is no
learning on a blocking port, so there is no MAC address database update.).
• receives BPDUs, but does not process or propagate them.
A bridge always enters the blocking state following bridge initialisation.

listening • does no frame forwarding.

• does not incorporate station location into its address database (There is no
learning on a listening port, so there is no MAC address database update.).
• receives and processes BPDUs, but does not propagate them.

learning • does no frame forwarding.

• incorporates station location into its MAC address database.
• receives, processes and propagates BPDUs.

forwarding • forwards frames.

• incorporates station location into its MAC address database.
• receives, processes and propagates BPDUs.

Bridge port state transition diagram

The following figure shows how a bridge port moves through

the different states when the bridge is powered:
When you enable Spanning Tree, every bridge in the network
goes through the transitory states of listening and learning at
power up. If properly configured, each port stabilises to the for-
warding or blocking state.
When the spanning-tree algorithm places a port in the forward-
ing state, the following process occurs:
1. The port is put into the listening state while it waits for pro-
tocol information that suggests it should go to the blocking
state.
2. The port waits for the expiration of the forward delay timer,
moves the port to the learning state, and resets the forward
delay timer.
3. In the learning state, the port continues to block frame for-
warding as it learns station location information for the for-
warding database.
4. The port waits for the expiration of the forward delay timer
and then moves the port to the forwarding state, where both learning and forwarding are enabled.
270 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

9.1.6 The Spanning Tree Bridge Protocol Data Unit

What is a BPDU?

To establish a stable path, each bridge sends Configuration Bridge Protocol Data Units (BPDUs) to its
neighbouring bridges. These Configuration BPDU messages contain information about the spanning
tree topology. The contents of these frames only changes when the bridged network topology changes
or has not been established.
Each Configuration BPDU contains the following minimal information:
• The unique bridge identifier of the bridge that the transmitting bridge believes to be the root bridge.
• The cost of the path to the root from the transmitting port.
• The unique port identifier of the transmitting port.

When a bridge transmits a BPDU frame, all bridges connected to the LAN on which the frame is trans-
mitted receive the BPDU. When a bridge receives a BPDU, it does not forward the frame. Instead, it uses
the information in the frame to:
• calculate a BPDU,
• initiate a BPDU transmission if the topology changes.

The propagation of Configuration BDPUs

When a bridged network is in a stable condition, switches continue to send Configuration BPDUs to its
neighbouring bridges at regular intervals. Configuration BPDUs are transmitted down the spanning tree
from designated ports to root ports. If a Configuration BPDU is not received by the root port of a bridge
within a predefined time interval (for example, because a bridge along the path has dropped out), the
port enters the listening state to re-determine a stable path.
Telindus 1423 SHDSL Router Chapter 9 271
User manual Configuring bridging

9.1.7 The Spanning Tree behaviour

The following are some examples of how Spanning Tree behaves when certain events occur in your net-
work.

Bridging loops

Bridges connected in a LAN must

detect potential bridge loops. They
must then remove these loops by
blocking the appropriate ports to
other bridges.
This is illustrated in the following fig-
ure:
An alternate path has been estab-
lished by connecting Bridge B in par-
allel with Bridges A and C. This also
creates a potential bridge loop. How-
ever, by using the Spanning Tree
Algorithm, Bridge B breaks the loop and blocks its path to segment 3.

Bridge failure

Bridges connected in a LAN must

also detect bridge failure. They must
then establish an alternative path.
Should the root bridge fail, also a
new root bridge must be selected.
A bridge failure is illustrated in the
following figure:
If Bridge A fails, the Spanning Tree
Algorithm must be capable of acti-
vating an alternative path, such as
Bridge B.

Network extension

Bridges connected in a LAN must

also detect topology changes. They
must adapt to these changes.
A topology change is illustrated in
the following figure:
If the network is extended by adding
Bridge D, the Spanning Tree Algo-
rithm must be capable of adapting
automatically to the new topology.
This means that Bridge B stops loop-
ing by blocking the path to segment
3.
272 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

9.1.8 The Spanning Tree priority and cost

Consider the following Spanning Tree Topology:

What is bridge priority?

In the example above, Bridge A is selected as the root bridge. This because the bridge priority of all the
bridges is set to the default value (32768) and Bridge A has the lowest MAC address. However, due to
traffic patterns or link types, Bridge A might not be the ideal root bridge.
By increasing the bridge priority (lowering the numerical priority value) of the ideal bridge so that it
becomes the root bridge, you force a Spanning Tree recalculation to form a new spanning-tree topology
with the ideal bridge as the root.

What is port priority and path cost?

When the spanning-tree topology is calculated based on default parameters, the path between source
and destination stations in a bridged network might not be ideal. The goal is to make the fastest link the
root port.
For example, assume on Bridge B that …
• port 1, currently the root port, is an unshielded twisted-pair link,
• port 2 is a fibre-optic link.

Network traffic might be more efficient over the high-speed fibre-optic link. By changing the spanning-
tree port priority or path cost for port 2 to a higher priority (lower numerical value) than port 1, port 2
becomes the root port.
Telindus 1423 SHDSL Router Chapter 9 273
User manual Configuring bridging

Example

By changing the priority and/or the pathCost, you can create a "preferred" path:

By setting the path costs of Bridge A and B to a lower value than the path cost of Bridge D, you can
create a preferred path through Bridge A and B. The path through Bridge D becomes the back-up path.
274 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

9.2 Configuring bridging

This section lists the attributes you can use to configure bridging. The following gives an overview of this
section:
• 9.2.1 - Introducing the bridging attributes on page 275
• 9.2.2 - Configuring the bridge group on page 276
• 9.2.3 - Adding a bridge group on page 277
• 9.2.4 - Enabling bridging on an interface on page 279
• 9.2.5 - Configuring bridging on an interface on page 280
• 9.2.6 - Explaining the bridging structure on page 281
Telindus 1423 SHDSL Router Chapter 9 275
User manual Configuring bridging

9.2.1 Introducing the bridging attributes

What is a bridge group?

A bridge group comprises the main bridging process. So in the containment tree, the bridgeGroup object
contains the general bridging attributes.

What are multiple bridge groups?

The Telindus 1423 SHDSL Router offers the possibility to create multiple bridge groups. This means you
can group some interfaces in one bridge group while you group several other interfaces in another bridge
group. By doing so, it is as if you created several “simple” bridge devices within one device.

Bridging on the different interfaces

In addition to configuring the general bridging process using the configuration attributes of the bridge
group, you also have to configure bridging on each interface on which you want to use bridging.
276 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

9.2.2 Configuring the bridge group

Refer to …
• 9.1 - Introducing bridging on page 264 for an introduction on bridging.
• 9.2.1 - Introducing the bridging attributes on page 275 for an introduction on the bridging attributes.

This section lists the most important configuration attributes of the bridge group.

Configuring an IP address on the bridge group

As on other interfaces (LAN, PVCs, etc.), you can

configure an IP address on the bridge group. Do
this using the configuration attribute
telindus1423Router/bridge/bridgeGroup/ip on page 654.
What is more, if you enable bridging on the LAN interface (telindus1423Router/lanInterface/mode = bridging),
then the settings of the configuration attribute telindus1423Router/lanInterface/ip are ignored. So in this case,
if you want to manage the Telindus 1423 SHDSL Router via IP, then you have to configure an IP address
in the bridgeGroup object instead.

Selecting the bridging protocol

Refer to 9.1.2 - The self-learning and Transparent Spanning Tree bridge on page 266 for an introduction.
Use the protocol element in the spanningTree structure to select the bridging protocol. Refer to
telindus1423Router/bridge/bridgeGroup/spanningTree on page 656.

Setting the bridge priority

Refer to 9.1.8 - The Spanning Tree priority and cost on page 272 for more information on bridge priority.
Use the bridgePriority element in the spanningTree structure to set the bridge priority. Refer to
telindus1423Router/bridge/bridgeGroup/spanningTree on page 656.
Telindus 1423 SHDSL Router Chapter 9 277
User manual Configuring bridging

9.2.3 Adding a bridge group

As said in 9.2.1 - Introducing the bridging attributes on page 275, you can add several bridge groups.
In order to add a bridge group, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go

to the bridge object and add a vpnBridgeGroup[ ] object
underneath (refer to 4.4 - Adding an object to the contain-
ment tree on page 50).
E.g. vpnBridgeGroup[my_bg]

2 In the vpnBridgeGroup[ ] object you just added, configure the attributes to your needs.
Example:
Suppose you configure an IP address on the bridge group, activate the spanning tree
protocol and set a bridge priority.

3 Now you can add interfaces to the bridge group you just created. Do this by entering the
name of the bridge group in the bridging/bridgeGroup element of the interfaces you want to
add.
Refer to 9.2.6 - Explaining the bridging structure on page 281 (more specifically to the
bridgeGroup element) for more information.
Example:
Suppose you want to add the LAN interface to the vpnBridgeGroup[my_bg] object you previ-
ously added, then type the string “my_bg” in the bridgeGroup element of the bridging structure
of the lanInterface object.
278 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

Example - multiple bridge groups

Suppose …
• you have 2 VLANs (VLAN 1 and VLAN 2).
• you have 5 PVCs (PVC 1 up to PVC 5).
• you want to assign VLAN 1 and PVC 1 and 2 to
the default bridge group.
• you want to assign VLAN 2 and PVC 3, 4 and 5
to a bridge group you added yourself.

So first, add a bridge group to the containment tree (e.g. vpnBridgeGroup[my_bg]. Then assign the different
interfaces to the different bridge groups by specifying bridge group names in the bridging/bridgeGroup ele-
ments of the different interfaces. Also set the different interfaces in bridging mode.
The configuration looks as follows:
Telindus 1423 SHDSL Router Chapter 9 279
User manual Configuring bridging

9.2.4 Enabling bridging on an interface

Refer to …
• 9.1 - Introducing bridging on page 264 for an introduction on bridging.
• 9.2.1 - Introducing the bridging attributes on page 275 for an introduction on the bridging attributes.

Per IP interface you can determine whether you perform routing, bridging or both. The following table
shows, for each IP interface, how to enable bridging on this interface:

Interface How to enable bridging?

LAN interface Set the mode attribute to bridging or routingAndBridging. The mode attribute can be found
in the lanInterface object: telindus1423Router/lanInterface/mode.

Important remark

If you set the configuration attribute telindus1423Router/lanInterface/mode to bridg-

ing, then the settings of the configuration attribute telindus1423Router/lanInterface/ip are
ignored. As a result, if you want to manage the Telindus 1423 SHDSL Router via
IP, you have to configure an IP address in the bridgeGroup object instead:
telindus1423Router/bridge/bridgeGroup/ip.

VLAN on the Set the mode element to bridging or routingAndBridging. The mode element can be found
LAN interface in the vlan table which is located in the lanInterface object: telindus1423Router/lanInter-
face/vlan/mode.

ATM PVC Set the mode element to bridging or routingAndBridging. The mode element can be found
in the pvcTable table which is located in the atm object: telindus1423Router/wanInterface/
channel[wan_1]/atm/pvcTable/mode.

PPP link Set the mode element to bridging or routingAndBridging. The mode element can be found
in the ppp object: telindus1423Router/wanInterface/channel[wan_1]/ppp/mode.

Frame Relay Set the mode element to bridging or routingAndBridging. The mode element can be found
PVC in the dlciTable table which is located in the frameRelay object: telindus1423Router/wan-
Interface/channel[wan_1]/frameRelay/dlciTable/mode.

PPP link Set the mode element to bridging or routingAndBridging. The mode element can be found
(ISDN interface in the ppp object: telindus1423Router/bri[ ]/leasedLine[ ]/ppp/mode.
in leased line)

Frame Relay Set the mode element to bridging or routingAndBridging. The mode element can be found
PVC in the dlciTable table which is located in the frameRelay object: telindus1423Router/bri[ ]/
(ISDN interface leasedLine[ ]/frameRelay/dlciTable/mode.
in leased line)

L2TP tunnel Set the mode element to bridging or routingAndBridging. The mode element can be found
in the l2tpTunnels table which is located in the tunnels object: telindus1423Router/ip/router/
tunnels/l2tpTunnels/mode.

IPSEC L2TP Set the mode element to bridging or routingAndBridging. The mode element can be found
tunnel in the ipsecL2tpTunnels table which is located in the tunnels object: telindus1423Router/ip/
router/tunnels/ipsecL2tpTunnels/mode.
280 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

9.2.5 Configuring bridging on an interface

Refer to …
• 9.1 - Introducing bridging on page 264 for an introduction on bridging.
• 9.2.1 - Introducing the bridging attributes on page 275 for an introduction on the bridging attributes.

Once the bridging process is enabled on the interface (refer to 9.2.4 - Enabling bridging on an interface
on page 279) you can configure the bridging parameters of this interface. Use the elements in the bridging
structure for this purpose. The following table shows you the location of the bridging structure for each
interface:

Interface Location of the bridging parameters

LAN interface In the bridging structure of the lanInterface object: telindus1423Router/lanInterface/bridging.

Important remark

If you set the configuration attribute telindus1423Router/lanInterface/mode to bridg-

ing, then the settings of the configuration attribute telindus1423Router/lanInterface/ip are
ignored. As a result, if you want to manage the Telindus 1423 SHDSL Router via
IP, you have to configure an IP address in the bridgeGroup object instead:
telindus1423Router/bridge/bridgeGroup/ip.

VLAN on the In the bridging structure of the vlan table which is located in the lanInterface object:
LAN interface telindus1423Router/lanInterface/vlan/bridging.

ATM PVC In the bridging structure of the pvcTable which is located in the atm object:
telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/bridging.

PPP link In the bridging structure of the ppp object: telindus1423Router/wanInterface/channel[wan_1]/

ppp/bridging.

Frame Relay In the bridging structure of the dlciTable which is located in the frameRelay object:
PVC telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable/bridging.

PPP link In the bridging structure of the ppp object: telindus1423Router/bri[ ]/leasedLine[ ]/ppp/bridg-
(ISDN interface ing.
in leased line)

Frame Relay In the bridging structure of the dlciTable which is located in the frameRelay object:
PVC telindus1423Router/bri[ ]/leasedLine[ ]/frameRelay/dlciTable/bridging.
(ISDN interface
in leased line)

L2TP tunnel In the bridging structure of the l2tpTunnels table which is located in the tunnels object:
telindus1423Router/ip/router/tunnels/l2tpTunnels/bridging.

IPSEC L2TP In the bridging structure of the ipsecL2tpTunnels table which is located in the tunnels
tunnel object: telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels/bridging.

Refer to 9.2.6 - Explaining the bridging structure on page 281 for a detailed explanation of the bridging
structure.
Telindus 1423 SHDSL Router Chapter 9 281
User manual Configuring bridging

9.2.6 Explaining the bridging structure

Because the bridging structure occurs in several objects, it is described here once and referenced where
necessary. Refer to 9.2.5 - Configuring bridging on an interface on page 280 for the location of the bridging
structure.

This section lists all the elements that can be present in the bridging structure. However, depending on
the interface, it is possible that not all of these elements are present.

The bridging structure contains the following elements:

Element Description

accessList Use this element set up an outbound access list on Default:<empty>

the interface. Range: 0 … 24 characters
Do this by entering the index name of the access list you want to use. You can cre-
ate the access list itself by adding an accessList object under the bridge object and
by configuring the attributes in this object.

Example

If you created a accessList object with index name my_access_list

(i.e. accessList[my_access_list]) and you want to apply this access list
here, then enter the index name as value for the accessList ele-
ment.
Refer to …
• 10.2.1 - The different access restrictions on the Telindus 1423 SHDSL Router
on page 297 for an introduction on access lists.
• 12.13.2 - Bridge access list configuration attributes on page 663 for more infor-
mation on bridge access lists.
282 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

Element Description

bridgeGroup Use this element to determine to which bridge group Default:bridge

the interface belongs. Range: 1 … 24 characters
You have the possibility to create multiple bridge groups (refer to 9.2.3 - Adding a
bridge group on page 277). Then, you can assign some interfaces to one bridge
group while you assign several other interfaces to another bridge group.
By default, the interface is assigned to the default bridge group (provided the con-
figuration attribute telindus1423Router/bridge/bridgeGroup/name of the default bridge
group still has its default value “bridge”). You can assign the interface to another
bridge group than the default bridge group by specifying the index name of the
bridge group in the bridgeGroup element.

Examples

• By default, both the bridgeGroup element and the configuration attribute

telindus1423Router/bridge/bridgeGroup/name of the default bridge group are set to
“bridge”. This means that by default the interface is assigned to the default
bridge group.

• Suppose you change the name of the default bridge group (by changing the
value of the configuration attribute telindus1423Router/bridge/bridgeGroup/name). If
you still want to assign the interface to the default bridge group, then you have
to enter the new name of the default bridge group in the bridgeGroup element of
the interface.

• Suppose you add a bridge group with index name my_bg and you want to assign
the interface to this bridge group, then enter the index name as value for the
bridgeGroup element.
Telindus 1423 SHDSL Router Chapter 9 283
User manual Configuring bridging

Element Description

trafficPolicy
This element is not present in the telindus1423Router/lanInterface/bridging struc-
ture.

Use this element to apply a traffic policy on the Default:<empty>

bridged data on the interface. Range: 0 … 24 characters
Do this by entering the index name of the traffic policy you want to use. You can
create the traffic policy itself by adding a trafficPolicy object under the bridge object
and by configuring the attributes in this object.

Example

If you created a trafficPolicy object with index name my_traffic_policy

(i.e. trafficPolicy[my_traffic_policy]) and you want to apply this traffic
policy here, then enter the index name as value for the trafficPol-
icy element.
Refer to 9.3 - Configuring traffic and priority policy on the bridge on page 285 for
more information on policies.

priority Use this element to set the port priority of the inter- Default:128
face. Range: 0 … 255
Each port of a bridge has a unique port identifier. The priority element is a part of
this port identifier and allows you to change the priority of the port. It is taken as
the more significant part in priority comparisons.
The other part of the unique port identifier has a fixed relationship to the physical
or logical port. This assures the uniqueness of the unique port identifier among the
ports of a single bridge.
Refer to 9.1.8 - The Spanning Tree priority and cost on page 272 for more infor-
mation on port priority.

pathCost Use this element to set the path cost of the interface. Default:100
The path cost is the value that is added to the total Range: 1 … 65535
cost of the path to the root bridge, provided that this particular port is a root port.
I.e. that the path to the root goes through this port.

The total cost of the path to the root bridge should not exceed 65500.

Refer to 9.1.8 - The Spanning Tree priority and cost on page 272 for more infor-
mation on port priority.

topologyChange- Use this element to enable or disable the communica- Default:enabled

Detection tion of Spanning Tree topology changes to the root Range: enabled / disabled
bridge.
284 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

Element Description

limitBroadcasts Use this element to limit broadcasts between inter- Default:disabled

faces for which the limitBroadcasts element is set to ena- Range: enabled / disabled
bled.

Example

Suppose you have the follow-

ing set-up:
• Four links towards four dif-
ferent users (clients).
• One uplink towards the
backbone.
• All links are configured for
bridging.
In this case you probably want
that broadcasts coming from
the uplink are distributed to the user links and that broadcasts coming from the
user links are forwarded to the uplink. However, you most likely do not want that
broadcasts coming from one user link are distributed over all the other user links.
Therefore, set the limitBroadcasts element to enabled on all interfaces that may not for-
ward each other’s broadcasts.
Telindus 1423 SHDSL Router Chapter 9 285
User manual Configuring bridging

9.3 Configuring traffic and priority policy on the bridge

Refer to …
• 8.8.1 - Introducing traffic and priority policy on page 238 for an introduction on traffic and priority pol-
icy.
• 8.8.2 - Traffic and priority policy on routed and on bridged data on page 242 for the difference
between traffic and priority policy on the bridge and the router.

This section gives a short description of the attributes you can use to configure traffic and priority policy
on the bridge.
The following gives an overview of this section:
• 9.3.1 - How to configure a traffic and priority policy on the bridge? on page 286
• 9.3.2 - Configuring a traffic policy on the bridge on page 287
• 9.3.3 - Applying a traffic policy on a certain interface of the bridge on page 288
286 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

9.3.1 How to configure a traffic and priority policy on the bridge?

Refer to 8.8.1 - Introducing traffic and priority policy on page 238 for an introduction.
To configure a traffic and priority policy for the bridged data on a certain interface, proceed as follows:

Step Action

1 Create and configure a bridging traffic policy.

Refer to 9.3.2 - Configuring a traffic policy on the bridge on page 287.

2 Apply the bridging traffic policy on the desired interface.

Refer to 9.3.3 - Applying a traffic policy on a certain interface of the bridge on page 288.

3 Create and configure a priority policy.

Refer to 8.8.6 - Creating a priority policy on page 247.

4 Apply the priority policy on the desired interface.

Refer to 8.8.7 - Applying a priority policy on an interface on page 249.
Telindus 1423 SHDSL Router Chapter 9 287
User manual Configuring bridging

9.3.2 Configuring a traffic policy on the bridge

Refer to 9.3.1 - How to configure a traffic and priority policy on the bridge? on page 286 for an overview
on how to configure a traffic and priority policy. To give you an idea of where you are in the process, the
following also gives a quick overview:
• → Create and configure a bridging traffic policy. ← You are here.
• Apply the bridging traffic policy on the desired interface.
• Create and configure a priority policy.
• Apply the priority policy on the desired interface.

To create and configure a traffic policy for the bridged data on a certain interface, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router contain-

ment tree, go to the profiles/policy/traffic object
and add a bridgingTrafficPolicy[ ] object under-
neath (refer to 4.4 - Adding an object to the
containment tree on page 50).

2 In the traffic policy object you just added, go to the vlanPriorityMap attribute. Use this
attribute to impose a traffic policy on the bridged VLAN frames received by the Telindus
1423 SHDSL Router.
Refer to telindus1423Router/profiles/policy/traffic/bridgingTrafficPolicy[ ]/vlanPriorityMap on page 541 for
more information.

3 In the traffic policy object you just added, go to the dropLevels attribute. Use this attribute
to define for each user configurable queue, how many packets may be queued before
they are dropped.
Refer to telindus1423Router/profiles/policy/traffic/bridgingTrafficPolicy[ ]/dropLevels on page 541 for
more information.
288 Telindus 1423 SHDSL Router Chapter 9
User manual Configuring bridging

9.3.3 Applying a traffic policy on a certain interface of the bridge

Refer to 9.3.1 - How to configure a traffic and priority policy on the bridge? on page 286 for an overview
on how to configure a traffic and priority policy. To give you an idea of where you are in the process, the
following also gives a quick overview:
• Create and configure a bridging traffic policy.
• → Apply the bridging traffic policy on the desired interface. ← You are here.
• Create and configure a priority policy.
• Apply the priority policy on the desired interface.

To apply a traffic policy for the bridged data on a certain interface, enter the index name of the earlier
created traffic policy object as value of the trafficPolicy element. The trafficPolicy element can be found in
the bridging structure of the IP interface. Refer to 9.2.5 - Configuring bridging on an interface on page 280
for the location of the bridging structure on the different IP interfaces.

On the LAN interface, you can not apply a bridging traffic policy.

Example - applying a traffic policy on an interface of the bridge

Suppose you created and configured a traffic policy object with index name myTrafPol (i.e. trafficPol-
icy[myTrafPol]), and you want to apply this traffic policy on an L2TP tunnel you created earlier.
The following figure shows how to configure this:
Telindus 1423 SHDSL Router Chapter 10 289
User manual Configuring the additional features

10 Configuring the additional features

This chapter introduces the most important additional features of the Telindus 1423 SHDSL Router
besides routing, bridging and switching and lists the attributes you can use to configure these features.
The following gives an overview of this chapter:
• 10.1 - Configuring DHCP on page 290
• 10.2 - Configuring the access restrictions on page 296
• 10.3 - Configuring VLANs on page 308
• 10.4 - Configuring VLANs on the 4 port Ethernet switch on page 316
• 10.5 - Configuring L2TP tunnels on page 324
• 10.6 - Configuring IP security on page 334
• 10.7 - Configuring RADIUS on page 355
• 10.8 - Configuring QoS on page 365
• 10.9 - Configuring the stateful inspection firewall on page 376

Refer to the Reference manual on page 433 for a complete overview of the attributes of the Telindus
1423 SHDSL Router.
290 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.1 Configuring DHCP

This section introduces the Dynamic Host Configuration Protocol (DHCP) and gives a short description
of the attributes you can use to configure DHCP.
The following gives an overview of this section:
• 10.1.1 - Introducing DHCP on page 291
• 10.1.2 - Assigning static IP addresses on page 292
• 10.1.3 - Assigning dynamic IP addresses on page 293
• 10.1.4 - Configuring the Telindus 1423 SHDSL Router as DHCP relay agent on page 295
Telindus 1423 SHDSL Router Chapter 10 291
User manual Configuring the additional features

10.1.1 Introducing DHCP

What is DHCP?

The DHCP protocol is a protocol for assigning IP addresses to devices on a network. DHCP can assign
dynamic or static IP addresses. With dynamic addressing, a device can have a different IP address every
time it connects to the network. What is more, the IP address can even change while the device is still
connected.
Dynamic addressing simplifies network administration because the software keeps track of IP addresses
rather than requiring an administrator to manage the task. This means that a new computer can be
added to a network without the hassle of manually assigning it a unique IP address.

What is a DHCP relay agent?

Being a broadcast message, a DHCP request can not pass a router by default. To help a DHCP request
pass the router, IP helper addresses have to be configured. This adds additional information to the
request packets allowing servers on distant networks to send back the answer.

Combining static and dynamic DHCP tables

If you combine static and dynamic DHCP server tables, then on an incoming DHCP request first the
static table is scanned for matches and then the dynamic DHCP table is considered.

How does the DHCP server react on a BootP request?

The DHCP server reacts on a BootP request as follows: the source MAC address of the incoming BootP
request packet is compared with the MAC addresses that have been entered in the dhcpStatic table. Then,
there are two possibilities:
• If the source MAC address corresponds with a MAC address in the dhcpStatic table, then the DHCP
server replies with a BootP reply packet. In this reply, the IP address that is linked with the MAC
address in question (as defined in the dhcpStatic table) is returned.
• If the source MAC address does not correspond with a MAC address in the dhcpStatic table, then the
DHCP server returns no response on that frame.

Releasing IP addresses - DHCP versus BootP

On DHCP level, it is regularly checked whether the device that has an IP address in lease is still con-
nected to the network. If it is not, the IP address is returned to the pool of free IP addresses.
On BootP level, however, such a check (or refresh) does not exist. What is more, a statistic IP address
lease is for an infinite time. Consequently, if the device that requested the IP address is no longer con-
nected to the network, this is not detected by the server. In that case, the statistical information will still
indicate that the IP address is leased although it is not.
292 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.1.2 Assigning static IP addresses

Refer to 10.1.1 - Introducing DHCP on page 291 for an introduction.

To assign static IP addresses to an IP device, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the router object, select the
dhcpStatic attribute and add one or more entries to this table.

Use this attribute to assign a fixed IP address to an IP device and this for an infinite time.
Add a row to the dhcpStatic table for each IP address you want to assign.

2 Configure the elements of the dhcpStatic table. The most important are:
• ipAddress. Use this element to assign an IP address to a certain client. This client is
identified with its MAC address.
• mask. Use this element to set the client its subnet mask.
• gateway. Use this element to set the default gateway for the client its subnet. If the inter-
face element is left empty (default), then it is the gateway element that determines on
which interface the Telindus 1423 SHDSL Router will act as DHCP server. Namely
the interface through which the IP address as entered in the gateway element can be
reached.
• interface. Use this element to specify the name of the interface on which you want the
Telindus 1423 SHDSL Router to act as DHCP server.
• macAddress. Use this element to enter the client its MAC address.

Refer to telindus1423Router/ip/router/dhcpStatic on page 568 for more information.

Important remark

If you apply an access list on an interface1 of the Telindus 1423 SHDSL Router through which DHCP
requests have to be received, then make sure that this access list explicitly allows the passing of DHCP
packets! This to make sure that the DHCP packets are not dropped should you accidently misconfigure
the access list.
Also when you activate the firewall, make sure that DHCP requests are allowed access to the protocol
stack of the Telindus 1423 SHDSL Router.

1. The term “interface” also implies the Telindus 1423 SHDSL Router its own protocol stack. So
if an access list is applied on the protocol stack, then also in this case make sure that the DHCP
packets are allowed to pass.
Telindus 1423 SHDSL Router Chapter 10 293
User manual Configuring the additional features

10.1.3 Assigning dynamic IP addresses

Refer to 10.1.1 - Introducing DHCP on page 291 for an introduction.

To assign dynamic IP addresses to an IP device, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the router object, select the
dhcpDynamic attribute and add one or more entries to this table.

Use this attribute to assign an IP address selected from an IP address range to an IP

device and this for a certain time. Add a row to the dhcpDynamic table for each IP address
range you want to create.

2 Configure the elements of the dhcpDynamic table. The most important are:
• ipStartAddress. Use this element to define the start address of the IP address range. It
is from this range that an IP address will be dynamically assigned to a client.
• ipEndAddress. Use this element to define the end address of the IP address range. It is
from this range that an IP address will be dynamically assigned to a client.
• mask. Use this element to set the client its subnet mask for the specified IP address
range.
• gateway. Use this element to set the default gateway for the client its subnet. If the inter-
face element is left empty (default), then it is the gateway element that determines on
which interface the Telindus 1423 SHDSL Router will act as DHCP server. Namely
the interface through which the IP address as entered in the gateway element can be
reached.
• interface. Use this element to specify the name of the interface on which you want the
Telindus 1423 SHDSL Router to act as DHCP server.
• leaseTime. Use this element to set the maximum time a client can lease an IP address
from the specified IP address range. If 00000d 00h 00m 00s (default) is specified, then
the lease time is infinite.

Refer to telindus1423Router/ip/router/dhcpDynamic on page 570 for more information.

Important remark

If you apply an access list on an interface1 of the Telindus 1423 SHDSL Router through which DHCP
requests have to be received, then make sure that this access list explicitly allows the passing of DHCP
packets! This to make sure that the DHCP packets are not dropped should you accidently misconfigure
the access list.

1. The term “interface” also implies the Telindus 1423 SHDSL Router its own protocol stack. So
if an access list is applied on the protocol stack, then also in this case make sure that the DHCP
packets are allowed to pass.
294 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Also when you activate the firewall, make sure that DHCP requests are allowed access to the protocol
stack of the Telindus 1423 SHDSL Router.
Telindus 1423 SHDSL Router Chapter 10 295
User manual Configuring the additional features

10.1.4 Configuring the Telindus 1423 SHDSL Router as DHCP relay agent

Refer to 10.1.1 - Introducing DHCP on page 291 for an introduction.

To configure the Telindus 1423 SHDSL Router as DHCP relay agent, proceed as follows:

Step Action

1 Specify (a) helper IP address(es) using the helpers element in the ip structure. Refer to
5.2.3 - Explaining the ip structure on page 63 for more information.

2 Now specify the helper protocols.

By default, the helperProtocols table is empty. In this case the BootP/DHCP requests
(among others) are forwarded automatically. However, specifying at least one value in
the helperProtocols table clears the default helper list automatically. In that case you explic-
itly have to enter the BootP/DHCP protocol in the helperProtocols table.
Refer to telindus1423Router/ip/router/helperProtocols on page 565 for more information.
296 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.2 Configuring the access restrictions

This section explains how to control the access to the Telindus 1423 SHDSL Router for both manage-
ment data and user data. First this section gives an overview of the different access restrictions that you
can apply on the Telindus 1423 SHDSL Router. Then it highlights the most complex access restriction:
the extended access lists. It introduces extended access lists and shows you how to set them up.
The following gives an overview of this section:
• 10.2.1 - The different access restrictions on the Telindus 1423 SHDSL Router on page 297
• 10.2.2 - Introducing extended access lists on page 300
• 10.2.3 - Setting up an extended access list on page 301
• 10.2.4 - Tuning an extended access list on page 303
• 10.2.5 - Remarks on extended access lists on page 307
Telindus 1423 SHDSL Router Chapter 10 297
User manual Configuring the additional features

10.2.1 The different access restrictions on the Telindus 1423 SHDSL Router

This section gives an overview of the different access restrictions that you can apply on the Telindus
1423 SHDSL Router.

IP interface

You can apply the following access restrictions on an IP interface

Access restrictions on user Quick configuration

data

Inbound extended access list
with “allow” and/or “deny”
rules.
1. Add and configure a profiles/policy/traffic/ipTrafficPolicy[ ] object. E.g.
ipTrafficPolicy[myInList].
2. Apply the traffic policy by typing the index name of the ipTrafficPolicy[
] object as value of the accessPolicy element in the ip structure (e.g.
“myInList”).

Refer to 10.2.3 - Setting up an extended access list on page 301 for

detailed information.

Outbound extended access 1. Add and configure a profiles/policy/traffic/ipTrafficPolicy[ ] object. E.g.

list with “allow” rules. ipTrafficPolicy[myOutList].
2. Apply the traffic policy by typing the index name of the ipTrafficPolicy[
] object as value of the trafficPolicy element in the ip structure (e.g.
“myOutList”).

Refer to 10.2.3 - Setting up an extended access list on page 301 for

detailed information.
298 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Bridge interface

You can apply the following access restrictions on a bridge interface:

Access restrictions on user Quick configuration

data

Outbound simple access list 1. Add and configure a bridge/accessList[ ] object. E.g. accessList[myList].
with “deny” rules. 2. Apply the access list by typing the index name of the bridge/access-
List[ ] object as value of the accessList element in the bridging struc-
ture (e.g. “myList”).

Refer to telindus1423Router/bridge/accessList[ ]/macAddress on page 664 for

detailed information.

Prevent broadcasts and multi- Configure the limitBroadcasts element in the bridging structure.
casts from flooding to all inter-
Refer to limitBroadcasts on page 284 for detailed information.
faces
Telindus 1423 SHDSL Router
User manual
Protocol stack
You can apply the following access restrictions on the protocol stack
Access restrictions on
management data
Inbound simple access list
with “allow” and/or “deny”
rules.
Inbound extended access list
with “allow” and/or “deny”
rules.
Easy protocol restrictions
without the need of an access
list (Telnet, FTP, TFTP,
SNMP: allow / deny).
Access restrictions per IP
interface (allow / deny)
Access restrictions per bridge
interface (on VLAN level:
allow / deny)
Chapter 10 299
Configuring the additional features
Quick configuration
Configure the accessList attribute in the management object.
Refer to telindus1423Router/management/accessList on page 672 for detailed
information.
1. Add and configure a profiles/policy/traffic/ipTrafficPolicy[ ] object. E.g.
ipTrafficPolicy[myMgtList].
2. Apply the traffic policy by typing the index name of the ipTrafficPolicy[
] object as value of the accessPolicy attribute in the management
object (e.g. “myMgtList”).
Refer to 10.2.3 - Setting up an extended access list on page 301 for
detailed information.
Configure the telnet, ftp, tftp and snmp attributes in the management
object.
Refer to 12.15 - Management configuration attributes on page 667 for
detailed information.
Configure the mgmtAccess element in the ip structure.
Refer to mgmtAccess on page 68 for detailed information.
Configure the localAccess attribute in the bridgeGroup object.
Refer to telindus1423Router/bridge/bridgeGroup/localAccess on page 657 for
detailed information.
300 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.2.2 Introducing extended access lists

What is an extended access list?

Access lists control the access to or from an interface for a number of specified services or IP addresses.
The access list describes the condition to forward (permit) packets to an interface or to drop (deny) them.
When access lists are combined with NAT/PAT translation, then first the conditions of the access list are
applied before the NAT/PAT translation is done.
On the Telindus 1423 SHDSL Router, the extended access lists are implemented using the traffic policy
function and by defining traffic shaping rules.
Telindus 1423 SHDSL Router Chapter 10 301
User manual Configuring the additional features

10.2.3 Setting up an extended access list

This section explains how to set up an extended access list. 10.2.4 - Tuning an extended access list on
page 303, explains how to configure the access list. I.e. how to define the filter criteria.
In order to set up an extended access list, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment

tree, go to the profiles/policy/traffic object and add an
ipTrafficPolicy[ ] object underneath (refer to 4.4 - Add-
ing an object to the containment tree on page 50).

2 In the traffic policy object you just created, make sure that the configuration attribute
method is set to trafficShaping (this is the default value).

3 Configure the configuration attribute telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/traf-

ficShaping to match you filter criteria.
Refer to 10.2.4 - Tuning an extended access list on page 303.

4 Apply the traffic policy on the desired interface. See below.

Setting up an inbound extended access list on an IP interface

1. Go to the ip attribute of the interface on which you want to apply your extended access
list.
For example, suppose you want to apply an extended access list on the LAN inter-
face, then go to lanInterface object and then go to the ip attribute.

2. In the ip attribute, enter the index name of the traffic policy object you created in step
1 as value of the accessPolicy element.
In our example, enter the string myTrafPol as value of the accessPolicy element.
302 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Step Action

5 Setting up an outbound extended access list on an IP interface

1. Go to the ip attribute of the interface on which you want to apply your extended access
list.
For example, suppose you want to apply an extended access list on the LAN inter-
face, then go to lanInterface object and then go to the ip attribute.

2. In the ip attribute, enter the index name of the traffic policy object you created in step
1 as value of the trafficPolicy element.
In our example, enter the string myTrafPol as value of the trafficPolicy element.

6 Setting up an inbound extended access list on the protocol stack

Go to the management object and enter the index name of the traffic policy object you cre-
ated in step 1 as value of the accessPolicy attribute.

Important remark

It is possible that the Telindus 1423 SHDSL Router has to answer to DHCP
requests or terminate L2TP and IPSec tunnels. In that case, if you set up an access list
on the protocol stack, then make sure that these protocols are allowed access to the pro-
tocol stack.
Telindus 1423 SHDSL Router Chapter 10 303
User manual Configuring the additional features

10.2.4 Tuning an extended access list

Whereas 10.2.3 - Setting up an extended access list on page 301 shows you how to set up an extended
access list, this section shows you how to tune the access list. I.e. how to define the filter criteria.
You have to define your filter criteria in the telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/trafficShaping
attribute. This is a table, which is empty by default, but to which you can add several lines (entries).
The following shows a screenshot of the trafficShaping table containing one line:

As you can see from the elements in the trafficShaping table, you can filter on several criteria:

Filter criterion Description

IP addresses • 1 IP address: enter an IP address in the element sourceIpStartAddress and/or

destinationIpStartAddress.
• IP address range: enter an IP address range using the elements …
- sourceIpStartAddress and sourceIpEndAddress and/or
- destinationIpStartAddress and destinationIpEndAddress

So if you define 1 or more IP addresses in the trafficShaping table, then traffic from
(source) or to (destination) these IP addresses is allowed. All other traffic is dis-
carded.

IP protocol Specify an IP protocol using the ipProtocol element. Either select one of the common
IP protocols from the ipProtocol element its drop-down box, or directly type a specific
protocol number in the ipProtocol element field.
So if you define an IP protocol in the trafficShaping table, then traffic carrying this IP
protocol is allowed. All other traffic is discarded.
304 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Filter criterion Description

port number • 1 port number: enter a port number in the element sourcePortStart and/or
destinationPortStart.
• port number range: enter a port number range using the elements …
- sourcePortStart and sourcePortEnd
- and/or
- destinationPortStart and destinationPortEnd

So if you define 1 or more port numbers in the trafficShaping table, then traffic carry-
ing these port numbers is allowed. All other traffic is discarded.

You can not filter on port numbers only. What is more, you can only filter on
port numbers when the IP protocol is set to TCP or UDP. So in other words,
if the IP protocol element is set to a value different from TCP or UDP, then
all the port elements are ignored.

Type Of Service • 1 TOS value: enter a TOS value in the element tosStartValue.
(TOS) value • TOS value range: enter a TOS value range using the elements tosStartValue and
tosEndValue.

So if you define 1 or more TOS values in the trafficShaping table, then traffic carrying
these TOS values is allowed. All other traffic is discarded.
Telindus 1423 SHDSL Router Chapter 10 305
User manual Configuring the additional features

Example - configuring an extended access list

This is an example of a network connected to the Internet and for which the following conditions are
required:
• only 5 stations may have access to the Internet.
• only the HTTP-port for web browsing is open for incoming packets from the Internet.
306 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

The following figure shows how to configure the extended access lists:
Telindus 1423 SHDSL Router Chapter 10 307
User manual Configuring the additional features

10.2.5 Remarks on extended access lists

• By default, the entries in the trafficShaping table are “allow” rules. I.e. only the traffic defined in the table
is permitted, all other traffic is discarded (independent whether the traffic shaping table is used as an
access list, for priority policing or policy based routing). However, you can inverse an entry making it
a “deny” rule by entering “discard” as value of the interface element.

• If more than one entry applies to the same packet, then the entry which has the narrowest filter range
(when looking at the filter criteria from left to right) is chosen. For example: two rows in the trafficShaping
table apply to the same packet, but row 1 wants to forward packets to queue 3 and row 2 wants to
forward packets to the low delay queue. In that case, first the IP source address is considered. The
row with the smallest range wins. If the ranges are exactly the same, then the IP destination address
is considered. And so on. Should the two rows be completely identical except for the queue, then one
of the rows is chosen at random.

• You do not necessarily have to fill in IP addresses in the trafficShaping table. It is perfectly valid to filter
on IP protocol, IP protocol/port combination or TOS values only. However, you can not filter on port
numbers only. What is more, you can only filter on port numbers when the IP protocol is set to TCP
or UDP. So in other words, if the IP protocol element is set to a value different from TCP or UDP, then
all the port elements are ignored.
308 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.3 Configuring VLANs

This section introduces VLANs and gives a short description of the attributes you can use to configure
VLANs.
The following gives an overview of this section:
• 10.3.1 - Introducing VLANs on page 309
• 10.3.2 - Setting up a VLAN on a LAN interface on page 310
• 10.3.3 - Setting up a VLAN on the bridge group on page 312
• 10.3.4 - Configuring VLAN switching on page 313
Telindus 1423 SHDSL Router Chapter 10 309
User manual Configuring the additional features

10.3.1 Introducing VLANs

What is a VLAN?

A Virtual LAN (VLAN) is a group of devices on one or more LANs that are configured (using management
software) so that they can communicate as if they were attached to the same wire, when in fact they are
located on a number of different LAN segments. Because VLANs are based on logical instead of phys-
ical connections, they are extremely flexible.

What is a VLAN tag?

The VLAN tag header is inserted immediately following the destination MAC address and source MAC
address fields of the frame. The VLAN tag header can be divided into two components:
• TPID (Tag Protocol Identifier). The 802.1Q Ethernet-encoded TPID is defined as two octets with the
value “8100”.
• TCI (Tag Control Information). The TCI field is also two octets in length and contains:
- User priority. The user priority bits represents eight priority levels, 0 through 7. IEEE 802.1P
defines the operation for these 3 user priority bits.
- CFI (Canonical Format Indicator). The CFI bit indicates that all MAC address information carried
by the frame that may be present in the MAC data is in Canonical format.
- VID (VLAN Identifier). The twelve-bit VID field identifies the VLAN to which the frame belongs.
Three VID values are reserved by the 802.1Q standard.
310 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.3.2 Setting up a VLAN on a LAN interface

Refer to 10.3.1 - Introducing VLANs on page 309 for an introduction.

To set up a VLAN on the LAN interface, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the lanInterface object, select
the vlan attribute and add one or more entries to this table.

Use this attribute to configure the VLANs you want to set up. Add a row to the vlan table
for each VLAN you want to set up.
As long as no VLANs are created in the vlan table, the LAN interface accepts both VLAN
untagged and VLAN tagged frames. The VLAN untagged frames are bridged and/or
routed (depending on the setting of the mode attribute). The VLAN tagged frames are
bridged (in case the mode attribute is set to bridging or bridgingAndRouting, else they are dis-
carded).
As soon as a VLAN is created in the vlan table, the LAN interface still accepts VLAN
untagged frames but only accepts those VLAN tagged frames of which the VLAN ID cor-
responds with the VLAN ID that has been configured in the vlan table (see the vid element
below). Other VLAN tagged frames are discarded.

2 Configure the elements of the vlan table:

• name. Use this element to assign an administrative name to the VLAN.
• adminStatus. Use this element to activate or deactivate the VLAN.
• mode. Use this element to determine whether for the corresponding VLAN, IP packets
are treated by the routing process or the bridging process.
• ip. Use this element to configure the IP related parameters of the VLAN. Refer to 5.2.3
- Explaining the ip structure on page 63 for more information.
• bridging. Use this element to configure the bridging related parameters in case the mode
attribute is set to bridging. Refer to 9.2.6 - Explaining the bridging structure on page 281
for more information.
• vlan. Use this element to configure the specific VLAN related parameters of the VLAN.
See below.
1

Refer to telindus1423Router/lanInterface/vlan on page 455 for more information.

Telindus 1423 SHDSL Router Chapter 10 311
User manual Configuring the additional features

Step Action

3 Configure the vlan structure in the vlan table. The most important elements in this structure
are:
• vid. Use this element to set the VLAN ID.

Important remark

You can also enter VLAN tag 0 as VLAN ID. This is not really a VLAN, but a way
to reverse the filtering:
- all the untagged data is passed, internally, to VLAN 0.
- all the other, tagged, data for which no VLANs are defined, are handled by the
main LAN interface.
This allows a set-up where a number of VLANs are VLAN switched, while other VLANs
and untagged data are bridged. This is particularly interesting for VLAN based networks
with Ethernet switch discovery protocols like Cisco CDP. Until now, this was not possible
since the VLAN switching mode did not allow flooding packets over multiple interfaces
(bridging), nor did it allow terminating management data in the device.
In such set-up, the configuration looks as follows:
- A first bridge group includes all VLANs that need to be switched. This bridge group
is set in VLAN switching mode.
- A second bridge group includes VLAN 0 and possibly also a VLAN for manage-
ment of the device.
- The interface VLAN table(s) include(s) entries for all switched VLANs, VLAN 0 and
possibly a VLAN for management.

• tagSignificance. Use this element to determine whether the VLAN tag has a local or a
global significance. This element is only relevant when you set the mode element to
bridging.
If the tagSignificance is set to …
- local, then the VLAN header is only relevant for the VLAN itself. When receiving a
packet on the VLAN, the VLAN header is stripped before the packet is forwarded
to the bridging engine. When transmitting a packet on the VLAN, the VLAN header
is inserted.
- global, then the VLAN header is not changed when forwarding packets.

When connecting 2 or more Ethernet VLANs in the same bridge group, then make
sure you set the tagSignificance to local, as both VLANs use different VLAN IDs.

Refer to telindus1423Router/lanInterface/vlan/vlan on page 457 for more information.

312 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.3.3 Setting up a VLAN on the bridge group

Refer to 10.3.1 - Introducing VLANs on page 309 for an introduction.

Although the Telindus 1423 SHDSL Router bridges VLAN tagged frames when connected to a VLAN
aware switch, the Telindus 1423 SHDSL Router itself can only be managed via IP if a VLAN is configured
on the bridge group. In other words, if you want that the data carried by a VLAN can be delivered to the
Telindus 1423 SHDSL Router itself (e.g. so that it can be delivered to the protocol stack, routed, etc.),
then you have to configure a VLAN on the bridge group.
To set up VLANs on the bridge group, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the bridgeGroup object, select
the vlan attribute and add one or more entries to this table.

Use this attribute to configure the VLANs you want to set up. Add a row to the vlan table
for each VLAN you want to set up.

2 Configure the elements of the vlan table:

• name. Use this element to assign an administrative name to the VLAN.
• adminStatus. Use this element to activate or deactivate the VLAN.
• ip. Use this element to configure the IP related parameters of the VLAN. Refer to 5.2.3
- Explaining the ip structure on page 63 for more information.
• vlan. Use this element to configure the specific VLAN related parameters of the VLAN.
See below.

Refer to telindus1423Router/bridge/bridgeGroup/vlan on page 659 for more information.

3 Configure the vlan structure in the vlan table. The elements in this structure are:
• vid. Use this element to set the VLAN ID.
• txCos. Use this element to set the default user priority (802.1P, also called COS) of the
transmitted VLAN frames.
• changeTos. Use this element to enable or disable the COS to TOS mapping.
If you set the changeTos attribute to disabled, then the element cosTosMap is ignored.
• cosTosMap. Use this element to determine how the VLAN user priority (COS) maps
onto the IP TOS byte value.
• tosCosMap. Use this element to determine how the IP TOS byte value maps onto the
VLAN user priority (COS).
• arp. Use this element to configure the Address Resolution Protocol (ARP) cache.

Refer to telindus1423Router/bridge/bridgeGroup/vlan/vlan on page 660 for more information.

Telindus 1423 SHDSL Router Chapter 10 313
User manual Configuring the additional features

10.3.4 Configuring VLAN switching

Refer to 10.3.1 - Introducing VLANs on page 309 for an introduction on VLANs.

To configure VLAN switching, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the bridge/bridgeGroup object
and set the bridgeCache attribute to switching.

2 In the Telindus 1423 SHDSL Router containment tree, go to the bridge/bridgeGroup object,
select the vlanSwitching attribute and add one or more entries to this table.

Use this attribute to specify which VLANs you want to switch. Add a row to the vlanSwitching
table for each VLAN you want to switch.
314 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Step Action

3 Configure the elements of the vlanSwitching table:

• sourceIntf. Use this element to enter the name of the (physical) source interface which
carries the VLAN that has to be switched.
• sourceVlan. Use this element to enter the VLAN ID of the VLAN that has to be switched.
Entering 0 as VLAN ID strips the VLAN tag of the Ethernet frame.
• sourcePMap. Use this element to, if desired, remap the VLAN priorities. The priorities
defined in the sourcePMap are applied after the VLAN is switched from destinationVlan to
sourceVlan.
• destinationIntf. Use this element to enter the name of the (physical) destination interface
which carries the VLAN when it has been switched. The destination interface can also
be a bridge group, in that case just enter the name of the bridge group.
• destinationVlan. Use this element to enter the VLAN ID of the VLAN when it has been
switched. Entering 0 as VLAN ID strips the VLAN tag of the Ethernet frame.
• destinationPMap. Use this element to, if desired, remap the VLAN priorities. The priori-
ties defined in the destinationPMap are applied after the VLAN is switched from sourceVlan
to destinationVlan.

Important remarks

•Note that one row in the vlanSwitching table represents a bidirectional connection.
I.e. data is switched from source to destination and vice versa.
• Also note that only point-to-point connections are possible. Point-to-multipoint con-
nections are not possible. In other words, a certain VLAN may only appear once in the
vlanSwitching table.

Refer to telindus1423Router/bridge/bridgeGroup/vlanSwitching on page 661 for more information on

the elements of the vlanSwitching configuration attribute.
Telindus 1423 SHDSL Router Chapter 10 315
User manual Configuring the additional features

Example - configuring VLAN switching

The following figure shows the LAN interface carrying 3 VLANs that are switched to 3 different ATM
PVCs. One of the VLAN IDs is kept, one is changed and one is stripped.

The following figure shows how to configure the bridge group for VLAN switching.
316 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.4 Configuring VLANs on the 4 port Ethernet switch

This chapter is only relevant in case your Telindus 1423 SHDSL Router is equipped with a 4 port Ether-
net switch. Refer to 1.3 - Telindus 1423 SHDSL Router family overview on page 7.

You can use the 4 port Ethernet switch as an ordinary Ethernet switch on the one hand, but you can also
use it as a VLAN switch on the other hand. This section explains how you can create VLANs on the 4
port Ethernet switch.
The following gives an overview of this section:
• 10.4.1 - Introducing the 4 port Ethernet switch on page 317
• 10.4.2 - Setting up VLANs on the 4 port Ethernet switch on page 319
Telindus 1423 SHDSL Router Chapter 10 317
User manual Configuring the additional features

10.4.1 Introducing the 4 port Ethernet switch

What is the 4 port Ethernet switch?

The Ethernet switch that is used on the Telindus 1423 SHDSL Router is actually a 5 port Ethernet switch,
with:
• 4 “external” ports.
• 1 “internal” port.

The 4 port Ethernet switch can be used as an ordinary Ethernet switch or as a VLAN switch.

The vlan attribute versus the ports attribute

In the lanInterface object of the 4 port Ethernet switch there are two attributes directly involved with the
configuration of VLANs:
• The ports attribute. Use this attribute to set up VLANs on the different ports of the 4 port Ethernet
switch. Depending on which type of VLAN tagging you select, VLAN IDs are stripped, added, etc.

• The vlan attribute. Use this attribute if you want that VLAN tagged packets inside the 4 port Ethernet
switch are forwarded to the bridging or routing function of the Telindus 1423 SHDSL Router.
318 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

VLAN switching restrictions

You can define up to 16 different VLANs in the vlan attribute and the ports attribute together. If you con-
figure more than 16 VLANs in total, then only the first 16 VLANs are activated. For each VLAN that could
not be activated the following warning message is displayed in the messages status attribute: “Ethernet
switch configuration failed: too many different VIDs! VID x is not activated.”.

The order in which the configured VLANs are activated is the following:
1. First the VLANs that are configured in the ports attribute are activated. This is done in numerical port
order, i.e. from port 1 to 4.
2. Then the VLANs that are configured in the vlan attribute are activated.

Examples:
• Suppose you configure port 1 as a trunk port with 16 different VIDs and you configure port 2, 3 and
4 as tagged ports also all with different VIDs. That makes 19 different VIDs! In that case, only the
VIDs of port 1 are activated.
• Suppose you configure port 1, 2 and 3 as tagged ports, all with different VIDs. Suppose you configure
port 4 as a trunk port with another 8 different VIDs. Finally, you create 8 entries in the vlan attribute,
also with VIDs different from the others. That makes 19 different VIDs! In that case, the last 3 entries
of the vlan attribute are not activated.
Telindus 1423 SHDSL Router Chapter 10 319
User manual Configuring the additional features

10.4.2 Setting up VLANs on the 4 port Ethernet switch

Refer to 10.4.1 - Introducing the 4 port Ethernet switch on page 317 for an introduction.
To create VLANs on the 4 port Ethernet switch, proceed as follows:

Step Action

1 If you want to create VLANs that only have a significance on the 4 port Ethernet switch,
in other words they do not have to be known by the protocol stack of the Telindus 1423
SHDSL Router, then it suffices to create VLANs on the ports of the 4 port Ethernet switch.
Do this as follows:
1. In the Telindus 1423 SHDSL Router containment tree, go to the lanInterfaceX object and
select the ports attribute.
2. In the ports attribute, you can configure the vlanTagging element for each port. Set the
vlanTagging element to …
- untagged if you want to accept incoming untagged packets and transmit outgoing
untagged packets.
- tagged if you want to accept incoming tagged packets and transmit outgoing tagged
packets of one VLAN only.
- trunk if you want to accept incoming tagged packets and transmit outgoing tagged
packets of several VLANs.
- portSniffing if you want to monitor the incoming and outgoing packets of another port.
Refer to telindus1423Router/lanInterface1/ports on page 461 for more information on the
vlanTagging element.
3. Set the switchMode attribute to dot1QSwitching to enable VLAN switching on the 4 port
Ethernet switch.

2 Configure the VLANs that the Telindus 1423 SHDSL Router needs to bridge or route in
the vlan attribute. If no VLANs are configured in the vlan attribute, then only local VLAN
switching between the Ethernet ports of the 4P switch is done.
Refer to 10.3.2 - Setting up a VLAN on a LAN interface on page 310 for more information
on the vlan attribute.

Important remark

As explained in VLAN switching restrictions on page 318, the sum of the unique VLANs configured in
the ports attribute and those configured in the vlan attribute may not exceed 16. This because the internal
VLAN table of the 4 port Ethernet switch can only handle up to 16 unique VLANs.
320 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Example 1 - creating VLANs on the 4 port Ethernet switch

In this example, all ports are untagged and the VIDs are set to the same value.

Incoming untagged packets and null-VID tagged packets are internally tagged with VID 1 before they
are forwarded (except if they are forwarded to the local port, see below). Incoming packets tagged with
VID 1 are forwarded unaltered. Incoming packets tagged with a different VID are discarded.
Outgoing untagged packets are forwarded unaltered. Outgoing tagged packets their VLAN tag is
removed before they are forwarded.
What makes this case a special case is that since all VIDs on all ports are the same, there is no need
for the Telindus 1423 SHDSL Router itself to be able to make a distinction between the different packets
coming from the different ports (it is the same VLAN). So packets that are destined for the Telindus 1423
SHDSL Router itself their VLAN tag is removed before they are forwarded through the local port. In other
words, the central CPU of the Telindus 1423 SHDSL Router receives untagged packets from the 4 port
Ethernet switch.
Telindus 1423 SHDSL Router Chapter 10 321
User manual Configuring the additional features

Example 2 - creating VLANs on the 4 port Ethernet switch

In this example, all ports are untagged and the VIDs are set to different values.

Depending on which port they arrive, incoming untagged packets and null-VID tagged packets are inter-
nally tagged with VID 10 or 20 before they are forwarded. Incoming tagged packets are forwarded unal-
tered if the VID corresponds with the one configured on the port. Incoming packets tagged with a
different VID are discarded.
Outgoing untagged packets are forwarded unaltered. Outgoing tagged packets their VLAN tag is
removed before they are forwarded.
As opposed to the previous case (Example 1 - creating VLANs on the 4 port Ethernet switch on
page 320), packets that are forwarded through the local port keep their VLAN tag. So in this case, if you
want that one or both VLANs are processed by the Telindus 1423 SHDSL Router itself (e.g. because
they have to be routed or bridged etc.), then add them to the vlan attribute.
So more concrete, if you want that both VLAN 10 and 20 are processed by the Telindus 1423 SHDSL
Router itself, then add 2 entries to the vlan attribute, one with VID = 10 and one with VID = 20.
322 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Example 3 - creating VLANs on the 4 port Ethernet switch

In this example, all ports are tagged and the VIDs are set to different values.

Incoming untagged packets and null-VID tagged packets are discarded. Incoming tagged packets are
forwarded unaltered if the VID corresponds with the one configured on the port. Incoming packets tagged
with a different VID are discarded.
Outgoing tagged packets are forwarded unaltered if the VID corresponds with the one configured on the
port.
If you want that one or both VLANs are processed by the Telindus 1423 SHDSL Router itself (e.g.
because they have to be routed or bridged etc.), then add them to the vlan attribute.

Example 4 - creating VLANs on the 4 port Ethernet switch

In this example, 2 ports are untagged, 2 ports are tagged, but the VIDs are set to the same value.

The untagged and tagged ports behave as explained in the previous examples.
One thing that can be noted here is that although all VIDs are set to the same value, packets forwarded
to the local port keep their VLAN tag. This as opposed to the situation in Example 1 - creating VLANs on
the 4 port Ethernet switch on page 320.
So in this case, if you want that the VLAN is processed by the Telindus 1423 SHDSL Router itself (e.g.
because it has to be routed or bridged etc.), then add it to the vlan attribute.
Telindus 1423 SHDSL Router Chapter 10 323
User manual Configuring the additional features

Example 5 - creating VLANs on the 4 port Ethernet switch

In this example, one port is configured as a trunk port.

The untagged and tagged ports behave as explained in the previous examples.
The trunk port is a special kind of tagged port. It can be seen as a concentrator for packets of all other
ports or as an uplink to a backbone LAN. On a trunk you can configure more than one VID. Note that the
local port is actually a permanent trunk port, i.e. it concentrates all packets destined for the central CPU.
On a trunk port, incoming untagged packets and null-VID tagged packets are discarded. Incoming
tagged packets are forwarded unaltered if the VID corresponds with the one configured on the port.
Incoming packets tagged with a different VID are discarded.
Outgoing tagged packets are forwarded unaltered if the VID corresponds with the one configured on the
port.

Example 6 - creating VLANs on the 4 port Ethernet switch

In this example, one port is configured as a sniffer port.

If a port is configured as sniffer port, its normal function is suspended and this port starts to transmit all
packets it has to monitor. So on a sniffer port the VLAN filtering and incoming and outgoing tagging rules
are all disabled.
In the example above, all packets (including packets that do not successfully pass the validation proc-
ess) entering or exiting port 2 and that are tagged with VID 101 are copied to port 4 and transmitted unal-
tered there. If you then connect a VLAN-enabled sniffer program running on a PC, you can monitor all
traffic to and from port 2.
324 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.5 Configuring L2TP tunnels

This section introduces the Layer 2 Tunnelling Protocol (L2TP) and gives a short description of the
attributes you can use to configure L2TP.
The following gives an overview of this section:
• 10.5.1 - Introducing L2TP tunnels on page 325
• 10.5.2 - Setting up an L2TP tunnel on page 327
• 10.5.3 - How does an L2TP tunnel work? on page 330
• 10.5.4 - Setting up a main and back-up tunnel on page 331
Telindus 1423 SHDSL Router Chapter 10 325
User manual Configuring the additional features

10.5.1 Introducing L2TP tunnels

What is an L2TP tunnel?

The Layer 2 Tunnelling Protocol (L2TP) is a protocol used for connecting VPNs (Virtual Private Net-
works) over public lines. More specific, it allows you to set up virtual PPP connections. In other words,
an L2TP tunnel simulates an additional PPP interface which directly connects two routers with each
other.
Concrete, using the Layer 2 Tunnelling Protocol you can connect several private and physically dis-
persed local networks with each other over public lines (such as the Internet) in order to create one big
(virtual) local network. This without the need for address translation.

L2TP tunnel terminology

The following table gives some specific L2TP terminology:

Term Description

L2TP Access Con- A node that acts as one side of an L2TP tunnel. It is a peer to the L2TP Network
centrator (LAC) Server (LNS). Packets sent from the LAC to the LNS require tunnelling with the
L2TP protocol.

L2TP Network A node that acts as one side of an L2TP tunnel. It is a peer to the L2TP Access
Server (LNS) Concentrator (LAC). The LNS is the logical termination point of a PPP session
that is being tunnelled from the remote system by the LAC.

Tunnel A tunnel exists between a LAC-LNS pair. The tunnel consists of a Control Con-
nection and zero or more L2TP sessions. The tunnel carries encapsulated PPP
datagrams and Control Messages between the LAC and the LNS.

Control Connection A control connection operates in-band over a tunnel to control the establish-
ment, release, and maintenance of sessions and of the tunnel itself.

Control Messages Control messages are exchanged between LAC and LNS pairs, operating in-
band within the tunnel protocol. Control messages govern aspects of the tunnel
and sessions within the tunnel.
326 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

L2TP tunnel encapsulation

The following table shows the L2TP encapsulation on the LAN and WAN interface:

Interface L2TP encapsulation

WAN interface The L2TP encapsulation on the WAN interface is as follows:

LAN interface The L2TP encapsulation on the LAN interface is as follows:

Telindus 1423 SHDSL Router Chapter 10 327
User manual Configuring the additional features

10.5.2 Setting up an L2TP tunnel

Refer to 10.5.1 - Introducing L2TP tunnels on page 325 for an introduction.

To set up an L2TP tunnel, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the router/tunnels object, select
the l2tpTunnels attribute and add one or more entries to this table.

Use this attribute to configure the Layer 2 Tunnelling Protocol tunnels you want to set up.
Add a row to the l2tpTunnels table for each L2TP tunnel you want to set up.

2 Configure the elements of the l2tpTunnels table:

• name. Use this element to assign an administrative name to the tunnel.
• adminStatus. Use this element to activate or deactivate the tunnel.
• mode. Use this element to determine whether for the corresponding tunnel, IP packets
are treated by the routing process, the bridging process or both.
• ip. Use this element to configure the IP related parameters of the tunnel. Building an
L2TP tunnel is based on logical interfaces. Those logical interfaces have their own IP
address. Refer to 5.2.3 - Explaining the ip structure on page 63 for more information.
• bridging. Use this element to configure the bridging related parameters in case the mode
attribute is set to bridging or routingAndBridging. Refer to 9.2.6 - Explaining the bridging
structure on page 281 for more information.
• l2tp. Use this element to configure the L2TP related parameters of the tunnel. See
below.

Refer to telindus1423Router/ip/router/tunnels/l2tpTunnels on page 588 for more information.

3 Configure the l2tp structure in the l2tpTunnels table. The most important elements in this
structure are:
• localIpAddress. Use this element to set the IP address that serves as start point of the
L2TP tunnel.
• remoteIpAddress. Use this element to set the IP address that serves as end point of the
L2TP tunnel.
• type. Use this element to specify the tunnel type (incoming or outgoing).
• mode. Use this element to set the L2TP mode of the Telindus 1423 SHDSL Router
(LAC, LNS or auto). Only use auto in case a Telindus router is located at both sides
of the tunnel.

Refer to telindus1423Router/ip/router/tunnels/l2tpTunnels/l2tp on page 589 for more information.

328 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Remarks

• L2TP tunnels can also be set up by an IP host. The Telindus 1423 SHDSL Router is transparent for
tunnels set up by a host.
• Multiple L2TP tunnels are possible on a single link. Currently, only one single PPP session is possible
per L2TP tunnel.
Telindus 1423 SHDSL Router Chapter 10 329
User manual Configuring the additional features

Example - configuring an L2TP tunnel

Suppose private network 1 has to be interconnected to private network 2 over the Internet. For this pur-
pose you want to set up an L2TP tunnel between the two access routers of these private networks.

So first create a route between the WAN interfaces of Router A and B. Then set up the tunnel between
the WAN interfaces of Router A and B (i.e. the tunnel start point is IP address 207.46.197.101, the tunnel
end point is IP address 198.182.196.56).
The following figure shows how to set up the L2TP tunnel:
330 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.5.3 How does an L2TP tunnel work?

Suppose a packet coming from the LAN has a destination address for a network that is accessible
through an L2TP tunnel. The following happens:

Phase Description

1 The packet goes through the routing decision process. If the

result of this decision is a route which uses the tunnel interface,
then the packet is encapsulated in PPP first, then L2TP, UDP
and finally IP.

2 Then the packet goes through the routing decision process again. This time using the
outer IP header.

3 The packet is routed over the Internet using the outer IP header.

4 The packet is received in the tunnel's end point, where it is then routed again using the
original IP header.
Telindus 1423 SHDSL Router Chapter 10 331
User manual Configuring the additional features

10.5.4 Setting up a main and back-up tunnel

Refer to 10.5.1 - Introducing L2TP tunnels on page 325 for an introduction.

This example explains how to set up a main and a back-up tunnel. More specifically how to use the
l2tpTunnels/backup element to do so.
Suppose private network 1 has to be interconnected to private network 2 over the Internet. For this pur-
pose you want to set up an L2TP tunnel between the two access routers of these private networks. What
is more, you want one main tunnel and one back-up tunnel.

Configure this example as follows:

Step Action

1 Add two entries to the l2tpTunnels table: one entry for the main tunnel and one for the back-
up tunnel. Configure these entries as described in 10.5.2 - Setting up an L2TP tunnel on
page 327.

Typically the main tunnel is of the type outgoing leased line, whereas the back-up tunnel
usually is an outgoing dial tunnel.

2 Now, by adding two entries to the routingTable, create two routes to network 2: one main
route (through the main tunnel) and one back-up route (through the back-up tunnel).

Differentiate the main route from the back-up route by giving them a different preference:
the main route is preferred (i.e. it’s preference value is lower) above the back-up route (it’s
preference value is higher).
332 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Step Action

3 Now use the backup element in the l2tpTunnels table to optimise the back-up process. Con-
figuring the backup element allows you to quickly set up a back-up tunnel as soon as the
main tunnel goes down, instead of waiting on several time-outs before the back-up tunnel
is set up.
For the main tunnel, you could configure the backup structure as follows:

The backup structure contains the following elements:

• interface. Use this element to enter the name of the back-up tunnel.
• timeOut. Use this element to set the set-up time-out of the main tunnel in seconds. If
the main tunnel is not set up within the specified time-out, then the back-up tunnel is
set up.
• autoRetry. This element is only relevant in case the type element of the main tunnel is
set to outgoingLeasedLine. Use this element to determine, if a leased line tunnel does not
come up, whether it has to keep trying to come up (yes) or quit after one try (no).

4 Configuring the above results in the following:

• The main route and tunnel are up.
⇒Data destined for network 2 goes over the main route/tunnel to network 2.
• The main tunnel goes down.
⇒The back-up tunnel is set up immediately. Data destined for network 2 now goes
over the back-up route/tunnel to network 2.
• The main route and tunnel come up again.
⇒Data destined for network 2 goes over the main route/tunnel again since this is the
preferred route.

Some remarks

1. The back-up mechanism only works for routing.

2. Typically the main tunnel is a leased line tunnel, whereas the back-up tunnel usually is a dial tunnel.
3. You can create an alternating back-up mechanism by letting the main tunnel refer to the back-up tun-
nel and vice versa. In that case you could set …
- the backup/autoRetry of the main tunnel to no, to avoid that both main and back-up tunnel are up at
the same time.
- the l2tp/noTrafficTimeOut of the back-up tunnel to 0, to “simulate” a leased line tunnel with the advan-
tage that this tunnel does not come up when the Telindus 1423 SHDSL Router boots. The back-
up tunnel will only come up (and stay up) at the moment it is triggered.
4. If in the situation as described in remark 3. you set the l2tp/noTrafficTimeOut of the back-up tunnel to
anything else than 0, then it is best to set the backup/autoRetry of the main tunnel to yes. This because
if the back-up tunnel goes down due to the no traffic time-out, then it does not trigger the main tunnel
to come up again. Moreover, due to the main/back-up routes in the routingTable, the only available
route remains the back-up route through the back-up tunnel (since the main tunnel and hence main
Telindus 1423 SHDSL Router Chapter 10 333
User manual Configuring the additional features

route stay down). However, in this case you have to keep in mind that setting up a dial tunnel can
take a long time (especially when using IPSEC with IKE).
334 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.6 Configuring IP security

This section introduces IP security (IPSEC) and gives a short description of the attributes you can use
to configure IPSEC.
The following gives an overview of this section:
• 10.6.1 - Introducing IPSEC on page 335
• 10.6.2 - Introducing IKE on page 338
• 10.6.3 - Setting up an IPSEC secured L2TP tunnel using a manual SA on page 342
• 10.6.4 - Setting up an IPSEC secured L2TP tunnel using an IKE preshared SA on page 344
• 10.6.5 - Setting up an IPSEC secured L2TP tunnel using an IKE certificate SA on page 346
• 10.6.6 - Obtaining security certificates manually on page 348
• 10.6.7 - Obtaining security certificates through SCEP on page 352
• 10.6.8 - The hardware accelerator (HWA) chip on page 354
Telindus 1423 SHDSL Router Chapter 10 335
User manual Configuring the additional features

10.6.1 Introducing IPSEC

What is IPSEC?

IPSEC (Internet Protocol Security) is a framework for a set of protocols for security at the network or
packet processing layer of network communication. Earlier security approaches have inserted security
at the application layer of the communications model. IPSEC is deployed widely to implement Virtual Pri-
vate Networks (VPNs). A big advantage of IPSEC is that security arrangements can be handled without
requiring changes to individual user computers.

IPSEC compatibility

IPSEC on the Telindus 1423 SHDSL Router is compatible with IPSEC on Cisco devices and on Linux.

The IPSEC modes

IPSEC features two basic modes: transport mode or tunnel mode. The Telindus 1423 SHDSL Router
currently supports L2TP tunnels over IPSEC. IPSEC is used in transport mode. I.e. traffic destined for
an L2TP tunnel is secured with IPSEC (refer to RFC 3193, Securing L2TP using IPSEC).

The IPSEC protocols (ESP and AH)

IPSEC provides two choices of security service:

• Authentication Header (AH), essentially allows authentication of the sender of data and parts of the
IP header.
• Encapsulating Security Payload (ESP), allows both authentication of the sender and encryption of
data as well.

The specific information associated with each of these services is inserted into the packet in a header
that follows the IP packet header.
336 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

What is AH?

AH is a protocol used for authenticating a data stream. It uses a cryptographic hash function to produce
a MAC from the data in the IP packet. This MAC is then transmitted with the packet, allowing the remote
gateway to verify the integrity of the original IP packet, making sure the data has not been tampered with
on its way through the Internet.

Apart from the IP packet data, AH also authenticates parts of the IP header.
The AH protocol inserts an AH header after the original IP header, and in tunnel mode, the AH header
is inserted after the outer header, but before the original, inner, IP header.

What is ESP?

The ESP protocol is used for both encryption and authentication of the IP packet. It can also be used to
do either encryption only, or authentication only.

The ESP protocol inserts an ESP header after the original IP header, in tunnel mode, the ESP header
is inserted after the outer header, but before the original, inner, IP header.
All data after the ESP header is encrypted and/or authenticated. The difference from AH is that ESP also
provides encryption of the IP packet. The authentication phase also differs in that ESP only authenticates
the data after the ESP header; thus the outer IP header is left unprotected.
Telindus 1423 SHDSL Router Chapter 10 337
User manual Configuring the additional features

What is a security association (SA)?

IPSEC provides different options for performing network encryption and authentication. The two com-
municating nodes must determine exactly which algorithms to use (e.g. DES or 3DES for encryption,
MD5 or SHA for integrity and authentication) and must share session keys. All this information is
described in the Security Association (SA). In other words, the security association is simply a statement
of the negotiated security policy between two devices.
An SA is, by nature, unidirectional. Hence the need for more than one SA per connection. In most cases,
where either ESP or AH is used, two SAs will be created for each connection: one describing the incom-
ing traffic and the other the outgoing. In cases where ESP and AH are used in conjunction, four SAs will
be created.

What is the Security Parameter Index (SPI)?

An SPI is an arbitrary value that uniquely identifies which SA to use at the receiving host. The sending
host uses the SPI to identify and select which SA to use to secure every packet. The receiving host uses
the SPI to identify and select the encryption algorithm and key used to decrypt packets.

What is a manual SA?

There are two types of security associations:

• Manual SA
• Dynamic SA

The Telindus 1423 SHDSL Router currently supports Manual SA. This requires no negotiation. All val-
ues, including the keys, are static and specified in the configuration. As a result, each peer must have
the same configured options for communication to take place.
In principle, security association is unidirectional (half-duplex). I.e. one SA for the inbound traffic and one
SA for the outbound traffic. The Telindus 1423 SHDSL Router also supports full-duplex SA (one SA for
both inbound and outbound traffic).

IPSEC encryption

You can encrypt the data using the Data Encryption Standard (DES or 3DES).
DES is a widely-used method of data encryption using a private (secret) key. Like other private key cryp-
tographic methods, both the sender and the receiver must know and use the same private key. DES
applies a 56-bit key to each 64-bit block of data. Triple DES applies three keys in succession.

IPSEC authentication

You can not only encrypt but also authenticate the data using the Keyed-Hashing for Message Authen-
tication (HMAC).
HMAC is a mechanism for message authentication using cryptographic hash functions. HMAC can be
used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret
shared key.
338 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.6.2 Introducing IKE

What is IKE?

IKE (Internet Key Exchange) is an IPSEC protocol used to ensure security for VPN negotiation and
remote host or network access. IKE defines an automatic means of negotiation and authentication for
IPSEC security associations (SA).
IKE has three main tasks:
• Provide a means for the endpoints to authenticate each other.
• Establish new IPSEC connections (create SA pairs).
• Manage existing connections.

IKE is layered on UDP and uses UDP port 500 to exchange IKE information between the security gate-
ways. Therefore, UDP port 500 packets must be permitted on any IP interface involved in connecting a
security gateway peer.

IKE negotiation

The process of negotiating session parameters consists of a number of phases and modes, which can
be briefly described as follows:
• IKE phase 1: Negotiate how IKE should be protected.
• IKE phase 2:
- Negotiate how IPSEC should be protected.
- Derive some fresh keying material from the key exchange in phase 1, to provide session keys to
be used in the encryption and authentication of the VPN data flow.

Both the IKE and the IPSEC connections have limited lifetimes, described both as time (seconds) and
data (kilobytes). These lifetimes prevent a connection from being used too long, which is desirable from
a cryptanalysis perspective.
The IPSEC lifetime is generally shorter than the IKE lifetime. This allows for the IPSEC connection to be
re-keyed simply by performing another phase 2 negotiation. There is no need to do another phase 1
negotiation until the IKE lifetime has expired.

What is an IKE proposal?

An IKE proposal is a suggestion of how to protect data. The proposals contain all parameters needed,
such as algorithms used to encrypt and authenticate the data etc.

IKE encryption

The IKE encryption specifies the encryption algorithm used in the IKE negotiation, and depending on the
algorithm, the size of the encryption key used. Supported encryption algorithms are:
• Data Encryption Standard (DES).
• Advanced Encryption Standard (AES).
Telindus 1423 SHDSL Router Chapter 10 339
User manual Configuring the additional features

IKE authentication

The IKE authentication specifies the authentication algorithm used in the IKE negotiation. Supported
authentication algorithms are:
• HMAC MD5
• HMAC SHA-1

What is the IKE DH group?

The IKE DH group specifies the Diffie-Hellman group to use when doing key exchanges in IKE. Sup-
ported Diffie-Hellman groups are:
• Diffie-Hellman group 1 (768 bit)
• Diffie-Hellman group 2 (1024 bit)
• Diffie-Hellman group 5 (1536 bit)

What is PFS?

Without PFS (Perfect Forwarding Secrecy), initial keying material is "created" during the key exchange
in phase 1 of the IKE negotiation. In phase 2 of the IKE negotiation, encryption and authentication ses-
sion keys will be extracted from this initial keying material.
When using PFS, completely new keying material will always be created upon re-key. Should one key
be compromised, no other key can be derived using that information.

What is the IPSEC DH group?

This is a Diffie-Hellman group much like the one for IKE. However, this one is used solely for PFS.

What is IKE preshared key authentication?

With preshared key authentication, you must manually configure the same, shared symmetric key on
both systems. The preshared key is used only for the primary authentication. The two negotiating entities
then generate dynamic shared keys for the IKE SAs.
340 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

What is IKE security certificate authentication?

Security certificates are used for public key cryptography, also referred to as asymmetric key cryptogra-
phy. Public key cryptography uses a pair of related, but different keys. One key, the private key, is asso-
ciated with a specific system or entity and is kept secret. The other key is the public key and can be
distributed freely. The public and private keys are mathematically related so that data encrypted with the
public key can only be decrypted with the private key.

Obtaining a security certificate

There are 2 ways to obtain the right certificates in order to negotiate an SA with another device through
IKE:
• Manually: install all certificates yourself. In this case you have to transfer the certificates yourself.
• SCEP: Simple Certificate Enrollment Protocol. In this case the certificate is obtained without an actual
transfer taking place.

The device should obtain 2 certificates:

1. A trusted certificate from the Certificate Authority (CA). This is a certificate that contains the CAs pub-
lic information and is self-signed by the CA. So it is a self-signed certificate to the CA and a CA cer-
tificate to the Telindus 1423 SHDSL Router.
2. A self-certificate, containing the device its information, signed by the Certificate Authority (CA). The
device generates a private/public key pair and associates its private key with the CA-signed certifi-
cate.
Telindus 1423 SHDSL Router Chapter 10 341
User manual Configuring the additional features

Security certificate terminology

Summarised, the terminology associated with certificates is:

• Trusted (CA) certificate. This is a certificate containing external information and signed by a CA. A
self-certificate is associated with a certain CA certificate because that CA signed the self-certificate.
• Self-certificate. This is a certificate containing local information and signed by a CA. It will authenti-
cate the device with another device.
• Self-signed certificate. This is a certificate containing local information and signed by yourself. Since
it is self-signed it has no authentication purpose to yourself, but it can be used by other devices in
order to authenticate themselves with yet another device. In that case the local device is a third party
device.

What is NAT-T?

The problem with IKE and IPSEC protocols is that they were not designed to work through NAT. There-
fore, NAT-T (NAT Traversal) has evolved. NAT traversal (RFC 3947 and 3948) is an add-on to the IKE
and IPsec protocols that makes them work when going through NAT.
NAT-T makes the following changes to the IKE and IPSEC protocols:
• NAT-T support. NAT-T is only used if both ends support it. For this purpose, NAT-T aware VPNs send
out a special "vendor ID", telling the other end that it understand NAT-T and which specific versions
of the draft it supports.
• NAT detection. Both IPSEC peers send hashes of their own IP addresses along with the source UDP
port used in the IKE negotiations. This information is used to see whether the IP address and source
port each peer uses is the same as what the other peer sees. If the source address and port have
not changed, then the traffic has passed NAT along the way and NAT-T is not necessary. If the
source address and/or port has changed, then the traffic has passed NAT and NAT-T is used.
• UDP encapsulation. Once the IPSEC peers have decided that NAT-T is necessary, the IKE negotia-
tion is moved away from UDP port 500 to port 4500. This is necessary since certain NAT devices
treat UDP packet to port 500 differently from other UDP packets in an effort to work around the NAT
problems with IKE. The problem is that this special handling of IKE packets may in fact break the IKE
negotiations, which is why the UDP port used by IKE has changed.

Another problem NAT-T resolves is that the ESP protocol is an IP protocol. There is no port information
like in TCP and UDP, which makes it impossible to have more than one NATed client connected to the
same remote gateway at the same time. Because of this, ESP packets are encapsulated in UDP. The
ESP-UDP traffic is sent on port 4500, the same port as IKE when NAT-T is used. Once the port has been
changed all following IKE communications are done over port 4500. Keep-alive packets are also being
sent periodically to keep the NAT mapping alive.
342 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.6.3 Setting up an IPSEC secured L2TP tunnel using a manual SA

Refer to 10.6.1 - Introducing IPSEC on page 335 for an introduction.

In order to set up an L2TP tunnel secured with IPSEC using a manual SA, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to

the router object and add a manualSA[ ] object underneath (refer
to 4.4 - Adding an object to the containment tree on page 50).
E.g. manualSA[mySA]

2 Now configure the attributes of the manualSA[ ] object you added in step 1 to your needs.
These attribute are:
• espEncryptionAlgorithm. Use this attribute to select the algorithm that will be used to
encrypt the data when using IPSEC.
• espEncryptionKey. Use this attribute to define the key that will be used in the encryption
/ decryption process when using IPSEC.
• espAuthenticationAlgorithm. Use this attribute to select the algorithm that will be used to
authenticate the data when using IPSEC.
• espAuthenticationKey. Use this attribute to define the key that will be used in the authen-
tication process when using IPSEC.
• spi. Use this attribute to set the SPI value. Each security association must have a
unique SPI value because this value is used to identify the security association.

Refer to 12.12.4 - Manual SA configuration attributes on page 597 for more information.

3 In the Telindus 1423 SHDSL Router containment tree, go to the router/tunnels object, select
the ipsecL2tpTunnels attribute and add one or more entries to this table.

Use this attribute to configure the IP secured Layer 2 Tunnelling Protocol tunnels you
want to set up. Add a row to the ipsecL2tpTunnels table for each IPSEC L2TP tunnel you
want to set up.

4 Configure the non-IPSEC related parameters in the ipsecL2tpTunnels table as described in

10.5.2 - Setting up an L2TP tunnel on page 327.
The only IPSEC related parameter is the ipsec element in the l2tp structure of the
ipsecL2tpTunnels table.
Telindus 1423 SHDSL Router Chapter 10 343
User manual Configuring the additional features

Step Action

5 In the ipsecL2tpTunnels table, go to the l2tp structure. In this structure, go to the ipsec ele-
ment:
• Set the first part of this element to fdxManualSA or hdxManualSA to choose between full-
duplex or half-duplex manual SA (refer to telindus1423Router/ip/router/tunnels/
ipsecL2tpTunnels/l2tp/ipsec on page 593 for more information).
• In the second part of this element, enter the index name of the manualSA[ ] object you
added in step 1 as value of the ipsec element.

By doing so, you apply the security association on the L2TP tunnel.
E.g. in our example, select fdxManualSA in the
first part of the ipsec element and enter the
string mySA in the second part of the ipsec
element.
344 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.6.4 Setting up an IPSEC secured L2TP tunnel using an IKE preshared SA

Refer to 10.6.2 - Introducing IKE on page 338 for an introduction.

In order to set up an L2TP tunnel secured with IPSEC using an IKE preshared SA, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the

router object and add an ikeSA[ ] object underneath (refer to 4.4 -
Adding an object to the containment tree on page 50).
E.g. ikeSA[mySA]

2 Now configure the attributes of the ikeSA[ ] object you added in step 1 to your needs.
These attribute are:
• phase1. Use this attribute to configure the parameters of phase 1 in the IKE negotiation
process. IKE phase 1 negotiations are used to establish IKE SAs. These SAs protect
the IKE phase 2 negotiations.
• phase2. Use this attribute to configure the parameters of phase 2 in the IKE negotiation
process.

Refer to 12.12.5 - IKE SA configuration attributes on page 601 for more information.

3 In the Telindus 1423 SHDSL Router containment tree, go to the router/tunnels object, select
the ipsecL2tpTunnels attribute and add one or more entries to this table.

Use this attribute to configure the IP secured Layer 2 Tunnelling Protocol tunnels you
want to set up. Add a row to the ipsecL2tpTunnels table for each IPSEC L2TP tunnel you
want to set up.

4 Configure the non-IPSEC related parameters in the ipsecL2tpTunnels table as described in

10.5.2 - Setting up an L2TP tunnel on page 327.
The only IPSEC related parameter is the ipsec element in the l2tp structure of the
ipsecL2tpTunnels table.
Telindus 1423 SHDSL Router Chapter 10 345
User manual Configuring the additional features

Step Action

5 In the ipsecL2tpTunnels table, go to the l2tp structure. In this structure, go to the ipsec ele-
ment:
• Set the first part of this element to ikePresharedSA.
• The second part of this element is a structure which, on its turn, contains the following
elements:
- ikeSA. Use this element to apply a certain IKE preshared key security
association on the IPSEC L2TP tunnel. Do this by typing the ikeSA
object its index name in this field.
- localId. Use this element to set the local identifier for use in IKE phase 1 negotiation.
- remoteId. Use this element to set the remote identifier for use in IKE phase 1 nego-
tiation.
- preSharedKey. Use this element to set the preshared key string. This key string in
combination with the selected IKE DH group is used to calculate the key during the
key exchange in phase 1 of the IKE negotiation.

Refer to telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels/l2tp/ipsec/ikePresharedSA on page 595

for more information.
346 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.6.5 Setting up an IPSEC secured L2TP tunnel using an IKE certificate SA

Refer to 10.6.2 - Introducing IKE on page 338 for an introduction.

In order to set up an L2TP tunnel secured with IPSEC using an IKE certificate SA, proceed as follows:

Step Action

1 Obtain and load the necessary security certificates. You can do this either …
• manually. Refer to 10.6.6 - Obtaining security certificates manually on page 348.
or
• through SCEP. Refer to 10.6.7 - Obtaining security certificates through SCEP on
page 352.

2 In the Telindus 1423 SHDSL Router containment tree, go to the

router object and add an ikeSA[ ] object underneath (refer to 4.4 -
Adding an object to the containment tree on page 50).
E.g. ikeSA[mySA]

3 Now configure the attributes of the ikeSA[ ] object you added in step 1 to your needs.
These attribute are:
• phase1. Use this attribute to configure the parameters of phase 1 in the IKE negotiation
process. IKE phase 1 negotiations are used to establish IKE SAs. These SAs protect
the IKE phase 2 negotiations.
• phase2. Use this attribute to configure the parameters of phase 2 in the IKE negotiation
process.

Refer to 12.12.5 - IKE SA configuration attributes on page 601 for more information.

4 In the Telindus 1423 SHDSL Router containment tree, go to the router/tunnels object, select
the ipsecL2tpTunnels attribute and add one or more entries to this table.

Use this attribute to configure the IP secured Layer 2 Tunnelling Protocol tunnels you
want to set up. Add a row to the ipsecL2tpTunnels table for each IPSEC L2TP tunnel you
want to set up.

5 Configure the non-IPSEC related parameters in the ipsecL2tpTunnels table as described in

10.5.2 - Setting up an L2TP tunnel on page 327.
The only IPSEC related parameter is the ipsec element in the l2tp structure of the
ipsecL2tpTunnels table.
Telindus 1423 SHDSL Router Chapter 10 347
User manual Configuring the additional features

Step Action

6 In the ipsecL2tpTunnels table, go to the l2tp structure. In this structure, go to the ipsec ele-
ment:
• Set the first part of this element to ikeCertificateSA.
• The second part of this element is a structure which, on its turn, contains the following
elements:
- ikeSA. Use this element to apply a certain IKE certificate security asso-
ciation on the IPSEC L2TP tunnel. Do this by typing the ikeSA object its
index name in this field.
- localId. Use this element to set the local identifier for use in IKE phase 1 negotiation.
This has to be the same as the IP address / hostname / username in the certificate
of the local device.
- remoteId. Use this element to set the remote identifier for use in IKE phase 1 nego-
tiation. This has to be the same as the IP address / hostname / username in the
certificate of the remote device.

Refer to telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels/l2tp/ipsec/ikeCertificateSA on page 596

for more information.
348 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.6.6 Obtaining security certificates manually

Refer to 10.6.2 - Introducing IKE on page 338 for an introduction.

In order to set up an L2TP tunnel secured with IPSEC using an IKE certificate SA, you have to obtain
and load the necessary security certificates. This procedure shows how to do this manually.
To obtain security certificates manually, proceed as follows:

Step Action

1 Configure a valid timeserver since all certificates are tested on their validity. Refer to
telindus1423Router/management/timeServer on page 670 for more information.

2 Obtaining the trusted certificate

Retrieve a trusted certificate from a CA.

The following gives an example of this procedure with the Microsoft Certificate Services.

Example

1. Download and install SCEP server software (e.g. the Microsoft SCEP Add-on for Cer-
tificate Services).
2. Once installed, surf to the Microsoft Certificate Services server.
3. Select Retrieve the CA certificate or certificate revocation list and click on the Next
button.

4. Select the current CA certificate (Current), the encoding (e.g. DER encoded) and
select Download CA certificate.

5. Save the trusted certificate on your computer. E.g. with filename certnew.cer.

3 Download the trusted certificate to the file system of the Telindus 1423 SHDSL Router.
Refer to 18.7 - Downloading files to the file system on page 972.
Telindus 1423 SHDSL Router Chapter 10 349
User manual Configuring the additional features

Step Action

4 Load the trusted certificate into the memory of the Telindus 1423 SHDSL Router.
In the containment tree of the Telindus 1423 SHDSL Router, select the Status group and
go to the fileSystem object. Then execute the loadTrustedCert action with the previously
downloaded trusted certificate filename as argument value.

⇒The trusted certificate is loaded into the Telindus 1423 SHDSL Router its memory.
Once you executed the saveCerts action (refer to step 10), you may delete the orig-
inal trusted certificate file from the file system (in our example the certnew.cer file).

5 Obtaining the self-certificate

Generate a self-certificate request on the Telindus 1423 SHDSL Router.

In the containment tree of the Telindus 1423 SHDSL Router, select the Status group and
go to the fileSystem object. Then execute the generateCertReq action with at least a filename
(e.g. certreq.txt), a private key name and your IP address or hostname or username as
argument values.

⇒The self-certificate request file is written to the file system and the Telindus 1423
SHDSL Router generates a public/private key pair. Note that the longer the key
length, the longer it takes to generate the keys.

Important remarks

• Remember the private key name. You need it again later on in the procedure in order
to load the associated signed self-certificate into the memory of the Telindus 1423
SHDSL Router.
• Do not reboot the Telindus 1423 SHDSL Router from this point onwards until you
reach the end of the procedure. Else the public/private key pair is lost making it impos-
sible to load the associated signed self-certificate into the memory of the Telindus
1423 SHDSL Router.

6 Download the self-certificate request file to your computer (e.g. using FTP or TFTP).
350 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Step Action

7 Let the CA sign the self-certificate request in order to obtain a signed self-certificate.
The following gives an example of this procedure with the Microsoft Certificate Services
(Chicken).

Example

1. Surf to the Microsoft Certificate Services server: http://chicken/certsrv/.

2. Select Request a certificate and click on the Next button.

3. Select Advanced request and click on the Next button.

4. Select Submit a certificate request using a base64 encoded PKCS #10 file or a
renewal request using a base64 encoded PKCS #7 file and select the Next button.
5. Locate the self-certificate request file you created in step 5 and downloaded to your
computer in step 6. Open it in a plain text editor (in our example, open the certreq.txt
file in e.g. NotePad). Select all the text and copy it.
6. Paste the self-certificate request text you just copied in the Saved Request box and
click on the Submit button.

⇒The CA signs the self-certificate request making it a valid signed self-certificate.

7. Select the encoding (e.g. DER encoded) and select Download CA certificate.

8. Save the signed self-certificate on your computer. E.g. with filename selfcert.cer.

8 Download the signed self-certificate to the file system of the Telindus 1423 SHDSL
Router. Refer to 18.7 - Downloading files to the file system on page 972.
Telindus 1423 SHDSL Router Chapter 10 351
User manual Configuring the additional features

Step Action

9 Load the signed self-certificate into the memory of the Telindus 1423 SHDSL Router.
In the containment tree of the Telindus 1423 SHDSL Router, select the Status group and
go to the fileSystem object. Then execute the loadSelfCert action with the previously down-
loaded signed self-certificate filename and the private key name you remember in step 5
as argument values.

⇒The signed self-certificate is loaded into the Telindus 1423 SHDSL Router its mem-
ory. Once you executed the saveCerts action (refer to step 10), you may delete the
original signed self-certificate file from the file system (in our example the
selfcert.cer file).

10 Permanently store the certificates and generated public/private key pair.

In the containment tree of the Telindus 1423 SHDSL Router, select the Status group and
go to the fileSystem object. Then execute the saveCerts action.
⇒The certificates and the associated public/private key pair are stored on the Telin-
dus 1423 SHDSL Router. They are loaded each time the Telindus 1423 SHDSL
Router starts up.
You may delete the original trusted certificate and signed self-certificate files from
the file system (in our example the certnew.cer and selfcert.cer files).

11 You can check which trusted and signed self-certificates are loaded by looking at the sta-
tus attributes telindus1423Router/fileSystem/trustedCertificates on page 822 and telindus1423Router/
fileSystem/selfCertificates on page 822.
352 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.6.7 Obtaining security certificates through SCEP

Refer to 10.6.2 - Introducing IKE on page 338 for an introduction.

In order to set up an L2TP tunnel secured with IPSEC using an IKE certificate SA, you have to obtain
and load the necessary security certificates. This procedure shows how to do this through SCEP.
To obtain security certificates through SCEP, proceed as follows:

Step Action

1 Configure a valid timeserver since all certificates are tested on their validity. Refer to
telindus1423Router/management/timeServer on page 670 for more information.

2 Make sure you have a SCEP server running (e.g. the Microsoft SCEP Add-on for Certif-
icate Services).

3 Load the trusted certificate into the memory of the Telindus 1423 SHDSL Router using
SCEP.
In the containment tree of the Telindus 1423 SHDSL Router, select the Status group and
go to the fileSystem object. Then execute the getTrustedCertScep action with at least the
SCEP server IP address and the SCEP URL1 as argument values.

⇒The trusted certificate is loaded into the Telindus 1423 SHDSL Router its memory.
4 Load the signed self-certificate into the memory of the Telindus 1423 SHDSL Router
using SCEP.
In the containment tree of the Telindus 1423 SHDSL Router, select the Status group and
go to the fileSystem object. Then execute the getSelfCertScep action with at least the SCEP
server IP address, the SCEP URL, a private key name and your IP address or hostname
or username as argument values.

⇒The signed self-certificate is loaded into the Telindus 1423 SHDSL Router its mem-
ory.
Telindus 1423 SHDSL Router Chapter 10 353
User manual Configuring the additional features

Step Action

5 Permanently store the certificates and generated public/private key pair.

In the containment tree of the Telindus 1423 SHDSL Router, select the Status group and
go to the fileSystem object. Then execute the saveCerts action.
⇒The certificates and the associated public/private key pair are stored on the Telin-
dus 1423 SHDSL Router. They are loaded each time the Telindus 1423 SHDSL
Router starts up.

6 You can check which trusted and signed self-certificates are loaded by looking at the sta-
tus attributes telindus1423Router/fileSystem/trustedCertificates on page 822 and telindus1423Router/
fileSystem/selfCertificates on page 822.

1. Consult the manual of your SCEP server to find out which URL you have to specify.
354 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.6.8 The hardware accelerator (HWA) chip

Standard Telindus 1423 SHDSL Router versus Telindus 1423 SHDSL Router HWA

On the standard Telindus 1423 SHDSL Router, encryption in IPSEC is handled by the software. As this
is a processor consuming task, the forwarding performance of the Telindus 1423 SHDSL Router
decreases. Therefore, the Telindus 1423 SHDSL Router is also available in a version with a HWA chip.
This chip takes care of the DES and 3DES encryption / decryption, unburdening the software of this task.
This results in a better forwarding performance.

How to identify a Telindus 1423 SHDSL Router HWA version?

You can not distinguish a standard version from a HWA version on sight. However, you can distinguish
the two versions by looking at the status attribute telindus1423Router/sysDescr. In case you have a HWA ver-
sion, the string “HWA” or “3DES” appears in the sysDescr.
Example:
• Telindus 1423 SHDSL Router Txxxx/xxxxx 01/01/00 12:00 indicates that you have a standard version.
• Telindus 1423 SHDSL Router 3DES Txxxx/xxxxx 01/01/00 12:00 indicates that you have a 3DES version.

The status of the HWA chip

Whenever the Telindus 1423 SHDSL Router boots, it checks the presence of the HWA chip and does a
diagnostic test. Should these checks fail (e.g. because the HWA chip is faulty), then the following mes-
sages appear in the status attribute telindus1423Router/messages:
• encryption chip init failed
• encryption chip diag failed

In case the HWA chip is faulty, the DES and 3DES encryption is done by the software as on the standard
Telindus 1423 SHDSL Router.
Telindus 1423 SHDSL Router Chapter 10 355
User manual Configuring the additional features

10.7 Configuring RADIUS

This section introduces Remote Authentication Dial-In User Service (RADIUS) and gives a short descrip-
tion of the attributes you can use to configure RADIUS.
The following gives an overview of this section:
• 10.7.1 - Introducing RADIUS on page 356
• 10.7.2 - Enabling RADIUS for device access authentication on page 358
• 10.7.3 - Enabling RADIUS for network access authentication on page 360
• 10.7.4 - Enabling RADIUS for accounting on page 361
• 10.7.5 - Supported RADIUS attribute types on page 362
• 10.7.6 - Client (calling) IP settings on page 364
• 10.7.7 - NAS (called) IP settings on page 364
356 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.7.1 Introducing RADIUS

What is RADIUS?

Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that ena-
bles Network Access Servers (NAS) to communicate with a central server to authenticate dial-in users
and authorize their access to the requested system or service. RADIUS allows a company to maintain
user profiles in a central database that all remote servers can share. It provides better security, allowing
a company to set up a policy that can be applied at a single administered network point. Having a central
service also means that it's easier to track usage for billing and for keeping network statistics.
The following figure shows the interaction between a dial-in user, the RADIUS client and the RADIUS
server:

1. The user initiates PPP authentication to the NAS.

2. The NAS asks for a username and a password (if PAP or CHAP is active).
3. The user replies.
4. The RADIUS client sends the username and encrypted password to the RADIUS server.
5. The RADIUS server responds with accept, reject or challenge.
6. The RADIUS client acts upon services and services parameters bundled with accept or reject.
Telindus 1423 SHDSL Router Chapter 10 357
User manual Configuring the additional features

Authentication and authorisation using RADIUS

The RADIUS server can support a variety of methods to authenticate a user. When it is provided with
the username and original password given by the user, it can support PPP, PAP or CHAP and other
authentication mechanisms.
Typically, a user login consists of a query (Access-Request) from the NAS to the RADIUS server and a
corresponding response (Access-Accept or Access-Reject) from the server:
• Access-Request. The Access-Request packet contains the username, encrypted password, NAS IP
address, and port. The format of the request also provides information about the type of session that
the user wants to initiate.
• Access-Reject. When the RADIUS server receives the Access-Request from the NAS, it searches a
database for the username listed. If the username does not exist in the database, an Access-Reject
message is sent.
• Access-Accept. In RADIUS, authentication and authorisation are coupled together. If the username
is found and the password is correct, the RADIUS server returns an Access-Accept response, includ-
ing a list of attribute-value pairs that describe the parameters to be used for this session. Typical
parameters include service type, protocol type, IP address to assign the user (static or dynamic),
access list to apply, or a static route to install in the NAS routing table. The configuration information
in the RADIUS server defines what will be installed on the NAS.

The figure below illustrates the RADIUS authentication and authorization sequence:

Accounting using RADIUS

The accounting features of the RADIUS protocol can be used independently of RADIUS authentication
or authorisation. The RADIUS accounting functions allow data to be sent at the start and end of sessions,
indicating the amount of resources (such as time, packets, bytes, and so on) used during the session.
An Internet service provider (ISP) might use RADIUS access control and accounting software to meet
special security and billing needs.
Transactions between the client and RADIUS server are authenticated through the use of a shared
secret, which is never sent over the network. In addition, user passwords are sent encrypted between
the client and RADIUS server to eliminate the possibility that someone snooping on an insecure network
could determine a user's password.
358 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.7.2 Enabling RADIUS for device access authentication

Refer to 10.7.1 - Introducing RADIUS on page 356 for an introduction.

To prevent unauthorised access to the Telindus devices themselves (for management purposes), you
can configure a password in the devices. However, instead of configuring the passwords in the devices
themselves, you can also use a RADIUS server for this purpose.
So in order to enable device access authentication with RADIUS, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the router object and select
the radius attribute.

2 Configure the following elements of the radius structure:

• authServers. Use this element to select an authentication server. You can create a list
of several authentication servers. The authServers table contains the following ele-
ments:
- address. Use this element to specify the IP address of the authentication server.
- secret. Use this element to set the shared secret to authenticate the transaction with
the authentication server.
- timeOut. Use this element to specify the authentication time-out.
• retries. Use this element to specify the number of retries before selecting the next
authentication server in the authServers table.
• login. Use this element to set the authentication of access to the Telindus 1423 SHDSL
Router using a management application (e.g. Telnet, FTP, TFTP, TMA, etc.). No
accounting data is sent to the server. The login element has the following values:
- disabled. No RADIUS login authentication is done.
- enabled. Login authentication is always done using a RADIUS server. Refer to step
3.
- fallback. Login authentication is done using a RADIUS server. However, if the server
is not available, then authentication is done using the local security table of the
device.
Telindus 1423 SHDSL Router Chapter 10 359
User manual Configuring the additional features

Step Action

3 If in step 2 you set the login element to enabled or fallback, then you have to configure user-
names and associated passwords on the RADIUS server.
The username and password have to be entered as follows: "username:password". If
the ‘:’ is omitted, then the string is considered to be a password.
Multiple passwords can be added using the same username. Access rights are sent
using the RADIUS attribute CLASS (25) encoded as a string carrying a binary value. The
bit definitions are:
• readAccess = 00000001B
• writeAccess = 00000010B
• securityAccess = 00000100B
• countryAccess = 00001000B (only used on aster4/5)
• fileAccess = 00010000B

Caution should be taken since all access to the device has to be authenticated by a
RADIUS server.

Refer to telindus1423Router/ip/router/radius on page 573 for a complete explanation of the radius attribute.
360 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.7.3 Enabling RADIUS for network access authentication

Refer to 10.7.1 - Introducing RADIUS on page 356 for an introduction.

The most typical application of RADIUS is where the RADIUS server authenticates dial-in users and
authorises their access to an ISP its network (in order to access the Internet).
So in order to enable network access authentication with RADIUS, proceed as follows:

Step Action

1 Configure a PPP(oA) link towards the remote network (e.g. the ISP’s network) and ena-
ble PAP or CHAP on this link.
Refer to 7.4 - Configuring PPP encapsulation on page 155 for more information.

2 In the Telindus 1423 SHDSL Router containment tree, go to the router object and select
the radius attribute.

3 Configure the following elements of the radius structure:

• authServers. Use this element to select an authentication server. You can create a list
of several authentication servers. The authServers table contains the following ele-
ments:
- address. Use this element to specify the IP address of the authentication server.
- secret. Use this element to set the shared secret to authenticate the transaction with
the authentication server.
- timeOut. Use this element to specify the authentication time-out.
• retries. Use this element to specify the number of retries before selecting the next
authentication server in the authServers table.
• ppp. Use this element to set the authentication of a PPP connection that uses PAP or
CHAP. The ppp element has the following values:
- disabled. PPP authentication is not done using a RADIUS server. It is done using
the local sysName/sysSecret or sessionName/sessionSecret of the device.
- enabled. PPP authentication is always done using a RADIUS server.

Note that the local configuration of username and password is ignored if a table of RADIUS servers exist.
Furthermore, remote IP address and remote netmask are ignored if a RADIUS server imposes these
attributes.

Refer to telindus1423Router/ip/router/radius on page 573 for a complete explanation of the radius attribute.
Telindus 1423 SHDSL Router Chapter 10 361
User manual Configuring the additional features

10.7.4 Enabling RADIUS for accounting

Refer to 10.7.1 - Introducing RADIUS on page 356 for an introduction.

Together with authentication, an Internet service provider (ISP) might use RADIUS for accounting pur-
poses (e.g. for billing or network statistics).
So in order to enable accounting with RADIUS, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the router object and select
the radius attribute.

2 Configure the following elements of the radius structure:

• acctServers. Use this element to select an accounting server. You can only select one
accounting server. The acctServers structure contains the following elements:
- address. Use this element to specify the IP address of the accounting server.
- secret. Use this element to set the shared secret to authenticate the transaction with
the accounting server.
- timeOut. Use this element to specify the accounting time-out.
• acctUpdate. Use this element to specify the time at which an update of the accounting
data should be send to the server.
Set this element to 0 (default) if no update is required. Note that this is not always sup-
ported by the accounting server.
362 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.7.5 Supported RADIUS attribute types

This section shows which RADIUS attribute types are supported by the Telindus 1423 SHDSL Router.

RADIUS authentication attribute types

(1) User-Name Is sent.

(2) User-Password Is sent in case of PAP, TELNET, FTP and TMA authentication.

(3) CHAP-Password Is sent in case of CHAP authentication.

(4) NAS-IP-Address Is sent (this is the IP address of the interface that received the incom-
ing call).

(5) NAS-Port-ID Is sent (this is the index of the interface that received the incoming
call).

(7) Framed-Protocol Is sent.

(8) Framed-IP-Address Supported. Local configuration is overruled when received.

• 255.255.255.255: client is allowed to choose an address. It must
be rejected if null.
• 255.255.255.254: remote IP address that is configured on the
NAS is sent to the remote client.
• any valid address: this address is taken as remote IP address.

Also see 10.7.6 - Client (calling) IP settings on page 364 and 10.7.7
- NAS (called) IP settings on page 364 for NAS and remote client
behaviour when sending/learning IP addresses and masks.

(9) Framed-IP-Netmask Supported.

Also see 10.7.6 - Client (calling) IP settings on page 364 and 10.7.7
- NAS (called) IP settings on page 364 for NAS and remote client
behaviour when sending/learning IP addresses and masks.

(22) Framed-Route Supported (1 metric).

(25) Class Is used to send the “accessRights” when using TELNET and TMA. Is
sent as a hexadecimal value.

(27) Session-Timeout Supported.

(32) NAS-Identifier Is sent (= sysName).

(33) Proxy-State

(60) CHAP-Challenge Is sent.

(62) Port-Limit Supported in case of multilink.

(80) Message-Authenticator HMAC MD5 authentication of access request. Is not required but is
sent for security reasons.
Telindus 1423 SHDSL Router Chapter 10 363
User manual Configuring the additional features

RADIUS accounting attribute types

(40) Status-Type Supported (values (1) Start, (2) Stop and (3) Update).

(41) Delay-Time Supported.

(42) Input-Octets Supported.

(43) Output-Octets Supported.

(44) Session-ID Supported.

(45) Authentic Supported (always value (1) RADIUS).

(46) Session-Time Supported.

(47) Input-Packets Supported.

(48) Output-Packets Supported.

(49) Terminate-Cause Supported (values (2) Lost Carrier, (5) Session Timeout and (6)
Admin Reset).

(50) Multi-Session-ID Supported in case of multilink.

(51) Link-Count Supported in case of multilink.

364 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.7.6 Client (calling) IP settings

The following table shows some cases of how and which IP addresses the client can learn on its PPP
link in case of RADIUS:

Case Description

1 IP address and mask are already configured on the client.

⇒Configured IP address and mask are used.
2 No IP address and mask are configured on the client, they are learned from the NAS.
⇒Normal case: add 3 routes (host, network and broadcast). However, if the learned
mask is 255.255.255.252, then no broadcast route is added. If the learned mask
is 255.255.255.255, then only a host route is added.
⇒If the gatewayPreference is not 0, then a default gateway is added via the PPP inter-
face with the configured preference.
⇒If the PPP link goes down, then remove all the routes.
3 No IP address is configured on the client. IP address is learned from the NAS, the mask
not.
⇒Configured IP address is used.
⇒Set mask to 255.255.255.255.
4 The client is configured in unnumbered mode (an IP address and mask are taken from
another interface for which the IP address and mask is configured).
⇒IP address and mask of the referenced interface are used.

10.7.7 NAS (called) IP settings

The following table shows some cases of how and which IP addresses the NAS sets on its PPP link in
case of RADIUS:

Case Description

1 An IP address and mask is configured or unnumbered mode is configured. The remote

client requests an IP address and mask.
⇒If the remote IP address does not fall within the network defined by the own IP
address and mask, then reject the VSO option 0.0.0.0 from the other side. (E.g.
remote IP = 10.0.0.1 and own IP = 192.168.0.1 / 255.255.255.0.)
⇒If (remote IP address and mask) = (local IP address and mask), then a host route
is added for the remote IP address to make sure that the remote can be reached
(via proxy ARP when the NAS is in unnumbered mode).
Telindus 1423 SHDSL Router Chapter 10 365
User manual Configuring the additional features

10.8 Configuring QoS

This section introduces Quality of Service (QoS) and, using schematical drawings, tries to shows which
attributes you can use to configure QoS.
The following gives an overview of this section:
• 10.8.1 - Introducing QoS on page 366
• 10.8.2 - IP QoS on page 367
• 10.8.3 - VLAN QoS on page 368
• 10.8.4 - QoS on an Ethernet interface on page 368
• 10.8.5 - QoS on a PPP interface without fragmentation on page 369
• 10.8.6 - QoS on a PPP interface with fragmentation on page 369
• 10.8.7 - QoS on a multilink PPP interface with fragmentation on page 370
• 10.8.8 - QoS on a Frame Relay interface without fragmentation on page 371
• 10.8.9 - QoS on a Frame Relay interface with fragmentation on page 371
• 10.8.10 - QoS on a multilink Frame Relay interface without fragmentation on page 372
• 10.8.11 - QoS on a multilink Frame Relay interface with fragmentation on page 373
• 10.8.12 - Frame Relay fragmentation options on page 373
• 10.8.13 - QoS on an ATM interface on page 374
• 10.8.14 - QoS on an ATM IMA interface on page 374
• 10.8.15 - QoS on traffic within a VPN tunnel on page 375
366 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.8.1 Introducing QoS

What is QoS?

Quality of Service (QoS) is the capability of a network to provide better service to certain network traffic
over various technologies (e.g.Frame Relay, ATM, Ethernet and IP networks that use any or all of these
underlying technologies). The primary goal of QoS is to provide priority including dedicated bandwidth,
controlled jitter and latency, and improved loss characteristics. Also important is making sure that pro-
viding priority for one or more flows does not make other flows fail.
QoS is not one attribute that you can set to “low”, “medium” or “high” quality. QoS is a collection of con-
figuration attributes located on different levels (e.g. queueing, PPP fragmentation, bandwidth control,
etc.).
The following table gives an overview of the features that can be used for QoS:

Protocol Feature

All 7 queues: 5 user configurable queues, a low delay queue and a system queue.

All Priority policies: FIFO, round robin, absolute priority, WFQ, low delay WFQ.

All Bandwidth control per queue with CIR values.

IP IP traffic classification based on access lists (trafficShaping), tosDiffServ &

tosMapped.

VLAN VLAN traffic classification based on 802.1P bits.

PPP PPP fragmentation.

PPP PPP multi-class.

PPP Improved load balancing for MLPPP.

Frame Relay Frame Relay fragmentation.

Frame Relay CIR / EIR on outgoing traffic.

Frame Relay CIR / EIR on incoming traffic.

ATM UBR traffic class.

Telindus 1423 SHDSL Router Chapter 10 367
User manual Configuring the additional features

10.8.2 IP QoS

• 7 queues per interface.

- Queue 1 up to 5.
- Low delay queue.
- System queue for e.g. control protocols (PPP LCP, Frame Relay LMI, ATM OAM, …).
- CIR is configurable per queue (except for the system queue).
• Traffic policy: maps IP traffic to a queue.
- Traffic shaping: classification on IP addresses, IP protocol, UDP/TCP port numbers and TOS bits.
- diffServ: fixed mapping to queues and 3 drop levels based on 2 TOS bits.
- TOS mapped: configurable mapping on TOS bits only.
• Priority policy: defines policy to empty the queues.
- FIFO, round robin, absolute priority, WFQ, low delay WFQ.
- Bandwidth control per queue (CIR).
- System queue always has absolute priority.

• Policy based routing: routing is based on higher layer protocols.

- IP addresses, IP protocol, UDP/TCP port numbers and TOS bits.
368 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.8.3 VLAN QoS

• Only in case of bridging or VLAN switching mode.

• Only applicable on VLAN packets (using the P bits).
• Traffic policy based on P bits value.
• IP TOS to VLAN COS mapping during tagging.

10.8.4 QoS on an Ethernet interface

• Traffic policy and priority policy are configured on physical interface level.
• CIR is configurable per queue.
Telindus 1423 SHDSL Router Chapter 10 369
User manual Configuring the additional features

10.8.5 QoS on a PPP interface without fragmentation

• Traffic policy and priority policy are configured on physical interface level.
• CIR is configurable per queue.
• When setting the attribute delayOptimisation to lowSpeedLinks, then the interface queue length is reduced.
This is particularly interesting for low speed links.

10.8.6 QoS on a PPP interface with fragmentation

• Fragmentation on PPP is mostly used for QoS (especially if the link speed is below 2 Mbps).
• Fragmentation can be enabled or disabled per interface (not per class).
• Use multiclass PPP for QoS.
- Set up a PPP bundle to be able to use multiclass.
- Each class is like a separate interface.
- Each class uses one priority queue (configurable per class). There is no need to apply a traffic
policy (use the default queue).
- Apply a priority policy on the physical interface.
370 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.8.7 QoS on a multilink PPP interface with fragmentation

Similar as for 10.8.6 - QoS on a PPP interface with fragmentation on page 369, except that now you use
several physical interfaces.
Telindus 1423 SHDSL Router Chapter 10 371
User manual Configuring the additional features

10.8.8 QoS on a Frame Relay interface without fragmentation

• Traffic policy is configured on DLCI level.

• Priority policy is configured on physical interface level.
• CIR is configurable per queue and per DLCI.

10.8.9 QoS on a Frame Relay interface with fragmentation

• Use multiple DLCIs per destination for different traffic classes.

• Each DLCI uses one priority queue (configurable per DLCI). There is no need to apply a traffic policy
(use the default queue).
• Priority policy is configured on physical interface level.
372 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.8.10 QoS on a multilink Frame Relay interface without fragmentation

• Set up a Frame Relay bundle.

• Traffic policy is configured on DLCI level.
• Priority policy is configured on physical interface level.
• CIR is configurable per queue and per DLCI.
Telindus 1423 SHDSL Router Chapter 10 373
User manual Configuring the additional features

10.8.11 QoS on a multilink Frame Relay interface with fragmentation

• Set up a Frame Relay bundle.

• Apply the same QoS principles on the bundle interface as on a physical interface.
• Note that Cisco routers do not support fragmentation on a multilink Frame Relay interface.

10.8.12 Frame Relay fragmentation options

• End-to-end fragmentation = fragmentation at DLCI level.

• Segment fragmentation = fragmentation at interface level (up to a switch).
374 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.8.13 QoS on an ATM interface

• Each PVC behaves like a physical interface.

• Traffic policy and priority policy are configured on PVC level.
• CIR is configurable per queue.
• PCR is configurable per PVC.
• AAL5 SAR (= fragmentation) occurs at the end.

10.8.14 QoS on an ATM IMA interface

Telindus 1423 SHDSL Router Chapter 10 375
User manual Configuring the additional features

10.8.15 QoS on traffic within a VPN tunnel

• Set up an L2TP or L2TP IPSec tunnel.

• Applying a traffic policy on the traffic destined for the tunnel is only useful for setting the TOS (DSCP)
bits (the priority field remains unused). So set the copyTos attribute in the l2tp structure to on.
• Create a traffic and priority policy on the lower layer interface. These policies are used on the TOS
values you have set with first traffic policy.
376 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.9 Configuring the stateful inspection firewall

The Telindus 1423 SHDSL Router features a stateful inspection firewall. This sections introduces the
firewall and explains how to configure it.
The following gives an overview of this section:
• 10.9.1 - Introducing the firewall on page 377
• 10.9.2 - Activating the firewall on page 383
• 10.9.3 - Adding an interface to a secure network (SNet) on page 384
• 10.9.4 - Defining an outbound SNet policy on page 386
• 10.9.5 - Defining an inbound SNet policy on page 388
• 10.9.6 - Defining an outbound self policy on page 390
• 10.9.7 - Defining an inbound self policy on page 392
• 10.9.8 - Configuring the firewall - rules of thumb on page 394
• 10.9.9 - Allowing access to the protocol stack when the firewall is active on page 395
• 10.9.10 - Determining which policies have to be defined on page 398
Telindus 1423 SHDSL Router Chapter 10 377
User manual Configuring the additional features

10.9.1 Introducing the firewall

Firewall types

In general, there are three types of firewall solutions:

• packet filter firewall. A packet filter firewall controls the flow of a datagram based on its source and
destination IP addresses and port numbers. The filtering is based on static permit and deny rules.
Refer to 10.2 - Configuring the access restrictions on page 296 for more information on packet filter-
ing.
• proxy firewall. A proxy firewall acts, for each application, as server and client on the different sides of
the firewall.
• stateful inspection firewall. A stateful inspection firewall is actually a combination of a packet filter fire-
wall and a proxy firewall. Refer to What is stateful inspection? on page 377 for more information. The
firewall that is present on the Telindus 1423 SHDSL Router is a stateful inspection firewall.

What is stateful inspection?

Stateful inspection, also referred to as dynamic packet filtering, is a firewall architecture that works at the
network layer. Unlike static packet filtering, which examines a packet based on the information in its
header, stateful inspection tracks each connection traversing all interfaces of the firewall and makes sure
they are valid. An example of a stateful firewall may examine not just the header information but also the
contents of the packet up through the application layer in order to determine more about the packet than
just information about its source and destination. A stateful inspection firewall also monitors the state of
the connection and compiles the information in a state table. Because of this, filtering decisions are
based not only on administrator-defined rules (as in static packet filtering) but also on context that has
been established by prior packets that have passed through the firewall.
As an added security measure against port scanning, stateful inspection firewalls close off ports until
connection to the specific port is requested.

What is a Virtual Firewall System (VFS)?

A Virtual Firewall System (VFS) provides multiple logical firewalls for multiple networks, on one system.
That is, a service provider with numerous subscribers can provide firewalls separating and securing all
the subscribers and yet, is able to manage it from one system. This is accomplished by establishing
"security domains" controlled by Virtual Firewalls, with each firewall having its own defined security pol-
icy. Security domains are exclusive in that they are external to any other security domain in a given sys-
tem.
Virtual Firewalls are functionally similar to a simple firewall, and are configured with their own outbound
and inbound policies, and network objects. However, Virtual Firewalls enable easy management of a col-
lection of firewalls through policies at a defined security domain.
An SNet is a logical name by which we can identify each "security domain" network.
378 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

What is a Secure Network (SNet)?

A Secure Network (SNet) is a logical name by which we can identify a "security domain" controlled by
Virtual Firewalls (VF).
There are four “standard1” SNets:
• self (i.e. the Telindus 1423 SHDSL Router itself)
• internet (i.e. the internet or any other external network)
• corp (i.e. the corporate network)
• DMZ (i.e. the demilitarised zone)

1. In future releases of the TDRE, it will be possible to create custom SNets.

Telindus 1423 SHDSL Router Chapter 10 379
User manual Configuring the additional features

What are SNet and self in- and outbound policies?

Policy Description

outbound SNet With outbound policies configured for a host in a secure network, it can access var-
ious services on the internet or on other secure networks.
So an outbound SNet policy defines the traffic from an SNet to any SNet but the
self SNet.

inbound SNet With inbound policies configured for a secure network, a remote host can access
various services running on internal machines in this secure network. With
Reverse NAT enabled, you can forward a service request onto the external public
IP address from a remote host (a host in the Internet) to any one of the internal
machines in the secure network with private IP address, which is running that serv-
ice.
So an inbound SNet policy defines the traffic to an SNet from any SNet but the self
SNet.

outbound self With outbound self policies configured for the device itself, the device can access
services running on hosts in various secure networks.
So an outbound self policy defines the traffic from the device itself (self SNet) to
any SNet.
380 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Policy Description

inbound self With inbound self policies configured for the device itself, services running on the
device itself can be accessed from various secure networks. For example, the
response to an ICMP echo request when a host in a secure network does a ping,
can be restricted by an inbound self policy.
So an inbound self policy defines the traffic to the device itself (self SNet) from any
SNet.

Which are the different types of attacks?

A network is vulnerable to attacks. Therefore, it is important to protect your network (e.g. with a firewall,
virus scanners, etc.). In general, there are five types of attacks:

Attack type Description

sniffing and port Sniffing is the term generally used for traffic monitoring within a network, while port
scanning scanning is used to find out information about a remote network. Both sniffing and
port scanning have the same objective: finding system vulnerabilities. However,
they take different approaches. Sniffing is used by an attacker already on the net-
work who wants to gather more information about the network. Port scanning is
used by someone who is interested in finding vulnerabilities on a system that is
unknown.

Denial of Service Denial of Service is a type of attack on a network that is designed to bring the net-
(DoS) work to its knees by flooding it with useless traffic. Many DoS attacks exploit limi-
tations in the TCP/IP protocols.

spoofing An IP spoofing attack is one in which the source IP address of a packet is forged.
There are generally two types of spoofing attacks:
• IP spoofing used in DoS attacks.
• man in the middle attacks.

IP spoofing-based DoS attacks are relatively simple. An attacker sends a packet

to the target host with a forged IP address (SYN). The targeted host sends an
acknowledgement (ACK) and waits for a response. The response never comes,
and these unanswered queries remain in the buffer of the targeted device. If
enough spoofed queries are sent, the buffer will overflow and the network device
will become unstable and crash.
Man in the middle attacks are much more difficult. Here, the attacker intercepts
traffic heading between two devices on the network. The attacker can either mon-
itor information or alter the data as it passes through the network.

exploits An exploit allows an attacker to take advantage of known weaknesses in operating

systems or applications to gain access to a server.
Telindus 1423 SHDSL Router Chapter 10 381
User manual Configuring the additional features

Attack type Description

viruses and The two most common types of network attacks are the virus and the worm. A virus
worms is a program used to infect a computer. It is usually buried inside another program,
known as a Trojan, or distributed as a stand-alone executable. Worms are often
confused with viruses, but they are very different types of code. A worm is self-rep-
licating code that spreads itself from system to system. A traditional virus requires
manual intervention to propagate itself.

Attack protection

A firewall not only controls in- and outbound traffic, it also protects your network against malicious
attacks. The different attacks are listed below:

Attack Description

SYN Flooding What is the SYN Flooding attack?

SYN Flooding is a well-known Denial Of Service (DOS) attack on TCP based serv-
ices. TCP needs a 3-way handshake before the actual communication starts
between two hosts. Whenever a new connection request comes in, the server allo-
cates some resources for serving it. A malicious intruder can forge a huge amount
of service requests over a very short period, and make the server run out of its
resources.

Source Routing What is the Source Routing attack?

With strict and loose source routing, as specified in IP standard RFC 791, one can
make datagrams take a predefined path towards a destination. In this way, an
intruder can gain more information about the corporate network, which he or she
can then misuse.

WinNuke What is the WinNuke attack?

WinNuke is a well-known Denial Of Service attack. This attack sends a string of

OOB (Out Of Band) data to the target computer on TCP port 139 (NetBIOS), caus-
ing it to lock up.

FTP Bounce What is the FTP Bounce attack?

With an FTP Bounce attack, an attacker issues a PORT command with IP address
and port number of some other system so that the server bounces the data to that
system.

IP Unaligned What is the IP Unaligned Timestamp attack?

Timestamp
With an IP Unaligned Timestamp attack, a packet with a timestamp option that is
not aligned on a 32-bit boundary crashes some systems. This is due to an una-
ligned memory access of the option.

MIME What is the MIME attack?

Certain web servers have no limit on the MIME headers that could be included in
a clients HTTP request. The only limits are: 8192 byte for each header, 300 sec-
onds on reading headers. Due to this limitation, by sending a large amount of 8000
byte headers, it is possible to consume a lot of memory (and CPU) and slow down
or even lock the server.
382 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

Attack Description

Sequence What is the Sequence Number Prediction attack?

Number Predic-
A TCP Sequence Number Prediction attack is when an attacker sets up a TCP
tion
connection (through the 3-way handshake) using a forged source address, without
seeing the target machine its responses. Predictable sequence numbers allow the
attacker to guess, with a high level of confidence, what the sequence number on
the SYN+ACK response from the target will be. This allows the attacker to com-
plete the handshake blindly by guessing a window of acknowledgement numbers
on the ACK packet. This allows a connection to be established where the source
address is different from that of the attacking machine.

Sequence What is the Sequence Number Out Of Range attack?

Number Out Of
A Sequence Number Out Of Range attack is when packets with out of range
Range
sequence number are received.

ICMP Error Mes- What is the ICMP Error Message attack?

sage
The Internet Control Message Protocol (ICMP) could be used to perform a number
of Denial Of Service attacks against TCP. Successful attacks may cause connec-
tion resets or reduction of throughput in existing connections, depending on the
attack type.

Ping Of Death What is the Ping Of Death attack?

A Ping Of Death attack is a Denial Of Service attack, which exploits the errors in
the oversize datagram handling mechanism of a TCP/IP stack. It is a well-known
problem that certain popular operating systems have difficulty in handling data-
grams more than the maximum datagram size defined by the IP standard. If hosts
running such operating systems come across oversized ping packets, they tend to
hang or crash.

IP Spoofing What is the IP Spoofing attack?

IP Spoofing is a network intrusion where a user pretending to be at a trusted IP

address gains access to a computer. The firewall makes sure that all traffic des-
tined to the corporate network is originated from the authorised sites in the internet.

IP Option What is the IP Option attack?

IP Option attacks are:

• zero length IP options.
• source routing options.
• unaligned timestamp options.
Telindus 1423 SHDSL Router Chapter 10 383
User manual Configuring the additional features

10.9.2 Activating the firewall

Refer to 10.9.1 - Introducing the firewall on page 377 for an introduction.

If you want to use the firewall function of the Telindus 1423 SHDSL Router, then you have to activate it
first. Do this as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the router/

firewall object.

2 In the firewall object, set the inspection attribute to enabled.

3 Once the firewall is enabled, you can proceed with adding interfaces to SNets and defin-
ing policies.
384 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.9.3 Adding an interface to a secure network (SNet)

Refer to 10.9.1 - Introducing the firewall on page 377 for an introduction.

Before you can start defining policies for the firewall you have to add the interfaces, of which you want
that they are controlled by a (virtual) firewall, to an SNet.
To add an interface to an SNet, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the

ip attribute of the interface that you want to add to the SNet.
Refer to 5.2.2 - Where to find the IP parameters? on page 61 for the location of the ip
structure on the different IP interfaces.

2 In the ip attribute structure, go to the sNet element. Use this element to add the interface
to the SNet.
The sNet element is a choice element. The first part of the sNet element has the following
values:
• name. Select this value if you want to add the interface to one of
the standard SNets. In the second part of the sNet element, use
the drop-down box to select one of the standard SNets: corp, dmz
or internet.
Note that if you select the value <opt> (default), then the interface
is not added to a secure network.

• custom. Currently, you can only select standard SNets. In future

releases of the TDRE, it will be possible to select custom created
SNets.

Important remark

Note that if you configure the Telindus 1423 SHDSL Router with TMA through the LAN interface (i.e.
over an IP network), then make sure that before you assign the LAN interface to an SNet, that you create
an inbound self policy so that TMA can access the protocol stack of the Telindus 1423 SHDSL Router.
For more information, refer to …
• 10.9.7 - Defining an inbound self policy on page 392
• 10.9.9 - Allowing access to the protocol stack when the firewall is active on page 395
If you configure the Telindus 1423 SHDSL Router with TMA through the control port (i.e. through a serial
connection), then there is no problem.
Telindus 1423 SHDSL Router Chapter 10 385
User manual Configuring the additional features

Example - adding an interface to an SNet

Suppose you have the following setup:

Now, if you want to add the LAN interface to the SNet “corporate” and the ATM PVC on the WAN inter-
face to the SNet “internet”, then configure this as follows:
386 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.9.4 Defining an outbound SNet policy

Refer to 10.9.1 - Introducing the firewall on page 377 for an introduction.

Once the firewall function is activated and the necessary interfaces are added to SNets, you can start to
define policies. As explained in What are SNet and self in- and outbound policies? on page 379, there
are 4 types of policies. This section explains how to define an outbound SNet policy.
To define an outbound SNet policy, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the firewall object, select the
outboundPolicies attribute and add one or more entries to this table.

Use this attribute to define outbound SNet policies. Add a row to the outboundPolicies table
for each outbound SNet policy you want to define.

2 Configure the elements of the outbound SNet policy you just created. These elements
are:
• sNet. Use this element to specify the name of the source SNet for which you want to
create an outbound SNet policy. By doing so, you create a policy for the traffic from
the source SNet to any SNet except the self SNet.
• sourceIp. Use this element to specify the source IP address(es) for which you want to
create an outbound SNet policy.
Note that if you leave the sourceIp element at its default value (<opt>), then no source
IP address(es) is/are specified.
• destIp. Use this element to specify the destination IP address(es) for which you want
to create an outbound SNet policy.
Note that if you leave the destIp element at its default value (<opt>), then no source IP
address(es) is/are specified.
• application. Use this element to specify the application for which you want to create an
outbound SNet policy.
Note that if you leave the application element at its default value (<opt>), then no appli-
cation is specified.
• action. Use this element to specify whether packets that fall within the specification of
the policy are passed on (allow) or dropped (deny).
• nat. Use this element to determine whether address translation has to be done for the
outbound SNet policy and, if so, which translation address has to be taken.
Note that if you leave the nat element at its default value (<opt>), then no address trans-
lation is done.
• log. Use this element to determine whether limited (disabled) or extended (enabled) log-
ging is done for this policy.
• name. Use this element to assign a name (description) to the outbound SNet policy.
Telindus 1423 SHDSL Router Chapter 10 387
User manual Configuring the additional features

Example - defining an outbound SNet policy

Reconsider the example shown in Example - adding an interface to an SNet on page 385. Suppose you
want that the computers on the corporate network can surf on the Internet.

In that case you have to define an outbound SNet policy from the corporate network to the Internet allow-
ing HTTP traffic. Configure this as follows:
388 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.9.5 Defining an inbound SNet policy

Refer to 10.9.1 - Introducing the firewall on page 377 for an introduction.

Once the firewall function is activated and the necessary interfaces are added to SNets, you can start to
define policies. As explained in What are SNet and self in- and outbound policies? on page 379, there
are 4 types of policies. This section explains how to define an inbound SNet policy.
To define an inbound SNet policy, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the firewall object, select the
inboundPolicies attribute and add one or more entries to this table.

Use this attribute to define inbound SNet policies. Add a row to the inboundPolicies table for
each inbound SNet policy you want to define.

2 Configure the elements of the inbound SNet policy you just created. These elements are:
• sNet. Use this element to specify the name of the destination SNet for which you want
to create an inbound SNet policy. By doing so, you create a policy for the traffic from
any SNet except the self SNet to the destination SNet.
• sourceIp. Use this element to specify the source IP address(es) for which you want to
create an inbound SNet policy.
Note that if you leave the sourceIp element at its default value (<opt>), then no source
IP address(es) is/are specified.
• destIp. Use this element to specify the destination IP address(es) for which you want
to create an inbound SNet policy.
Note that if you leave the destIp element at its default value (<opt>), then no source IP
address(es) is/are specified.
• application. Use this element to specify the application for which you want to create an
inbound SNet policy.
Note that if you leave the application element at its default value (<opt>), then no appli-
cation is specified.
• action. Use this element to specify whether packets that fall within the specification of
the policy are passed on (allow) or dropped (deny).
• nat. Use this element to determine whether address translation has to be done for the
inbound SNet policy and, if so, which translation address has to be taken.
Note that if you leave the nat element at its default value (<opt>), then no address trans-
lation is done.
• log. Use this element to determine whether limited (disabled) or extended (enabled) log-
ging is done for this policy.
• name. Use this element to assign a name (description) to the inbound SNet policy.
Telindus 1423 SHDSL Router Chapter 10 389
User manual Configuring the additional features

Example - defining an inbound SNet policy

Reconsider the example shown in Example - adding an interface to an SNet on page 385. Suppose you
have an FTP server in your corporate network and you want that it can be accessed from the Internet.

In that case you have to define an inbound SNet policy from the Internet to the corporate network allow-
ing FTP traffic. Configure this as follows:
390 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.9.6 Defining an outbound self policy

Refer to 10.9.1 - Introducing the firewall on page 377 for an introduction.

Once the firewall function is activated and the necessary interfaces are added to SNets, you can start to
define policies. As explained in What are SNet and self in- and outbound policies? on page 379, there
are 4 types of policies. This section explains how to define an outbound self policy.
To define an outbound self policy, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the firewall object, select the
outboundSelfPolicies attribute and add one or more entries to this table.

Use this attribute to define outbound self policies. Add a row to the outboundSelfPolicies
table for each outbound self policy you want to define.

2 Configure the elements of the outbound self policy you just created. These elements are:
• sNet. Use this element to specify the name of the destination SNet for which you want
to create an outbound self policy. By doing so, you create a policy for the traffic from
the device itself (self SNet) to the destination SNet.
• sourceIp. Use this element to specify the source IP address(es) for which you want to
create an outbound self policy.
Note that if you leave the sourceIp element at its default value (<opt>), then no source
IP address(es) is/are specified.
• destIp. Use this element to specify the destination IP address(es) for which you want
to create an outbound self policy.
Note that if you leave the destIp element at its default value (<opt>), then no source IP
address(es) is/are specified.
• application. Use this element to specify the application for which you want to create an
outbound self policy.
Note that if you leave the application element at its default value (<opt>), then no appli-
cation is specified.
• action. Use this element to specify whether packets that fall within the specification of
the policy are passed on (allow) or dropped (deny).
• log. Use this element to determine whether limited (disabled) or extended (enabled) log-
ging is done for this policy.
• name. Use this element to assign a name (description) to the outbound self policy.
Telindus 1423 SHDSL Router Chapter 10 391
User manual Configuring the additional features

Example - defining an outbound self policy

Reconsider the example shown in Example - adding an interface to an SNet on page 385. Suppose you
want that the firewall (i.e. the Telindus 1423 SHDSL Router itself) can ping computers on the corporate
network.

In that case you have to define an outbound self policy from the device itself to the corporate network
allowing ICMP traffic. Configure this as follows:
392 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.9.7 Defining an inbound self policy

Refer to 10.9.1 - Introducing the firewall on page 377 for an introduction.

Once the firewall function is activated and the necessary interfaces are added to SNets, you can start to
define policies. As explained in What are SNet and self in- and outbound policies? on page 379, there
are 4 types of policies. This section explains how to define an inbound self policy.
To define an inbound self policy, proceed as follows:

Step Action

1 In the Telindus 1423 SHDSL Router containment tree, go to the firewall object, select the
inboundSelfPolicies attribute and add one or more entries to this table.

Use this attribute to define inbound self policies. Add a row to the inboundSelfPolicies table
for each inbound self policy you want to define.

2 Configure the elements of the inbound self policy you just created. These elements are:
• sNet. Use this element to specify the name of the source SNet for which you want to
create an inbound self policy. By doing so, you create a policy for the traffic from the
source SNet to the device itself (self SNet).
• sourceIp. Use this element to specify the source IP address(es) for which you want to
create an inbound self policy.
Note that if you leave the sourceIp element at its default value (<opt>), then no source
IP address(es) is/are specified.
• destIp. Use this element to specify the destination IP address(es) for which you want
to create an inbound self policy.
Note that if you leave the destIp element at its default value (<opt>), then no source IP
address(es) is/are specified.
• application. Use this element to specify the application for which you want to create an
inbound self policy.
Note that if you leave the application element at its default value (<opt>), then no appli-
cation is specified.
• action. Use this element to specify whether packets that fall within the specification of
the policy are passed on (allow) or dropped (deny).
• log. Use this element to determine whether limited (disabled) or extended (enabled) log-
ging is done for this policy.
• name. Use this element to assign a name (description) to the inbound self policy.
Telindus 1423 SHDSL Router Chapter 10 393
User manual Configuring the additional features

Example - defining an inbound self policy

Reconsider the example shown in Example - adding an interface to an SNet on page 385. Suppose you
want configured the Telindus 1423 SHDSL Router to be a DHCP server for the computers on the corpo-
rate network. So it has to be able to accept DHCP requests from these computers on the corporate net-
work.

In that case you have to define an inbound self policy from corporate network to the device itself allowing
DHCP traffic. Configure this as follows:
394 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.9.8 Configuring the firewall - rules of thumb

The following table lists some rules of thumb when configuring the firewall:

Rule Description

1 Only traffic that is transmitted or received on an interface that is assigned to an SNet is

inspected by the firewall.

2 If interfaces are assigned to SNets and if the firewall is activated but no policies are
defined yet, then all traffic on the SNet interfaces is denied (i.e. dropped), except multi-
casts and broadcasts.

3 When activating the firewall, carefully consider which applications/processes have to be

able to access the protocol stack of the Telindus 1423 SHDSL Router, so that you can
include them in the in- and/or outbound self policies. Else they are denied access to the
protocol stack.
For example, …
• suppose you want to access the Telindus 1423 SHDSL Router with TMA through the
LAN interface, then it has to be able to accept the TMA session. Therefore, you have
to create an inbound self policy that allows this.
• suppose that you configured the Telindus 1423 SHDSL Router to be a DHCP server,
then it has to be able to accept DHCP requests from clients. Therefore, you have to
create an inbound self policy that allows this.
• suppose that you configured the Telindus 1423 SHDSL Router to be a local DNS
server but it has to forward these DNS requests to an external DNS server, then it has
to be able to accept and receive DNS requests. Therefore, you have to create an
inbound self policy allowing to receive local DNS requests and an outbound self policy
allowing to send DNS requests to an external DNS server.

4 Traffic that is received on an SNet interface, has to be routed to another SNet interface.
Else it is dropped.

5 The most specific policy has to be listed first (i.e. the policy that specifies the narrowest
“range”).
For example, suppose that all computers but one are allowed to surf on the Internet, then
put the deny rule first and the allow rule second:
1. Deny surfing for computer X.
2. Allow surfing for all other computers.

6 You do not have to set up policies to allow the reverse session (i.e. the return path) of a
session that was initiated. These reverse sessions are set up and allowed automatically.
For example, if you define an outbound policy from the corporate network to the Internet
to allow web browsing (HTTP) and if a HTTP session from the corporate network to the
Internet is set up, then a reverse session from the Internet to the corporate network is set
up and allowed automatically. These reverse sessions can be seen in the status attribute
telindus1423Router/ip/router/firewall/reverseSessions on page 806.
Telindus 1423 SHDSL Router Chapter 10 395
User manual Configuring the additional features

10.9.9 Allowing access to the protocol stack when the firewall is active

As explained in 10.9.8 - Configuring the firewall - rules of thumb on page 394, when activating the fire-
wall, carefully consider which applications/processes have to be able to access the protocol stack of the
Telindus 1423 SHDSL Router, so that you can include them in the in- and/or outbound self policies. Else
they are denied access to the protocol stack.
This section gives a non-exhaustive list of applications/processes that need access to the protocol stack
of the Telindus 1423 SHDSL Router to function properly.

Maintenance applications

All the maintenance applications with which you want to manage the Telindus 1423 SHDSL Router have
to be able to access the protocol stack:

Application Self policies to be defined

TMA inbound self:

• protocol: UDP
• port: 1728 (telindus)

Telnet inbound self:

• protocol: TCP
• port: 23 (telnet)

FTP inbound self:

• protocol: TCP
• port: 21 (ftp)

TFTP inbound self:

• protocol: UDP
• port: 69 (tftp)

Web Interface inbound self:

(web browser) • protocol: TCP
• port: 80 (www-http)

SNMP inbound self:

• protocol: TCP
• port: 161 (snmp)

Ping to device inbound self:

• protocol: ICMP

Ping from device outbound self:

• protocol: ICMP

etc.
396 Telindus 1423 SHDSL Router
User manual
L2TP tunnel (IPSEC secured)
Suppose a tunnel has to be set up over the SNet “internet”. The SNet of the tunnel can be “corp” or
“dmz”.
L2TP tunnel type
L2TP without IPSEC
L2TP with IPSEC (manual SA
ESP)
L2TP with IPSEC (IKE SA ESP)
L2TP with IPSEC (IKE SA NAT)
Configuring the additional features
Self policies to be defined for
the outgoing tunnel
• outbound self:
- protocol: UDP
- port: 1701 (l2tp)
- SNet: internet
• outbound self:
- protocol: ESP
- SNet: internet
• outbound self:
- protocol: UDP
- port: 500 (isakmp)
- SNet: internet
• outbound self:
- protocol: ESP
- SNet: internet
• inbound self:
- protocol: UDP
- port: 500 (isakmp)
- SNet: internet
• inbound self:
- protocol: ESP
- SNet: internet
• outbound self:
- protocol: UDP
- port: 500 (isakmp)
- SNet: internet
• outbound self:
- protocol: UDP
- port: 4500 (ipsec-nat-t)
- SNet: internet
• inbound self:
- protocol: UDP
- port: 4500 (ipsec-nat-t)
- SNet: internet
Chapter 10
Self policies to be defined for
the incoming tunnel
• inbound self:
- protocol: UDP
- port: 1701 (l2tp)
- SNet: internet
• inbound self:
- protocol: ESP
- SNet: internet
• inbound self:
- protocol: UDP
- port: 500 (isakmp)
- SNet: internet
• inbound self:
- protocol: ESP
- SNet: internet
• outbound self:
- protocol: UDP
- port: 500 (isakmp)
- SNet: internet
• outbound self:
- protocol: ESP
- SNet: internet
• inbound self:
- protocol: UDP
- port: 500 (isakmp)
- SNet: internet
• inbound self:
- protocol: UDP
- port: 4500 (ipsec-nat-t)
- SNet: internet
• outbound self:
- protocol: UDP
- port: 4500 (ipsec-nat-t)
- SNet: internet
Telindus 1423 SHDSL Router Chapter 10 397
User manual Configuring the additional features

Miscellaneous protocols

If the Telindus 1423 SHDSL Router is configured to be a server and/or client for protocols such as
DHCP, DNS, NTP, etc., then in- and/or outbound self policies have to be defined for these protocols:

Application Self policies to be defined

DHCP server inbound self:

• protocol: UDP
• port: 67 (bootp-dhcp-s)

DHCP client outbound self:

• protocol: UDP
• port: 68 (bootp-dhcp-c)

DNS server inbound self:

• protocol: UDP
• port: 53 (domain)

DNS client outbound self:

• protocol: UDP
• port: 53 (domain)

NTP client outbound self:

• protocol: UDP
• port: 123 (ntp)

etc.
398 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features

10.9.10 Determining which policies have to be defined

As can be learned from 10.9.8 - Configuring the firewall - rules of thumb on page 394 and 10.9.9 - Allow-
ing access to the protocol stack when the firewall is active on page 395, determining which policies you
need is not always easy. For some application/processes it may be trivial which in- and/or outbound pol-
icies have to be defined (e.g. web access to the Internet). For others it may be somewhat more compli-
cated because there are several (hidden) processes that need to access, for instance, the protocol stack
of the Telindus 1423 SHDSL Router (e.g. setting up an IPSEC secured L2TP tunnel).
The procedure below tries to help you how you can determine for which application/processes you have
to define inbound/outbound SNet/self policies.

Step Action

1 Activate the firewall as described in 10.9.2 - Activating the firewall on page 383.

2 Add the interfaces to SNets as described in 10.9.3 - Adding an interface to a secure net-
work (SNet) on page 384.

3 Now, in the Telindus 1423 SHDSL Router containment tree, go to the firewall object, select
the log attribute, go in the …
• general structure and set the unavailablePolicies element to enabled (you can leave the
other elements at their default value).
• thresholds structure and set the general element (temporarily1) to 1 (you can leave the
other elements at their default value).

4 Now, in the Telindus 1423 SHDSL Router containment tree, go to the Status group, go
to the firewall object and select the log attribute.
Telindus 1423 SHDSL Router Chapter 10 399
User manual Configuring the additional features

Step Action

5 Carefully observe the logs that appear in this table. If you see entries appear with the
string “access policy not found, dropping packet”, then this means that an application/
process tries to pass the firewall but is not allowed because no matching policy is defined
for it.
Once you figured out which application/process it is (look at the protocol and sourcePort/dest-
Port elements), you can determine whether you want to allow it and define a policy for it.

1. After you’re done inspecting the log table in order to determine which policies you have to
define, it is best to reset the general element in the thresholds structure to its default value (20).
This to keep the log table surveyable.

Example - determining which policies have to be defined

Suppose that after following the procedure as described above, you see the following entries appear in
the log status attribute:

The “access policy not found, dropping packet” entries show you that you tried to access the Telindus
1423 SHDSL Router with TMA, but that no inbound self policy was defined for it. So define an inbound
self policy allowing TMA to access the protocol stack of the Telindus 1423 SHDSL Router and try again.
Refer to Maintenance applications on page 395.
400 Telindus 1423 SHDSL Router Chapter 10
User manual Configuring the additional features
Telindus 1423 SHDSL Router Chapter 11 401
User manual Configuration examples

11 Configuration examples
This chapter shows some basic configuration examples for the Telindus 1423 SHDSL Router. This
allows you to get acquainted with the way the Telindus 1423 SHDSL Router has to be configured. The
first example is a step-by-step example. For the other examples, the CLI code is given.
The following gives an overview of this chapter:
• 11.1 - Step-by-step example: LAN extension over ATM with ISDN back-up on page 402
• 11.2 - LAN extension over a PDH/SDH network on page 422
• 11.3 - LAN extension over a Frame Relay network on page 424
• 11.4 - Connecting a LAN to the Internet using NAT and PAT on page 426
• 11.5 - Using PAT with a minimum of official IP addresses on page 428
• 11.6 - Combining bridging and routing in a network on page 431
402 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

11.1 Step-by-step example: LAN extension over ATM with ISDN

back-up

In this example, a remote office is connected to a central office over an ATM network. For back-up pur-
poses a connection can be established over the ISDN network should the connection over the ATM net-
work go down.

If you want to configure Telindus 1423 SHDSL Router A as depicted in the set-up above, then proceed
as follows:

Step 1: Connect the Telindus 1423 SHDSL Router

First connect the different connectors of the Telindus 1423 SHDSL Router A. Refer to 2.6 - Connecting
the Telindus 1423 SHDSL Router on page 18.

Step 2: Connect with TMA

Once the Telindus 1423 SHDSL Router A is connected, you are ready to start with the configuration of
the Telindus 1423 SHDSL Router A. Therefore, connect your PC which is running TMA to the control
connector of the Telindus 1423 SHDSL Router A. Then open a TMA session on the Telindus 1423
SHDSL Router A. Refer to 4.1.3 - Connecting with TMA through the control connector on page 38.
⇒The containment tree of the Telindus 1423 SHDSL Router A is shown in TMA.
Telindus 1423 SHDSL Router Chapter 11 403
User manual Configuration examples

Step 3: Configure an IP address on the LAN interface

Usually, the first thing that you configure is an IP address on the LAN interface:

Step Action

1 Select the lanInterface object.

2 Select the ip structure.

3 Set the address element to 192.168.47.254.

4 Set the netMask element to 255.255.255.0.

5 Click on the Send all attributes to the device button . This activates the new config-
uration on the Telindus 1423 SHDSL Router.

Note that at this point the LAN interface is still not reachable via its IP address. This because the LAN
interface mode is still bridging (this is the default value). As long as it is bridging, you can only reach the
LAN interface via its IP address if you configure an IP address in the bridge/bridgeGroup object.
404 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

Step 4: Setting the mode on the LAN interface

In our example we do not want to bridge, but we want to route the data on the LAN interface. Therefore
set the mode of the LAN interface to routing:

Step Action

1 Select the lanInterface object.

2 Set the mode attribute to routing.

3 You can leave all other attributes in the lanInterface object to their default value.

4 Click on the Send all attributes to the device button . This activates the new config-
uration on the Telindus 1423 SHDSL Router.

Now the LAN interface is reachable via its IP address. So if you would like to connect with TMA to the
Telindus 1423 SHDSL Router through its LAN interface, then proceed as explained in 4.1.4 - Connecting
with TMA over an IP network on page 40.
Telindus 1423 SHDSL Router Chapter 11 405
User manual Configuration examples

Step 5: Setting the encapsulation on the xDSL interface

Now start to configure the xDSL interface. First select the encapsulation protocol:

Step Action

1 Select the wanInterface object.

2 Set the encapsulation attribute to atm.

3 You can leave all other attributes in the wanInterface object to their default value.
406 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

Step 6: Configuring the SHDSL line

Now configure the SHDSL line:

• When using two Telindus 1423 SHDSL Routers in a point-to-point set-up, it should suffice to set the
line/channel attribute of Telindus 1423 SHDSL Router A to central and of Telindus 1423 SHDSL Router
B to remote.

• When using a Telindus 1423 SHDSL Router at one side and a 3rd party SHDSL router on the other
side, then make sure to check the following configuration attributes:
- channel and timingMode. Since these attributes influence the clocking mode of the Telindus 1423
SHDSL Router, it is important to find out in which clocking mode the 3rd party SHDSL router can
be set. One router should be set to internal clocking while the other should be set to slave receive
clocking.
- region. Select the correct region. If the auto value does not suffice, try setting this attribute to a spe-
cific value that corresponds with the region value of the 3rd party SHDSL router (Annex A or
Annex B).
- minSpeed(2P) and maxSpeed(2P). Normally, the default range should suffice since the Telindus 1423
SHDSL Router will try to select a speed within this range that allows good operation. If the default
range does not suffice, try setting a fixed speed (by setting the min and max speed attributes to
the same value) that corresponds with the speed setting of the 3rd party SHDSL router.
- dualPairMode. When using a Telindus 1423 SHDSL Router 2P in combination with a 3rd party
SHDSL router, it is best to set the dualPairMode attribute to standard.

For more information on the SHDSL line configuration attributes, refer to 12.6 - SHDSL line configuration
attributes on page 497.
Telindus 1423 SHDSL Router Chapter 11 407
User manual Configuration examples

Step 7: Creating an ATM PVC

Since ATM is the encapsulation protocol on the WAN interface, you also have to create and configure
an ATM PVC in the ATM PVC table.
Start with adding an entry to the pvcTable:

Step Action

1 Select the wanInterface/atm object.

2 Select the pvcTable attribute.

3 Add a line to the table using the Insert row before/after button .

4 Type a name for the PVC in the name element, e.g. myPvc. This is the name you have to
use in the routing table if you want to refer to this “interface”.

5 The mode element is set to routing by default, so this is OK.

408 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

Step 8: Configure an IP address on the ATM PVC

Now configure the IP parameters of the ATM PVC you created in the previous step:

Step Action

1 In the pvcTable, double-click on the ip structure.

2 Set the address element to 192.168.100.1. This is the IP address of the local side of the
PVC that will be set up on the WAN interface.

3 Set the netMask element to 255.255.255.252. This is the subnet mask of the PVC.

4 Set the remote element to 192.168.100.2. This is the IP address of the remote side of the
PVC that will be set up on the WAN interface.

5 You can leave all other attributes in the ip structure to their default value.

6 To exit the ip structure, click on the One level up button .

Telindus 1423 SHDSL Router Chapter 11 409
User manual Configuration examples

Step 9: Configure a VCI on the ATM PVC

Finally configure a VCI number on the ATM PVC:

Step Action

1 In the pvcTable, double-click on the atm structure.

2 Set the vci element to 101. This is the Virtual Channel Identifier.

3 You can leave all other attributes in the atm structure to their default value.

4 To exit the atm structure, click on the One level up button .

410 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

Step 10: Configuring a dial profile

Now you can start to configure the Basic Rate ISDN interfaces. This is done using dial, encapsulation
and forwarding profiles. You can configure the default profiles and then use these in a dial map, or you
can create and configure custom dial maps and then use these in a dial map. For our example, we will
use the default profiles.
So first configure the default dial profile:

Step Action

1 Select the profiles/dial/defaultIsdn object.

2 Select the isdnInterfaces table.

3 Add a line to the table using the Insert row before/after button .

4 Set the interface element to bri[1]. This because in our example we only want to use ISDN
connector 1 to connect to the ISDN network.

5 You can leave all other attributes in the defaultIsdn object to their default value.
Telindus 1423 SHDSL Router Chapter 11 411
User manual Configuration examples

Step 11: Configuring an encapsulation profile

Now configure the default encapsulation profile:

Step Action

1 Select the profiles/encapsulation/defaultPpp object.

2 The connection attribute is set to multiLink by default, so this is OK. This allows you to use
multiple channels for the PPP link (multi-link PPP or MLPPP).

3 Select the multiLink structure.

4 Set the initialChannels element to 2. This specifies that you want to use 2 B-channels.
Because in our example we only connected one BRI interface (being ISDN 1), two is the
maximum number of B-channels that you can use.

5 You can leave all other attributes in the defaultPpp object to their default value.
412 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

Step 12: Creating an IP list pool

Because the forwarding profile that you have to configure in the following step makes use of IP pools to
assign IP addresses to an interface, you first have to create an IP pool. For the set-up in our example,
we will create an IP list pool:

Step Action

1 Select the router object.

2 Select the addrPools table.

3 Add a line to the addrPools table using the Insert row before/after button .

4 Type a name for the IP pool in the name element, e.g. myPool.

5 Make sure the first part of the pool element is set to list (this should be OK, since list is the
default value).

6 Expand the pool element by clicking on the triangle.

7 Double-click on the <Table> string in the pool/list column.

8 Add a line to the pool/list table using the Insert row before/after button .

9 Set the address element to 192.168.100.1. This is the IP address of the local side of the
PPP link that will be set up on the BRI interface.

10 Set the remote element to 192.168.100.2. This is the IP address of the remote side of the
PPP link that will be set up on the BRI interface.

11 Set the netMask element to 255.255.255.252. This is the subnet mask of the PPP link.

12 To exit the pool/list table, click on the One level up button .

Telindus 1423 SHDSL Router Chapter 11 413
User manual Configuration examples

Step 13: Configuring a forwarding profile

The last profile that you have to configure is the forwarding profile:

Step Action

1 Select the profiles/forwardingMode/defaultRouting object.

2 Select the ip structure.

3 Make sure the first part of the addrPool element is set to list (this should be OK, since list is
the default value).

4 As second part of the addrPool element type the name of the IP pool list you created in the
previous step (in our example this was myPool).

5 You can leave all other attributes in the defaultRouting object to their default value.
414 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

Step 14: Creating a dial map

Now you have to “link” the dial, encapsulation and forwarding profiles together in order to make up an
actual ISDN connection. What is more, you have to specify the telephone number to dial out. For this
purpose you have to create a dial map:

Step Action

1 Select the dialMaps object.

2 Select the mapping table.

3 Add a line to the mapping table using the Insert row before/after button .

4 Type a name for the dial map in the name element, e.g. myMap. This is the name you have
to use in the routing table if you want to refer to this “interface”.

5 Double-click on the localTelNrs table. Then …

1. Add a line to the localTelNrs table using the Insert row before/after button .
2. Set the telNr element to 012345678.
3. Set the uniqueDigits element to 6.
4. To exit the localTelNrs table, click on the One level up button .

6 Double-click on the remoteTelNrs table. Then …

1. Add a line to the remoteTelNrs table using the Insert row before/after button .
2. Set the telNr element to 012987654. This is the telephone number that is used to dial
out.
3. Set the uniqueDigits element to 6. In this case only the numbers 987654 are used for
verification purposes. The numbers 012 are ignored. This because it is possible that
the 012 prefix is dropped by the ISDN exchange.
4. To exit the remoteTelNrs table, click on the One level up button .

7 You can leave the dial, encapsulation and forwardingMode elements at their default values,
because by default they refer to the default profiles. These are the profiles you configured
in step 10, 11 and 13.

8 You can leave all other attributes in the mapping table to their default value.
Telindus 1423 SHDSL Router Chapter 11 415
User manual Configuration examples
416 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

Step 15: Creating two routes to the remote network

The last thing that you have to do is to create two routes towards the remote network:
• one route through the WAN interface over the ATM network. This should be the main route.
• one route through the BRI interface over the ISDN network. This should be the backup route.

You can do this by creating two routes in the routing table and by making the route through the WAN
interface preferable over the route through the BRI interface. So under normal circumstances, traffic des-
tined for the remote network will be transported over the ATM network (preferred route). However,
should this link go down, then the traffic is rerouted over the ISDN network (back-up route).
Configure this as follows:

Step Action

1 Select the router object.

2 Select the routingTable attribute.

3 Add two lines to the routingTable using the Insert row before/after button .

4 The first line we will make the route through the WAN interface. So for this line, configure
the following:
1. Set the network element to 192.168.48.0. This is the IP address of the network you
want to reach.
2. Set the mask element to 255.255.255.0. This is the subnet mask of the network you
want to reach.
3. Set the gateway element to 192.168.100.2. This is the IP address of the next router its
interface towards the network you want to reach.
4. Set the interface element to myPvc. This is the PVC you created in step 7. This is the
PVC that connects the local network with the remote network.
5. Leave the preference element to 10 (this is the default value). By leaving the preference
of this route lower than the preference of the route through the BRI interface, you
make this route the preferred route.
6. You can leave the metric element at its default value.

5 The second line we will make the route through the BRI interface. So for this line, config-
ure the following:
1. Set the network element to 192.168.48.0. This is the IP address of the network you
want to reach.
2. Set the mask element to 255.255.255.0. This is the subnet mask of the network you
want to reach.
3. Set the gateway element to 192.168.100.2. This is the IP address of the next router its
interface towards the network you want to reach.
4. Set the interface element to myMap. This is the dial map you created in step 14. This is
the ISDN connection that connects the local network with the remote network.
5. Set the preference element to 100. By setting the preference of this route higher than
the preference of the route through the WAN interface, you make this route the back-
up route.
6. You can leave the metric element at its default value.
Telindus 1423 SHDSL Router Chapter 11 417
User manual Configuration examples
418 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

Step 16: Activate the configuration

When you finished configuring the Telindus 1423 SHDSL Router, you have to activate the configuration.
Do this by clicking on the Send all attributes to the device button .
The following gives an overview of the configuration, in CLI format, of the Telindus 1423 SHDSL Router
A as depicted in our example set-up (11.1 - Step-by-step example: LAN extension over ATM with ISDN
back-up on page 402).
action "Load Default Configuration"
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
netMask = 255.255.255.0
}
mode = "routing"
}
}
}
SET
{
SELECT wanInterface
{
LIST
{
encapsulation = "atm"
}
}
}
SET
{
SELECT wanInterface
{
SELECT atm
{
LIST
{
pvcTable =
{
[d]
[a] =
{
name = "myPvc"
mode = "routing"
ip =
{
address = 192.168.100.1
netMask = 255.255.255.252
remote = 192.168.100.2
}
atm =
{
vpi = 0
vci = 101
}
}
}
}
}
}
}
Telindus 1423 SHDSL Router Chapter 11 419
User manual Configuration examples

SET
{
SELECT profiles
{
SELECT dial
{
SELECT defaultIsdn
{
LIST
{
isdnInterfaces =
{
[d]
[a] =
{
interface = "bri[1]"
}
}
}
}
}
}
}
SET
{
SELECT profiles
{
SELECT encapsulation
{
SELECT defaultPpp
{
LIST
{
connection = "multiLink"
multilink =
{
initialChannels = 2
}
}
}
}
}
}
SET
{
SELECT profiles
{
SELECT forwardingMode
{
SELECT defaultRouting
{
LIST
{
ip =
{
addrPool =
{
list = "myPool"
}
}
}
}
}
}
}
420 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

SET
{
SELECT dialMaps
{
LIST
{
mapping =
{
[d]
[a] =
{
name = "myMap"
localTelNrs =
{
[d]
[a] =
{
telNr = "012345678"
uniqueDigits = 6
}
}
remoteTelNrs =
{
[d]
[a] =
{
telNr = "012987654"
uniqueDigits = 6
}
}
callDirection = "incalls+outcalls"
dial =
{
isdn = "default"
}
encapsulation =
{
ppp = "default"
}
forwardingMode =
{
routing = "default"
}
}
}
}
}
}
Telindus 1423 SHDSL Router Chapter 11 421
User manual Configuration examples

SET
{
SELECT router
{
LIST
{
routingTable =
{
[d]
[a] =
{
network = 192.168.48.0
mask = 255.255.255.0
gateway = 192.168.100.2
interface = "myPvc"
preference = 10
metric = 2
}
[a] =
{
network = 192.168.48.0
mask = 255.255.255.0
gateway = 192.168.100.2
interface = "myMap"
preference = 100
metric = 2
}
}
addrPools =
{
[d]
[a] =
{
name = "myPool"
pool =
{
list =
{
[d]
[a] =
{
local = 192.168.100.1
remote = 192.168.100.2
netMask = 255.255.255.252
}
}
}
}
}
}
}
}
action "Activate Configuration"
422 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

11.2 LAN extension over a PDH/SDH network

In this example, a remote office is connected to a central office over a PDH or SDH network.
A modem link connects the remote office to the PDH or SDH network. At the local office a Telindus 1423
SHDSL Router is installed. The central router is a third party router. The WAN encapsulation is PPP with
active link monitoring.

The configuration of the Telindus 1423 SHDSL Router in CLI format is as follows:
action "Load Default Configuration"
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
}
mode = routing
}
}
SELECT wanInterface
{
LIST
{
encapsulation = ppp
}
SELECT ppp
{
LIST
{
ip =
{
address = 192.168.100.1
netMask = 255.255.255.252
}
mode = routing
linkMonitoring =
{
operation = enabled
}
}
}
}
SELECT router
{
LIST
{
routingTable =
{
[a] =
Telindus 1423 SHDSL Router Chapter 11 423
User manual Configuration examples

{
network = 192.168.48.0
gateway = 192.168.100.2
}
}
}
}
}
action "Activate Configuration"
424 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

11.3 LAN extension over a Frame Relay network

In this example, a remote office is connected to a central office over a Frame Relay network.
A modem link connects the remote office to the Frame Relay network. At the local office a Telindus 1423
SHDSL Router is installed. The central router is a third party router.The Frame Relay network uses LMI
according to the ANSI standard. No Inverse ARP is supported by the network.

DLCI19

The configuration of the Telindus 1423 SHDSL Router in CLI format is as follows:
action "Load Default Configuration"
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
}
mode = routing
}
}
SELECT wanInterface
{
LIST
{
encapsulation = frameRelay
}
SELECT frameRelay
{
LIST
{
dlciTable =
{
[a] =
{
name = dlci1
ip =
{
address = 192.168.100.1
netMask = 255.255.255.252
remote = 192.168.100.2
}
frameRelay =
{
dlci = 19
}
}
}
lmi =
{
type = ansiT1-617-d
Telindus 1423 SHDSL Router Chapter 11 425
User manual Configuration examples

}
}
}
}
SELECT router
{
LIST
{
routingTable =
{
[a] =
{
network = 192.168.48.0
gateway = 192.168.100.2
}
}
}
}
}
action "Activate Configuration"
426 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

11.4 Connecting a LAN to the Internet using NAT and PAT

This is an example of a local network that only uses private addresses.

Your site is connected to an Internet Service Provider. At your site a Telindus 1423 SHDSL Router is
installed. You only received 2 official IP addresses from the ISP, one for all outgoing traffic using PAT
(195.7.12.22) and one for accessing the local web server using NAT (195.7.12.21) with a dedicated pri-
vate address.

The configuration of the Telindus 1423 SHDSL Router in CLI format is as follows:
action "Load Default Configuration"
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
}
mode = routing
}
}
SELECT wanInterface
{
SELECT atm
{
LIST
{
pvcTable =
{
[a] =
{
ip =
{
address = 195.7.12.22
nat = default
}
mode = routing
}
}
}
}
}
SELECT router
{
LIST
{
defaultRoute =
Telindus 1423 SHDSL Router Chapter 11 427
User manual Configuration examples

{
gateway = 195.7.12.254
}
}
SELECT defaultNat
{
LIST
{
patAddress = 195.7.12.22
addresses =
{
[a] =
{
officialAddress = 195.7.12.21
privateAddress = 192.168.47.250
}
}
}
}
}
}
action "Activate Configuration"
428 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

11.5 Using PAT with a minimum of official IP addresses

This is another example of a local network that only uses private addresses.
Your site is connected to an Internet Service Provider. At your site a Telindus 1423 SHDSL Router is
installed. You only received 1 official IP address from the ISP. To reduce the number of official IP
addresses, the ISP also uses private IP addresses on the link. The central router its routing table has a
host route to its PAT address per customer.

The configuration of the Telindus 1423 SHDSL Router in CLI format is as follows:
action "Load Default Configuration"
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
}
mode = routing
}
}
SELECT wanInterface
{
LIST
{
encapsulation = ppp
}
SELECT ppp
{
LIST
{
ip =
{
address = 192.168.100.1
nat = default
}
mode = routing
}
}
}
SELECT router
{
LIST
{
defaultRoute =
{
gateway = 192.168.100.254
}
Telindus 1423 SHDSL Router Chapter 11 429
User manual Configuration examples

}
SELECT defaultNat
{
LIST
{
patAddress = 195.7.12.22
servicesAvailable =
{
[a] =
{
protocol = tcp
startPort = 80
serverAddress = 192.168.47.250
}
}
}
}
}
}
action "Activate Configuration"
The configuration of the Telindus 1423 SHDSL Router in CLI format is as follows:
action "Load Default Configuration"
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
}
mode = routing
}
}
SELECT wanInterface
{
SELECT atm
{
LIST
{
pvcTable =
{
[a] =
{
ip =
{
address = 192.168.100.1
nat = default
}
mode = routing
}
}
}
}
}
SELECT router
{
LIST
{
defaultRoute =
{
gateway = 192.168.100.254
}
}
SELECT defaultNat
{
LIST
{
patAddress = 195.7.12.22
servicesAvailable =
{
[a] =
{
startPort = 80
serverAddress = 192.168.47.250
}
430 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples

}
}
}
}
}
action "Activate Configuration"
Telindus 1423 SHDSL Router Chapter 11 431
User manual Configuration examples

11.6 Combining bridging and routing in a network

The following example shows a combination of bridging and routing in a network:

432 Telindus 1423 SHDSL Router Chapter 11
User manual Configuration examples
 Telindus 1423 SHDSL Router 433
Reference manual

Reference manual
434 Telindus 1423 SHDSL Router
Reference manual
Telindus 1423 SHDSL Router Chapter 12 435
User manual Configuration attributes

12 Configuration attributes
This chapter discusses the configuration attributes of the Telindus 1423 SHDSL Router. The following
gives an overview of this chapter:
• 12.1 - Configuration attribute overview on page 436
• 12.2 - General configuration attributes on page 445
• 12.3 - LAN interface configuration attributes on page 451
• 12.4 - WAN interface configuration attributes on page 466
• 12.5 - Encapsulation configuration attributes on page 468
• 12.6 - SHDSL line configuration attributes on page 497
• 12.7 - End and repeater configuration attributes on page 508
• 12.8 - BRI configuration attributes on page 510
• 12.9 - Profiles configuration attributes on page 519
• 12.10 - Dial maps configuration attributes on page 547
• 12.11 - Bundle configuration attributes on page 552
• 12.12 - Router configuration attributes on page 557
• 12.13 - Bridge configuration attributes on page 652
• 12.14 - SNMP configuration attributes on page 665
• 12.15 - Management configuration attributes on page 667
436 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.1 Configuration attribute overview

Refer to 4.3 - The objects in the Telindus 1423 SHDSL Router containment tree on page 46 to find out
which objects are present by default, which ones you can add yourself and which ones are added auto-
matically.

> telindus1423Router
sysName
sysContact
sysLocation
bootFromFlash
security
alarmMask
alarmLevel
Action: Activate Configuration
Action: Load Default Configuration
Action: Load Preconfiguration
Action: Load Saved Configuration
Action: Cold Boot

>> lanInterface
name
mode
ip
bridging
priorityPolicy
arp
adapter1
vlan
switchMode2
ports2
bcastStormProtection2
alarmMask
alarmLevel

>> wanInterface
name
encapsulation
priorityPolicy
maxFifoQLen
alarmMask
alarmLevel

>>> atm
pvcTable
vp
atm

1. Only present on the single port LAN interface.

2. Only present on the 4 port LAN interface.
Telindus 1423 SHDSL Router Chapter 12 437
User manual Configuration attributes

>>> frameRelay
ip
dlciTable
lmi
modeLearnedDlci
delayOptimisation
fragmentation
mru

>>> ppp
ip
mode
bridging
delayOptimisation
mru
compression
linkMonitoring
authentication
authenPeriod
sessionName
sessionSecret

>>> hdlc
bridging
mru

>>> errorTest
testType
blockSize
programmablePattern
438 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

>>> line
channel
region
timingMode
retrain
startupMargin
minSpeed
maxSpeed
minSpeed2P3
maxSpeed2P3
mode3
dualPairMode
linkAlarmThresholds
numExpectedRepeaters
eocHandling
management
alarmMask
alarmLevel

>>>> linePair[ ]
alarmMask
alarmLevel

>>> repeater[ ]

>>>> networkLinePair[ ]
alarmMask
alarmLevel

>>>> customerLinePair[ ]
alarmMask
alarmLevel

>>> end

>>>> linePair[ ]
alarmMask
alarmLevel

>> bri[1]4
tei
teiValue
telephoneNrs
dialAllowed
alarmMask
alarmLevel

3. Only present in case of a 2 pair version.

4. Only present on the Telindus 1423 SHDSL Router ISDN version.
Telindus 1423 SHDSL Router Chapter 12 439
User manual Configuration attributes

>>> bChannel[1]
alarmMask
alarmLevel

>>> bChannel[2]
<Contains the same attributes as the bChannel[1] object.>

>>> leasedLine[ ]
encapsulation
priorityPolicy
maxFifoQLen
channelAllocation
alarmMask
alarmLevel

>>>> frameRelay
ip
mode
dlciTable
lmi
modeLearnedDlci
delayOptimisation
fragmentation
mru

>>>> ppp
ip
mode
bridging
delayOptimisation
mru
compression
linkMonitoring
authentication
authenPeriod
sessionName
sessionSecret

>>>> hdlc
bridging
mru

>>>> errorTest
testType
blockSize
programmablePattern

>> bri[2]5
<Contains the same attributes as the bri[1] object.>
440 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

>> profiles4

>>> dial

>>>> defaultIsdn
isdnInterfaces
dialPktBufSize
idleTimeOut
fastIdleTimeOut
callInterval
callTimeOut
24hMaxCallTime
dialTimeTable
maxChannelsUsed
minChannelsFree

>>>> isdn[ ]
<Contains the same attributes as the dial/defaultIsdn object.>

>>> encapsulation

>>>> defaultPpp
linkMonitoring
authentication
authenPeriod
compression
connection
multilink

>>>> ppp[ ]
<Contains the same attributes as the encapsulation/ppp object.>

>>> forwardingMode

>>>> defaultRouting
ip
priorityPolicy
maxFifoQLen

>>>> routing[ ]
<Contains the same attributes as the forwardingMode/defaultRouting object.>

5. Only present on the Telindus 1423 SHDSL Router 2 port ISDN version.
Telindus 1423 SHDSL Router Chapter 12 441
User manual Configuration attributes

>>> policy

>>>> traffic

>>>>> ipTrafficPolicy[ ]
method
trafficShaping
tos2QueueMapping
dropLevels

>>>>> bridgingTrafficPolicy[ ]
vlanPriorityMap
dropLevels

>>>> priority

>>>>> priorityPolicy[ ]
algorithm
countingPolicy
queueConfigurations
lowdelayQuotum
bandwidth

>> dialMaps4
mapping

>> bundle

>>> pppBundle[ ]
members
mode
ip
bridging
fragmentation
multiclassInterfaces
alarmMask
alarmLevel
442 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

>> router
defaultRoute
routingTable
routingProtocol
alternativeRoutes
ripUpdateInterval
ripHoldDownTime
ripv2SecretTable
sysSecret
pppSecretTable
helperProtocols
sendTtlExceeded
sendPortUnreachable
sendAdminUnreachable
dhcpStatic
dhcpDynamic
dhcpCheckAddress
radius
dns
addrPools4
alarmMask
alarmLevel

>>> defaultNat
patAddress
portTranslations
servicesAvailable
addresses
gateway
tcpSocketTimeOut
udpSocketTimeOut
tcpSockets
udpSockets
dmzHost

>>> nat[ ]
<Contains the same objects as the defaultNat object.>

>>> tunnels
l2tpTunnels
ipsecL2tpTunnels

>>> manualSA[ ]
espEncryptionAlgorithm
espEncryptionKey
espAuthenticationAlgorithm
espAuthenticationKey
spi
Telindus 1423 SHDSL Router Chapter 12 443
User manual Configuration attributes

>>> ikeSA[ ]
phase1
phase2

>>> routingFilter[ ]
filter

>>> ospf
routerId
refBandwidth
keyChains

>>>> area
areaId
stub
networks
virtualLinks
ranges

>>> firewall
inspection
outboundPolicies
inboundPolicies
outboundSelfPolicies
inboundSelfPolicies
attacks
log

>> bridge

>>> bridgeGroup
name
ip
arp
bridgeCache
bridgeTimeOut
spanningTree
localAccess
macAddress
vlan
vlanSwitching
444 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

>>> vpnBridgeGroup[ ]
ip
arp
bridgeCache
bridgeTimeOut
spanningTree
localAccess
macAddress
vlan
vlanSwitching

>>> accessList[ ]
macAddress

>> snmp
trapDestinations
mib2Traps

>> management
cms2Address
accessList
snmp
telnet
tftp
ftp
accessPolicy
consoleNoTrafficTimeOut
alarmFilter
atwinGraphics
timedStatsAvailability
timeServer
timeZone
sysLog
loginControl
ctrlPortProtocol

>>> loopback
ipAddress
ipNetMask
Telindus 1423 SHDSL Router Chapter 12 445
User manual Configuration attributes

12.2 General configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/sysName on page 446
• telindus1423Router/sysContact on page 446
• telindus1423Router/sysLocation on page 446
• telindus1423Router/bootFromFlash on page 446
• telindus1423Router/security on page 447
• telindus1423Router/<alarmConfigurationAttributes> on page 448
This section describes the following actions:
• telindus1423Router/Activate Configuration on page 449
• telindus1423Router/Load Default Configuration on page 449
• telindus1423Router/Load Preconfiguration on page 449
• telindus1423Router/Load Saved Configuration on page 450
• telindus1423Router/Cold Boot on page 450
446 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/sysName Default:<empty>
Range: 0 … 64 characters
Use this attribute to assign a name to the Telindus 1423 SHDSL Router.
The sysName attribute is an SNMP MIB2 parameter.
This attribute is also used in the PPP authentication process. The PPP authenticator uses the sysName
attribute in order to verify the peer its response.
For more information on PPP authentication, refer to …
• 7.4.6 - Configuring PAP on page 166
• 7.4.8 - Configuring CHAP on page 169

telindus1423Router/sysContact Default:<empty>
Range: 0 … 64 characters
Use this attribute to add contact information. You could, for instance, enter
the name and telephone number of the person to contact in case problem occur.
The sysContact attribute is an SNMP MIB2 parameter.

telindus1423Router/sysLocation Default:<empty>
Range: 0 … 64 characters
Use this attribute to specify the physical location of the Telindus 1423
SHDSL Router. The sysLocation attribute is an SNMP MIB2 parameter.

telindus1423Router/bootFromFlash Default:auto
Range: enumerated, see below
Part of the flash memory of the Telindus 1423 SHDSL Router is organised
as a file system. In this file system, you can store two complete application software versions. You can
use the bootFromFlash attribute to switch between these softwares.
When you store two application software versions in the file system, they are automatically renamed as
CONTROL1 and CONTROL2, respectively. You can check this with the status attribute telindus1423Router/
fileSystem/fileList.
The bootFromFlash attribute has the following values:

Value When the Telindus 1423 SHDSL Router boots …

flash1 the application software CONTROL1 is active.

flash2 the application software CONTROL2 is active.

auto the Telindus 1423 SHDSL Router automatically chooses the most recent applica-
tion software. It does this by comparing the application software version numbers.
Telindus 1423 SHDSL Router Chapter 12 447
User manual Configuration attributes

telindus1423Router/security Default:<empty>
Range: table, see below
Use this attribute to create a list of passwords with associated access levels
in order to avoid unauthorised access to the Telindus 1423 SHDSL Router and the network.
The security table contains the following elements:

Element Description

password Use this element to set the password. You can then Default:<empty>
associate this password with a certain access level. Range: 0 … 20 characters
Also see Important remarks on page 448.

accessRights Use this element to set the access level associated Default:1111
with the password. It is a bit string of which each bit Range: bit string, see below
corresponds to an access level. The different access
levels are listed below.

The following table shows, for each access level, what you can or can not do:

Access Read Change Read secu- Change Execute Access file

level attributes attributes rity security actions2 system
attributes1 attributes

readAccess yes no no no no no

writeAccess yes yes no no yes no

securityAccess no no yes yes no no

fileSystem- no no no no no yes
Access

1. The Telindus 1423 SHDSL Router has the following security attributes:
telindus1423Router/sysName
telindus1423Router/security
telindus1423Router/router/sysSecret, pppSecretTable and ripv2SecretTable
telindus1423Router/router/priorityPolicy and trafficPolicy
telindus1423Router/wanInterface/ppp/authentication and authenPeriod
telindus1423Router/management/accessList, snmp, telnet and tftp
2. Actions are e.g. Cold Boot, clearArpCache, clearBridgeCache, etc…
448 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Important remarks

• If you create no passwords, everybody has complete access.

• If you define at least one password, it is impossible to access the Telindus 1423 SHDSL Router with
one of the management systems without entering the correct password.
• If you create a list of passwords, create at least one with write and security access. If not, you will be
unable to make configuration and password changes after activation of the new configuration.
• If you access the Telindus 1423 SHDSL Router via RADIUS, then this requires that the password is
associated with a user. So in that case, enter the username and password in the password element as
follows:
"username:password".
- Note that if the ‘:’ is omitted, then the string is considered to be a password.
- Note that if you do not access the device via RADIUS, but you access it directly with e.g. TMA,
then you have to enter the complete string, i.e. "username:password". Not just the password part
of the string.

telindus1423Router/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the telindus1423Router object, refer to 15.3 - General alarms on page 922.
Telindus 1423 SHDSL Router Chapter 12 449
User manual Configuration attributes

telindus1423Router/Activate Configuration

If you execute this action, then the editable non-active configuration becomes the active configuration.
Refer to 5.6.1 - What are the different configuration types? on page 87 for more information.

When use this action?

If you configure the Telindus 1423 SHDSL Router using …

• any other maintenance tool than the graphical user interface based TMA (e.g. ATWIN, CLI, Web
Interface, EasyConnect terminal, TMA CLI), then execute the Activate Configuration action to activate the
configuration after you finished configuring the Telindus 1423 SHDSL Router or after you executed
the Load Saved Configuration or Load Default Configuration action.
• TMA, then do not just execute the Activate Configuration action to activate the configuration after you fin-
ished configuring the Telindus 1423 SHDSL Router, but use the TMA button Send all attributes to
device instead. You must, however, execute the Activate Configuration action after you executed
the Load Saved Configuration or Load Default Configuration action. The default or saved configuration will only
be activated by the action Activate Configuration.

telindus1423Router/Load Default Configuration

If you execute this action, then the non-active configuration is overwritten by the default configuration.
Refer to 5.6.1 - What are the different configuration types? on page 87 for more information.

When use this action?

If you install the Telindus 1423 SHDSL Router for the first time, all configuration attributes have their
default values. If the Telindus 1423 SHDSL Router has already been configured but you want to start
from scratch, then use this action to revert to the default configuration.

telindus1423Router/Load Preconfiguration

If you execute this action, then the non-active configuration is overwritten by the preconfiguration (if
present, else this action does nothing). Refer to 5.6.1 - What are the different configuration types? on
page 87 for more information.

When use this action?

If you install the Telindus 1423 SHDSL Router for the first time and if a preconfiguration is present (i.e.
a precfg.cms file is present on the file system), then some configuration attributes will be set to a pre-
configured value. The rest of the attributes will be set to their default values. If the Telindus 1423 SHDSL
Router has already been configured but you want to revert to the preconfiguration, then use this action.
450 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/Load Saved Configuration

If you execute this action, then the non-active configuration is overwritten by the active configuration cur-
rently used by the Telindus 1423 SHDSL Router. Refer to 5.6.1 - What are the different configuration
types? on page 87 for more information.

When use this action?

If you are in the progress of modifying the non-active configuration but made some mistakes, then use
this action to revert to the active configuration.

telindus1423Router/Cold Boot

If you execute this action, then the Telindus 1423 SHDSL Router reboots. As a result, the Telindus 1423
SHDSL Router …
• performs a self-test.
• checks the software.
• reads the saved configuration and restarts program execution.

When use this action?

Use this action, for instance, to activate new application software.

Telindus 1423 SHDSL Router Chapter 12 451
User manual Configuration attributes

12.3 LAN interface configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/lanInterface/name on page 452
• telindus1423Router/lanInterface/mode on page 452
• telindus1423Router/lanInterface/ip on page 452
• telindus1423Router/lanInterface/bridging on page 452
• telindus1423Router/lanInterface/priorityPolicy on page 453
• telindus1423Router/lanInterface/arp on page 453
• telindus1423Router/lanInterface/adapter on page 454
• telindus1423Router/lanInterface/vlan on page 455
• telindus1423Router/lanInterface1/switchMode on page 461
• telindus1423Router/lanInterface1/ports on page 461
• telindus1423Router/lanInterface1/bcastStormProtection on page 464
• telindus1423Router/lanInterface/<alarmConfigurationAttributes> on page 465
452 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/lanInterface/name Default:lan
Range: 1 … 24 characters
Use this attribute to assign an administrative name to the LAN interface.

telindus1423Router/lanInterface/mode Default:bridging
Range: enumerated, see below
Use this attribute to determine whether the packets are treated by the rout-
ing process, the bridging process or both.
The mode attribute has the following values:

Value Description

bridging All packets are bridged.

The settings of the IP configuration attributes of the LAN are ignored. If you
want to manage the Telindus 1423 SHDSL Router via IP, you have to con-
figure an IP address in the bridgeGroup object. Refer to telindus1423Router/bridge/
bridgeGroup/ip on page 654.

routing The IP packets are routed. All other protocols are discarded.

routingAndBridging IP packets are routed. Non-IP packets are bridged.

The settings of the IP configuration attributes are taken into account.

telindus1423Router/lanInterface/ip Default:-
Range: structure, see below
Use this attribute to configure the IP related parameters of the LAN inter-
face.
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configuring IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip structure.

Important remark

If you set the configuration attribute telindus1423Router/lanInterface/mode to bridging, then the settings of the
configuration attribute telindus1423Router/lanInterface/ip are ignored. As a result, if you want to manage the
Telindus 1423 SHDSL Router via IP, you have to configure an IP address in the bridgeGroup object
instead: telindus1423Router/bridge/bridgeGroup/ip.

telindus1423Router/lanInterface/bridging Default:-
Range: structure, see below
Use this attribute to configure the bridging related parameters of the LAN
interface.
Refer to …
• 9 - Configuring bridging on page 263 for more information on bridging.
• 9.2.6 - Explaining the bridging structure on page 281 for a detailed description of the bridging structure.
Telindus 1423 SHDSL Router Chapter 12 453
User manual Configuration attributes

telindus1423Router/lanInterface/priorityPolicy Default:<empty>
Range: 0 … 24 characters
Use this attribute to apply a priority policy on the LAN interface.
Do this by entering the index name of the priority policy you want to use. You can create the priority policy
itself by adding a priorityPolicy object and by configuring the attributes in this object.

Example

If you created a priorityPolicy object with index name my_priority_policy

(i.e. priorityPolicy[my_priority_policy]) and you want to apply this priority
policy here, then enter the index name as value for the priorityPolicy attribute.
Refer to 8.8.6 - Creating a priority policy on page 247 for more information on priority policies.

telindus1423Router/lanInterface/arp Default:-
Range: structure, see below
Use this attribute to configure the Address Resolution Protocol (ARP)
cache.
The arp structure contains the following elements:

Element Description

timeOut Use this element to set the ageing time of the ARP Default:00000d 02h 00m 00s
cache entries. Refer to The ARP cache time-out. Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s

proxyArp Use this element to enable or disable the proxy ARP Default:enabled
mechanism. Refer to What is proxy ARP?. Range: enabled / disabled

Note that when you want to access a proxied device via its IP address that
is configured in the telindus1423Router/proxy/nmsGroup/objectTable, then the
proxyArp element must be set to enabled.

What is the ARP cache?

The LAN interface has been allocated a fixed Ethernet address, also called MAC (Medium Access Con-
trol) address. This MAC address is not user configurable. The IP address of the LAN interface, on the
other hand, is user configurable. This means that the user associates an IP address with the predefined
MAC address. The MAC address - IP address pairs are kept in a table, called the ARP cache. Refer to
telindus1423Router/lanInterface/arpCache on page 696 for an example of such a table.

How does the ARP cache work?

Before the Telindus 1423 SHDSL Router sends an IP packet on the LAN interface, it has to know the
MAC address of the destination device. If the address is not present in the ARP cache table yet, the Tel-
indus 1423 SHDSL Router sends an ARP request on the Ethernet to learn the MAC address and asso-
ciated IP address of the destination device. This address pair is then written in the ARP cache. Once the
address pair is present, the Telindus 1423 SHDSL Router can reference to this pair if it has to send an
IP packet to the same device later on.
454 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

The ARP cache time-out

Summarised, all the MAC address - IP address pairs from ARP requests and replies received on the
LAN interface are kept in the ARP cache. However, if devices on the network are reconfigured then this
MAC address - IP address relation may change. Therefore, the ARP cache entries are automatically
removed from the cache after a fixed time-out. This time-out period can be set with the timeOut element.

What is proxy ARP?

Proxy ARP is the technique in which one host, usually a router, answers ARP requests intended for
another machine. By "faking" its identity, the router accepts responsibility for routing packets to the "real"
destination. Proxy ARP can help machines on a subnet reach remote subnets without configuring routing
or a default gateway.
The advantages and disadvantages of proxy ARP are listed below:

advantages The main advantage of using proxy ARP is that it can be added to a single router
on a network without disturbing the routing tables of the other routers on the net-
work.
Proxy ARP should be used on the network where IP hosts are not configured with
default gateway or does not have any routing intelligence.

disadvantages Hosts have no idea of the physical details of their network and assume it to be a
flat network in which they can reach any destination simply by sending an ARP
request. But using ARP for everything has disadvantages, some of which are listed
below:
• It increases the amount of ARP traffic on your segment.
• Hosts need larger ARP tables to handle IP-to-MAC address mappings.
• Security may be undermined. A machine can claim to be another in order to
intercept packets, an act called "spoofing."
• It does not work for networks that do not use ARP for address resolution.
• It does not generalise to all network topologies (for example, more than one
router connecting two physical networks).

telindus1423Router/lanInterface/adapter Default:autoDetect
Range: enumerated, see below
Only present on the single port LAN interface.
Use this attribute to set the Ethernet mode of the LAN interface.
The adapter attribute has the following values: autoDetect, 10Mb/halfDuplex, 10Mb/fullDuplex, 100Mb/halfDuplex,
100Mb/fullDuplex.
Telindus 1423 SHDSL Router Chapter 12 455
User manual Configuration attributes

telindus1423Router/lanInterface/vlan Default:<empty>
Range: table, see below
Use this attribute to create and configure VLANs. Refer to 10.3 - Configuring
VLANs on page 308 for an introduction and a step-by-step procedure.
As long as no VLANs are created in the vlan table, the LAN interface accepts both VLAN untagged and
VLAN tagged frames. The VLAN untagged frames are bridged and/or routed (depending on the setting
of the mode attribute). The VLAN tagged frames are bridged (in case the mode attribute is set to bridging
or bridgingAndRouting, else they are discarded).
As soon as a VLAN is created in the vlan table, the LAN interface still accepts VLAN untagged frames
but only accepts those VLAN tagged frames of which the VLAN ID corresponds with the VLAN ID that
has been configured in the vlan table (refer to the configuration element vid on page 457). Other VLAN
tagged frames are discarded.

Note that in case of the Telindus 1423 SHDSL Router 4 port Ethernet switch, the vlan table of the 4 port
Ethernet switch has to be used only if you want that VLAN tagged packets inside the 4 port Ethernet
switch are forwarded to the bridging or routing function of the Telindus 1423 SHDSL Router. Refer to for
10.4 - Configuring VLANs on the 4 port Ethernet switch on page 316 more information.

The vlan table contains the following elements:

Element Description

name Use this element to assign an administrative name to Default:<empty>

the VLAN. Range: 0 … 24 characters

adminStatus Use this element to activate (up) or deactivate (down) Default:up

the VLAN. Range: up / down

mode Use this element to determine whether, for the corre- Default:bridging
sponding VLAN, the packets are treated by the rout- Range: enumerated, see below
ing process or the bridging process.
The mode element has the following values:
• bridging. All packets received on the VLAN are bridged.
• routing. All packets received on the VLAN are routed.

ip Use this element to configure the IP related parame- Default:-

ters of the VLAN. Range: structure, see below
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configur-
ing IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip
structure.

bridging Use this element to configure the bridging related Default:-

parameters of the VLAN. Range: structure, see below
Refer to …
• 9 - Configuring bridging on page 263 for more information on bridging.
• 9.2.6 - Explaining the bridging structure on page 281 for a detailed description of
the bridging structure.
456 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

vlan Use this element to configure the specific VLAN Default:-

parameters. Range: structure, see below
Refer to telindus1423Router/lanInterface/vlan/vlan on page 457 for a detailed description of
the vlan structure.
Telindus 1423 SHDSL Router Chapter 12 457
User manual Configuration attributes

telindus1423Router/lanInterface/vlan/vlan Default:-
Range: structure, see below
Use the vlan structure in the vlan table to configure the VLAN related param-
eters of the corresponding VLAN.
Refer to 10.3 - Configuring VLANs on page 308 for an introduction on VLANs.
The vlan structure contains the following elements:

Element Description

vid Use this element to set the VLAN ID. Default:1

Range: 0 … 4095

Important remark

You can also enter VLAN tag 0 as VLAN ID. This is not really a VLAN, but
a way to reverse the filtering:
- all the untagged data is passed, internally, to VLAN 0.
- all the other, tagged, data for which no VLANs are defined, are handled by
the main LAN interface.
This allows a set-up where a number of VLANs are VLAN switched, while other
VLANs and untagged data are bridged. This is particularly interesting for VLAN
based networks with Ethernet switch discovery protocols like Cisco CDP. Until
now, this was not possible since the VLAN switching mode did not allow flooding
packets over multiple interfaces (bridging), nor did it allow terminating manage-
ment data in the device.
In such set-up, the configuration looks as follows:
- A first bridge group includes all VLANs that need to be switched. This bridge
group is set in VLAN switching mode.
- A second bridge group includes VLAN 0 and possibly also a VLAN for man-
agement of the device.
- The interface VLAN table(s) include(s) entries for all switched VLANs, VLAN
0 and possibly a VLAN for management.
458 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

tagSignificance This element is only relevant when you set the mode Default:global
element to bridging. Range: local / global
Use this element to determine whether the VLAN tag has a local or a global signif-
icance.
The tagSignificance element has the following values:
• local. The VLAN tag only has a local significance, i.e. it is only present on the
LAN interface side. This means that when the data is moved …
- from the LAN interface to the bridge group, the VLAN tag is removed.
- from the bridge group to the LAN interface, the VLAN tag is added.

Keep in mind that when the VLAN tag is removed, you not only discard the
VLAN ID but also the user priority.
When you perform bridging between VLANs, then set the tagSignificance element to
local. Else you get multiple VLAN tags in the Ethernet frames.

• global. The VLAN tag has a global significance, i.e. it is both present on the LAN
interface and the bridge group side.
This means that when the data is moved from the LAN interface to the bridge
group or vice versa, the VLAN tag is always preserved.

Refer to the figure Local or global VLAN tag significance on page 460.

txCos Use this element to set the default user priority Default:0
(802.1P, also called COS) of the transmitted VLAN Range: 0 … 7
frames.

changeTos Use this element to enable or disable the COS to TOS Default:disabled
mapping. Range: enabled / disabled
If you set the changeTos attribute to disabled, then the element cosTosMap is ignored.

Note that the TOS to COS mapping is always enabled, irrespective with the
setting of the changeTos attribute.

cosTosMap Use this element to determine how the VLAN user pri- Default:-
ority (COS) maps onto the IP TOS byte value. Range: structure, see below
Note that the COS to TOS mapping only occurs in case …
• the mode element is set to routing and the changeTos element is set to enabled.
or
• the mode element is set to bridging, the changeTos element is set to enabled and
the tagSignificance element is set to local.

The cosTosMap structure contains the following elements:

• p0 … p7. Use these elements to define which VLAN Default:0
user priority (0 up to 7) maps onto which IP TOS Range: 0 … 7
byte value (0 up to 255).
Telindus 1423 SHDSL Router Chapter 12 459
User manual Configuration attributes

Element Description

tosCosMap Use this element to determine how the IP TOS byte Default:-
value maps onto the VLAN user priority (COS). Range: table, see below
Note that the COS to TOS mapping only occurs in case …
• the mode element is set to routing.
or
• the mode element is set to bridging and the tagSignificance element is set to local.

The tosCosMap table contains the following elements:

• startTos and endTos. Use these elements to set the Default:0
TOS byte value range that has to be mapped. Range: 0 … 255
• cos. Use this element to set the VLAN user priority Default:0
(COS) value on which the specified TOS byte Range: 0 … 7
value range has to be mapped.
460 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Local or global VLAN tag significance

The following figure shows how the tagSignificance element influences the VLAN tagging between the LAN
interface and the bridge group:
Telindus 1423 SHDSL Router Chapter 12 461
User manual Configuration attributes

telindus1423Router/lanInterface1/switchMode Default:portSwitching
Range: enumerated, see below
Only present on the 4 port Ethernet LAN interface.
Use this attribute to select the switching mode of the 4 port Ethernet interface.
The switchMode attribute has the following values:

Value Description

portSwitching The 4 port Ethernet interface behaves as a normal Ethernet switch.

dot1QSwitching The 4 port Ethernet interface behaves as a VLAN switch.

telindus1423Router/lanInterface1/ports Default:-
Range: table, see below
Only present on the 4 port Ethernet LAN interface.
Use this attribute to …
• set the Ethernet mode for each port of the 4 port Ethernet interface.
• set the VLAN tagging mode for each port of the 4 port Ethernet interface.

The ports table contains 4 entries. Each entry corresponds with a port of the 4 port Ethernet interface. So
you can configure the Ethernet and VLAN tagging mode for each port separately. The ports table contains
the following elements:

Element Description

adapter Use this element to set the Ethernet mode for each Default:autoNegotiate
port of the 4 port Ethernet interface. Range: choice, see below
The first part of the adapter element has the following values:
• autoNegotiate. The port automatically negotiates Default:all enabled
with its link partner which Ethernet mode they are Range: structure, see below
going to use.
Using the second part of the adapter element, you can determine which capabil-
ities the port may advertise in this negotiation process. Do this by setting the
corresponding element in this structure to enabled. The structure contains the
following elements: 10Mb/halfDuplex, 10Mb/fullDuplex, 100Mb/halfDuplex, 100Mb/fullDu-
plex, flowControl. By default, all these elements are set to enabled.
• fixed. The port is set to a fixed Ethernet mode. Default:10Mb/halfDuplex
Using the second part of the adapter element, you Range: enumerated, see below
can select the Ethernet mode. Possible values are:
10Mb/halfDuplex, 10Mb/fullDuplex, 100Mb/halfDuplex, 100Mb/fullDuplex.
462 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

vlanTagging Use this element to set the VLAN tagging mode for Default:<untagged> 1
each port of the 4 port Ethernet interface. Range: choice, see below
Refer to 10.4.2 - Setting up VLANs on the 4 port Ethernet switch on page 319 for
more information and some examples.
The first part of the vlanTagging element has the following values:
• untagged
- Incoming … Default:1
› untagged packets and null-VID tagged Range: 1 … 4094
packets are internally tagged with the con-
figured VID before they are forwarded.
› tagged packets are forwarded unaltered if the VID corresponds with the
one configured on the port.
› packets tagged with a different VID are discarded.
- Outgoing …
› untagged packets are forwarded unaltered.
› tagged packets their VLAN tag is removed before they are forwarded.
Use the second part of the vlanTagging element to set the VID value.

• tagged
- Incoming … Default:1
› untagged packets and null-VID tagged Range: 1 … 4094
packets are discarded.
› tagged packets are forwarded unaltered if the VID corresponds with the
one configured on the port.
› packets tagged with a different VID are discarded.
- Outgoing …
› tagged packets are forwarded unaltered if the VID corresponds with the
one configured on the port.
Use the second part of the vlanTagging element to set the VID value.

• trunk. The trunk port is a special kind of tagged port. Default:<empty>

It can be seen as a concentrator for packets of all Range: table, see below
other ports or as an uplink to a backbone LAN. On
a trunk you can configure more than one VID.
- Incoming …
› untagged packets and null-VID tagged packets are discarded.
› tagged packets are forwarded unaltered if the VID corresponds with the
one configured on the port.
› packets tagged with a different VID are discarded.
- Outgoing …
› tagged packets are forwarded unaltered if the VID corresponds with the
one configured on the port.
Use the second part of the vlanTagging element to set the different VID values.
Telindus 1423 SHDSL Router Chapter 12 463
User manual Configuration attributes

Element Description

• portSniffing. If a port is configured as sniffing port, its Default:<empty>

normal function is suspended and this port starts Range: table, see below
to transmit all packets it has to monitor. So on a
sniffing port the VLAN filtering and incoming and outgoing tagging rules are all
disabled.
All packets (including packets that do not successfully pass the validation proc-
ess) entering or exiting a sniffed port are copied to the sniffing port and trans-
mitted unaltered there. If you then connect a VLAN-enabled sniffing program to
the sniffing port, you can monitor all traffic to and from the sniffed port.
Refer to telindus1423Router/lanInterface1/ports/vlanTagging/<portSniffing> on page 464 for
a detailed description of the portSniffing element.
464 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/lanInterface1/ports/vlanTagging/<portSniffing> Default:<txSniff> localPort

Range: choice, see below
If you set the first part of the vlanTagging element to portSniffing, then a table
appears in the second part. In this table you can determine which ports have to be sniffed and what has
to be sniffed on these ports. Do this by adding one or more entries to this table and by configuring these
entries.
Each entry consists of a choice element. The first part of this choice element has the following values:

Value Description

txSniff Only the outgoing packets of a port are sniffed.

Use the second part of the choice element to determine which port has to be
sniffed. Possible values are: port1, port2, port3, port4, localPort.

rxSniff Only the incoming packets of a port are sniffed.

Use the second part of the choice element to determine which port has to be
sniffed. Possible values are: port1, port2, port3, port4, localPort.

txOrRxSniff Both outgoing and incoming packets of a port are sniffed.

Use the second part of the choice element to determine which port has to be
sniffed. Possible values are: port1, port2, port3, port4, localPort.

If you want to enable port sniffing, the switchmode attribute has to be set to dot1QSwitching. Refer to
telindus1423Router/lanInterface1/switchMode on page 461.

telindus1423Router/lanInterface1/bcastStormProtection Default:-
Range: structure, see below
Only present on the 4 port Ethernet LAN interface.
Use this attribute to protect the 4 port Ethernet interface against broadcast/multicast storms. Note that
this configuration is done for all ports at once (including the local port).
The bcastStormProtection structure contains the following elements:

Element Description

mode Use this element to enable or disable the broadcast/ Default:disabled

multicast storm protection. Range: enumerated, see below
The mode element has the following values:
• disabled. The broadcast/multicast storm protection is not active.
• enabled. The broadcast storm protection is active. However, there is no multicast
storm protection!
• inclMulticastStormProt. The broadcast/multicast storm protection is active.

rate Use this element to set the percentage of “64-byte Default:1

blocks” of packet data that is allowed on an input port Range: 1 … 27
during a fixed period. This period is 500 ms for a
speed of 10 Mbps and 50 ms for a speed of 100 Mbps.
For example, in case of the default of 1%:
148800 frames/sec * 50 ms/interval * 1% = 74 frames/interval
Telindus 1423 SHDSL Router Chapter 12 465
User manual Configuration attributes

telindus1423Router/lanInterface/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the lanInterface object, refer to 15.4 - LAN interface alarms on page 924.
466 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.4 WAN interface configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/wanInterface/name on page 467
• telindus1423Router/wanInterface/encapsulation on page 467
• telindus1423Router/wanInterface/priorityPolicy on page 467
• telindus1423Router/wanInterface/maxFifoQLen on page 467
• telindus1423Router/wanInterface/<alarmConfigurationAttributes> on page 467
Telindus 1423 SHDSL Router Chapter 12 467
User manual Configuration attributes

telindus1423Router/wanInterface/name Default:wan
Range: 1 … 24 characters
Use this attribute to assign an administrative name to the WAN interface.

telindus1423Router/wanInterface/encapsulation Default:atm
Range: enumerated, see below
Use this attribute to select the encapsulation protocol on the WAN interface.
The encapsulation attribute has the following values: atm, frameRelay, ppp and hdlc.

Note that not all encapsulation protocols are present on all Telindus 1423 SHDSL Router versions. Refer
to 1.3 - Telindus 1423 SHDSL Router family overview on page 7.

telindus1423Router/wanInterface/priorityPolicy Default:<empty>
Range: 0 … 24 characters
Use this attribute to apply a priority policy on the WAN interface.
Do this by entering the index name of the priority policy you want to use. You can create the priority policy
itself by adding a priorityPolicy object and by configuring the attributes in this object.

Example

If you created a priorityPolicy object with index name my_priority_policy

(i.e. priorityPolicy[my_priority_policy]) and you want to apply this priority
policy here, then enter the index name as value for the priorityPolicy attribute.
Refer to 8.8.6 - Creating a priority policy on page 247 for more information on priority policies.

telindus1423Router/wanInterface/maxFifoQLen Default:200
Range: 1 … 4000
Use this attribute to set the maximum length (number of packets) of the First
In First Out queue.
Refer to telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/algorithm on page 543 for more information on this
queue.

telindus1423Router/wanInterface/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the wanInterface object, refer to 15.5 - WAN interface alarms on page 925.
468 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.5 Encapsulation configuration attributes

This section discusses the configuration attributes of the encapsulation protocols that can be used on
the Telindus 1423 SHDSL Router.

Note that these encapsulation protocols cannot only be used on the xDSL line but, if your Telindus 1423
SHDSL Router is equipped with (an) ISDN interface(s), also on the ISDN interface(s).
The protocols Frame Relay, PPP and HDLC are only relevant for TDM operation.
Refer to 1.3 - Telindus 1423 SHDSL Router family overview on page 7 for more information about which
protocols are available on which Telindus 1423 SHDSL Router version.

The following gives an overview of this section:

• 12.5.1 - ATM configuration attributes on page 469
• 12.5.2 - Frame Relay configuration attributes on page 478
• 12.5.3 - PPP configuration attributes on page 487
• 12.5.4 - HDLC configuration attributes on page 493
• 12.5.5 - Error test configuration attributes on page 495
Telindus 1423 SHDSL Router Chapter 12 469
User manual Configuration attributes

12.5.1 ATM configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable on page 470
• telindus1423Router/wanInterface/channel[wan_1]/atm/vp on page 476
• telindus1423Router/wanInterface/channel[wan_1]/atm/atm on page 477
470 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable Default:<empty>
Range: table, see below
Use this attribute to configure the ATM Permanent Virtual Circuits (PVCs).
Refer to 7.2.2 - Configuring ATM PVCs on page 125 for more information on PVCs.
The pvcTable contains the following elements:

Element Description

name Use this element to assign an administrative name to Default:<empty>

the PVC. Range: 0 … 24 characters

adminStatus Use this element to activate (up) or deactivate (down) Default:up

the PVC. Range: up / down

mode Use this element to determine whether, for the corre- Default:routing
sponding PVC, the packets are treated by the routing Range: enumerated, see below
process, the bridging process or both.
The mode element has the following values:
• bridging. All packets received on the PVC are bridged.
• routing. All packets received on the PVC are routed.
• routingAndBridging. The SNAP header is checked to determine whether the pack-
ets have to be bridged or routed.

priorityPolicy Use this element to set a priority policy per PVC. Default:<empty>
Refer to telindus1423Router/wanInterface/priorityPolicy on Range: 0 … 24 characters
page 467 for more information.

ip Use this element to configure the IP related parame- Default:-

ters of the PVC. Range: structure, see below
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configur-
ing IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip
structure.

bridging Use this element to configure the bridging related Default:-

parameters of the PVC. Range: structure, see below
Refer to …
• 9 - Configuring bridging on page 263 for more information on bridging.
• 9.2.6 - Explaining the bridging structure on page 281 for a detailed description of
the bridging structure.

atm Use this element to configure the specific PVC param- Default:-
eters. Range: structure, see below
Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm on page 472 for a
detailed description of the atm structure.
Telindus 1423 SHDSL Router Chapter 12 471
User manual Configuration attributes

Element Description

ppp Use this element to configure the PPP related param- Default:-
eters of the PVC in case you choose to map PPP onto Range: structure, see below
AAL5 (refer to the elements higherLayerProtocol and mul-
tiProtocolMech on page 472).
Refer to 12.5.3 - PPP configuration attributes on page 487 for a detailed descrip-
tion of the elements in the ppp structure.
472 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm Default:-
Range: structure, see below
Use the atm structure in the pvcTable to configure the ATM related parame-
ters of the corresponding PVC.
Refer to 7.2.2 - Configuring ATM PVCs on page 125 for more information on PVCs.
The atm structure contains the following elements:

Element Description

vpi Use this element to set the Virtual Path Identifier Default:0
(VPI). Range: 0 … 255

vci Use this element to set the Virtual Channel Identifier Default:32
(VCI). Range: 32 … 65535
You can configure multiple virtual channels per virtual path. Refer to What is VPI
and VCI? on page 116.

higherLayerProtocol Use this attribute to select the protocol you want to run Default:rfc2684
over ATM. Range: enumerated, see below
The higherLayerProtocol element has the following values:
• rfc2684. Select this value in case you want to run bridged/routed Ethernet/IP
over ATM (RFC 2684).
• ppp. Select this value in case you want to run PPP over ATM (PPPoA, RFC
2364).
• pppOverEthernet. Select this value in case you want to run PPP over Ethernet
(PPPoE, RFC 2516).

-In the PPPoE context, the Telindus 1423 SHDSL Router can only act
as a client.
- If you use PPPoE on your computer, then the IP MTU size has to be limited
to 1492 bytes. This is a general rule defined in the PPPoE protocol.

multiProtocolMech Use this element to define how you want to encapsu- Default:llcEncapsulation
late the higher layer protocol data in ATM. Range: enumerated, see below
The multiProtocolMech element has the following values:
• llcEncapsulation. Logical Link Control (LLC) encapsulation multiplexes multiple
protocols over a single virtual connection. The protocol type of each protocol
data unit (PDU) is identified by a prefixed IEEE 802.2 Logical Link Control (LLC)
header.
In general, LLC encapsulation tends to require fewer VCs in a multi-protocol
environment but has more fragmentation overhead.
• vcMultiplexing. Virtual Circuit (VC) multiplexing uses one virtual connection to
carry the PDUs of exactly one protocol type. When multiple protocols need to
be transported, there is a separate VC for each.
VC multiplexing tends to reduce fragmentation overhead (e.g. an IPV4 data-
gram containing a TCP control packet with neither IP nor TCP options exactly
fits into a single cell) but needs more VCs.
Telindus 1423 SHDSL Router Chapter 12 473
User manual Configuration attributes

Element Description

serviceCategory Use this element to specify the ATM service category. Default:ubr
The serviceCategory element has the following values: Range: enumerated, see below
cbr, vbr-rt, vbr-nrt, ubr.
For more information on ATM service categories, refer to 7.2.1 - Introducing ATM
on page 116.

peakCellRate Use this element to set the Peak Cell Rate (PCR) of Default:auto
the PVC. Range: auto, 64000…
The peakCellRate is expressed in bps. Enter a multiple of 64000 bps as peakCellRate
value (e.g. 2048000). The maximum value is the physical connection towards the
ATM network.
In auto mode, the PVC will try to get the maximum bandwidth, i.e. the speed of the
physical connection towards the ATM network. This is the line speed on which the
Telindus 1423 SHDSL Router is trained.
For more information on PCR and how to configure it, refer to …
• 7.2.1 - Introducing ATM on page 116
• 7.2.6 - Configuring UBR on page 130
• 7.2.7 - Configuring VBR-nrt on page 131
• 7.2.8 - Configuring VBR-rt on page 132
• 7.2.9 - Configuring CBR on page 133

sustCellRate Use this element to set the Sustainable Cell Rate Default:<opt>
(SCR) of the PVC. Range: 0 …
The sustCellRate is expressed in bps. Enter a multiple of 64000 bps as sustCellRate
value (e.g. 2048000). The maximum value is the physical connection towards the
ATM network.
For more information on SCR and how to configure it, refer to …
• 7.2.1 - Introducing ATM on page 116
• 7.2.7 - Configuring VBR-nrt on page 131
• 7.2.8 - Configuring VBR-rt on page 132

maxBurstSize Use this element to set the Maximum Burst Size Default:<opt>
(MBS) of the PVC. Range: 0 … 2147483647
The maxBurstSize is expressed in a number of cells (cell times).
For more information on MBS and how to configure it, refer to …
• 7.2.1 - Introducing ATM on page 116
• 7.2.7 - Configuring VBR-nrt on page 131
• 7.2.8 - Configuring VBR-rt on page 132

inArpTimeOut Use this element to set the time between the trans- Default:00000d 00h 00m 30s
mission of two consecutive Inverse ARP frames. Range: 00000d 00h 00m 01s -
00000d 01h 00m 00s
474 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

oamF5Loopback Use this element to configure the transmission of Default:-

OAM F5 LoopBack cells. Refer to What are OAM Range: structure, see below
LoopBack (LB) cells? on page 124.
Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm/oamF5Loopback on
page 475 for a detailed description of the oamF5Loopback structure.
Telindus 1423 SHDSL Router Chapter 12 475
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm/ Default:-
oamF5Loopback Range: structure, see below
Use the oamF5Loopback structure to configure the transmission of OAM F5 loopback cells.
The oamF5Loopback structure contains the following elements:

Element Description

operation Use this element to enable or disable loopback oper- Default:disabled

ation. Range: enabled / disabled
The operation element has the following values:
• disabled. Loopback operation is disabled, i.e. the loopback cells are not sent.
This means that the ifOperStatus of the PVC becomes up when the ATM is syn-
chronised globally. However, this does not guarantee that the PVC is config-
ured (correctly) on the remote side.
• enabled. Loopback operation is enabled, i.e. the Telindus 1423 SHDSL Router
sends loopback cells at regular intervals. If consecutive cells are not returned
by the remote side, then the ifOperStatus of the PVC becomes down.

The Telindus 1423 SHDSL Router always responds to OAM LB cells

received from the peer ATM device (both segment and end-to-end cells).
However, when OAM LB is activated, the Telindus 1423 SHDSL Router only
sends end-to-end OAM LB request cells.

interval Use this element to set the time interval between the Default:00000d 00h 00m 10s
sending of two consecutive loopback cells. Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s

failsPermitted Use this element to set the number of non-returned Default:4

loopback cells after which the Telindus 1423 SHDSL Range: 1 … 30
Router declares the PVC down.

Example

Suppose failsPermitted is set to 10. If 10 consecutive loopback cells are not returned
by the remote side, then the Telindus 1423 SHDSL Router declares the PVC
down.
476 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/vp Default:<empty>
Range: table, see below
Use this attribute to configure the transmission of OAM F4 loopback cells.
The vp table contains the following elements:

Element Description

vpi Use this element to enter the Virtual Path Identifier Default:0
(VPI) of the Virtual Path for which you want to send Range: 0 … 255
the OAM F4 loopback cells.

oamF4Loopback Use this element to configure the transmission of Default:-

OAM F4 LoopBack cells. Refer to What are OAM Range: structure, see below
LoopBack (LB) cells? on page 124.
The elements contained in this structure are the same as those in the
oamF5Loopback structure. For a detailed description of these elements refer to
telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm/oamF5Loopback on
page 475.

All entries in the vp configuration table are considered, even if for a certain VPI number no corresponding
PVC has been configured. In the vp status and performance tables only the information about VPs that
are configured in the vp configuration table is shown. However, the Telindus 1423 SHDSL Router does
respond to loopback requests for VPs that are not configured in the vp configuration table but for which
a PVC has been configured.
Telindus 1423 SHDSL Router Chapter 12 477
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/atm Default:-
Range: structure, see below
Use this attribute to configure the general ATM parameters.
The atm structure contains the following elements:

Element Description

idleCellFormat Use this element to set the format of the ATM idle Default:itu
cells. These cells are transmitted when no data is Range: enumerated, see below
transmitted over the line. I.e. the line is idle.
The idleCellFormat element has the following values:
• itu. Sets the cells according to the ITU-T format. In this case they are effectively
called “idle cells”.
• atmForum. Sets the cells according to the ATM forum format. In this case they
are actually called “unassigned cells”.

Some devices use the ITU-T format, others the ATM forum format. Should the per-
formance attribute telindus1423Router/wanInterface/channel[wan_1]/atm/unknownCells
increase rapidly, then try selecting a different format. However, the default value
suffices in most cases.

scrambling Use this element to enable or disable scrambling. Default:enabled

Scrambling is designed to randomise the pattern of 1s Range: enabled / disabled
and 0s carried in ATM cells or the physical layer frame. Randomising the digital
bits can prevent continuous, non-variable bit patterns, in other words long strings
of all 1s or all 0s. Several physical layer protocols rely on transitions between 1s
and 0s to maintain clocking.

coset Use this element to enable or disable coset polyno- Default:enabled

mial algorithm. Range: enabled / disabled
The coset polynomial algorithm is used to do header error check calculations.

The atm attribute is only relevant when the Telindus 1423 SHDSL Router operates in plesiochronous
SHDSL timing mode.
478 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.5.2 Frame Relay configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/ip on page 479
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable on page 480
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/lmi on page 483
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/modeLearnedDlci on page 486
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/delayOptimisation on page 486
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/fragmentation on page 486
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/mru on page 486

These attributes are not present on the on the Telindus 1423 SHDSL Router versions without HWA.
Telindus 1423 SHDSL Router Chapter 12 479
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/ip Default:<empty>
Range: structure, see below
Use this attribute to globally configure the IP parameters of the DLCIs. More
specifically, use this attribute to configure the IP related parameters of all the DLCIs for which …
• in the dlciTable no IP address is defined for that specific DLCI,
• and the mode element is set to routing or routingAndBridgning.

If you want to configure the IP related parameters for one specific DLCI, then configure for that DLCI the
ip structure in the dlciTable.

Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configuring IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip structure.
• 7.3.4 - Configuring IP addresses in Frame Relay on page 148 for more specific information on con-
figuring IP addresses in Frame Relay.
480 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable Default:<empty>
Range: table, see below
Use this attribute to configure the Frame Relay Data Link Connection Iden-
tifiers (DLCIs).
Refer to 7.3.2 - Configuring Frame Relay DLCIs on page 145 for more information on DLCIs.
The dlciTable contains the following elements:

Element Description

name Use this element to assign an administrative name to Default:<empty>

the DLCI. Range: 0 … 24 characters

adminStatus Use this element to activate (up) or deactivate (down) Default:up

the DLCI. Range: up / down

mode Use this element to determine whether, for the corre- Default:routing
sponding DLCI, the packets are treated by the routing Range: enumerated, see below
process, the bridging process or both.
The mode element has the following values:
• bridging. All packets received on the DLCI are bridged.
• routing. All packets received on the DLCI are routed.
• routingAndBridging. The SNAP header is checked to determine whether the pack-
ets have to be bridged or routed.

priorityPolicy Use this element to set a priority policy per DLCI. Default:<empty>
Refer to telindus1423Router/wanInterface/priorityPolicy on Range: 0 … 24 characters
page 467 for more information.

ip Use this element to configure the IP related parame- Default:-

ters of the corresponding DLCI. Range: structure, see below
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configur-
ing IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip
structure.
• 7.3.4 - Configuring IP addresses in Frame Relay on page 148 for more specific
information on configuring IP addresses in Frame Relay.

bridging Use this element to configure the bridging related Default:-

parameters of the DLCI. Range: structure, see below
Refer to …
• 9 - Configuring bridging on page 263 for more information on bridging.
• 9.2.6 - Explaining the bridging structure on page 281 for a detailed description of
the bridging structure.

frameRelay Use this element to configure the specific DLCI Default:-

parameters. Range: structure, see below
Refer to telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable/frameRelay on
page 481, for a detailed description of the frameRelay structure.
Telindus 1423 SHDSL Router Chapter 12 481
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable/frameRelay Default:-
Range: structure, see below
Use the frameRelay structure in the dlciTable to configure the Frame Relay
related parameters of the corresponding DLCI.
Refer to …
• 7.3.2 - Configuring Frame Relay DLCIs on page 145 for more information on DLCIs.
• 7.3.6 - Configuring CIR and EIR on page 152 for more information on CIR and EIR.
The frameRelay structure contains the following elements:

Element Description

dlci Use this element to set the Data Link Connection Default:16
Identifier (DLCI). Range: 16 … 1022
The DLCI number may have any value between 16 and 1022. However, if you set
the type element of the lmi structure to q933-Annex-A, you should only use DLCIs up
to 1007.

cir Use this element to set the Committed Information Default:0

Rate for the DLCI. Range: 0 …
The cir is expressed in bps. Enter a multiple of 64000 bps as cir value (e.g. 2048000).
The maximum value is the physical connection towards the Frame Relay network.
If the cir value is set to 0 (default), it means the complete bandwidth may be used
(no flow control).

eir Use this element to set the Excess Information Rate Default:0
for the DLCI. Range: 0 …
The eir is expressed in bps. Enter a multiple of 64000 bps as eir value (e.g. 2048000).
The maximum value is the physical connection towards the Frame Relay network.
If the eir value is set to 0 (default), it means no excess burst is allowed.
The bursts of data that are allowed are the CIR value + EIR value. I.e. If you want
a CIR of 1 Mbps and you want to allow bursts up to 1.5 Mbps, then set the CIR to
1024000 bps and the EIR to 512000 bps.

overhead Use this element to set the amount of overhead you Default:0
want to add to the configured CIR value. The overhead Range: 0 … 50
element is expressed in bytes.
Normally when you specify CIR, you have to make sure that the CIR value you
enter includes the user data (i.e. the payload) and the Frame Relay headers (i.e.
the overhead). However, you could choose to only specify the amount of payload
as CIR value. In that case use the overhead element to specify the amount of over-
head.

tc Use this element to set the measurement interval Default:200

(TC). The TC interval is expressed in milliseconds. Range: 50 … 1000
TC is the time over which rates and burst sizes are measured. In general, the dura-
tion of TC is proportional to the burstiness of traffic.
482 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

slidingWindow Use this element to enable or disable sliding window. Default:disabled

If the slidingWindow element is set to … Range: enabled / disabled

• disabled (default), then TC is a periodic time interval.

• enabled, then TC is a sliding window. This means that data triggers the TC inter-
val which continues until it completes its commuted duration.

deBitSet Use this element to determine, in case the CIR is Default:enabled

exceeded, whether all subsequent frames get marked Range: enabled / disabled
Discard Eligible (deBitSet = enabled) or not (deBitSet = dis-
abled).
If congestion occurs at a node in the Frame Relay network, packets marked DE
are the first to be dropped.

defaultQueue Use this element to select a default queue. Default:queue1

This allows you to easily set up a traffic policy without Range: enumerated, see below
having to create and apply traffic policy profiles. However, you still have to create
and apply a priority policy profile to empty the queues.
Refer to 8.8.9 - The default queue attribute versus a traffic policy profile on
page 252 for more information.

fragmentation Use this element to enable or disable Frame Relay Default:-

fragmentation on an end-to-end level. Refer to What Range: structure, see below
is end-to-end Frame Relay fragmentation? on
page 144.
The fragmentation structure contains the following elements:
• endToEndFormat. Use this element to enable or dis- Default:disabled
able Frame Relay fragmentation on an end-to-end Range: enabled / disabled
level.
When end-to-end Frame Relay fragmentation is enabled, long frames are frag-
mented into a sequence of shorter frames. At the remote side they are reas-
sembled into the original frame.
Telindus 1423 SHDSL Router Chapter 12 483
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/lmi Default:-
Range: structure, see below
Use this attribute to select the Local Management Interface (LMI) protocol
and to fine-tune the LMI operation.
Refer to 7.3.5 - Configuring LMI on page 151 for more information on LMI.
The lmi structure contains the following elements:

Element Description

mode Use this element to set the Frame Relay mode. Default:auto
The mode element has the following values: Range: enumerated, see below

• noLmi. No LMI is used.

• user. In the LMI context, the Telindus 1423 SHDSL Router is defined as Frame
Relay user. This means it only sends Status Enquiries and receives Status
Responses.
• network. In the LMI context, the Telindus 1423 SHDSL Router is defined as
Frame Relay network. This means it only receives Status Enquiries and sends
Status Responses.
• auto. In the LMI context, the Telindus 1423 SHDSL Router is both Frame Relay
user and Frame Relay network. This means it can both send and receive Status
Enquiries and Status Responses.
At initialisation, the Telindus 1423 SHDSL Router sends the first Full Status
Enquiry. As soon as it gets a Full Status Response, it declares that LMI is up.

If you use the Telindus 1423 SHDSL Router in combination with equipment
from another vendor and you set the LMI mode to auto, then the LMI mode
on the other equipment may only be set to user or network to insure valid oper-
ation.

• nni. In the LMI context, the Telindus 1423 SHDSL Router is both Frame Relay
user and Frame Relay network. This means it can both send and receive Status
Enquiries and Status Responses.
In a Network-to-Network Interface (NNI) it is important for the connected Frame
Relay devices that they know which DLCIs are configured on each side. There-
fore, in comparison with the auto setting, one extra step is required before LMI
is declared to be up.
So at initialisation, the Telindus 1423 SHDSL Router sends the first Full Status
Enquiry and receives a Full Status Response. Then it waits until it receives a
Full Status Enquiry from the remote before it declares that LMI is up.

Refer to Interaction between the LMI modes on page 485 for an overview of how
the different LMI modes work together.
484 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

type Use this element to set the LMI variant. There are sev- Default:q933-Annex-A
eral standards for the LMI protocol with small varia- Range: enumerated, see below
tions between them. Therefore you should configure
the Telindus 1423 SHDSL Router according to the standard that is used by your
service provider.
The type element has the following values:
• lmiRev1. Set this value only for compatibility with older equipment.
• ansiT1-617-d. Set this value for ANSI LMI compliance.
• q933-Annex-A. Set this value for ITU-T LMI compliance.
• frf1-2. Set this value for FRF.1-2 compliance.

pollingInterval Use this element to set the time between consecutive Default:00000d 00h 00m 10s
Status Enquiry messages. Range: 00000d 00h 00m 05s -
00000d 00h 00m 30s

errorThreshold Use this element to set the maximum number of unan- Default:3
swered Status Enquiry messages that the Telindus Range: 1 … 10
1423 SHDSL Router will accept before declaring the
DLCI down. Also see the monitoredEvents element.

monitoredEvents Use this element to set the number of status polling Default:4
intervals over which the error threshold is counted. Range: 1 … 10
In other words, if the station receives an errorThreshold number of unanswered Sta-
tus Enquiry messages within a monitoredEvents number of pollingInterval intervals, then
the interface is declared down.

Example

If the station receives 3 unanswered Status Enquiry messages within 4 x 10s =

40s, then the interface is declared down.

expectedPollInterval Use this element to set the maximum time between Default:00000d 00h 00m 15s
two consecutive incoming Status Enquiry messages. Range: 00000d 00h 00m 00s -
Select the value 0 in order to disable verification. 00000d 00h 00m 30s

This element is only relevant when using Frame Relay over a point-to-point link (no
Frame Relay network). In Frame Relay language, a router is normally considered
as a Frame Relay user or DTE. However, if two routers are connected to each
other in Frame Relay but without a real Frame Relay network in between, then the
routers also have to take the role of a Frame Relay network or DCE (refer to the
mode element). In that case the Status Enquiry messages are sent in both direc-
tions.

fullEnquiryInterval Use this element to set the number of Status Enquiry Default:6
intervals that have to pass before sending a Full Sta- Range: 1 … 255
tus Enquiry message.
Telindus 1423 SHDSL Router Chapter 12 485
User manual Configuration attributes

Interaction between the LMI modes

The following table shows how the different LMI modes work together when two routers are connected
to each other over a Frame Relay network:

LMI mode LMI status DLCI status Router learns DLCIs?

Router Router Router Router Router Router Router A Router B

A B A B A B

noLmi noLmi up up up up no no

user up down up down no no

network up down up down no no

nni up down up down no no

auto up down up down no no

user user down down down down no no

network up up up up learns (user) no

nni up down up down learns (user) no

auto up up up up learns (user) no

network network down down down down no no

nni up down up down no learns (nni)

auto up up up up no learns (auto)

nni nni up up up up learns learns

auto up up up up learns learns

auto auto up up up up learns learns

486 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/modeLearnedDlci Default:routing
Range: enumerated, see below
If the Frame Relay network supports LMI, then the Telindus 1423 SHDSL
Router can learn its active and inactive DLCIs. Use this attribute to determine whether, for learned
DLCIs, the packets are treated by the routing process, the bridging process or both.
The modeLearnedDlci attribute has the following values:

Value Description

bridging All packets received on the DLCI are bridged.

routing All packets received on the DLCI are routed.

routingAndBridging The SNAP header is checked to determine whether the packets have to be bridged
or routed.

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/delayOptimisation Default:none
Range: none / lowSpeedLinks
Use this attribute to reduce the delay on low speed links. Especially if these
links have to transport delay sensitive data (e.g. voice over IP).

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/fragmentation Default:-
Range: structure, see below
Use this attribute to enable or disable Frame Relay fragmentation on (phys-
ical) interface level. Refer to What is interface Frame Relay fragmentation? on page 143.
The fragmentation structure contains the following elements:

Element Description

interfaceFormat Use this element to enable or disable Frame Relay Default:disabled

fragmentation on (physical) interface level. Range: enabled / disabled
When interface Frame Relay fragmentation is enabled, long frames are frag-
mented into a sequence of shorter frames. At the remote side they are reassem-
bled into the original frame.

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/mru Default:1560
Range: 500 … 1650
Use this attribute to set the Maximum Receive Unit (MRU) of the interface.

What is MRU?

The Maximum Receive Unit (MRU) is the largest size packet or frame, specified in octets (eight-bit
bytes), that can be received in a packet- or frame-based network (e.g. the Internet).
Telindus 1423 SHDSL Router Chapter 12 487
User manual Configuration attributes

12.5.3 PPP configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/wanInterface/channel[wan_1]/ppp/ip on page 488
• telindus1423Router/wanInterface/channel[wan_1]/ppp/mode on page 488
• telindus1423Router/wanInterface/channel[wan_1]/ppp/bridging on page 488
• telindus1423Router/wanInterface/channel[wan_1]/ppp/delayOptimisation on page 488
• telindus1423Router/wanInterface/channel[wan_1]/ppp/mru on page 488
• telindus1423Router/wanInterface/channel[wan_1]/ppp/compression on page 489
• telindus1423Router/wanInterface/channel[wan_1]/ppp/linkMonitoring on page 490
• telindus1423Router/wanInterface/channel[wan_1]/ppp/authentication on page 491
• telindus1423Router/wanInterface/channel[wan_1]/ppp/authenPeriod on page 491
• telindus1423Router/wanInterface/channel[wan_1]/ppp/sessionName on page 492
• telindus1423Router/wanInterface/channel[wan_1]/ppp/sessionSecret on page 492

These attributes are not present on the on the Telindus 1423 SHDSL Router versions without HWA.
488 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/ip Default:<empty>
Range: structure, see below
Use this attribute to configure the IP related parameters of the PPP link.
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configuring IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip structure.

telindus1423Router/wanInterface/channel[wan_1]/ppp/mode Default:bridging
Range: enumerated, see below
Use this attribute to determine whether the packets are treated by the rout-
ing process, the bridging process or both.
The mode attribute has the following values:

Value Description

bridging All packets received on the PPP link are bridged. BCP is set up.

routing All packets received on the PPP link are routed. IPCP is set up.

routingAndBridging The SNAP header is checked to determine whether the packets have to be bridged
or routed. IPCP and BCP are set up.

multiLink Select this value if the PPP link is part of a bundle of PPP links (multi-link PPP or
MLPPP).

telindus1423Router/wanInterface/channel[wan_1]/ppp/bridging Default:-
Range: structure, see below
Use this attribute to configure the bridging related parameters of the PPP
link.
Refer to …
• 9 - Configuring bridging on page 263 for more information on bridging.
• 9.2.6 - Explaining the bridging structure on page 281 for a detailed description of the bridging structure.

telindus1423Router/wanInterface/channel[wan_1]/ppp/delayOptimisation Default:none
Range: none / lowSpeedLinks
Use this attribute to reduce the delay on low speed links. Especially if these
links have to transport delay sensitive data (e.g. voice over IP).

telindus1423Router/wanInterface/channel[wan_1]/ppp/mru Default:1560
Range: 1510 … 1650
Use this attribute to set the Maximum Receive Unit (MRU) of the interface.

What is MRU?

The Maximum Receive Unit (MRU) is the largest size packet or frame, specified in octets (eight-bit
bytes), that can be received in a packet- or frame-based network (e.g. the Internet).
Telindus 1423 SHDSL Router Chapter 12 489
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/compression Default:disabled
Range: enumerated, see below
Use this attribute to enable or disable the compression of PPP encapsu-
lated packets.
The compression attribute has the following values:

Value Description

disabled No PPP compression is done.

predictor1 PPP compression is done using the Predictor type 1 compression algorithm (RFC
1978). Using compression you can increase the throughput on PPP links.

Important remark

The PPP compression algorithm uses a lot of memory (64 KB for compression and 64 KB for decom-
pression, per PPP session). Since it is possible to have multiple PPP sessions (when using ATM PVCs
up to 31 simultaneous sessions are allowed, which can all be configured to use PPP compression), the
memory can turn out to be insufficient. In this case …
• the compression is switched off on the interfaces that could not allocate enough memory,
• a message is dumped in the message table, containing the relevant interface and a warning that the
router must be rebooted to reactivate compression on that specific interface.
It is also possible that, when looking at the statistics, enough memory seems to be available but that the
allocation problem remains. This means that the memory is fragmented and no block as big as 64 KB is
found.
490 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/linkMonitoring Default:-
Range: structure, see below
Use this attribute to enable or disable link monitoring and to fine-tune it.
Refer to 7.4.5 - Configuring link monitoring on page 165 for more information on link monitoring.
The linkMonitoring structure contains the following elements:

Element Description

operation Use this element to enable or disable link monitoring. Default:disabled

Range: enabled / disabled

interval Use this element to set the time interval between two Default:00000d 00h 00m 10s
consecutive echo requests. Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s

replyTimeOut Use this element to set the time the Telindus 1423 Default:00000d 00h 00m 02s
SHDSL Router waits for a reply on the echo request. Range: 00000d 00h 00m 00s -
00000d 00h 04m 15s
If no reply has been received within this time-out, then
the Telindus 1423 SHDSL Router considers this as a failed echo request.

failsPermitted Use this element to set the number of failed echo Default:4
requests after which the Telindus 1423 SHDSL Range: 1 … 30
Router declares the PPP link down.

Example

Suppose failsPermitted is set to 10. If on 10 consecutive echo requests no reply is

given, then the Telindus 1423 SHDSL Router declares the PPP link down and the
PPP handshake is started again.
Telindus 1423 SHDSL Router Chapter 12 491
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/authentication Default:disabled
Range: enumerated, see below
Use this attribute to enable or disable authentication on the PPP link.
For more information on PPP authentication, refer to …
• 7.4.6 - Configuring PAP on page 166.
• 7.4.8 - Configuring CHAP on page 169.

The authentication attribute has the following values:

Value Description

disabled Authentication is disabled. However, the Telindus 1423 SHDSL Router will answer
to authentication requests received from the remote side.

pap This side of the link requests a PAP authentication from the remote router.

chap This side of the link requests a CHAP authentication from the remote router.

chapOrPap This side of the link requests a CHAP or PAP authentication from the remote
router.
If the remote router supports …
• only PAP, then PAP is used.
• only CHAP, then CHAP is used.
• both CHAP and PAP, then CHAP is used.

msChap This side of the link requests an MS CHAP version 1 authentication from the
remote router.

msChapV2 This side of the link requests an MS CHAP version 2 authentication from the
remote router.

telindus1423Router/wanInterface/channel[wan_1]/ppp/authenPeriod Default:00000d 00h 10m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to set the PPP authentication interval. 24855d 03h 14m 07s
Normally on an authenticated PPP link, authentication is not only performed
at link set-up but also at regular intervals during the data transfer. You can set this interval using the
authenPeriod attribute. If you set the authenPeriod attribute to 00000d 00h 00m 00s, then authentication is only
performed at link set-up and not during the data transfer.
For more information on PPP authentication, refer to …
• 7.4.6 - Configuring PAP on page 166.
• 7.4.8 - Configuring CHAP on page 169.
492 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/sessionName Default:<empty>
Range: 0 … 64 characters
Use this attribute to set the PPP authentication name of the Telindus 1423
SHDSL Router.
For more information on PPP authentication, refer to …
• 7.4.6 - Configuring PAP on page 166
• 7.4.8 - Configuring CHAP on page 169

telindus1423Router/wanInterface/channel[wan_1]/ppp/sessionSecret Default:<empty>
Range: 0 … 64 characters
Use this element to set the PPP authentication secret of the Telindus 1423
SHDSL Router.
For more information on PPP authentication, refer to …
• 7.4.6 - Configuring PAP on page 166
• 7.4.8 - Configuring CHAP on page 169
Telindus 1423 SHDSL Router Chapter 12 493
User manual Configuration attributes

12.5.4 HDLC configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/wanInterface/channel[wan_1]/hdlc/bridging on page 494
• telindus1423Router/wanInterface/channel[wan_1]/hdlc/mru on page 494

These attributes are not present on the on the Telindus 1423 SHDSL Router versions without HWA.
494 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/hdlc/bridging Default:-
Range: structure, see below
Use this attribute to configure the bridging related parameters of the HDLC
link.
Refer to …
• 9 - Configuring bridging on page 263 for more information on bridging.
• 9.2.6 - Explaining the bridging structure on page 281 for a detailed description of the bridging structure.

telindus1423Router/wanInterface/channel[wan_1]/hdlc/mru Default:1560
Range: 500 … 1650
Use this attribute to set the Maximum Receive Unit (MRU) of the interface.

What is MRU?

The Maximum Receive Unit (MRU) is the largest size packet or frame, specified in octets (eight-bit
bytes), that can be received in a packet- or frame-based network (e.g. the Internet).
Telindus 1423 SHDSL Router Chapter 12 495
User manual Configuration attributes

12.5.5 Error test configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/wanInterface/channel[wan_1]/errorTest/testType on page 496
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/blockSize on page 496
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/programmablePattern on page 496

These attributes are not present on the on the Telindus 1423 SHDSL Router versions without HWA.
496 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/channel[wan_1]/errorTest/testType Default:itu32767(2^15)
Range: enumerated, see below
Use this attribute to select a test pattern.
Possible patterns are: itu511(2^9), ituInv511(2^9), tls1023(2^10), tlsInv1023(2^10), itu2047(2^11), ituInv2047(2^11),
itu32767(2^15), ituInv32767(2^15), itu1048575(2^20), ituInv1048575(2^20), itu8388607(2^23), ituInv8388607(2^23), space,
mark, dot, programmablePattern.
If you set the testType attribute to programmablePattern, then you can generate your own test pattern by typ-
ing a test pattern in the programmablePattern attribute (refer to telindus1423Router/wanInterface/channel[wan_1]/
errorTest/programmablePattern on page 496).
Refer to 7.6 - Configuring an error test on page 183 for more information on setting up an error test.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/blockSize Default:512
Range: 256, 512, 1024
Use this attribute to set the size of the test blocks.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/programmablePattern Default:<empty>
Range: 32 bit string
Use this attribute to generate your own test pattern.
Do this by typing a test pattern in the programmablePattern attribute and by setting the testType attribute to
programmablePattern (refer to telindus1423Router/wanInterface/channel[wan_1]/errorTest/testType on page 496).
Telindus 1423 SHDSL Router Chapter 12 497
User manual Configuration attributes

12.6 SHDSL line configuration attributes

This section describes the following line configuration attributes:

• telindus1423Router/wanInterface/line/channel on page 498
• telindus1423Router/wanInterface/line/region on page 498
• telindus1423Router/wanInterface/line/timingMode on page 499
• telindus1423Router/wanInterface/line/retrain on page 500
• telindus1423Router/wanInterface/line/startupMargin on page 502
• telindus1423Router/wanInterface/line/minSpeed on page 502
• telindus1423Router/wanInterface/line/maxSpeed on page 502
• telindus1423Router/wanInterface/line/minSpeed2P on page 503
• telindus1423Router/wanInterface/line/maxSpeed2P on page 503
• telindus1423Router/wanInterface/line/mode on page 503
• telindus1423Router/wanInterface/line/dualPairMode on page 503
• telindus1423Router/wanInterface/line/linkAlarmThresholds on page 505
• telindus1423Router/wanInterface/line/numExpectedRepeaters on page 506
• telindus1423Router/wanInterface/line/eocHandling on page 506
• telindus1423Router/wanInterface/line/management on page 506
• telindus1423Router/wanInterface/line/<alarmConfigurationAttributes> on page 507
This section describes the following line pair configuration attributes:
• telindus1423Router/wanInterface/line/linePair[ ]/<alarmConfigurationAttributes> on page 507
498 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/line/channel Default:remote
Range: central / remote
Use this attribute to determine which unit is the central unit and which the
remote unit. I.e. it determines which unit acts as master and which as slave during the synchronisation
procedure. Therefore set one device to central and its remote counterpart to remote.
On the Telindus 1423 SHDSL Router, the clocking follows the channel attribute:

If the channel attribute is set to … then the clocking is set to …

central internal.

remote slave-receive.

Important remark

Note that also the timingMode attribute influences the clocking. Refer to telindus1423Router/wanInterface/line/
timingMode on page 499.

telindus1423Router/wanInterface/line/region Default:auto
Range: enumerated, see below
Use this attribute to determine which SHDSL standard is used.
The region attribute has the following values:

Value Description

annexA The North-American SHDSL standard is used.

annexB The European SHDSL standard is used.

auto The Telindus 1423 SHDSL Router itself determines which standard it has to use.
Telindus 1423 SHDSL Router Chapter 12 499
User manual Configuration attributes

telindus1423Router/wanInterface/line/timingMode Default:synchronous
Range: enumerated, see below
Use this attribute to set the timing mode. It is important to set the timingMode
attribute correct when using the Telindus 1423 SHDSL Router in combination with other SHDSL devices.
For more information on compatibility issues, refer to the document “Interoperability for Telindus SHDSL
products” (PDF).

• This attribute is not present on the Telindus 1423 SHDSL Router equiped with ISDN ports.
• The timingMode attribute is only available on the 1423 SHDSL 1P 2ETH4P HWA and 1423 SHDSL 2P
2ETH4P HWA. Refer to 1.3 - Telindus 1423 SHDSL Router family overview on page 7 for a complete
overview of the Telindus 1423 SHDSL Router family.

The timingMode attribute has the following values:

Value Description

synchronous The Telindus 1423 SHDSL Router operates in synchronous mode. In this case the
clocking follows the setting of the channel attribute. Refer to telindus1423Router/wanIn-
terface/line/channel on page 498.

plesiochronous The Telindus 1423 SHDSL Router operates in plesiochronous mode. In this case
the clocking is always slave-receive, independently of the setting of the channel
attribute. This means that the remote device (e.g. a Crocus SHDSL) has to supply
the clock.

Important remarks

• The timingMode attribute is only relevant for TDM operation. If you have two Telindus 1423 SHDSL
Routers on which you set the timingMode attribute to plesiochronous, then you can not connect them with
each other point-to-point because they both operate in slave-receive clocking.
• Plesiochronous mode can only work when the speed falls within the range of 192 kbps and 2048 kbps
(i.e. minSpeed = 192kbps or minSpeed2P = 384kbps and maxSpeed(2P) = 2048kbps). If a speed is selected
which is …
- lower than 192 kbps, the actual speed is automatically increased to 192 kbps (or 384 kbps in case
of a 2 pair version).
- higher than 2048 kbps, the actual speed is automatically limited to 2048 kbps.
500 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/line/retrain Default:-
Range: structure, see below
Use this attribute to determine when the Telindus 1423 SHDSL Router
should retrain.

The retrain criteria

The following criteria determine when to retrain:

Criterion Description

no SHDSL frame synchro- When the Telindus 1423 SHDSL Router cannot synchronise on the
nisation SHDSL framing, it retrains.

SHDSL frame CRC error SHDSL framing sends 166 blocks per second over the line, independ-
threshold exceeded ently of the speed. Each block has a CRC check. When a certain per-
centage of frames has a CRC error, the Telindus 1423 SHDSL Router
retrains.

signal to noise ratio too low When the signal to noise ratio becomes too low during a certain period
of time, the Telindus 1423 SHDSL Router retrains.

layer 2 protocol not yet up
When you connect the Telindus 1423 SHDSL Router with a remote
SHDSL device, the Telindus 1423 SHDSL Router trains and establishes
a layer 1 link with the remote SHDSL device. Then the Telindus 1423
SHDSL Router tries to establish a layer 2 link (e.g. PPP, FR, ATM). If the
layer 2 handshake does not succeed within 1 minute, then the Telindus
1423 SHDSL Router retrains and the whole process restarts. Also the
following message is dumped in the message table: Retrain due to
framer-out-of-sync. However, once the layer 2 handshake succeeds
(layer 2 is up), then a drop of the layer 2 link will not cause a retrain.
Telindus 1423 SHDSL Router Chapter 12 501
User manual Configuration attributes

Configuring the retrain criteria

The retrain structure contains the following elements:

Element Description

enabled Use this attribute to enable (yes) or disable (no) Default:yes

retraining. So when selecting no, the Telindus 1423 Range: yes / no
SHDSL Router will never retrain (even not when the
line is disconnected).

errorPersistence- Use this element to set the period, in seconds, during Default:10
Time which each retrain criterion is measured. If within this Range: 1 … 30
period the predefined criterion value is equalled or
exceeded, the Telindus 1423 SHDSL Router retrains.

errorThreshold Use this element to set the amount of CRC errors, in Default:10
promille, at which the Telindus 1423 SHDSL Router Range: 1 … 1000
should retrain. If the amount of CRC errors exceeds
this value, then the Telindus 1423 SHDSL Router retrains.

The erroneous SHDSL frames can be monitored using the performance

attribute codeViolations.

snrThreshold Use this element to set the signal to noise ratio, in dB, Default:23
which has to be maintained. If the measured signal to Range: 20 … 25
noise ratio drops below this value, then the Telindus
1423 SHDSL Router retrains. It will retrain at a lower speed (because of the dete-
riorated line conditions).

stepupMargin In case the Telindus 1423 SHDSL Router retrains Default:disabled

because the measured signal to noise ratio drops Range: 3 … 15
below the snrThreshold value, then it will retrain at a
lower speed (because of the deteriorated line conditions).
If after this retrain the measured signal to noise value increases again with a value
as configured in the stepupMargin element, then the Telindus 1423 SHDSL Router
retrains again in order to achieve a higher speed.
502 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/line/startupMargin Default:2dB
Range: enumerated, see below
Use this attribute to set the target margin in function of which a line speed
has to be selected during the ITU-T G.994.1 auto speed negotiation.
The startupMargin attribute is only relevant in case on both the central and remote Telindus 1423 SHDSL
Router (or any other compatible SHDSL device) a speed range is selected. In other words, the startup-
Margin attribute has no function in case a fixed speed is selected (i.e. minSpeed(2P) = maxSpeed(2P)).
The higher the startupMargin, the lower the selected line speed but the more stable the line will be. The
startupMargin attribute has the following values: disabled, 0dB, 1dB, 2dB, 3dB, 4dB, 5dB, 6dB, 7dB, 8dB, 9dB, 10dB.
When you set the startupMargin to disabled, the target margin is not considered during the ITU-T G.994.1
auto speed negotiation. I.e. all the speeds in the range as set with the attributes minSpeed(2P) and
maxSpeed(2P) are available.

What is the target margin?

The target margin is the amount of received signal power in excess of that required to achieve the DSL
target bit error rate of 10-7.

telindus1423Router/wanInterface/line/minSpeed Default:64kbps
Range: enumerated, see below
Use this attribute to set the lowest line speed the Telindus 1423 SHDSL
Router may select. The minSpeed attribute has the following values: 64kbps up to 2304kbps in steps of
64kbps.
Refer to 5.3.2 - Selecting an SHDSL line speed (range) on page 75 for more information.

telindus1423Router/wanInterface/line/maxSpeed Default:2304kbps
Range: enumerated, see below
Use this attribute to set the highest line speed the Telindus 1423 SHDSL
Router may select. The maxSpeed attribute has the following values: 64kbps up to 2304kbps in steps of
64kbps.
Refer to 5.3.2 - Selecting an SHDSL line speed (range) on page 75 for more information.
Telindus 1423 SHDSL Router Chapter 12 503
User manual Configuration attributes

telindus1423Router/wanInterface/line/minSpeed2P Default:128kbps
Range: enumerated, see below
This attribute is only present on the Telindus 1423 SHDSL Router 2 pair ver-
sion.
Use this attribute to set the lowest line speed the Telindus 1423 SHDSL Router 2 pair version may select
(if it is truly in 2 pair operation, refer to telindus1423Router/wanInterface/line/mode). The minSpeed2P attribute has
the following values: 128kbps up to 4608kbps in steps of 128kbps.
Refer to 5.3.2 - Selecting an SHDSL line speed (range) on page 75 for more information.

telindus1423Router/wanInterface/line/maxSpeed2P Default:2304kbps
Range: enumerated, see below
This attribute is only present on the Telindus 1423 SHDSL Router 2 pair ver-
sion.
Use this attribute to set the highest line speed the Telindus 1423 SHDSL Router 2 pair version may
select (if it is truly in 2 pair operation, refer to telindus1423Router/wanInterface/line/mode). The maxSpeed2P
attribute has the following values: 128kbps up to 4608kbps in steps of 128kbps.
Refer to 5.3.2 - Selecting an SHDSL line speed (range) on page 75 for more information.

telindus1423Router/wanInterface/line/mode Default:dualPair
Range: singlePair / dualPair
This attribute is only present on the Telindus 1423 SHDSL Router 2 pair ver-
sion.
Use this attribute to select between single pair or dual pair operation. When you change the mode
attribute, then make sure that you use the correct speed attributes to set the speed:

If the mode attribute is set to … then configure the speed using the attributes …

singlePair, minSpeed and maxSpeed.

dualPair, minSpeed2P and maxSpeed2P.

telindus1423Router/wanInterface/line/dualPairMode Default:standard
Range: standard / enhanced
This attribute is only present on the Telindus 1423 SHDSL Router 2 pair ver-
sion.
If the mode attribute is set to dualPair, then use the dualPairMode attribute to set the dual pair operation
mode. The dualPairMode attribute has the following possible values:

Value Description

standard The dual pair SHDSL line operates strictly as described in the SHDSL standard. If
the Telindus 1423 SHDSL Router is connected to a remote device that operates
strictly according to the SHDSL standard, then select the standard value.

enhanced The dual pair SHDSL line operates slightly different than described in the SHDSL
standard (some enhancements are present). If you select the enhanced value, then
it is possible that you experience problems when connecting to third party SHDSL
devices. In that case, select the standard value.
504 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

If you have two Telindus 1423 SHDSL Routers connected to each other in a point-to-point set-up, then
make sure that you set the dualPairMode attribute to the same value at both sides!
Telindus 1423 SHDSL Router Chapter 12 505
User manual Configuration attributes

telindus1423Router/wanInterface/line/linkAlarmThresholds Default:-
Range: structure, see below
Use this attribute to set the alarm threshold values of the most important line
parameters. If this predefined threshold value is exceeded, then a corresponding alarm is generated.
The linkAlarmThresholds structure contains the following elements:

Element Description

lineAttenuationOn Use this element to set the alarm threshold value of Default:0.0
the line attenuation in dB. If the line attenuation … Range: 0.0 … 63.5
• exceeds this value during at least 10 seconds, then the lineAttenuation alarm is
raised.
• drops below this value during at least 10 seconds, then the lineAttenuation alarm
is cleared.

signalNoiseOn Use this element to set the alarm threshold value of Default:0.0
the signal noise in dB. If the signal noise … Range: 0.0 … 58.4
• drops below this value during at least 10 seconds, then the signalNoise alarm is
raised.
• exceeds this value during at least 10 seconds, then the signalNoise alarm is
cleared.

errSecOn Use this element to set the alarm threshold value of Default:00000d 00h 00m 36s
the erroneous seconds in days, hours, minutes and Range: 00000d 00h 00m 00s -
seconds. If the amount of erroneous seconds … 00000d 18h 12m 15s

• exceeds this value within a 15 minutes period1, then the errSecExceeded alarm is
raised.
• drops below this value within a 15 minutes period, then the errSecExceeded alarm
is cleared.

sevErrSecOn Use this element to set the alarm threshold value of Default:00000d 00h 00m 02s
the severely erroneous seconds in days, hours, min- Range: 00000d 00h 00m 00s -
utes and seconds. If the amount of severely errone- 00000d 18h 12m 15s
ous seconds …
• exceeds this value within a 15 minutes period1, then the sevErrSecExceeded
alarm is raised.
• drops below this value within a 15 minutes period, then the sevErrSecExceeded
alarm is cleared.

1. The 15 minutes periods run synchronous with the 15 minutes periods of the telindus1423Router/
wanInterface/line/h2Line performance attribute.
Because alarms are raised or cleared within 15 minutes periods, there is a delay in the alarm
status. For example, suppose that in the first minute of a 15 minutes period the errSecOn value
is exceeded, then the errSecRatioExceeded alarm is raised. The alarm stays on for the remainder
of the 15 minutes period. The alarm is only cleared if also in the next 15 minutes period the
errSecOn value is not exceeded.
506 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/wanInterface/line/numExpectedRepeaters Default:0
Range: 0 … 8
Use this attribute to set the number of Crocus SHDSL Repeaters that the
Telindus 1423 SHDSL Router can expect to find on the SHDSL line. If the actual number of repeaters
does not match the number you entered in the numExpectedRepeaters attribute, then the invalidNumRepeaters
alarm is raised.

telindus1423Router/wanInterface/line/eocHandling Default:none
Range: enumerated, see below
SHDSL devices can communicate with each other through the Embedded
Operations Channel (EOC). Use the eocHandling attribute to define the handling of the EOC messages.
Refer to 5.4.3 - Controlling the standard EOC message exchange on page 78 for more information.

telindus1423Router/wanInterface/line/management Default:o10-PathManagement
Range: enumerated, see below
Use this attribute to determine whether and which management data is for-
warded over the SHDSL line.
Refer to 5.4.2 - Controlling the proprietary EOC message exchange on page 77 for more information.
Telindus 1423 SHDSL Router Chapter 12 507
User manual Configuration attributes

telindus1423Router/wanInterface/line/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the line object, refer to 15.6 - SHDSL line alarms on page 926.

telindus1423Router/wanInterface/line/linePair[ ]/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the linePair[ ] object, refer to 15.7 - SHDSL line pair alarms on page 927.
508 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.7 End and repeater configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/wanInterface/repeater[ ]/<alarmConfigurationAttributes> on page 509
• telindus1423Router/wanInterface/end/<alarmConfigurationAttributes> on page 509

The repeater[ ] and the end objects are not present in the containment tree by default. They are added auto-
matically when you configure the eocHandling attribute. Refer to 5.4.3 - Controlling the standard EOC mes-
sage exchange on page 78.
Telindus 1423 SHDSL Router Chapter 12 509
User manual Configuration attributes

telindus1423Router/wanInterface/repeater[ ]/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the repeater[ ] object, refer to 15.8 - End and repeater alarms on page 929.

telindus1423Router/wanInterface/end/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the end object, refer to 15.8 - End and repeater alarms on page 929.
510 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.8 BRI configuration attributes

This section discusses the configuration attributes of the BRI interface. First it describes the configura-
tion attributes of the BRI interface in general. Then it describes more specifically the configuration
attributes of the B-channels and of the leasedLine[ ] object that can be added under the bri[ ] object.
The following gives an overview of this section:
• 12.8.1 - General BRI configuration attributes on page 511
• 12.8.2 - B-channel configuration attributes on page 514
• 12.8.3 - ISDN leased line configuration attributes on page 516
Telindus 1423 SHDSL Router Chapter 12 511
User manual Configuration attributes

12.8.1 General BRI configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/bri[ ]/tei on page 512
• telindus1423Router/bri[ ]/teiValue on page 512
• telindus1423Router/bri[ ]/telephoneNrs on page 513
• telindus1423Router/bri[ ]/dialAllowed on page 513
• telindus1423Router/bri[ ]/<alarmConfigurationAttributes> on page 513
512 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/bri[ ]/tei Default:auto

Range: enumerated, see below
Use this attribute to determine how a Terminal Endpoint Identifier (TEI) is
assigned to the Basic Rate ISDN interface. TEIs are used to distinguish between several different
devices using the same ISDN links.
The tei attribute has the following values:

Value Description

fixed The TEI value of the Basic Rate ISDN interface has to be set by the user using the
configuration attribute telindus1423Router/bri[ ]/teiValue.
In this case the TEI value can range from 1 up to 63.

auto The TEI value of the Basic Rate ISDN interface is set automatically by the Network
Terminator (NT) to which the interface is attached to. The setting of the configura-
tion attribute telindus1423Router/bri[ ]/teiValue is ignored.
In this case the TEI value can range from 64 up to 126.

permanent The TEI value of the Basic Rate ISDN interface is set to 0. The setting of the con-
figuration attribute telindus1423Router/bri[ ]/teiValue is ignored.
In this case both layer 1 and layer 2 are permanently up.

telindus1423Router/bri[ ]/teiValue Default:1

Range: 1 … 63
Use this attribute to set the Terminal Endpoint Identifier (TEI) of the Basic
Rate ISDN interface in case you set the configuration attribute telindus1423Router/bri[ ]/tei to fixed.
Telindus 1423 SHDSL Router Chapter 12 513
User manual Configuration attributes

telindus1423Router/bri[ ]/telephoneNrs Default:<empty>

Range: table, see below
Use this attribute to assign (a) telephone number(s) to the Basic Rate ISDN
interface. These numbers are only relevant in case BAP is enabled. The following tries to explains this.
When BAP is activated and when the local router decides that it needs to add a member to the existing
ISDN bundle (because the tx or rx throughput threshold was exceeded), then it sends a request to the
remote router asking for the addition of a link to the bundle. If the remote router agrees (based on its
throughput threshold settings), the remote router will acknowledge the request. In this acknowledgement
message, the remote router adds the telephone number to which the central router has to call to. This
telephone number is one defined on a BRI that still has available channels. The central router then will
establish a new call using the telephone number it received from the remote router. This whole proce-
dure ensures that the central calls a BRI that is still available (i.e. for which not all B-channels are
assigned to ISDN calls).
Note however that is not mandatory to enter telephone numbers in the telephoneNrs table. If you leave this
table empty and the remote ISDN device wants to add an extra B-channel to the bundle, then any avail-
able B-channel on any available BRI interface of the local ISDN interface will be taken.
The telephoneNrs table contains the following elements:

Element Description

telNr Use this element to enter the telephone number. Default:<empty>

Range: 0 … 36 tel. characters

uniqueDigits Use this element to set the number of unique digits. Default:0
Refer to What are unique digits?. Range: 0 … 35
Setting the uniqueDigits to 0 means that the complete telephone number as entered
in the telNr element should be considered as unique digits.

telindus1423Router/bri[ ]/dialAllowed Default:yes

Range: yes / no
Use this attribute allow (yes) or deny (no) dial-up calls (both in and out) on
the BRI interface.
If the dialAllowed attribute is set to yes, then you can use the BRI interface both in dial-up operation as
leased line operation. If, however, the dialAllowed attribute is set to no, then you can use the BRI interface
only in leased line operation.

telindus1423Router/bri[ ]/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the bri[ ] object, refer to 15.9 - BRI alarms on page 931.
514 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.8.2 B-channel configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/bri[ ]/bChannel[ ]/<alarmConfigurationAttributes> on page 515
Telindus 1423 SHDSL Router Chapter 12 515
User manual Configuration attributes

telindus1423Router/bri[ ]/bChannel[ ]/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the bChannel[ ] object, refer to 15.10 - B-channel alarms on page 932.
516 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.8.3 ISDN leased line configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/bri[ ]/leasedLine[ ]/encapsulation on page 517
• telindus1423Router/bri[ ]/leasedLine[ ]/priorityPolicy on page 517
• telindus1423Router/bri[ ]/leasedLine[ ]/maxFifoQLen on page 517
• telindus1423Router/bri[ ]/leasedLine[ ]/channelAllocation on page 518
• telindus1423Router/bri[ ]/leasedLine[ ]/<alarmConfigurationAttributes> on page 518

For the configuration attributes of the encapsulation objects (frameRelay, ppp, hdlc and errorTest) which are
located under the leasedLine[ ] object, refer to 12.5 - Encapsulation configuration attributes on page 468.
Telindus 1423 SHDSL Router Chapter 12 517
User manual Configuration attributes

telindus1423Router/bri[ ]/leasedLine[ ]/encapsulation Default:frameRelay

Range: enumerated, see below
Use this attribute to select the encapsulation protocol on the leased line
ISDN connection.
The encapsulation attribute has the following values: frameRelay, ppp, hdlc and errorTest.
Refer to 6.6 - How to configure a leased line ISDN connection on a BRI interface?_ (Telindus 1034
Router only)_ on page 203 for more information on how to set up a leased line ISDN.

telindus1423Router/bri[ ]/leasedLine[ ]/priorityPolicy Default:<empty>

Range: 0 … 24 characters
Use this attribute to apply a priority policy on the leased line ISDN connec-
tion.
Do this by entering the index name of the priority policy you want to use. You can create the priority policy
itself by adding a priorityPolicy object and by configuring the attributes in this object.

Example

If you created a priorityPolicy object with index name my_priority_policy

(i.e. priorityPolicy[my_priority_policy]) and you want to apply this priority
policy here, then enter the index name as value for the priorityPolicy attribute.
Refer to 8.8.6 - Creating a priority policy on page 247 for more information on priority policies.

telindus1423Router/bri[ ]/leasedLine[ ]/maxFifoQLen Default:200

Range: 1 … 4000
Use this attribute to set the maximum length (number of packets) of the First
In First Out queue.
Refer to telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/algorithm on page 543 for more information on this
queue.
518 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/bri[ ]/leasedLine[ ]/channelAllocation Default:-

Range: structure, see below
Use this attribute to activate the BRI channels of the leased line ISDN con-
nection.
The channelAllocation structure contains the elements:

Element Description

d Use this element to activate (on) or deactivate (off) the Default:off

D-channel. Range: on / off

b1 Use this element to activate (on) or deactivate (off) the Default:off

B1-channel. Range: on / off

b2 Use this element to activate (on) or deactivate (off) the Default:off

B2-channel. Range: on / off

Depending which channels you activate, you can comply with the following standards:
• 64S: B1 channel
• 64S2: B1+B2 channel
• TS01: B1+D channel
• TS02: B1+B2+D channel

Refer to 6.6 - How to configure a leased line ISDN connection on a BRI interface?_ (Telindus 1034
Router only)_ on page 203 for more information on how to set up a leased line ISDN.

telindus1423Router/bri[ ]/leasedLine[ ]/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the bri[ ]/leasedLine[ ] object, refer to 15.10 - B-channel alarms on page 932.
Telindus 1423 SHDSL Router Chapter 12 519
User manual Configuration attributes

12.9 Profiles configuration attributes Default:all time slots enabled,

except 0 and 16
If you want to establish an ISDN dial-up connection, then you first have to Range: bit string
set up dial, encapsulation and forwarding profiles. Then you have to config-
ure the dial map in which you combine the different profiles. Refer to 6 - Setting up ISDN connections
on page 93 for more information.
Also setting up traffic and priority policies involves creating and applying profiles. Refer to 8.8 - Config-
uring traffic and priority policy on the router on page 237 and 9.3 - Configuring traffic and priority policy
on the bridge on page 285 for more information.
This section lists the configuration attributes that are present in the different profiles.
The following gives an overview of this section:
• 12.9.1 - ISDN dial profile configuration attributes on page 520
• 12.9.2 - Encapsulation profile configuration attributes on page 525
• 12.9.3 - Forwarding profile configuration attributes on page 529
• 12.9.4 - IP traffic policy configuration attributes on page 531
• 12.9.5 - Bridging traffic policy configuration attributes on page 540
• 12.9.6 - Priority policy configuration attributes on page 542
520 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.9.1 ISDN dial profile configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/profiles/dial/defaultIsdn/isdnInterfaces on page 521
• telindus1423Router/profiles/dial/defaultIsdn/dialPktBufSize on page 521
• telindus1423Router/profiles/dial/defaultIsdn/idleTimeOut on page 521
• telindus1423Router/profiles/dial/defaultIsdn/fastIdleTimeOut on page 521
• telindus1423Router/profiles/dial/defaultIsdn/callInterval on page 521
• telindus1423Router/profiles/dial/defaultIsdn/callTimeOut on page 521
• telindus1423Router/profiles/dial/defaultIsdn/24hMaxCallTime on page 522
• telindus1423Router/profiles/dial/defaultIsdn/dialTimeTable on page 522
• telindus1423Router/profiles/dial/defaultIsdn/maxChannelsUsed on page 524
• telindus1423Router/profiles/dial/defaultIsdn/minChannelsFree on page 524
Telindus 1423 SHDSL Router Chapter 12 521
User manual Configuration attributes

telindus1423Router/profiles/dial/defaultIsdn/isdnInterfaces Default:<empty>
Range: table, see below
Use this attribute to determine through which BRI interface the ISDN con-
nection has to be set up.
The isdnInterfaces table only contains one element: interface. This element has possible values bri[1] and
bri[2]. If you leave the isdnInterfaces table empty, then both BRI interfaces are used (this would be the same
as entering bri[1] and bri[2]).
If both BRI interfaces can be used (i.e. the isdnInterfaces table is empty or contains both bri[1] and bri[2]),
then it is not possible for the Telindus 1423 SHDSL Router to know which interface is active because
sometimes layer 1 is kept down by the Network Termination device until a call is set up. So in this par-
ticular case, when a call has to be set up, BRI 1 is always tried first. If BRI 1 fails, then BRI 2 is tried.
Switching between BRI 1 and BRI 2 takes about 10 seconds.

telindus1423Router/profiles/dial/defaultIsdn/dialPktBufSize Default:20
Range: 0 … 100
Use this attribute to set the size of the buffer, in packets, that is used to
buffer the data when the ISDN connection is being set up.

telindus1423Router/profiles/dial/defaultIsdn/idleTimeOut Default:00000d 00h 05m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to set the time during which an incoming or outgoing ISDN 00000d 01h 00m 00s
call may be idle (i.e. the connection is up, but no data is sent) before it is
terminated. Both incoming and outgoing traffic is considered. I.e. the ISDN line goes idle only if during
the idle timer no packets have been transmitted nor received.

telindus1423Router/profiles/dial/defaultIsdn/fastIdleTimeOut Default:00000d 00h 01m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to set the time during which an incoming or outgoing ISDN 00000d 01h 00m 00s
call may be idle (i.e. the connection is up, but no data is sent) before it is
terminated, in case another application needs an ISDN connection but when all B-channels are in use.

telindus1423Router/profiles/dial/defaultIsdn/callInterval Default:00000d 00h 00m 05s

Range: 00000d 00h 00m 00s -
Use this attribute to set the … 00000d 01h 00m 00s
• minimum time between two consecutive outgoing ISDN calls.
• callback time-out. This is the time-out period in which the device that calls back must have done so
in order for a callback to be accepted. Callback attempts that fall out of this period are no longer
accepted. Refer to 6.8 - How to configure callback? on page 206.

telindus1423Router/profiles/dial/defaultIsdn/callTimeOut Default:00000d 00h 00m 30s

Range: 00000d 00h 00m 00s -
Use this attribute to set the time after which the Telindus 1423 SHDSL 00000d 01h 00m 00s
Router should cancel the connection attempt. Note that the connection is
considered as up only if the PPP negotiation was successful.
522 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/profiles/dial/defaultIsdn/24hMaxCallTime Default:00001d 00h 00m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to determine how long (an) outgoing ISDN call(s) may last 00001d 00h 00m 00s
in a 24 hour time span, starting from midnight. In other words, this attribute
defines the total “up” time per day of the sum of all connections initiated by the dial map that refers to
this profile. If the maximum time is exceeded then the call is terminated.
E.g. suppose you have a dial profile in which you set the 24hMaxCallTime to 3 hours and you have a dial
map that refers to this profile and, furthermore, this dial map causes 2 connections to be set up. Then in
a time span of 24 hours (starting from midnight) the total time call for the 2 connections set up by the dial
map can be maximum 3 hours (e.g. 1,5 hour per connection, or 2 hours for one connection and 1 hour
for the other connection, etc.).

telindus1423Router/profiles/dial/defaultIsdn/dialTimeTable Default:<empty>
Range: table, see below
Use this attribute to determine when exactly ISDN calls are allowed. In other
words, this attribute allows you to control the up-time of your outgoing ISDN call.
The dialTimeTable contains the following elements:

Element Description

start Use this attribute to set the beginning of the period during which outgoing ISDN
calls are allowed.
The start structure contains the following elements:
• month. Use this element to set the month. Possible Default:<opt>
values are: jan, feb, mar, apr, may, jun, jul, aug, sep, oct, Range: enumerated, see below
nov, dec.
• dayOfMonth. Use this element to set the day of the Default:<opt>
month. Range: 1 … 31
Either set a dayOfMonth or dayOfWeek, not both.
• dayOfWeek. Use this element to set the day of the Default:<opt>
week. Possible values are: monday, tuesday, wednes- Range: enumerated, see below
day, thursday, friday, saturday, sunday.
Either set a dayOfMonth or dayOfWeek, not both.
• hour. Use this element to set the hour. Default:<opt>
Range: 0 … 23
• minute. Use this element to set the minute. Default:<opt>
Range: 0 … 59

end Use this attribute to set the end of the period during which outgoing ISDN calls are
allowed.
The end structure contains the same elements as the start structure. See above.
Telindus 1423 SHDSL Router Chapter 12 523
User manual Configuration attributes

Remarks

• Leaving an element at its <opt> (optional) value means it is not considered (wild card).
• The ranges that you define are “inclusive”. This means that if you define a range from e.g. start hour
= 7 up to end hour = 19, you actually end at 19 hours and 59 minutes.
• It is possible that you make invalid entries in the dialTimeTable. An invalid entry could be:
- You define a start value, but no end value or vice versa.
- The start value is bigger than the end value.
- Both dayOfMonth and dayOfWeek are filled in (you can only set one of both).
• If you made an invalid entry, an error message appears in the message table (refer to
telindus1423Router/messages on page 691). Moreover, the invalid entry is ignored.

Example

You could specify that outgoing ISDN calls are only allowed on working days, during office hours. In that
case, the dialTimeTable looks as follows:
524 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/profiles/dial/defaultIsdn/maxChannelsUsed Default:<opt>
Range: 0 … 4
Use this attribute to determine the maximum amount of B-channels that
may be used by an ISDN call. This to avoid that the dial map entries that refer to this ISDN profile use
all available B-channels.
If you set the maxChannelsUsed attribute to …
• 0, then no B-channels may be used.
• 1 or 2, then maximum 1 or 2 B-channels may be used.
• 3 or 4, then maximum 3 or 4 B-channels may be used. Since there are only 2 B-channels per BRI
interface, using 3 or 4 B-channels is only possible if you entered both BRI interfaces in the configu-
ration attribute telindus1423Router/profiles/dial/defaultIsdn/isdnInterfaces on page 521.
• <opt> (optional), then the attribute is ignored. In this case, all available B-channels may be used (i.e.
2 B-channels in case you use 1 BRI interface, 4 B-channels in case you use 2 BRI interfaces).

telindus1423Router/profiles/dial/defaultIsdn/minChannelsFree Default:<opt>
Range: 0 … 4
Use this attribute to determine the minimum amount of B-channels that has
to be kept free. This to keep channels free for e.g. incoming ISDN calls.
If you set the minChannelsFree attribute to …
• 0, then no B-channels are kept free. In this case, all available B-channels may be used (i.e. 2 B-chan-
nels in case you use 1 BRI interface, 4 B-channels in case you use 2 BRI interfaces).
• 1, 2 or 3, then minimum 1, 2 or 3 B-channels are kept free.
• 4, then all B-channels are kept free.
• <opt> (optional), then the attribute is ignored. In this case, no B-channels are kept free. This means
all available B-channels may be used (i.e. 2 B-channels in case you use 1 BRI interface, 4 B-channels
in case you use 2 BRI interfaces).

As opposed to the maxChannelsUsed attribute, the minChannelsFree attribute is actually profile independent.
As soon as one profile specifies that e.g. 2 channels should be kept free, then 2 channels are kept free
even if another profile specifies that only 1 channel should be kept free.
Telindus 1423 SHDSL Router Chapter 12 525
User manual Configuration attributes

12.9.2 Encapsulation profile configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/profiles/encapsulation/defaultPpp/linkMonitoring on page 526
• telindus1423Router/profiles/encapsulation/defaultPpp/authentication on page 526
• telindus1423Router/profiles/encapsulation/defaultPpp/authenPeriod on page 526
• telindus1423Router/profiles/encapsulation/defaultPpp/compression on page 526
• telindus1423Router/profiles/encapsulation/defaultPpp/connection on page 526
• telindus1423Router/profiles/encapsulation/defaultPpp/multiLink on page 527
• telindus1423Router/profiles/encapsulation/defaultPpp/callback on page 528
526 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/profiles/encapsulation/defaultPpp/linkMonitoring Default:-
Range: structure, see below
Use this attribute to enable or disable link monitoring and to fine-tune it.
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/linkMonitoring on page 490 for more information.

telindus1423Router/profiles/encapsulation/defaultPpp/authentication Default:disabled
Range: enumerated, see below
Use this attribute to enable or disable authentication on the PPP link.
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/authentication on page 491 for more information.

telindus1423Router/profiles/encapsulation/defaultPpp/authenPeriod Default:00000d 00h 10m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to set the PPP authentication interval. 24855d 03h 14m 07s
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/authenPeriod on
page 491 for more information.

telindus1423Router/profiles/encapsulation/defaultPpp/compression Default:disabled
Range: disabled / predictor1
Use this attribute to enable or disable the compression of PPP encapsu-
lated packets.
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/compression on page 489 for more information.

telindus1423Router/profiles/encapsulation/defaultPpp/connection Default:multiLink
Range: enumerated, see below
Use this attribute to determine whether you want set up a single link or multi-
link PPP connection.
Refer to 7.4.14 - Setting up MLPPP on a BRI interface in dial-up mode on page 180 for more information.
The connection attribute has the following values:

Value Description

singleLink One PPP link only uses one B-channel.

multiLink One PPP link uses several B-channels. I.e. different B-channels are bundled to
create one PPP link. In this way you can bundle up to 4 B-channels.
Telindus 1423 SHDSL Router Chapter 12 527
User manual Configuration attributes

telindus1423Router/profiles/encapsulation/defaultPpp/multiLink Default:-
Range: structure, see below
If you set the telindus1423Router/profiles/encapsulation/defaultPpp/connection
attribute to multiLink, then use the multiLink attribute to configure the channel usage of the multi-link PPP
connection.
The multiLink structure the following elements:

Element Description

initialChannels Use this element to set the number of B-channels you Default:1
would like the multi-link PPP connection to contain ini- Range: 1 … 4
tially.
For example, if you set the initialChannels element to e.g. 2 and e.g. 4 B-channels
are available, then the Telindus 1423 SHDSL Router only activates 2 channels.
Another example, if you set the initialChannels element to e.g. 2 and 2 B-channels
are available, then the Telindus 1423 SHDSL Router activates these 2 channels.
Suppose that after that 1 channel drops, then the Telindus 1423 SHDSL Router
continuous to operate on this 1 channel. However, if the channel comes up again,
then the Telindus 1423 SHDSL Router will not reactivate the channel (at least, not
if BAP is disabled).

bap Use this element to enable, disable and fine-tune the Default:-
Bandwidth Allocation Protocol (BAP). Range: structure, see below
Refer to telindus1423Router/profiles/encapsulation/defaultPpp/multiLink/bap on page 527 for a
detailed description of the elements in the bap structure.

telindus1423Router/profiles/encapsulation/defaultPpp/multiLink/bap Default:-
Range: structure, see below
Use the bap structure in the multiLink structure to enable, disable and fine-
tune the Bandwidth Allocation Protocol (BAP). Refer to What is BAP? on page 159.
The bap structure contains the following elements:

Element Description

operation Use this element to enable or disable BAP. Default:disabled

Range: enabled / disabled

maxChannels Use this element to set the maximum number of B- Default:4

channels the multi-link PPP connection may contain. Range: 1 … 4

removeTimeout Use this element to set the period, in seconds, over Default:60
which the load of the multi-link PPP connection is cal- Range: 1 … 3600
culated and which determines, together with the
removeThresholdIn and removeThresholdOut attributes, when a channel is removed from
the multi-link PPP connection.

addTimeout Use this element to set the period, in seconds, over Default:60
which the load of the multi-link PPP connection is cal- Range: 1 … 3600
culated and which determines, together with the
addThresholdIn and addThresholdOut attributes, when a channel is added to the multi-
link PPP connection.
528 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

removeThresholdIn Use this element to determine the load, in percents, Default:40

that has to be reached over the removeTimeout period Range: 0 … 100
before a channel is removed from the multi-link PPP
connection in the receive direction.

removeThreshold- Use this element to determine the load, in percents, Default:40

Out that has to be reached over the removeTimeout period Range: 0 … 100
before a channel is removed from the multi-link PPP
connection in the transmit direction.

addThresholdIn Use this element to determine the load, in percents, Default:80

that has to be reached over the addTimeout period Range: 0 … 100
before a channel is added to the multi-link PPP con-
nection in the receive direction.

addThresholdOut Use this element to determine the load, in percents, Default:80

that has to be reached over the addTimeout period Range: 0 … 100
before a channel is added to the multi-link PPP con-
nection in the transmit direction.

callBackRequests Use this element to allow (accept) or deny (reject) that Default:reject
the remote side triggers the adding of channels to the Range: reject / accept
multi-link PPP connection at the local side.

telindus1423Router/profiles/encapsulation/defaultPpp/callback Default:-
Range: structure, see below
Use this attribute to enable or disable callback. Refer to 6.8 - How to config-
ure callback? on page 206 for more information.
The callback structure contains the following elements:

Element Description

type Use this element to enable or disable callback. Default:disabled

The type element has the following values: Range: enumerated, see below

• disabled. No callback is done.

• authentication. The callback is based on PPP authentication. Refer to What is
authentication callback? on page 207.
• e164Number. The callback number is communicated during the callback negoti-
ation. Refer to What is E.164 number callback? on page 208.
Telindus 1423 SHDSL Router Chapter 12 529
User manual Configuration attributes

12.9.3 Forwarding profile configuration attributes

On the ISDN interfaces, only a routing forwarding profile can be set up. This means that the ISDN inter-
faces can only operate in routing mode, not in bridging mode. The reason for not supporting bridging
mode is that the risk is too high that the ISDN connections stay up permanently due to broadcasts and
multicasts.

This section describes the following configuration attributes:

• telindus1423Router/profiles/forwardingMode/defaultRouting/ip on page 530
• telindus1423Router/profiles/forwardingMode/defaultRouting/priorityPolicy on page 530
• telindus1423Router/profiles/forwardingMode/defaultRouting/maxFifoQLen on page 530
530 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/profiles/forwardingMode/defaultRouting/ip Default:-
Range: structure, see below
Use this attribute to configure the IP related parameters of the PPP links that
can be set up on the BRI interfaces.
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configuring IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip structure.

telindus1423Router/profiles/forwardingMode/defaultRouting/priorityPolicy Default:<empty>
Range: 0 … 24 characters
Use this attribute to apply a priority policy on the interface.
Refer to telindus1423Router/wanInterface/priorityPolicy on page 467 for more information.

telindus1423Router/profiles/forwardingMode/defaultRouting/maxFifoQLen Default:200
Range: 1 … 4000
Use this attribute to set the maximum length (number of packets) of the First
In First Out queue.
Refer to telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/algorithm on page 543 for more information on this
queue.
Telindus 1423 SHDSL Router Chapter 12 531
User manual Configuration attributes

12.9.4 IP traffic policy configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method on page 532
• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/trafficShaping on page 534
• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/dropLevels on page 537
• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/tos2QueueMapping on page 539

This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 50.
532 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method Default:trafficShaping

Range: enumerated, see below
Use this attribute to choose an IP traffic policy method. This IP traffic policy
is then used to …
• determine, on traffic overload conditions, how and which queues are filled with the “excess” data.
Refer to 8.8 - Configuring traffic and priority policy on the router on page 237.
• do policy based routing. Refer to 8.4 - Configuring policy based routing on page 196.
• filter data on an interface. Refer to 10.2 - Configuring the access restrictions on page 296.

The method attribute has the following values:

Value Description

trafficShaping The data is …

• redirected to the queues based on the settings of the trafficShaping attribute
(queueing).
• redirected to an interface or a gateway based on the settings of the trafficShaping
attribute (policy based routing).
• filtered based on the settings of the trafficShaping attribute (extended access list).

Refer to telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/trafficShaping on page 534 for

more information on traffic shaping.

tosDiffServ The data is redirected to the queues based on DiffServ (refer to RFC 2597) regard-
ing class and drop precedence. Refer to What is AF PHB? on page 240.
This means that, depending on their DSCP field in the TOS byte, some packets
are moved to other queues and/or dropped sooner than other packets in case the
queue is full.
The highest 3 bits of the DSCP field are mapped as follows:

Bit values … are mapped to …

000 up to 100 queues 1 up to 5, respectively.

101 and higher the low delay queue.

The next 2 bits of the DSCP field define the drop levels:

Bit values … correspond with …

00 and 01 dropLevel1

10 dropLevel2

11 dropLevel3

Refer to the attribute telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/dropLevels on

page 537 for more information on drop levels.
Telindus 1423 SHDSL Router Chapter 12 533
User manual Configuration attributes

Value Description

tosMapped The data is redirected to …

• the queues based on the settings of the tos2QueueMapping attribute (queueing).
• an interface or a gateway based on the settings of the tos2QueueMapping attribute
(policy based routing).

Refer to the attribute telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/

tos2QueueMapping on page 539 for more information on TOS to queue mapping.
534 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/trafficShaping Default:<empty>

Range: table, see below
The function of this attribute is threefold:
• Traffic and priority policing
In case you have set the telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method attribute to trafficShap-
ing, then use the trafficShaping table to specify which data has to be redirected to which queue. If an
overload condition occurs, then a packet is redirected to the specified queue when the criteria as
specified in the trafficShaping table are met.
Refer to 8.8 - Configuring traffic and priority policy on the router on page 237.
• Policy based routing
In case you have set the telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method attribute to trafficShap-
ing, then use the trafficShaping table to specify which data has to be redirected to which interface or
gateway. Packets are redirected to the specified interface or gateway when the criteria as specified
in the trafficShaping table are met.
Refer to 8.4 - Configuring policy based routing on page 196.
• Extended access list
In case you have set the telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method attribute to trafficShap-
ing, then use the trafficShaping table to specify which data is forwarded. Packets are forwarded when
the criteria as specified in the trafficShaping table are met. If more than one entry applies to the same
packet, then the entry which has the narrowest filter range (when looking at the filter criteria from left
to right) is chosen.
Refer to 10.2 - Configuring the access restrictions on page 296.

Important remarks

• By default, the entries in the trafficShaping table are “allow” rules. I.e. only the traffic defined in the table
is permitted, all other traffic is discarded (independent whether the traffic shaping table is used as an
access list, for priority policing or policy based routing). However, you can inverse an entry making it
a “deny” rule by entering “discard” as value of the interface element.
• If more than one entry applies to the same packet, then the entry which has the narrowest filter range
(when looking at the filter criteria from left to right) is chosen. For example: two rows in the trafficShaping
table apply to the same packet, but row 1 wants to forward packets to queue 3 and row 2 wants to
forward packets to the low delay queue. In that case, first the IP source address is considered. The
row with the smallest range wins. If the ranges are exactly the same, then the IP destination address
is considered. And so on. Should the two rows be completely identical except for the queue, then one
of the rows is chosen at random.
• You do not necessarily have to fill in IP addresses in the trafficShaping table. It is perfectly valid to filter
on IP protocol, IP protocol/port combination or TOS values only. However, you can not filter on port
numbers only. What is more, you can only filter on port numbers when the IP protocol is set to TCP
or UDP. So in other words, if the IP protocol element is set to a value different from TCP or UDP, then
all the port elements are ignored.
Telindus 1423 SHDSL Router Chapter 12 535
User manual Configuration attributes

The trafficShaping table contains the following elements:

Element Description

sourceIpStart- Use these elements to set the IP source address as Default:0.0.0.0

Address specified in the IP header. Range: up to 255.255.255.255
sourceIpEnd- Packets that fall within the specified range are forwarded and queued if applicable.
Address

destinationIpStart- Use these elements to set the IP destination address Default:0.0.0.0

Address as specified in the IP header. Range: up to 255.255.255.255
destinationIpEnd- Packets that fall within the specified range are forwarded and queued if applicable.
Address

tosStartValue Use these elements to set the TOS byte value. Default:any(start)/optional(end)
Packets that fall within the specified range are for- Range: 0 … 256
tosEndValue
warded and queued if applicable.

ipProtocol Use this element to set the protocol field from the IP Default:any
header. Range: 0 … 255
Packets that have the specified protocol field are forwarded and queued if applica-
ble.
You can specify the protocol by typing the protocol number. For ease of use, some
common protocols can be selected from a drop-down box: any (0), ICMP (1), IGMP
(2), IPinIP (4), TCP (6), EGP (8), IGP (9), UDP (17), RSVP (46), IGRP (88), OSPFIGP (89),
TCPestablished (255).

sourcePortStart Use these elements to set the source port as specified Default:any(start)/optional(end)
in the UDP / TCP headers. Range: 0 … 65535
sourcePortEnd
Packets that fall within the specified range are forwarded and queued if applicable.
You can specify the port by typing the protocol number. For ease of use, some
common port numbers can be selected from a drop-down box: any or optional (0),
echo (7), discard (9), ftp-data (20), ftp (21), telnet (23), smtp (25), domain (53), www-http
(80), pop3 (110), nntp (119), snmp (161), snmptrap (162), z39.50 (210), syslog (514),
router (520), socks (1080), I2tp (1701), telindus (1728).

Note that the predefined “echo” value is a UDP port. It has nothing to do with
ICMP echo.

destinationPortStart Use these elements to set the destination port as Default:any(start)/optional(end)

specified in the UDP / TCP headers. Range: 0 … 65535
destinationPortEnd
Packets that fall within the specified range are forwarded and queued if applicable.
You can specify the port by typing the protocol number. For ease of use, some
common port numbers can be selected from a drop-down box: see above.

newTosValue Use this element to set the new TOS byte value. Default:unchanged
When you select a new TOS byte value, then a packet Range: 0 … 256
that matches an entry in the trafficShaping table its TOS byte value is changed.
Selecting unchanged, leaves the TOS byte value as it is.
536 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

priority Use this element to set the destination queue for a Default:queue1
packet matching an entry in the trafficShaping table. Range: enumerated, see below
In case an overload condition occurs, then a packet that matches an entry in the
trafficShaping table is sent to the specified queue.
The priority element has the following values: queue1, queue2, queue3, queue4, queue5,
lowDelayQueue.

interface Use this element to set the destination interface for a Default:<empty>
packet matching an entry in the trafficShaping table. Range: 0 … 24 characters
This is policy based routing.
Type the name of the interface in the interface element, e.g. lan.
Note that by default, the entries in the trafficShaping table are “allow” rules. I.e. only
the traffic defined in the table is permitted, all other traffic is discarded (independ-
ent whether the traffic shaping table is used as an access list, for priority policing
or policy based routing). However, you can inverse an entry making it a “deny” rule
by entering “discard” as value of the interface element.

gateway Use this element to set the gateway for a packet Default:<opt>
matching an entry in the trafficShaping table. This is pol- Range: up to 255.255.255.255
icy based routing.

Start and end values

Except for the ipProtocol, newTosValue and priority elements, it is possible to specify ranges using the start
and end values. There are two special cases:
• A start value is entered, but no end value ⇒ an exact match is needed for the start value.
• Neither a start nor an end value is entered ⇒ the field is not checked.
Telindus 1423 SHDSL Router Chapter 12 537
User manual Configuration attributes

telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/dropLevels Default:-

Range: table, see below
Use this attribute to define for each user configurable queue, how many
packets may be queued before they are dropped.
The dropLevels table contains the following elements:

Element Description

dropLevel1 Use this element to set the maximum length (drop Default:100
level 1), in packets, of each user configurable queue. Range: 1 … 3000
In case you set the attribute telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method
to …
• trafficShaping or tosMapped, then only this drop level is relevant.
• tosDiffServ, then this drop level corresponds with the drop level bits value 00 and
01.

dropLevel2 Use this element to set the maximum length (drop Default:100
level 2), in packets, of each user configurable queue. Range: 1 … 3000
In case you set the attribute telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method
to …
• trafficShaping or tosMapped, then this drop level is not relevant.
• tosDiffServ, then this drop level corresponds with the drop level bits value 10.

dropLevel3 Use this element to set the maximum length (drop Default:100
level 3), in packets, of each user configurable queue. Range: 1 … 3000
In case you set the attribute telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method
to …
• trafficShaping or tosMapped, then this drop level is not relevant.
• tosDiffServ, then this drop level corresponds with the drop level bits value 11.

Examples

Suppose …
• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method is set to trafficShaping or tosMapped.
• for queue 1 you set maxLength1 = 1000, for queue 2 to 500, for queue 3 to 3000, for queue 4 to 1000
and for queue 5 to 200.

In this case, packets are dropped when the amount of packets in the queue exceeds the amount as
specified with the maxLength1 element.
538 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Suppose …
• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method is set to tosDiffServ.
• for queue 1 you set maxLength1 = 100, maxLength2 = 200 and maxLength3 = 50.

In this case, the following applies:

Queue 1 contains … data An incoming data packet with … is …

packets.
drop level1 1 drop level 2 drop level 3

less than 50 accepted accepted accepted

more than 50, less than 100 accepted accepted dropped

more than 100, less than 200 dropped accepted dropped

more than 200 dropped dropped dropped

1. As defined in the TOS byte.

Telindus 1423 SHDSL Router Chapter 12 539
User manual Configuration attributes

telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/tos2QueueMapping Default:<empty>

Range: table, see below
• Traffic and priority policing
In case you have set the telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method attribute to tosMapped,
then use the tos2QueueMapping table to specify which data has to be redirected to which queue. If an
overload condition occurs, then a packet is redirected to the specified queue when the criteria as
specified in the tos2QueueMapping table are met.
Refer to 8.8 - Configuring traffic and priority policy on the router on page 237 and 9.3.2 - Configuring
a traffic policy on the bridge on page 287.
• Policy based routing
In case you have set the telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/method attribute to tosMapped,
then use the tos2QueueMapping table to specify which data has to be redirected to which interface or
gateway. Packets are redirected to the specified interface or gateway when the criteria as specified
in the tos2QueueMapping table are met.
Refer to 8.4 - Configuring policy based routing on page 196.

The tos2QueueMapping table contains the following elements:

Element Description

startTos Use these elements to set the TOS byte value. Default:0 (start) / 255 (end)
endTos Packets that have a TOS byte value within the speci- Range: 0 … 255
fied range are redirected to the targetQueue.

targetQueue Use this element to set the destination queue. Default:Queue1

The targetQueue element has the following values: Range: enumerated, see below
Queue1, Queue2, Queue3, Queue4, Queue5, lowDelayQueue.

interface Use this element to set the destination interface for a Default:<empty>
packet matching an entry in the tos2QueueMapping Range: 0 … 24 characters
table. This is policy based routing.
Type the name of the interface in the interface element, e.g. lan.

gateway Use this element to set the gateway for a packet Default:<opt>
matching an entry in the tos2QueueMapping table. This Range: up to 255.255.255.255
is policy based routing.
540 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.9.5 Bridging traffic policy configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/profiles/policy/traffic/bridgingTrafficPolicy[ ]/vlanPriorityMap on page 541
• telindus1423Router/profiles/policy/traffic/bridgingTrafficPolicy[ ]/dropLevels on page 541

This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 50.
Telindus 1423 SHDSL Router Chapter 12 541
User manual Configuration attributes

telindus1423Router/profiles/policy/traffic/bridgingTrafficPolicy[ ]/vlanPriorityMap Default:-

Range: structure, see below
Use this attribute to impose a bridging traffic policy on the bridged VLAN
frames received by the Telindus 1423 SHDSL Router.
Each VLAN frame has a certain priority (this is specified in the 802.1P part of the 802.1Q header of the
VLAN frame). In case a traffic overload condition occurs and in case you imposed this traffic policy on a
certain interface, then the VLAN frames are sent to a queue. Using the vlanPriorityMap attribute, you can
specify which VLAN frame is sent to which queue based on the priority of the VLAN frame.
The vlanPriorityMap structure contains the following elements:

Element Description

priority0 Use these elements to define which priority corresponds with which queue. The
… possible queues are: queue1 up to queue5 and lowDelayQueue. To empty these
queues, specify a priority policy.
priority7
Frames that are not tagged are all considered to have priority 0.
$

Refer to 9.3.2 - Configuring a traffic policy on the bridge on page 287 for more
information on traffic policy, priority policy and priority queuing.

telindus1423Router/profiles/policy/traffic/bridgingTrafficPolicy[ ]/dropLevels Default:-

Range: table, see below
Use this attribute to define for each user configurable queue, how many
packets may be queued before they are dropped.
The dropLevels table contains the following element:

Element Description

dropLevel1 Use this element to set the maximum length, in pack- Default:100
ets, of each user configurable queue. Range: 1 … 3000
542 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.9.6 Priority policy configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/algorithm on page 543
• telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/countingPolicy on page 545
• telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/queueConfigurations on page 545
• telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/lowdelayQuotum on page 545
• telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/bandwidth on page 546

This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 50.
Telindus 1423 SHDSL Router Chapter 12 543
User manual Configuration attributes

telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/algorithm Default:fifo

Range: enumerated, see below
Use this attribute to determine how and which queues are emptied.
The algorithm attribute has the following values:

Value Description

fifo This is a First In First Out queue. The data that enters the queue first, also leaves
the queue first. This is the fastest but most superficial queuing mechanism.
You can change the maximum length of the FIFO queue on an interface using the
configuration attribute maxFifoQLen.

roundRobin This is a priority queuing mechanism. In this case, all user configurable queues
containing data have an equal weight. In other words, if all the user configurable
queues contain data, they are addressed in turns. The low delay has a higher pri-
ority, it is addressed between every user configurable queue. The system queue
has absolute priority, it is emptied as soon as it contains data.
• Queues 1 up to 5: user configurable queues. These queues are addressed in
turns.
• Queue 6: low delay queue. This queue is addressed between every user con-
figurable queue.
• Queue 7: system queue. This queue has absolute priority over all other queues.
As soon as it contains data, it is emptied.

absolutePriority This is a priority queuing mechanism. In this case, queues with a high priority have
absolute priority over queues with a low priority. In other words, no lower priority
queue is emptied as long as a higher priority queue contains data.
The priority of the queues runs parallel to the queue number. I.e. the user config-
urable queue number 1 has the lowest priority, whereas the system queue
(number 7) has the highest priority.
• Queues 1 up to 5: user configurable queues. Queue 1 has the lowest priority
whereas queue 5 has the highest priority. A lower priority queue is only emptied
in case no higher priority queue contains data.
• Queue 6: low delay queue. This queue is only emptied in case the system
queue contains no data.
• Queue 7: system queue. This queue has absolute priority over all other queues.
As soon as it contains data, it is emptied.

Note that there is a risk of starvation. This means that it is possible that the
lower priority queues are never emptied because a higher priority queue
continuously receives data.
544 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Value Description

weightedFair- This is a priority queuing mechanism. In this case, the user configurable queues
Queueing are addressed based on their weight. The low delay has a higher priority, it is
addressed between every user configurable queue. The system queue has abso-
lute priority, it is emptied as soon as it contains data.
• Queues 1 up to 5: user configurable queues. These queues are addressed
based on their weight. The weight can be configured in the telindus1423Router/pro-
files/policy/priority/priorityPolicy[ ]/queueConfigurations attribute.
• Queue 6: low delay queue. This queue is addressed between every user con-
figurable queue.
• Queue 7: system queue. This queue has absolute priority over all other queues.
As soon as it contains data, it is emptied.

lowDelayWeighted- This is a priority queuing mechanism. It is a combination of absolute priority and

FairQueueing weighted fair queueing. In this case, the user configurable queues are addressed
based on their weight. The low delay queue has absolute priority over all user con-
figurable queues and the system queue has absolute priority over all queues.
• Queues 1 up to 5: user configurable queues. These queues are addressed
based on their weight. The weight can be configured in the telindus1423Router/pro-
files/policy/priority/priorityPolicy[ ]/queueConfigurations attribute.
• Queue 6: low delay queue. This queue has absolute priority over all user con-
figurable queues. If the system queue does not contain data but the low delay
queue and the user configurable queues do, then it is the low delay queue that
is emptied.
• Queue 7: system queue. This queue has absolute priority over all other queues.
As soon as it contains data, it is emptied.

In a network that carries both voice and data, the lowDelayWeightedFairQueueing

algorithm is the most suited mechanism to get the voice over the network
with a minimum delay. In this case, the voice has to be queued in the low
delay queue.
Telindus 1423 SHDSL Router Chapter 12 545
User manual Configuration attributes

telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/countingPolicy Default:bytes

Range: enumerated, see below
Use this attribute to define whether the quotum of the queues is expressed
in bytes or packets.

telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/queueConfigurations Default:<empty>

Range: table, see below
Use this attribute to …
• set the number of bytes/packets that is dequeued from the user configurable queue when the queue
is addressed.
• set the relative importance of the user configurable queues.

The queueConfigurations table contains the following elements:

Element Description

quotum Use this element to set the number of bytes/packets Default:1500

that is dequeued from the user configurable queue Range: 1 … 25000
when the queue is addressed.
The unit of the quotum (bytes or packets) can be set with the telindus1423Router/pro-
files/policy/priority/priorityPolicy[ ]/countingPolicy attribute.

weight Use this element to set the relative importance of the Default:1
user configurable queues. Range: 1 … 10
The weight element is only relevant in case the telindus1423Router/profiles/policy/priority/
priorityPolicy[ ]/algorithm attribute is set to weightedFairQueueing.

Example

Suppose queue 1 has weight 2, queue 2 has weight 1 and both queues contain
data. In that case the queues are emptied in the following order: queue 1 → queue
1 → queue 2 → queue 1 → queue 1 → queue 2 → etc.

Refer to 8.8.1 - Introducing traffic and priority policy on page 238 for more information on queues.

telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/lowdelayQuotum Default:1500

Range: 1 … 25000
Use this attribute to set the number of bytes/packets that is dequeued from
the low delay queue when the queue is addressed. The unit of the quotum (bytes or packets) can be set
with the telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/countingPolicy attribute.
Refer to 8.8.1 - Introducing traffic and priority policy on page 238 for more information on queues.
546 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/profiles/policy/priority/priorityPolicy[ ]/bandwidth Default:-

Range: table, see below
Use this attribute to set the bandwidth per queue.
The bandwidth table contains the following elements:

Element Description

cir Use this element to set the Committed Information Default:0

Rate (CIR), in bits per second, of the different queues. Range: 0 … 2147483647
Using entry 1 up to 5 in the bandwidth table you can set the CIR for queues 1 up to
5, respectively. Using entry 6 in the bandwidth table you can set the CIR for the low
delay queue.
If the CIR is exceeded, then the data is first queued. The amount of data that is
queued can be set using the maxFifoQLen attribute. If the queue is completely filled
up, then the data is discarded.

Refer to 8.8.1 - Introducing traffic and priority policy on page 238 for more information on queues.
Telindus 1423 SHDSL Router Chapter 12 547
User manual Configuration attributes

12.10 Dial maps configuration attributes

If you want to establish an ISDN dial-up connection, then you first have to set up dial, encapsulation and
forwarding profiles. Then you have to configure the dial map in which you combine the different profiles.
Refer to 6 - Setting up ISDN connections on page 93 for more information.
This section describes the following configuration attributes:
• telindus1423Router/dialMaps/mapping on page 548
548 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/dialMaps/mapping Default:<empty>
Range: table, see below
Use this attribute to configure dial maps. This means that you can create
entries in this table (called dial maps) which actually make up an ISDN dial-up connection.
Refer to 6 - Setting up ISDN connections on page 93 for an elaborate explanation on setting up ISDN
dial-up connections using profiles and dial maps.
The mapping table contains the following elements:

Element Description

name Use this element to specify a name for the dial map. Default:map
This name has to be used in the routing table in order Range: 1 … 24 characters
to point to a specific dial map.
Refer to 6.3.3 - How to create a route that points to a dial map? on page 200 for
more information.

localTelNrs Use this element to enter the local telephone number. Default:<empty>
This is the telephone number a remote ISDN device Range: table, see below
has to use to dial in.
The localTelNrs table contains the following elements:
• telNr. Use this element to enter the telephone Default:<empty>
number. Range: 0 … 36 tel. characters
• uniqueDigits. Use this element to set the number of Default:0
unique digits. Refer to What are unique digits?. Range: 0 … 35
Setting the uniqueDigits to 0 means that the com-
plete telephone number as entered in the telNr element should be considered
as unique digits.

It is not mandatory to fill in the localTelNrs table. If you leave the localTelNrs table
empty, then all incoming calls are accepted. However, if you do specify a tele-
phone number in the localTelNrs table, then only the calls to this specific telephone
number are accepted.
Telindus 1423 SHDSL Router Chapter 12 549
User manual Configuration attributes

Element Description

remoteTelNrs Use this element to enter the remote telephone Default:<empty>

number(s). Range: table, see below
The remoteTelNrs table contains the following elements:
• telNr. Use this element to enter the telephone Default:<empty>
number. Range: 0 … 36 tel. characters
• uniqueDigits. Use this element to set the number of Default:0
unique digits. Refer to What are unique digits?. Range: 0 … 35
Setting the uniqueDigits to 0 means that the com-
plete telephone number as entered in the telNr element should be considered
as unique digits.

In case of an …
• outgoing call, these numbers are used to dial out.
• incoming call, these numbers are used to authenticate the remote caller.

Since the remoteTelNrs element is a table, you can enter several remote telephone
numbers. In case of an …
• outgoing call, the first number in the list is taken to dial out. If for this number
the call set-up fails (due to network problems, e.g. busy, dial time-out, etc.),
then the next telephone number in the list is tried.
• incoming call, if the telephone number of the remote caller is present some-
where in the list, then the call is accepted.
550 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

What are unique digits?

The unique digits are, as the word says, that part of the telephone number that is
truly “unique”.
Once a call reaches the ISDN network itself, things such as access codes and
country access codes have no significance anymore and hence are discarded.
However, should you use the telephone number for verification purposes, then you
have to specify which part of the number you entered should be used. Typically,
the part after the access code is considered to be the unique number.
For example: telephone number 00 32 16 124578, where
00 32 16 124578
00 is the access code, 32 is the country code, 16 is the
regional code and 124578 is the actual telephone number. 8 unique digits
Typically, the 00 and 32 are dropped once the call reaches
the ISDN network. If you want that only the numbers 16 124578 are considered as
unique digits, then enter 8 as value for the uniqueDigits element.

callDirection Use this element to determine whether a call can be Default:incalls+outcalls

an incoming, outgoing or an incoming + outgoing call. Range: enumerated, see below

sessionName Use this attribute to set the PPP authentication name Default:<empty>
of the remote router. Range: 1 … 24 characters
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/sessionName on page 492 for
more information.

sessionSecret Use this element to set the PPP authentication secret Default:<empty>
of the remote router. Range: 1 … 24 characters
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/sessionSecret on page 492 for
more information.
Telindus 1423 SHDSL Router Chapter 12 551
User manual Configuration attributes

Element Description

dial Use this element to determine which dial profile you Default:<isdn> default
want to use for this dial map. Range: isdn
The dial element value consists of two parts:
• Use the first part of the dial element value to select the dial profile type: isdn.
• Use the second part of the dial element value to select the actual profile. If you
want to use …
- the default profile, then enter, in the second field of the dial
element value, the string “default”.
- a custom profile, then enter, in the second field of the dial ele-
ment value, the index name of the custom profile you want to use. You can
create the profile itself by adding an isdn[ ] object under the profiles/dial object
and by configuring the attributes in this object.

Example

If you created an isdn object with index name my_isdn (i.e.

isdn[my_isdn]) and you want to apply this profile here, then enter the
index name as value for the dial element.
Refer to 6.3.1 - How to create a profile? on page 196 for more information on cre-
ating profiles.

encapsulation Use this element to determine which encapsulation Default:<ppp> default

profile you want to use for this dial map. Range: choice, see below
Do this in the same way as for the dial element.

forwardingMode Use this element to determine which forwarding pro- Default:<routing> default
file you want to use for this dial map. Range: choice, see below
Do this in the same way as for the dial element.
552 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.11 Bundle configuration attributes

This section describes the configuration attributes of the different bundles that you can set up on the Tel-
indus 1423 SHDSL Router.
The following gives an overview of this section:
• 12.11.1 - PPP bundle configuration attributes on page 553
Telindus 1423 SHDSL Router Chapter 12 553
User manual Configuration attributes

12.11.1 PPP bundle configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/bundle/pppBundle[ ]/members on page 554
• telindus1423Router/bundle/pppBundle[ ]/mode on page 554
• telindus1423Router/bundle/pppBundle[ ]/ip on page 554
• telindus1423Router/bundle/pppBundle[ ]/bridging on page 554
• telindus1423Router/bundle/pppBundle[ ]/fragmentation on page 555
• telindus1423Router/bundle/pppBundle[ ]/multiclassInterfaces on page 555
• telindus1423Router/bundle/pppBundle[ ]/<alarmConfigurationAttributes> on page 556

This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 50.
554 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/bundle/pppBundle[ ]/members Default:<empty>

Range: table, see below
Use this attribute to make the WAN interface a part of the PPP bundle. Do
this by adding one entry to the members table and by typing “wan” as value of the interface element.

Note that in case you run PPP over ATM (PPPoA) you can also create PPP bundles. In that case, just
type the name of the ATM PVC as value of the interface element in the members table.

Refer to 7.4.11 - Setting up multilink PPP on page 173 for more information on how to set up a PPP bun-
dle.

telindus1423Router/bundle/pppBundle[ ]/mode Default:bridging

Range: enumerated, see below
Use this attribute to determine whether the packets are treated by the rout-
ing process, the bridging process or both.
The mode attribute has the following values:

Value Description

bridging All packets received on the PPP bundle are bridged. BCP is set up.

routing All packets received on the PPP bundle are routed. IPCP is set up.

routingAndBridging The SNAP header is checked to determine whether the packets have to be bridged
or routed. IPCP and BCP are set up.

telindus1423Router/bundle/pppBundle[ ]/ip Default:<empty>

Range: structure, see below
Use this attribute to configure the IP related parameters of the PPP bundle.
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configuring IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip structure.

telindus1423Router/bundle/pppBundle[ ]/bridging Default:-

Range: structure, see below
Use this attribute to configure the bridging related parameters of the PPP
bundle.
Refer to …
• 9 - Configuring bridging on page 263 for more information on bridging.
• 9.2.6 - Explaining the bridging structure on page 281 for a detailed description of the bridging structure.
Telindus 1423 SHDSL Router Chapter 12 555
User manual Configuration attributes

telindus1423Router/bundle/pppBundle[ ]/fragmentation Default:enabled

Range: enabled / disabled
Use this attribute to enable or disable PPP fragmentation. Refer to What is
PPP fragmentation? on page 159.
When PPP fragmentation is enabled, long frames are fragmented into a sequence of shorter frames. At
the remote side they are reassembled into the original frame.

telindus1423Router/bundle/pppBundle[ ]/multiclassInterfaces Default:<empty>

Range: table, see below
Use this attribute to set up multiclass PPP links. So you have to add an entry
to the multiclassInterfaces table for every multiclass PPP link that you want to create.
Refer to 7.4.13 - Setting up multiclass PPP on page 177 for more information.
The multiclassInterfaces table contains the following elements:

Element Description

name Use this element to assign an administrative name to Default:<empty>

the multiclass PPP link. Range: 0 … 24 characters

adminStatus Use this element to activate (up) or deactivate (down) Default:up

the multiclass PPP link. Range: up / down

mode Use this element to determine whether, for the corre- Default:routing
sponding multiclass PPP link, the packets are treated Range: enumerated, see below
by the routing process, the bridging process or both.
The mode element has the following values:
• bridging. All packets received on the multiclass PPP link are bridged.
• routing. All packets received on the multiclass PPP link are routed.
• routingAndBridging. The SNAP header is checked to determine whether the pack-
ets have to be bridged or routed.

ip Use this element to configure the IP related parame- Default:-

ters of the multiclass PPP link. Range: structure, see below
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configur-
ing IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip
structure.

bridging Use this element to configure the bridging related Default:-

parameters of the multiclass PPP link in case the mul- Range: structure, see below
ticlass PPP link is in bridging mode (i.e. in case the
mode element is set to bridging).
Refer to …
• 9 - Configuring bridging on page 263 for more information on bridging.
• 9.2.6 - Explaining the bridging structure on page 281 for a detailed description of
the bridging structure.
556 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

multiclass Use this element to configure the multiclass specific Default:-

parameters of the multiclass PPP link. Range: structure, see below
Refer to telindus1423Router/bundle/pppBundle[ ]/multiclassInterfaces/multiclass on page 556 for
a detailed description of the multiclass structure.

telindus1423Router/bundle/pppBundle[ ]/multiclassInterfaces/multiclass Default:-

Range: structure, see below
Use this structure to configure the multiclass specific parameters of the mul-
ticlass PPP link.
The multiclass structure contains the following elements:

Element Description

multiclass Use this element to set a multiclass identifier for the Default:1
multiclass PPP link. Range: 1 … 7

defaultQueue Use this element to select a default queue. Default:queue1

This allows you to easily set up a traffic policy without Range: enumerated, see below
having to create and apply traffic policy profiles. However, you still have to create
and apply a priority policy profile to empty the queues.
Refer to 8.8.9 - The default queue attribute versus a traffic policy profile on
page 252 for more information.

telindus1423Router/bundle/pppBundle[ ]/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask, alarmLevel, alarmContactHighMask and alarmContactLowMask
and on the alarms in general, refer to 15.2 - Introducing the alarm attributes on page 919.
• the alarms of the pppBundle[ ] object, refer to 15.12 - Bundle alarms on page 934.
Telindus 1423 SHDSL Router Chapter 12 557
User manual Configuration attributes

12.12 Router configuration attributes

This section discusses the configuration attributes concerned with routing. First it describes the general
routing configuration attributes. Then it explains the configuration attributes of the extra features as there
are NAT, L2TP tunnelling, filtering, traffic and priority policy, etc…
The following gives an overview of this section:
• 12.12.1 - General router configuration attributes on page 558
• 12.12.2 - NAT configuration attributes on page 583
• 12.12.3 - L2TP tunnel configuration attributes on page 587
• 12.12.4 - Manual SA configuration attributes on page 597
• 12.12.5 - IKE SA configuration attributes on page 601
• 12.12.6 - OSPF configuration attributes on page 609
• 12.12.7 - Routing filter configuration attributes on page 622
• 12.12.8 - VRRP configuration attributes on page 624
• 12.12.9 - Firewall configuration attributes on page 628
558 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.12.1 General router configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/ip/router/defaultRoute on page 559
• telindus1423Router/ip/router/routingTable on page 560
• telindus1423Router/ip/router/routingProtocol on page 561
• telindus1423Router/ip/router/alternativeRoutes on page 561
• telindus1423Router/ip/router/ripUpdateInterval on page 561
• telindus1423Router/ip/router/ripHoldDownTime on page 562
• telindus1423Router/ip/router/ripv2SecretTable on page 563
• telindus1423Router/ip/router/sysSecret on page 564
• telindus1423Router/ip/router/pppSecretTable on page 564
• telindus1423Router/ip/router/helperProtocols on page 565
• telindus1423Router/ip/router/sendTtlExceeded on page 566
• telindus1423Router/ip/router/sendPortUnreachable on page 567
• telindus1423Router/ip/router/sendAdminUnreachable on page 567
• telindus1423Router/ip/router/dhcpStatic on page 568
• telindus1423Router/ip/router/dhcpDynamic on page 570
• telindus1423Router/ip/router/dhcpCheckAddress on page 572
• telindus1423Router/ip/router/radius on page 573
• telindus1423Router/ip/router/dns on page 575
• telindus1423Router/ip/router/addrPools on page 576
• telindus1423Router/ip/router/<alarmConfigurationAttributes> on page 582
Telindus 1423 SHDSL Router Chapter 12 559
User manual Configuration attributes

telindus1423Router/ip/router/defaultRoute Default:-
Range: structure, see below
Use this attribute to set the default route, also called gateway address.
Refer to 8.3 - Configuring static routes on page 188 for more information on static routes.
The defaultRoute structure contains the following elements:

Element Description

gateway Use this element to specify the IP address of the next Default:0.0.0.0
router that will route all packets for which no specific Range: up to 255.255.255.255
(static or dynamic) route exists in the routing table.
Whether you can omit the gateway element or not, is linked to the following condi-
tions:

If the interface element then …

specifies …

the LAN interface, you can not omit the gateway element.

the WAN interface, you can omit the gateway element only when using
PPP encapsulation.

a DLCI, PVC or tunnel, you can omit the gateway element.

interface Use this element to specify the interface through Default:<empty>

which the gateway can be reached. Range: 0 … 24 characters
Do this by typing the name of the interface as you assigned it using the configura-
tion attribute name (e.g. telindus1423Router/lanInterface/name). Note that this interface
can also be a DLCI, PVC, tunnel, etc.
If you do not specify a value for the interface element, then it is deduced by checking
all interfaces (including DLCIs, PVCs and tunnels) and finding an interface for
which the gateway lies in the subnet defined by the IP address and net mask of
that interface.
Typing the string “discard”, discards all packets for the corresponding destination.

preference Use this element to set the level of importance of the Default:10
default route with respect to routes learnt via RIP. Range: 1 … 200
RIP routes always have a preference of 60. Routes with a lower preference value
are chosen over routes with higher preference value.

metric Use this element to set with how much the metric Default:1
parameter of a route has to be incremented. Range: 1 … 15
If two routes exist with the same preference, then the route with the lowest metric
value is chosen. This element is only important when combining static routes and
RIP routes.
Refer to 8.5.3 - Explaining the rip structure on page 205 for more information on
the metric parameter.
560 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/routingTable Default:<empty>
Range: table, see below
Use this attribute to configure the static IP routes.
Refer to 8.3 - Configuring static routes on page 188 for more information on static routes.
The routingTable table contains the following elements:

Element Description

network Use this element to specify the IP address of the des- Default:0.0.0.0
tination network. Range: up to 255.255.255.255

mask Use this element to specify the network mask of the Default:255.255.255.0
destination network. Range: up to 255.255.255.255

gateway Use this element to specify the IP address of the next Default:0.0.0.0
router on the path to the destination network. Range: up to 255.255.255.255
Whether you can omit the gateway element or not, is linked to the following condi-
tions:

If the interface element then …

specifies …

the LAN interface, you can not omit the gateway element.

the WAN interface, you can omit the gateway element only when using
PPP encapsulation.

a DLCI, PVC or tunnel, you can omit the gateway element.

interface Use this element to specify the interface through Default:<empty>

which the destination network can be reached. Range: 0 … 24 characters
Do this by typing the name of the interface as you assigned it using the configura-
tion attribute name (e.g. telindus1423Router/lanInterface/name on page 452). Note that the
“interface” can also be a DLCI, PVC, tunnel, etc.
If you do not specify a value for the interface element, then it is deduced by checking
all interfaces (including DLCIs, PVCs and tunnels) and finding an interface for
which the gateway lies in the subnet defined by the IP address and net mask of
that interface.
Typing the string “discard”, discards all packets for the corresponding destination.

preference Use this element to set the level of importance of the Default:10
route. Range: 1 … 200
Routes with a lower preference value are chosen over routes with higher prefer-
ence value. Note that routes learned through RIP always have a preference of 60.

metric Use this element to set with how much the metric Default:1
parameter of a route has to be incremented. Range: 1 … 15
If two routes exist with the same preference, then the route with the lowest metric
value is chosen. Refer to 8.5.3 - Explaining the rip structure on page 205 for more
information on the metric parameter.
Telindus 1423 SHDSL Router Chapter 12 561
User manual Configuration attributes

telindus1423Router/ip/router/routingProtocol Default:none
Range: enumerated, see below
Use this attribute to activate or deactivate the Routing Information Protocol
(RIP).
Refer to 8.5 - Configuring RIP on page 201 for more information on RIP.
The routingProtocol attribute has the following values:

Value Description

none No routing protocol is used. Only static routes are used.

rip The RIP routing protocol is active. You can set the RIP version per interface. Refer
to the elements txVersion and rxVersion in the rip structure (refer to 8.5.3 - Explaining
the rip structure on page 205).

telindus1423Router/ip/router/alternativeRoutes Default:backup
Range: enumerated, see below
Use this attribute to determine how the Telindus 1423 SHDSL Router deals
with identical routes.
If more than one route to a (sub-)network is defined in the routing table, and these routes have …
• identical destination addresses, masks, preferences and metrics,
• a different gateway,
… then you can use the alternativeRoutes attribute to determine which route the Telindus 1423 SHDSL
Router uses to reach the (sub-)network.
The alternativeRoutes attribute has the following values:

Value Description

backup The Telindus 1423 SHDSL Router always uses the same route to reach the (sub-
)network. Only when this route goes down, it uses the alternative route.

roundRobin The Telindus 1423 SHDSL Router alternately uses the two possible routes to
reach the (sub-)network. However, once a certain route is used to reach a specific
address, this same route is always used to reach this specific address.

telindus1423Router/ip/router/ripUpdateInterval Default:00000d 00h 00m 30s

Range: 00000d 00h 00m 05s -
Use this attribute to set the interval the Telindus 1423 SHDSL Router trans- 00000d 00h 10m 00s
mits RIP update messages.
Normally, RIP update messages are transmitted every 30 seconds. It is possible to change this interval.
However, changing this interval will also change the lifetime of routes learnt through RIP. If a RIP route
is received for the last time, it is declared down after 6 times the ripUpdateInterval. After the route is down,
it is deleted after 4 times the ripUpdateInterval.
562 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/ripHoldDownTime Default:00000d 00h 03m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to set the time during which routing information regarding 00000d 00h 10m 00s
better paths is suppressed.
It should be at least three times the value of the ripUpdateInterval attribute. A route enters into a hold-down
state when an update packet is received that indicates the route is unreachable. The route is marked
inaccessible and advertised as unreachable. However, the route is still used for forwarding packets.
When hold-down expires, routes advertised by other sources are accepted and the route is no longer
inaccessible.

What is the RIP hold-down time?

Suppose you have a situation as depicted in the figure

alongside.
Now suppose the following happens:
1. Route X goes down.
⇒Router A sends a RIP update message to router B
declaring route X down.
2. Only a few moments later, route X goes up for a while
after which it goes down again. This continues for a certain time. In other words, the route status tog-
gles between up and down.
⇒Every time the status of route X changes, Router A sends a RIP update message to router B. Also
router B propagates these RIP update messages. In other words, the toggling of route X causes
that a lot of RIP update messages are sent.

The ripHoldDownTime attribute tries to avoid situations as described above. Suppose router B has a
ripHoldDownTime attribute. In that case, the situation is as follows:
1. Route X goes down.
⇒Router A sends a RIP update message to router B declaring route X down. Router B starts the RIP
hold-down timer.
2. The status of route X starts toggling between up and down.
⇒Router A sends several RIP update messages concerning route X to router B. Router B holds the
status of route X down, as longs as the RIP hold-down timer has not expired.

When the RIP hold-down timer expires and the route is …

• down, then the route status stays down.
• up, then the route status changes to up.
Telindus 1423 SHDSL Router Chapter 12 563
User manual Configuration attributes

telindus1423Router/ip/router/ripv2SecretTable Default:<empty>
Range: table, see below
Use this attribute to define the secrets used for the RIP authentication.
Refer to 8.5.4 - Enabling RIP authentication on an interface on page 209 for more information on RIP
authentication.
The ripv2SecretTable table contains the following elements:

Element Description

keyId Use this element to set a unique identifier for each Default:0
secret. Range: 0 … 255

secret Use this element to define the secret. Default:<empty>

This secret is sent with the RIP updates on the speci- Range: 0 … 16 characters
fied interface. It is also used to authenticate incoming RIP updates.

interface Use this element to specify on which interface the Default:all

secret is used. Range: 0 … 24 characters
Entering the string “all” (default) means the secret is used on all the interfaces.

Remarks

• If authentication is enabled (either text or md5), then only updates using that authentication are proc-
essed. All other updates on that interface are discarded.
• If you use md5 and if for a certain interface multiple secrets are present in the ripv2SecretTable, then the
first entry in the ripv2SecretTable is used to transmit RIP updates. Authentication of the received RIP
updates is done by looking for the first secret with a matching key.
• If you use text and if for a certain interface multiple secrets are present in the ripv2SecretTable, then only
the first entry in the ripv2SecretTable is used to transmit and receive RIP updates.
564 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/sysSecret Default:<empty>
Range: 0 … 64 characters
Use this attribute for the PPP authentication process. The PPP authentica-
tor uses the sysSecret attribute in order to verify the peer its response.
For more information on PPP authentication, refer to …
• 7.4.6 - Configuring PAP on page 166
• 7.4.8 - Configuring CHAP on page 169

telindus1423Router/ip/router/pppSecretTable Default:<empty>
Range: table, see below
Use this attribute for the PPP authentication process. Enter the authentica-
tion name and secret of the remote router in this table.
For more information on PPP authentication, refer to …
• 7.4.6 - Configuring PAP on page 166
• 7.4.8 - Configuring CHAP on page 169
The pppSecretTable contains the following elements:

Element Description

name Use this element to set the PPP authentication name Default:<empty>
of the remote router. Range: 0 … 64 characters
If the remote router is a Telindus 1423 SHDSL Router, then the name element
should correspond with the remote Telindus 1423 SHDSL Router its sysName or
sessionName attribute. Refer to 7.4.10 - Use which name and secret attributes for
PPP authentication? on page 172.

secret Use this element to set the PPP authentication secret Default:<empty>
of the remote router. Range: 0 … 64 characters
If the remote router is a Telindus 1423 SHDSL Router, then the secret element
should correspond with the remote Telindus 1423 SHDSL Router its sysSecret or
sessionSecret attribute. Refer to 7.4.10 - Use which name and secret attributes for
PPP authentication? on page 172.
Telindus 1423 SHDSL Router Chapter 12 565
User manual Configuration attributes

telindus1423Router/ip/router/helperProtocols Default:<empty>
Range: table, see below
Use this attribute to define the TCP and UDP port numbers for which broad-
cast forwarding is required. Use this attribute if you specified helper IP addresses using the helpers ele-
ment in the ip structure of the LAN interface. Refer to 5.2.3 - Explaining the ip structure on page 63.
If the helperProtocols table is empty (default), then address substitution is applied for the following proto-
cols:

Protocol name TCP/UDP port number

Time Server 37

IEN-116 Host Name Server 42

Domain Name Server 53

TACACS database service 65

Boot Protocol (BootP) / DHCP server 68

NetBIOS Name Server 137

NetBIOS Datagram Server 138

Important remark

Specifying at least one value in the helperProtocols table clears the default helper list automatically. In that
case, if you want that for instance NetBios Datagram Server broadcast is forwarded, you have to specify
port number 138 again.

For BootP / DHCP broadcast packets, the Telindus 1423 SHDSL Router is also a BootP / DHCP Relay
Agent. If the protocol is selected, then the Telindus 1423 SHDSL Router will write the IP address of its
Ethernet interface in the BootP or DHCP gateway field and increment the hops field in addition to the
address substitution.
566 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/sendTtlExceeded Default:enabled
Range: enabled / disabled
Use this attribute to enable or disable the sending of ICMP “TTL exceeded“
messages.
The sendTtlExceeded attribute has the following values:

Value Description

enabled The Telindus 1423 SHDSL Router sends ICMP “TTL exceeded" messages.

disabled The Telindus 1423 SHDSL Router does not send ICMP “TTL exceeded” mes-
sages.
This also implies that the router is not recognised by the UNIX or Windows trace-
route feature.

What is Time To Live (TTL)?

Each IP packet has a Time To Live (TTL) value in its header. Each device that sends an IP packet sets
this parameter at some fixed or predefined value. When the packet enters a router, the router decre-
ments the TTL value. If a router finds a value 0 after decrementing the TTL, it discards the packet. This
because a value 0 means the packet has passed too many routers. Probably the packet is looping
between a number of routers. This mechanism avoids that routers with configuration errors bring down
a complete network.

The ICMP message “TTL exceeded”

If a router discards a packet because its TTL is exceeded, it normally sends an ICMP “TTL exceeded“
message to the originator of the packet. With the sendTtlExceeded attribute you can define whether you
want the Telindus 1423 SHDSL Router to send such ICMP messages or not.

It has been chosen to allow TTL exceeded messages in case of PPP. However, this has the effect that
TTL exceeded is also transmitted on some Ethernet broadcasts.
Telindus 1423 SHDSL Router Chapter 12 567
User manual Configuration attributes

telindus1423Router/ip/router/sendPortUnreachable Default:enabled
Range: enabled / disabled
Use this attribute to enable or disable the sending of ICMP “Destination
unreachable: Port unreachable“ messages.
The sendPortUnreachable attribute has the following values:

Value Description

enabled The Telindus 1423 SHDSL Router sends ICMP “port unreachable" messages.

disabled The Telindus 1423 SHDSL Router does not send ICMP “port unreachable” mes-
sages.
This also implies that the router is not recognised by the UNIX or Windows trace-
route feature.

The ICMP message “port unreachable”

The Telindus 1423 SHDSL Router supports a number of higher-layer IP protocols (Telnet, SNMP and
TMA) for management purposes. If an IP packet is sent to the Telindus 1423 SHDSL Router for a higher-
layer protocol that it does not support, it normally sends an ICMP “Destination unreachable: Port
unreachable“ message to the originator of the packet. With the sendPortUnreachable attribute you can
define whether you want the Telindus 1423 SHDSL Router to send such an ICMP message or not.

telindus1423Router/ip/router/sendAdminUnreachable Default:enabled
Range: enabled / disabled
Use this attribute to enable or disable the sending of ICMP "Destination
unreachable: Communication with destination is administratively prohibited” messages.
The sendAdminUnreachable attribute has the following values:

Value Description

enabled The Telindus 1423 SHDSL Router sends ICMP “communication prohibited“ mes-
sages.

disabled The Telindus 1423 SHDSL Router does not send ICMP “communication prohib-
ited“ messages.

The ICMP message “communication prohibited”

If the Telindus 1423 SHDSL Router receives an IP packet that is destined for a prohibited destination
(because this destination is defined in an access list), then it sends an ICMP "Destination unreachable:
Communication with destination is administratively prohibited” message to the originator of the packet.
With the sendAdminUnreachable attribute you can define whether you want the Telindus 1423 SHDSL
Router to send such an ICMP message or not.
568 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/dhcpStatic Default:<empty>
Range: table, see below
This attribute activates the DHCP server on the Telindus 1423 SHDSL
Router. Use this attribute to assign a fixed IP address to a client its MAC address and this for an infinite
time.
The dhcpStatic table contains the following elements:

Element Description

ipAddress Use this element to assign an IP address to a certain Default:0.0.0.0

client. This client is identified with its MAC address. Range: up to 255.255.255.255
If no IP address is specified, then there is no connection to the client. In that case,
all other attributes in the table are ignored for this client.

mask Use this element to set the client its subnet mask. Default:255.255.255.0
Range: up to 255.255.255.255

gateway Use this element to set the default gateway for the cli- Default:0.0.0.0
ent its subnet. Range: up to 255.255.255.255
If the interface element is left empty (default), then it is the gateway element that
determines on which interface the Telindus 1423 SHDSL Router will act as DHCP
server. Namely the interface through which the IP address as entered in the gate-
way element can be reached.
If no gateway is specified, then the Telindus 1423 SHDSL Router gives its own
address. This address lies in the subnet of the interface through which the Telindus
1423 SHDSL Router sends out the DHCP reply.

interface Use this element to specify the name of the interface Default:<empty>
on which you want the Telindus 1423 SHDSL Router Range: 0 … 36 characters
to act as DHCP server.

dnsSetting Use this element to determine which DNS servers are Default:learned
used for handling the DNS requests. Range: enumerated, see below
The dnsSetting element has the following values:
• configured. The Telindus 1423 SHDSL Router sends all DNS requests to the
DNS servers that have been configured in the attribute telindus1423Router/ip/router/
dns on page 575.
• learned. If DNS servers have been configured in the attribute telindus1423Router/ip/
router/dns, then all DNS requests are sent to these servers. However, if no DNS
servers have been configured, then the Telindus 1423 SHDSL Router tries to
learn the DNS servers from the network. During the time the Telindus 1423
SHDSL Router has not learned the DNS servers yet, DNS relay is active allow-
ing DNS between the clients that already have been given an IP address.
• relay. The Telindus 1423 SHDSL Router acts as a DNS server for its clients,
caching all DNS requests. It answers to DNS requests if possible. However, if
an entry is not present in its cache, then it relays this request to the DNS serv-
ers that have been configured in the attribute telindus1423Router/ip/router/dns.

nameServer Use this element to set the IP address of the name Default:0.0.0.0
server that is available to the client. Range: up to 255.255.255.255
Telindus 1423 SHDSL Router Chapter 12 569
User manual Configuration attributes

Element Description

nameServer2 Use this element to set the IP address of the second Default:0.0.0.0
name server that is available to the client. Range: up to 255.255.255.255

tftpServer Use this element to set the IP address of the TFTP Default:0.0.0.0
server that is available to the client. It is the next Range: up to 255.255.255.255
server to use in boottrap.

macAddress Use this element to enter the client its MAC address. Default:0.0.0.0.0.0
If no MAC address is specified, then there is no con- Range: up to ff.ff.ff.ff.ff.ff
nection to the client. Therefore, all other attributes in the table are ignored for this
client.

bootFile Use this element to set the location of the boot file. Default:<empty>
Range: 0 … 128 characters

hostName Use this element to set the name of the client. Default:<empty>
Range: 0 … 20 characters

domainName Use this element to set the name the client should use Default:<empty>
when resolving hostnames via the Domain Name Range: 0 … 20 characters
System (DNS).

netbiosNameServer Use this element to set the IP address of the NetBios Default:0.0.0.0
server. Range: up to 255.255.255.255

netbiosNameServer Use this element to set the IP address of the second Default:0.0.0.0
2 NetBios server. Range: up to 255.255.255.255

netbiosNodeType Use this element to configure the client as described Default:<opt>

in RFC 1001 / RFC 1002. Range: enumerated, see below
The netbiosNodeType element has the following values: no-node, B-node, P-node, M-
node, H-node.
570 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/dhcpDynamic Default:<empty>
Range: table, see below
This attribute activates the DHCP server on the Telindus 1423 SHDSL
Router. Use this attribute to specify the IP address range from which an IP address may be dynamically
assigned to a client its MAC address.
The dhcpDynamic table contains the following elements:

Element Description

ipStartAddress Use this element to define the start address of the IP Default:192.168.1.100
address range. It is from this range that an IP address Range: up to 255.255.255.255
will be dynamically assigned to a client.
If no IP start address is specified, all other attributes on the same line in the table
are ignored.

ipEndAddress Use this element to define the end address of the IP Default:192.168.1.254
address range. It is from this range that an IP address Range: up to 255.255.255.255
will be dynamically assigned to a client.
The IP address range will only contain the ipStartAddress in case …
• no ipEndAddress is specified,
• the specified ipEndAddress is the same as the ipStartAddress,
• the specified ipEndAddress is smaller than the ipStartAddress,
• the specified ipEndAddress belongs to another subnet than the ipStartAddress.

Do not include the Telindus 1423 SHDSL Router its own IP address in this
range!

mask Use this element to set the client its subnet mask for Default:255.255.255.0
the specified IP address range. Range: up to 255.255.255.255

gateway Use this element to set the default gateway for the cli- Default:0.0.0.0
ent its subnet. Range: up to 255.255.255.255
If the interface element is left empty (default), then it is the gateway element that
determines on which interface the Telindus 1423 SHDSL Router will act as DHCP
server. Namely the interface through which the IP address as entered in the gate-
way element can be reached.
If no gateway is specified, then the Telindus 1423 SHDSL Router gives its own
address. This address lies in the subnet of the interface through which the Telindus
1423 SHDSL Router sends out the DHCP reply.

interface Use this element to specify the name of the interface Default:<empty>
on which you want the Telindus 1423 SHDSL Router Range: 0 … 36 characters
to act as DHCP server.
Telindus 1423 SHDSL Router Chapter 12 571
User manual Configuration attributes

Element Description

dnsSetting Use this element to determine which DNS servers are Default:learned
used for handling the DNS requests. Range: enumerated, see below
The dnsSetting element has the following values:
• configured. The Telindus 1423 SHDSL Router sends all DNS requests to the
DNS servers that have been configured in the attribute telindus1423Router/ip/router/
dns on page 575.
• learned. If DNS servers have been configured in the attribute telindus1423Router/ip/
router/dns, then all DNS requests are sent to these servers. However, if no DNS
servers have been configured, then the Telindus 1423 SHDSL Router tries to
learn the DNS servers from the network. During the time the Telindus 1423
SHDSL Router has not learned the DNS servers yet, DNS relay is active allow-
ing DNS between the clients that already have been given an IP address.
• relay. The Telindus 1423 SHDSL Router acts as a DNS server for its clients,
caching all DNS requests. It answers to DNS requests if possible. However, if
an entry is not present in its cache, then it relays this request to the DNS serv-
ers that have been configured in the attribute telindus1423Router/ip/router/dns.

nameServer Use this element to set the IP address of the name Default:0.0.0.0
server that is available to the client. Range: up to 255.255.255.255

nameServer2 Use this element to set the IP address of the second Default:0.0.0.0
name server that is available to the client. Range: up to 255.255.255.255

tftpServer Use this element to set the IP address of the TFTP Default:0.0.0.0
server that is available to the client. It is the next Range: up to 255.255.255.255
server to use in boottrap.

leaseTime Use this element to set the maximum time a client can Default:00000d 00h 00m 00s
lease an IP address from the specified IP address Range: 00000d 00h 00m 00s -
range. 24855d 03h 14m 07s

If 00000d 00h 00m 00s (default) is specified, then the lease time is infinite.

holdTime Use this element to set the time between two consec- Default:00000d 00h 00m 00s
utive leases of an IP address. I.e. if a client has just let Range: 00000d 00h 00m 00s -
go of its dynamically assigned IP address, then this 24855d 03h 14m 07s
same IP address can not be reassigned before the
holdTime has elapsed.

bootFile Use this element to set the location of the boot file. Default:<empty>
Range: 0 … 128 characters

hostName Use this element to set the name of the client. Default:<empty>
Because the DHCP server can not give the same Range: 0 … 20 characters
name to all clients of this IP address range, a number is added to the hostname
from the second IP address onwards. The number goes up to 99.

Example

Suppose the hostname is Telindus. In that case the name for the start IP address is
Telindus, for the second IP address Telindus1, and so on.
572 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

domainName Use this element to set the name the client should use Default:<empty>
when resolving hostnames via the Domain Name Range: 0 … 20 characters
System (DNS).

netbiosNameServer Use this element to set the IP address of the NetBios Default:0.0.0.0
server. Range: up to 255.255.255.255

netbiosNameServer Use this element to set the IP address of the second Default:0.0.0.0
2 NetBios server. Range: up to 255.255.255.255

netbiosNodeType Use this element to configure the client as described Default:<opt>

in RFC 1001 / RFC 1002. Range: enumerated, see below
The netbiosNodeType element has the following values: no-node, B-node, P-node, M-
node, H-node.

telindus1423Router/ip/router/dhcpCheckAddress Default:disabled
Range: enumerated, see below
Use this attribute to allow that the IP address assigned by the DHCP server
is probed with an ARP request (Ethernet) or ICMP Echo Request (IP). This checks and prevents the dou-
ble use of IP addresses.
The dhcpCheckAddress attribute has the following values:

Value Description

disabled No probing is done when an IP address is leased by a client.

enabled Probing is done when an IP address is leased by a client. In case of …

• Ethernet, the probing is done with an ARP request.
• IP, the probing is done with an ICMP Echo Request (ping).
If a reply is received, it means the IP address is already in use. Therefore, another
IP address is assigned.

arpOnly Probing is done when an IP address is leased by a client. However, the probing is
only done by means of an ARP request (Ethernet).
Telindus 1423 SHDSL Router Chapter 12 573
User manual Configuration attributes

telindus1423Router/ip/router/radius Default:-
Range: structure, see below
Use this attribute to configure the Telindus 1423 SHDSL Router for
RADIUS. Also see 10.7 - Configuring RADIUS on page 355.
To enable the use of RADIUS in PPP, PAP or CHAP should be enabled on the Telindus 1423 SHDSL
Router. The local configuration of the username and password is ignored if a table of RADIUS servers
exist. Furthermore, remote IP address and remote netmask are ignored if a RADIUS server imposes
these attributes.
The radius structure contains the following elements:

Element Description

authServers Use this element to select an authentication server. Default:<empty>

You can create a list of several authentication servers. Range: table, see below
The authServers table contains the following elements:
• address. Use this element to specify the IP address Default:0.0.0.0
of the authentication server. Range: up to 255.255.255.255
• secret. Use this element to set the shared secret to Default:<empty>
authenticate the transaction with the authentica- Range: 0 … 64 characters
tion server.
• timeOut. Use this element to specify the authentica- Default:00000d 00h 00m 05s
tion time-out. Range: 00000d 00h 00m 01s -
00000d 00h 00m 10s

acctServer Use this element to select an accounting server. You Default:-

can only select one accounting server. Range: structure, see below
The acctServer structure contains the following elements:
• address. Use this element to specify the IP address Default:0.0.0.0
of the accounting server. Range: up to 255.255.255.255
• secret. Use this element to set the shared secret to Default:<empty>
authenticate the transaction with the accounting Range: 0 … 64 characters
server.
• timeOut. Use this element to specify the accounting Default:00000d 00h 00m 05s
time-out. Range: 00000d 00h 00m 01s -
00000d 00h 00m 10s

retries Use this element to specify the number of retries Default:1

before selecting the next authentication server in the Range: 0 … 10
authServers table.

acctUpdate Use this element to specify the time at which an Default:00000d 00h 00m 00s
update of the accounting data should be send to the Range: 00000d 00h 00m 00s -
server. 00000d 00h 01m 00s

Set this element to 0 (default) if no update is required. Note that this is not always
supported by the accounting server.
574 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

login Use this element to set the authentication of access to Default:disabled

the Telindus 1423 SHDSL Router using Telnet, FTP, Range: enumerated, see below
TFTP or TMA. No accounting data is sent to the
server.
The login element has the following values:
• disabled. No RADIUS login authentication is done.
• enabled. Login authentication is always done using a RADIUS server.
The username and password have to be entered as follows: "username:pass-
word". If the ‘:’ is omitted, then the string is considered to be a password.
Multiple passwords can be added using the same username. Access rights are
sent using the RADIUS attribute CLASS (25) encoded as a string carrying a
binary value. The bit definitions are:
- readAccess = 00000001B
- writeAccess = 00000010B
- securityAccess = 00000100B
- countryAccess = 00001000B (only used on aster4/5)
- fileAccess = 00010000B
Caution should be taken since all access to the device has to be authenticated
by a RADIUS server.
• fallback. Login authentication is done using a RADIUS server. However, if the
server is not available, then authentication is done using the local security table
of the device.

ppp Use this element to set the authentication of a PPP Default:enabled

connection that uses PAP or CHAP. Range: enumerated, see below
The ppp element has the following values:
• disabled. PPP authentication is done using the local sysName/sysSecret or session-
Name/sessionSecret of the device.
• enabled. PPP authentication is always done using a RADIUS server.
Telindus 1423 SHDSL Router Chapter 12 575
User manual Configuration attributes

telindus1423Router/ip/router/dns Default:-
Range: structure, see below
Use this attribute to enter the DNS server addresses. Also see What is
DNS? on page 940.
The dns structure contains the following elements:

Element Description

primaryDns Use this element to specify the IP address of the pri- Default:0.0.0.0
mary DNS server. Range: up to 255.255.255.255

secondaryDns Use this element to specify the IP address of the sec- Default:0.0.0.0
ondary DNS server. Range: up to 255.255.255.255

domainName Use this element to enter the domain name to which Default:<empty>
the Telindus 1423 SHDSL Router belongs. Range: 0 … 32 characters

What is DNS?

The Domain Name Service (DNS) is an Internet service that translates domain names into IP addresses.
Because domain names are alphabetic, they are easier to remember. The Internet however, is really
based on IP addresses. Therefore, every time you use a domain name, a DNS service must translate
the name into the corresponding IP address. For example, the domain name www.mywebsite.com might
translate to 198.105.232.4.
The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular
domain name, it asks another one, and so on, until the correct IP address is returned.

What is DNS proxy?

The Telindus 1423 SHDSL Router is a DNS proxy. This means that if the Telindus 1423 SHDSL Router
has not received a DNS address (as DHCP client), then it gives its own address in DHCP requests (as
DHCP server). The Telindus 1423 SHDSL Router relays DNS requests it receives to configured or
learned DNS servers.
576 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/addrPools Default:<empty>
Range: table, see below
This attribute is only present on the Telindus 1423 SHDSL Router ISDN ver-
sion.
Use this attribute to create a list or an interval of IP addresses from which the Telindus 1423 SHDSL
Router can pick IP addresses and use them on a PPP link6.
The addrPool table contains the following elements:

Element Description

name Use this element to assign a name to the IP pool. Default:<empty>

Range: 0 … 24 characters

pool Use this element to select between an IP pool type Default:<empty>

and to add IP addresses to the pool. Range: choice, see below
You can select between the following IP pool types:
• an IP list pool. Refer to telindus1423Router/ip/router/addrPools/pool/list on page 577.
• an IP interval pool. Refer to telindus1423Router/ip/router/addrPool/pool/interval on
page 580.

6. The ip structure in the forwardingMode profile applies on the PPP link(s) that you can set up on
the ISDN interface(s).
Telindus 1423 SHDSL Router Chapter 12 577
User manual Configuration attributes

telindus1423Router/ip/router/addrPools/pool/list Default:<empty>
Range: table, see below
Use this element to create one or more lists of IP addresses from which the
Telindus 1423 SHDSL Router can pick IP addresses and use them as local and remote IP address for
a PPP link. Use the addrPool element in the ip structure to determine from which IP list pool the Telindus
1423 SHDSL Router has to pick IP addresses. Refer to 5.2.3 - Explaining the ip structure on page 63 for
more information.
The list table contains the following elements:

Element Description

name Use this element to assign a name to the IP list pool. Default:<empty>
Range: 0 … 24 characters

pool Use this element to create a list of IP addresses from Default:<empty>

which the Telindus 1423 SHDSL Router can pick one. Range: table, see below
The pool table contains the following elements:
• local. Use this element to set the local IP address. Default:0.0.0.0
Range: up to 255.255.255.255
• remote. Use this element to set the remote IP Default:0.0.0.0
address. Range: up to 255.255.255.255
• netmask. Use this element to set the subnet mask. Default:0.0.0.0
Range: up to 255.255.255.255

Important remark

Note again that an IP list pool is for both local and remote IP addresses.
578 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Example

Suppose …
• you want to create two IP list pools: myList1 and myList2.
• you want that the Telindus 1423 SHDSL Router picks local and remote IP addresses from myList2.

Configure this as follows:

Step Action

1 Create two entries in the router/addrPools table and specify a name for each entry.

2 In the pool element select the value list.

3 Expand the pool element by clicking on the black triangle of the pool element.

4 Double-click on the <Table> string situated in the pool/list column.

Telindus 1423 SHDSL Router Chapter 12 579
User manual Configuration attributes

Step Action

5 Create entries in the pool/list tables and enter a local IP address, remote IP address and
a netmask for each entry.

6 In the addrPool element of the ip structure, select the value “list” and enter the name of the
IP list pool from which you want to pick IP addresses. In our example, this is myList2.
580 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/addrPool/pool/interval Default:<empty>
Range: structure, see below
Use this element to create one or more ranges of IP addresses from which
the Telindus 1423 SHDSL Router can pick IP addresses and use them as remote IP address for a PPP
link. Use the addrPool element in the ip structure to determine from which IP interval pool the Telindus
1423 SHDSL Router has to pick IP addresses. Refer to 5.2.3 - Explaining the ip structure on page 63 for
more information.
The interval structure contains the following elements:

Element Description

name Use this element to assign a name to the IP interval Default:<empty>

pool. Range: 0 … 24 characters

from Use these elements to create a range of IP addresses Default:0.0.0.0

to from which the Telindus 1423 SHDSL Router can pick Range: up to 255.255.255.255
one.

Important remark

Note again that an IP interval pool is for remote IP addresses only.

Telindus 1423 SHDSL Router Chapter 12 581
User manual Configuration attributes

Example

Suppose …
• you want to create two IP interval pools: myInterval1 and myInterval2.
• you want that the Telindus 1423 SHDSL Router picks a remote IP addresses from myInterval2.

Configure this as follows:

Step Action

1 Create two entries in the router/addrPools table and specify a name for each entry.

2 In the pool element select the value interval.

3 Expand the pool element by clicking on the black triangle of the pool element.

4 Double-click on the <Struct> string situated in the pool/interval column.

582 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Step Action

5 Configure the pool/interval structures. I.e. create an IP address range using the elements
from and to.

6 In the addrPool element of the ip structure, select the value “interval” and enter the name of
the IP interval pool from which you want to pick IP addresses. In our example, this is
myInterval2.

telindus1423Router/ip/router/<alarmConfigurationAttributes>

For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 15.2
- Introducing the alarm attributes on page 919.
• the alarms of the router object, refer to 15.13 - Router alarms on page 935.
Telindus 1423 SHDSL Router Chapter 12 583
User manual Configuration attributes

12.12.2 NAT configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/ip/router/defaultNat/patAddress on page 584
• telindus1423Router/ip/router/defaultNat/portTranslations on page 584
• telindus1423Router/ip/router/defaultNat/servicesAvailable on page 585
• telindus1423Router/ip/router/defaultNat/addresses on page 585
• telindus1423Router/ip/router/defaultNat/gateway on page 586
• telindus1423Router/ip/router/defaultNat/tcpSocketTimeOut on page 586
• telindus1423Router/ip/router/defaultNat/udpSocketTimeOut on page 586
• telindus1423Router/ip/router/defaultNat/tcpSockets on page 586
• telindus1423Router/ip/router/defaultNat/udpSockets on page 586
• telindus1423Router/ip/router/defaultNat/dmzHost on page 586
584 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/defaultNat/patAddress Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to enter the official IP address that has to be used for the
Port Address Translation. Entering an address different from the default value 0.0.0.0 automatically ena-
bles PAT.
Refer to 8.7 - Configuring address translation on page 219 for more information on PAT.

telindus1423Router/ip/router/defaultNat/portTranslations Default:<empty>
Range: table, see below
Use this attribute to define specific port number ranges that should not be
translated.
Some TCP or UDP applications do not allow port translations: these applications require a dedicated
source port number. In the portTranslations table you can define UDP and TCP port ranges that should not
be translated. If a packet with a source port number in such a range is received, PAT replaces only the
source IP address provided it is the first device using this port number. When other devices using the
same application (hence the same port number) try to send traffic to the same Internet destination
address, PAT discards this traffic.
It is also possible to define port ranges that PAT should always discard. The port translation range PAT
uses goes from 60928 up to 65535.
The portTranslations table contains the following elements:

Element Description

protocol Use this element to select the protocol: tcp or udp. Default:tcp
Range: tcp / udp

startPort Use this element to set the lowest value of the TCP or Default:0
UDP port range. Range: 0 … 65535

endPort Use this element to set the highest value of the TCP Default:<opt>
or UDP port range. Range: 0 … 65535
If no endPort value is defined (<opt>), then the port range is limited to the startPort
value only.

action Use this element to set the action in case a packet is Default:noTranslation
received with a source port number that falls within Range: enumerated, see below
the specified port range.
The action element has the following values:
• noTranslation. The port numbers that fall within the specified port range are not
translated.
• deny. Packets with port numbers that fall within the specified port range are dis-
carded.
Telindus 1423 SHDSL Router Chapter 12 585
User manual Configuration attributes

telindus1423Router/ip/router/defaultNat/servicesAvailable Default:<empty>
Range: table, see below
Use this attribute to define specific port number ranges for incoming Internet
traffic that should not be translated. Instead it is sent to the corresponding private IP address.
The servicesAvailable table makes it possible to have a server on the local network that can be accessed
from the Internet, although it has no official IP address.
The servicesAvailable table contains the following elements:

Element Description

protocol Use this element to select the protocol: tcp or udp. Default:tcp
Range: tcp / udp

startPort Use this element to set the lowest value of the TCP or Default:0
UDP port range. Range: 0 … 65535

endPort Use this element to set the highest value of the TCP Default:<opt>
or UDP port range. Range: 0 … 65535
If no endPort value is defined (<opt>), then the port range is limited to the startPort
value only.

serverAddress Use this element to set the private server address. Default:0.0.0.0
If a packet is received with a source port number that Range: up to 255.255.255.255
falls within the specified port range, then it is sent to the private server address.

telindus1423Router/ip/router/defaultNat/addresses Default:<empty>
Range: table, see below
Use this attribute to enter all the official IP addresses that have to be used
for Network Address Translation. Entering an address in the addresses table automatically enables the
general NAT process. Now you can activate or deactivate NAT per IP interface. Note that by default NAT
is deactivated on all IP interfaces.
Refer to 8.7 - Configuring address translation on page 219 for more information on NAT.
The addresses table contains the following elements:

Element Description

officialAddress Use this element to set the official IP address. Default:0.0.0.0

These addresses are used in the reverse order as Range: up to 255.255.255.255
they appear in the list.

privateAddress Use this element to set the private IP address, i.e. to Default:<opt>
permanently assign an official IP address to a private Range: up to 255.255.255.255
address.
If you do not specify a private IP address, then NAT is applied dynamically. I.e. the
official IP address is used for any private source IP address.
586 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/defaultNat/gateway Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to define the gateway addresses of routes on which NAT
or PAT should be applied. If you do not configure the gateway attribute, then NAT or PAT is applied on all
routes through this interface.

telindus1423Router/ip/router/defaultNat/tcpSocketTimeOut Default:00001d 00h 00m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to define the time-out for TCP sessions that are not closed 24855d 03h 14m 07s
by the application.
Such sessions, whether PAT or NAT is in use, remain active for one day by default. Only decrease this
attribute if some TCP applications do not close properly, filling up the available translation sessions.

telindus1423Router/ip/router/defaultNat/udpSocketTimeOut Default:00000d 00h 03m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to define the time-out for UDP sessions that are not closed 24855d 03h 14m 07s
by the application.
Such sessions, whether PAT or NAT is in use, remain active for 3 minutes by default. Only decrease this
attribute if some UDP applications do not close properly, filling up the available translation sessions.

telindus1423Router/ip/router/defaultNat/tcpSockets Default:1024
Range: 500 … 4500
Use this attribute to set the maximum number of TCP session that may be
used simultaneously for address translation.

telindus1423Router/ip/router/defaultNat/udpSockets Default:1024
Range: 500 … 4500
Use this attribute to set the maximum number of UDP session that may be
used simultaneously for address translation.

telindus1423Router/ip/router/defaultNat/dmzHost Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to set the address of the DMZ (demilitarised zone) host.

What is a DMZ?

In computer networks, a DMZ (demilitarised zone) is a computer host or small network inserted as a
"neutral zone" between a company's private network and the outside public network. It prevents outside
users from getting direct access to a server that has company data. A DMZ is an optional and more
secure approach to a firewall and effectively acts as a proxy server as well.
In a typical DMZ configuration for a small company, a separate computer receives requests from users
within the private network for access to Web sites or other companies accessible on the public network.
The DMZ host then initiates sessions for these requests on the public network. However, the DMZ host
is not able to initiate a session back into the private network. It can only forward packets that have
already been requested.
Users of the public network outside the company can access only the DMZ host. The DMZ may typically
also have the company's Web pages so these could be served to the outside world. However, the DMZ
provides access to no other company data. In the event that an outside user penetrated the DMZ host's
security, the Web pages might be corrupted but no other company information would be exposed.
Telindus 1423 SHDSL Router Chapter 12 587
User manual Configuration attributes

12.12.3 L2TP tunnel configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/ip/router/tunnels/l2tpTunnels on page 588
• telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels on page 593
588 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/tunnels/l2tpTunnels Default:<empty>
Range: table, see below
Use this attribute to configure the Layer 2 Tunnelling Protocol tunnels you
want to set up. Add a row to the l2tpTunnels table for each L2TP tunnel you want to set up.
The l2tpTunnels table contains the following elements:

Element Description

name Use this element to assign an administrative name to Default:<empty>

the tunnel. Range: 0 … 24 characters

adminStatus Use this element to activate (up) or deactivate the tun- Default:down
nel (down). Range: up / down

mode Use this element to determine whether for the corre- Default:routing
sponding tunnel, IP packets are treated by the routing Range: enumerated, see below
process, the bridging process or both.
The mode element has the following values:
• bridging. All packets received on the tunnel are bridged.
• routing. All packets received on the tunnel are routed.
• routingAndBridging. The SNAP header is checked to determine whether the pack-
ets have to be bridged or routed.

ip Use this element to configure the IP related parame- Default:-

ters of the tunnel. Range: structure, see below
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configur-
ing IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip
structure.

bridging Use this element to configure the bridging related Default:-

parameters of the tunnel. Range: structure, see below
When bridging is enabled on a tunnel interface, the tunnel acts exactly as a bridge
port for a physical PPP connection.
Refer to …
• 9 - Configuring bridging on page 263 for more information on bridging.
• 9.2.6 - Explaining the bridging structure on page 281 for a detailed description of
the bridging structure.

l2tp Use this element to configure the L2TP related Default:-

parameters of the tunnel. Range: structure, see below
Refer to telindus1423Router/ip/router/tunnels/l2tpTunnels/l2tp on page 589 for a detailed
description of the l2tp structure.

backup Use this element to configure the back-up related Default:-

parameters of the tunnel. Range: structure, see below
Refer to telindus1423Router/ip/router/tunnels/l2tpTunnels/backup on page 592 for a detailed
description of the backup structure.
Telindus 1423 SHDSL Router Chapter 12 589
User manual Configuration attributes

telindus1423Router/ip/router/tunnels/l2tpTunnels/l2tp Default:-
Range: structure, see below
Use the l2tp structure in the l2tpTunnels table to configure the L2TP related
parameters of the tunnel.
The l2tp structure contains the following elements:

Element Description

localIpAddress Use this element to set the official IP address that Default:<opt>
serves as start point of the L2TP connection. Range: up to 255.255.255.255

remoteIpAddress Use this element to set the official IP address that Default:<opt>
serves as end point of the L2TP connection. Range: up to 255.255.255.255
Both localIpAddress and remoteIpAddress together with the well-known port number for
L2TP (i.e. 1701), make up the socket used for the L2TP session. At the moment,
only one L2TP session can exist between one localIpAddress and remoteIpAddress
combination.

remoteDnsName Instead of specifying a remoteIpAddress, you can specify Default:<empty>

the DNS name of the end point of the L2TP connec- Range: 0 … 64 characters
tion. In that case, the DNS name will be resolved to an
IP address.
Note that in this case, DNS has to be configured on the Telindus 1423 SHDSL
Router. Refer to telindus1423Router/ip/router/dns on page 575.

pppAuthentication Use this element to enable or disable authentication Default:disabled

on the PPP link in the tunnel. Range: enumerated, see below
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/authentication on page 491 for
more information.

pppSesionName Use this element to set the PPP authentication name Default:<empty>
of the PPP link in the tunnel. Range: 0 … 64 characters

pppSesionSecret Use this element to set the PPP authentication secret Default:<empty>
of the PPP link in the tunnel. Range: 0 … 64 characters

linkMonitoring Use this element to enable or disable link monitoring Default:-

on the PPP link in the tunnel and to fine-tune it. Range: structure, see below
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/linkMonitoring on page 490 for
more information.
590 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

type Use this element to specify the tunnel type. Default:outgoingDial

The type element has the following values: Range: enumerated, see below

• outgoingDial. The outgoing tunnel is not continuously open. It is opened when-

ever data has to be sent through the tunnel, and closed when no data is
detected for a certain time.
• outgoingLeasedLine. The outgoing tunnel is opened as soon as the Telindus 1423
SHDSL Router is up, and it stays open.
• incoming. The tunnel is an incoming tunnel.

Important remark

Make sure that if the type element is set to outgoingDial or outgoingLeasedLine at

one end of the tunnel, that at the other end of the tunnel the type element is set to
incoming.

dataChannelSe- Use this element to enable (on) or disable (off) Default:off

quenceNumbering sequence numbering on the data messages. These Range: on / off
sequence numbers are used to detect lost packets
and/or restore the original sequence of packets that may have been reordered dur-
ing transport.
On control messages, sequence numbering is always enabled.
It is recommended that for connections where reordering or packet loss may occur,
dataChannelSequenceNumbering is enabled.

keepAliveTimeOut Use this element to set the amount of time (in sec- Default:30
onds) the tunnel waits before it sends a keep alive Range: 1 … 3600
message in case it receives no data.
If the tunnel does not receive incoming data during a certain time, it sends a keep
alive message to the other side and waits for an acknowledgement.

noTrafficTimeOut This element applies on dial tunnels only (i.e. for Default:120
which the type element is set to outgoingDial). Range: 1 … 3600
Use this element to set the amount of time (in seconds) the tunnel waits before it
closes in case it receives no data.

l2tpMode Use this element to set the L2TP function of the Telindus 1423 SHDSL Router.
The l2tpMode element has the following values:
• lac. The Telindus 1423 SHDSL Router acts as an L2TP Access Concentrator.
• lns. The Telindus 1423 SHDSL Router acts as an L2TP Network Server.
• auto. If both local and remote Telindus 1423 SHDSL Router are set to auto, they
mutually decide who will be the LAC and who the LNS.

Important remark

Only select auto if you use a Telindus router at both sides of the tunnel. In
conjunction with routers from other vendors (e.g. Cisco), specifically select an
L2TP mode (lac or lns).
Telindus 1423 SHDSL Router Chapter 12 591
User manual Configuration attributes

Element Description

tunnelAuthentication Use this element to enable (on) or disable (off) tunnel Default:off
authentication. Range: on / off
L2TP incorporates a simple, optional, CHAP-like tunnel authentication system dur-
ing control connection establishment.
If the LAC or LNS wishes to authenticate the identity of the peer it is contacting or
being contacted by, it sends a challenge packet. If the expected response and
response received from a peer does not match, the tunnel is not opened.
To participate in tunnel authentication, a single shared secret has to exist between
the LAC and LNS.

tunnelSecret Use this element to set the tunnel secret. This secret Default:<empty>
is used in the tunnel authentication in order to verify Range: 0 … 64 characters
the peer its response.

copyTos Use this element to enable (on) or disable (off) the cop- Default:on
ying of the TOS byte value from the payload its IP Range: on / off
header to the L2TP header.

maxNrOfRetrans- Use this element to set the number of times a control Default:4
missions message has to be retransmitted in case no acknowl- Range: 0 … 10
edgement follows, before the tunnel is closed.

transmitWindowSize Use this element to set the window size for transmit- Default:4
ting control messages. Range: 1 … 30

receiveWindowSize Use this element to set the window size for receiving Default:4
control messages. Range: 1 … 30

udpChecksum Use this element to enable (on) or disable (off) the Default:off
UDP checksum. Range: on / off
It is recommended to enable the UDP checksum on lower quality links.

calledNr Use this element to set the called number. This ele- Default:<empty>
ment is present for compatibility with other vendors Range: 0 … 48 characters
that support this feature. If you set up a tunnel
between two Telindus devices, then you can leave this element empty.
The called number is an indication to the receiver of a call as to what (telephone)
number the caller used to reach it. It encodes the (telephone) number to be called
for an outgoing call request (OCRQ) and the called number for an incoming call
request (ICRQ).
The called number is an ASCII string. Contact between the administrator of the
LAC and the LNS may be necessary to coordinate interpretation of the value
needed in this element.

speed Use this element to make an indication of the Default:64000

expected speed for the tunnel in case of MLPPP. Range: 0 … 2147483647
In case you use MLPPP, the Bandwidth Allocation Protocol adds or deletes PPP
links from the bundle depending on the actual amount of traffic. However, some-
how you have to be able to specify the normally required speed. Do this using the
speed element.
592 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/tunnels/l2tpTunnels/backup Default:-
Range: structure, see below
Use the backup structure in the l2tpTunnels table to configure the back-up
related parameters of the tunnel.
In a main/back-up tunnel mechanism, configuring the backup element allows you to quickly set up a back-
up tunnel as soon as the main tunnel goes down, instead of waiting on several time-outs before the back-
up tunnel is set up. Refer to 10.5.4 - Setting up a main and back-up tunnel on page 331.
The backup structure contains the following elements:

Element Description

interface Use this element to enter the name of the tunnel that Default:<empty>
will act as back-up in a main/back-up mechanism. Range: 0 … 24 characters
Alternatively, if the string "discard" is entered as a backup interface, then the
backup functionality is executed for the main tunnel even if no backup tunnel is
present. So the main tunnel is reset and the route to the main tunnel is closed (so
the route status goes “down” instead of “spoofing”). In that case, if an alternative
route is present, then this route will be taken.

timeOut Use this element to set the set-up time-out in sec- Default:30
onds. If the tunnel is not set up within the specified Range: 1 … 3600
time-out, then the back-up tunnel is set up.

autoRetry This element is only relevant in case the type element Default:no
of the tunnel is set to outgoingLeasedLine. Range: yes / no
Use this element to determine, if a leased line tunnel does not come up, whether
it has to keep trying to come up (yes) or quit after one try (no).
Telindus 1423 SHDSL Router Chapter 12 593
User manual Configuration attributes

telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels Default:<empty>
Range: table, see below
Use this attribute to configure the IP secured Layer 2 Tunnelling Protocol
tunnels you want to set up. Add a row to the IpsecL2tpTunnels table for each IPSEC L2TP tunnel you want
to set up.
The elements of the ipsecL2tpTunnel are basically the same as the elements of the l2tpTunnel (refer to
telindus1423Router/ip/router/tunnels/l2tpTunnels on page 588). The only difference is the presence of the ipsec ele-
ment within the l2tp structure. Refer to telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels/l2tp/ipsec on page 593
for more information on the ipsec element.

telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels/l2tp/ipsec Default:-
Range: choice, see below
Use this element to apply a security association on the IPSEC L2TP tunnel.
Do this by typing the index name of the security association you want to use. You can create the security
association itself by adding a manualSA or ikeSA object and by configuring the attributes in this object.
Refer to 10.6 - Configuring IP security on page 334 for more information on IP security.
The ipsec element offers you the following choice:

Choice Description

fdxManualSA Select this value if you want to apply a manual secu- Default:<empty>
rity association on both the inbound and outbound Range: 0 … 24 characters
traffic of the IPSEC L2TP tunnel.
If you select this value, then a field appears behind the value. Type the manualSA
object its index name in this field.

Example

If you created a manualSA object with index name my_SA

(i.e. manualSA[my_SA]) and you want to apply this security
association on an IPSEC L2TP tunnel, then enter the
index name as value of the ipsec element.
594 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Choice Description

hdxManualSA Select this value if you want to apply a manual secu- Default:-
rity association on the inbound traffic and another Range: structure, see below
manual security association on the outbound traffic of
the IPSEC L2TP tunnel.
If you select this value, then a structure appears behind the value. This structure
contains the following elements:
• inbound. To apply a security association on the Default:<empty>
inbound traffic, type the manualSA object its index Range: 0 … 24 characters
name in this field.
• outbound. To apply a security association on the Default:<empty>
outbound traffic, type the manualSA object its index Range: 0 … 24 characters
name in this field.

Example

If you created a manualSA object with index name my_SA_in (i.e. manualSA[my_SA_in])
and one with index name my_SA_out (i.e. manualSA[my_SA_out]) and you want to apply
the first on the inbound and the latter on the outbound traffic, then enter the index
names of the manualSA objects as follows:

ikePresharedSA Select this value if you want to apply an IKE pre- Default:-
shared key security association on both the inbound Range: structure, see below
and outbound traffic of the IPSEC L2TP tunnel.
If you select this value, then a structure appears behind the value. Refer to
telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels/l2tp/ipsec/ikePresharedSA on page 595 for
a detailed description of the ikePresharedSA structure.

ikeCertificateSA Select this value if you want to apply an IKE certificate Default:-
security association on both the inbound and out- Range: structure, see below
bound traffic of the IPSEC L2TP tunnel.
If you select this value, then a structure appears behind the value. Refer to
telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels/l2tp/ipsec/ikeCertificateSA on page 596 for
a detailed description of the ikeCertificateSA structure.
Telindus 1423 SHDSL Router Chapter 12 595
User manual Configuration attributes

telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels/l2tp/ipsec/ikePresharedSA Default:-
Range: structure, see below
Use the ikePresharedSA structure in the ipsec structure to apply an IKE pre-
shared key security association on both the inbound and outbound traffic of the IPSEC L2TP tunnel.
The ikePresharedSA structure contains the following elements:

Element Description

ikeSA Use this element to apply a certain IKE preshared key Default:<empty>
security association on the IPSEC L2TP tunnel. Range: 0 … 24 characters
Do this by typing the ikeSA object its index name in this field.

Example

If you created an ikeSA object with index name mySA (i.e. ikeSA[mySA])
and you want to apply this security association on an IPSEC L2TP tun-
nel, then enter the index name as value of the ikeSA element.

localId Use this element to set the local identifier for use in Default:<ipAddress> 0.0.0.0
IKE phase 1 negotiation. Range: choice, see below
The localId element has the following values:
• ipAddress. Set the IP address that will be used as local ID. If you leave the ipAd-
dress element at its default value (0.0.0.0), then the local IP address of the L2TP
tunnel is used as local ID.
• hostname. Set the hostname that will be used as local ID. The hostname has to
be of the form “host.domain.com”.
• user. Set the username that will be used as local ID. The username has to be of
the form “[email protected]”.

remoteId Use this element to set the remote identifier for use in Default:<ipAddress> 0.0.0.0
IKE phase 1 negotiation. Range: choice, see below
The remoteId element has the following values:
• ipAddress. Sets the IP address that will be used as remote ID. If you leave the
ipAddress element at its default value (0.0.0.0), then the remote IP address of the
L2TP tunnel is used as remote ID.
• hostname. Sets the hostname that will be used as remote ID. The hostname has
to be of the form “host.domain.com”.
• user. Sets the username that will be used as remote ID. The username has to
be of the form “[email protected]”.

preSharedKey Use this element to set the pre-shared key string. Default:presharedkey
This key string in combination with the selected IKE Range: 12 … 49 characters
DH group is used to calculate the key during the key exchange in phase 1 of the
IKE negotiation. Refer to diffieHelmanGroup on page 604.
596 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels/l2tp/ipsec/ikeCertificateSA Default:-
Range: structure, see below
Use the ikeCertificateSA structure in the ipsec structure to apply an IKE certifi-
cate security association on both the inbound and outbound traffic of the IPSEC L2TP tunnel.
The ikeCertificateSA structure contains the following elements:

Element Description

ikeSA Use this element to apply a certain IKE certificate Default:<empty>

security association on the IPSEC L2TP tunnel. Range: 0 … 24 characters
Do this by typing the ikeSA object its index name in this field.

Example

If you created an ikeSA object with index name mySA (i.e. ikeSA[mySA])
and you want to apply this security association on an IPSEC L2TP tun-
nel, then enter the index name as value of the ikeSA element.

localId Use this element to set the local identifier for use in Default:<ipAddress> 0.0.0.0
IKE phase 1 negotiation. Range: choice, see below
The localId element has the following values:
• ipAddress. Set the IP address that will be used as local ID. If you leave the ipAd-
dress element at its default value (0.0.0.0), then the local IP address of the L2TP
tunnel is used as local ID.
• hostname. Set the hostname that will be used as local ID. The hostname has to
be of the form “host.domain.com”.
• user. Set the username that will be used as local ID. The username has to be of
the form “[email protected]”.

The localId element has to be the same as the IP address / hostname / username
in the certificate of the local device.

remoteId Use this element to set the remote identifier for use in Default:<ipAddress> 0.0.0.0
IKE phase 1 negotiation. Range: choice, see below
The remoteId element has the following values:
• ipAddress. Sets the IP address that will be used as remote ID. If you leave the
ipAddress element at its default value (0.0.0.0), then the remote IP address of the
L2TP tunnel is used as remote ID.
• hostname. Sets the hostname that will be used as remote ID. The hostname has
to be of the form “host.domain.com”.
• user. Sets the username that will be used as remote ID. The username has to
be of the form “[email protected]”.

The remoteId element has to be the same as the IP address / hostname / username
in the certificate of the remote device.
Telindus 1423 SHDSL Router Chapter 12 597
User manual Configuration attributes

12.12.4 Manual SA configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/ip/router/manualSA[ ]/espEncryptionAlgorithm on page 598
• telindus1423Router/ip/router/manualSA[ ]/espEncryptionKey on page 599
• telindus1423Router/ip/router/manualSA[ ]/espAuthenticationAlgorithm on page 600
• telindus1423Router/ip/router/manualSA[ ]/espAuthenticationKey on page 600
• telindus1423Router/ip/router/manualSA[ ]/spi on page 600

This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 50.
598 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/manualSA[ ]/espEncryptionAlgorithm Default:des

Range: enumerated, see below
Use this attribute to select the algorithm that will be used to encrypt the data
when using IPSEC.
The espEncryptionAlgorithm attribute has the following values:

Value Description

null No encryption is done.

The null encryption algorithm is simply a convenient way to represent the optional
use of applying encryption within ESP. ESP can then be used to provide authenti-
cation and integrity without confidentiality.

des DES is used to encrypt / decrypt the data. The DES key has to be entered in the
espEncryptionKey attribute.

3des Triple DES is used to encrypt / decrypt the data. The 3DES key has to be entered
in the espEncryptionKey attribute.

Make sure that for the same security association on both the local and remote router the same ESP
encryption algorithm is selected.
Telindus 1423 SHDSL Router Chapter 12 599
User manual Configuration attributes

telindus1423Router/ip/router/manualSA[ ]/espEncryptionKey Default:<empty>

Range: octet string, 0 … 24
Use this attribute to define the key that will be used in the encryption /
decryption process when using IPSEC.
The algorithm can be selected using the espEncryptionAlgorithm attribute.

If you use … then …

null encryption the setting of the espEncryptionKey attribute is irrelevant.

DES encryption only the first 8 octets of the key are used. All other octets are ignored.
11 11 11 11 11 11 11 11 22 22 22 22 22 22 22 22 33 33 33 33 33 33 33 33

not used in the encryption

used in the encryption
/ decryption process
/ decryption process

3DES encryption at the transmitter side, the first set of 8 octets of the key are used to encrypt the
data, the second set of 8 octets to decrypt the data and the third set of 8 octets to
encrypt the data again.
11 11 11 11 11 11 11 11 22 22 22 22 22 22 22 22 33 33 33 33 33 33 33 33

encryption encryption
decryption

At the receiver side, the opposite occurs.

Make sure that for the same security association on both the local and remote router the same ESP
encryption key is used.
600 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/manualSA[ ]/espAuthenticationAlgorithm Default:hmac_md5

Range: enumerated, see below
Use this attribute to select the algorithm that will be used to authenticate the
data when using IPSEC.
The espAuthenticationAlgorithm attribute has the following values:

Value Description

null No authentication is done.

hmac_md5 The MD5 hash function is used to authenticate the data. The MD5 key has to be
entered in the espAuthenticationKey attribute.

hmac_sha-1 The SHA-1 hash function is used to authenticate the data. The SHA-1 key has to
be entered in the espAuthenticationKey attribute.

Make sure that for the same security association on both the local and remote router the same ESP
authentication algorithm is selected.

telindus1423Router/ip/router/manualSA[ ]/espAuthenticationKey Default:<empty>

Range: octet string, 0 … 20
Use this attribute to define the key that will be used in the authentication
process when using IPSEC. The algorithm can be selected using the espAuthenticationAlgorithm attribute.

If you use … then …

null authentication the setting of the espAuthenticationKey attribute is irrelevant.

MD5 authentication only the first 16 octets of the key are used. All other octets are ignored.
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20

used in the authentication not used in the

process authentication process

SHA-1 authentication all 20 octets of the key are used.

Make sure that on both the local and remote router the same ESP authentication key is used.

telindus1423Router/ip/router/manualSA[ ]/spi Default:256

Range: 256 … 2147483647
Use this attribute to set the SPI value. Each security association must have
a unique SPI value because this value is used to identify the security association.

Make sure that for the same security association on both the local and remote router the same SPI value
is used.
Telindus 1423 SHDSL Router Chapter 12 601
User manual Configuration attributes

12.12.5 IKE SA configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/ip/router/ikeSA[ ]/phase1 on page 602
• telindus1423Router/ip/router/ikeSA[ ]/phase2 on page 606

This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 50.
602 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/ikeSA[ ]/phase1 Default:-

Range: structure, see below
Use this attribute to configure the parameters of phase 1 in the IKE negoti-
ation process. IKE phase 1 negotiations are used to establish IKE SAs. These SAs protect the IKE phase
2 negotiations.
The phase1 structure contains the following elements:

Element Description

type Use this element to determine who initiates phase 1 of Default:client

the IKE negotiation. Range: enumerated, see below
The type element has the following values:
• client: This side initiates phase 1.
• server: This side waits until the remote side initiates phase 1.
• peerToPeer: Both sides can initiate phase 1.

mode Use this element to set the IKE mode. The choice Default:aggressive
between these modes is a matter of trade-offs. Range: enumerated, see below
The mode element has the following values:
• main: Main mode is selected. Some characteristics of main mode are:
- Protects the identities of the peers during negotiations and is therefore more
secure.
- Allows greater proposal flexibility than aggressive mode.
- Is more time consuming than aggressive mode because more messages
are exchanged between peers. (Six messages are exchanged in main
mode.)
• aggressive: Aggressive mode is selected. Some characteristics of aggressive
mode are:
- Exposes identities of the peers to eavesdropping, making it less secure than
main mode.
- Takes half the number of messages of main mode, has less negotiation
power, and does not provide identity protection.
- Is faster than main mode because fewer messages are exchanged between
peers. (Three messages are exchanged in aggressive mode.)
Telindus 1423 SHDSL Router Chapter 12 603
User manual Configuration attributes

Element Description

encryptionAlgorithm Use this element to select the IKE encryption algo- Default:des
rithm. Range: enumerated, see below
The encryption key is calculated using the selected diffieHelmanGroup algorithm in
combination with the value of the preSharedKey element.
The encryptionAlgorithm element has the following values:
• des: DES (56 bits) is used to encrypt / decrypt the data.
• 3des: Triple DES (168 bits) is used to encrypt / decrypt the data.
• aes128: AES128 (128 bits) is used to encrypt / decrypt the data.
• aes192: AES192 (192 bits) is used to encrypt / decrypt the data.
• aes256: AES256 (256 bits) is used to encrypt / decrypt the data.

Make sure that for the same security association on both the local and
remote router the same encryption algorithm is selected.

authenticationAlgo- Use this element to select the IKE authentication algo- Default:hmac_sha-1
rithm rithm. Range: enumerated, see below
The authentication key is calculated using the selected diffieHelmanGroup algorithm
in combination with the value of the preSharedKey element.
The authenticationAlgorithm element has the following values:
• hmac_md5: The MD5 hash function is used to authenticate the data.
• hmac_sha-1: The SHA-1 hash function is used to authenticate the data.

Make sure that for the same security association on both the local and
remote router the same authentication algorithm is selected.
604 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

diffieHelmanGroup Use this element to select the algorithm that will be Default:1_modp768
used to calculate the phase 1 IKE key. This key is Range: enumerated, see below
then used to encrypt and authenticate the data. The
calculation of the IKE key is based on the value of the preSharedKey element (refer
to preSharedKey on page 595).
The diffieHelmanGroup element has the following values:
• 1_modp768: The Diffie-Hellman group 1 (768 bits) is used to calculate the IKE
key.
• 2_modp1024: The Diffie-Hellman group 2 (1024 bits) is used to calculate the IKE
key.
• 5_modp1536: The Diffie-Hellman group 5 (1536 bits) is used to calculate the IKE
key.

Important remarks

• Note that the heavier the algorithm, the more processing power is required. E.g.
when selecting the Diffie-Hellman group 5, up to 30 seconds may be needed to
generate a key.
• Make sure that for the same security association on both the local and remote
router the same Diffie-Hellman algorithm is selected.

lifeTime Use this element to set the life time, in seconds, of the Default:28800
IKE SA. Range: 120 … 86400
When the life time expires, it is replaced by a new SA (and SPI) or terminated.

keepAlive Use this element to configure the IKE keep alive mes- Default:-
sages. Keep alive messages are sent to check and Range: structure, see below
maintain, or keep alive, the connection between local
and remote.
Refer to telindus1423Router/ip/router/ikeSA[ ]/phase1/keepAlive on page 605 for a detailed
description of the keepAlive structure.
Telindus 1423 SHDSL Router Chapter 12 605
User manual Configuration attributes

telindus1423Router/ip/router/ikeSA[ ]/phase1/keepAlive Default:-

Range: structure, see below
Use the keepAlive structure in the phase1 structure to configure the IKE keep
alive messages.
The keepAlive structure contains the following elements:

Element Description

mode Use this element to set the keep alive mode. Default:onDemand
The mode element has the following values: Range: enumerated, see below

• disabled: Keep alive is disabled, i.e. no keep alive messages are sent.
• onDemand: Keep alive messages are sent on the basis of traffic patterns. For
example, if a router has to send outbound traffic and the liveliness of the peer
is questionable, the router sends a keep alive message to query the status of
the peer. If a router has no traffic to send, it never sends a keep alive message.
• periodic: Keep alive messages are sent at the interval specified by the delay ele-
ment.

delay Use this element to set the interval at which keep alive Default:00000d 00h 00m 30s
messages are sent in case the mode element is set to Range: 00000d 00h 00m 00s -
periodic. 24855d 03h 14m 07s

failsPermitted Use this element to set the number of times a keep Default:3
alive message is resent in case no answer was Range: 0 …
received on the original keep alive message.

interval Use this element to set the delay between the retries. Default:00000d 00h 00m 10s
For example, considering the default values, if no Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
answer is received on a keep alive message, then the
router retries 3 times to resent the keep alive message with an interval of 10 sec-
onds.
606 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/ikeSA[ ]/phase2 Default:-

Range: structure, see below
Use this attribute to configure the parameters of phase 2 in the IKE negoti-
ation process.
The phase2 structure contains the following elements:

Element Description

pfsGroup Use this element to select the Perfect Forward Default:none

Secrecy algorithm. Range: enumerated, see below
The pfsGroup element has the following values:
• none: No Perfect Forward Secrecy is performed. The IKE key is calculated
based on the previous key.
• 1_modp768: A completely new key is calculated using the Diffie-Hellman group
1 (768 bits).
• 2_modp1024: A completely new key is calculated using the Diffie-Hellman group
2 (1024 bits).
• 5_modp1536: A completely new key is calculated using the Diffie-Hellman group
5 (1536 bits).

Important remarks

• Note that the heavier the algorithm, the more processing power is required. E.g.
when selecting the Diffie-Hellman group 5, up to 30 seconds may be needed to
generate a key.
• Make sure that for the same security association on both the local and remote
router the same PFS algorithm is selected.

natTraversal Use this element to enable or disable NAT traversal. Default:enabled

If natTraversal is enabled, then IPSEC traffic flows Range: enabled / disabled
transparently through a NAT device, thereby allowing one or more remote hosts
located behind the NAT device to use secure L2TP/IPSec tunnel connections to
access the router.

natVendorId Use this element to determine which vendor identifi- Default:rfc3947

cation string is exchanged with the remote in order to Range: rfc3947 / draft
detect NAT support.

proposal Use this element to configure the IKE proposal. A pro- Default:-
posal is a list of IKE attributes to protect the IKE con- Range: structure, see below
nection between the IKE host and its peer.
Refer to telindus1423Router/ip/router/ikeSA[ ]/phase2/proposal on page 607 for a detailed
description of the proposal structure.
Telindus 1423 SHDSL Router Chapter 12 607
User manual Configuration attributes

telindus1423Router/ip/router/ikeSA[ ]/phase2/proposal Default:-

Range: structure, see below
Use the proposal structure in the phase2 structure to configure the IKE pro-
posal. A proposal is a list of IKE attributes to protect the IKE connection between the IKE host and its
peer.
The proposal structure contains the following elements:

Element Description

espEncryptionAlgo- Use this element to select the IPSEC encryption algo- Default:des
rithm rithm (in case of ESP). Range: enumerated, see below
The espEncryptionAlgorithm element has the following values:
• null: No encryption is done.
The null encryption algorithm is simply a convenient way to represent the
optional use of applying encryption within ESP. ESP can then be used to pro-
vide authentication and integrity without confidentiality.
• des: DES (56 bits) is used to encrypt / decrypt the data.
• 3des: Triple DES (168 bits) is used to encrypt / decrypt the data.
• disabled: No encryption is done.

Make sure that for the same security association on both the local and
remote router the same encryption algorithm is selected.

espAuthentication- Use this element to select the IPSEC authentication Default:hmac_md5

Algorithm algorithm (in case of ESP). Range: enumerated, see below
The epsAuthenticationAlgorithm element has the following values:
• hmac_md5: The MD5 hash function is used to authenticate the data.
• hmac_sha-1: The SHA-1 hash function is used to authenticate the data.
• disabled: No authentication is done.

Make sure that for the same security association on both the local and
remote router the same authentication algorithm is selected.

ahAuthenticationAl- Use this element to select the IPSEC authentication Default:disabled

gorithm algorithm (in case of AH). Range: enumerated, see below
The ahAuthenticationAlgorithm element has the following values:
• hmac_md5: The MD5 hash function is used to authenticate the data.
• hmac_sha-1: The SHA-1 hash function is used to authenticate the data.
• disabled: No authentication is done.

Make sure that for the same security association on both the local and
remote router the same authentication algorithm is selected.
608 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

lifeTime Use this element to set the life time of the IPSEC SA. Default:-
When the life time expires, it is replaced by a new SA Range: structure, see below
(and SPI) or terminated.
The lifeTime structure contains the following elements:
• time. Use this element to set the life time, in sec- Default:3600
onds, of the IPSEC SA. Range: 120 … 86400
• kBytes. Use this element to set the life time, in kilo- Default:4250000
bytes, of the IPSEC SA. Range: 2500 … 4250000

As soon as one of the two criteria is exceeded (i.e. either the time or the number
of kilobytes), the IPSEC SA is timed out.
Telindus 1423 SHDSL Router Chapter 12 609
User manual Configuration attributes

12.12.6 OSPF configuration attributes

This section discusses the configuration attributes concerned with OSPF. First it describes the general
OSPF configuration attributes. Then it explains the OSPF area configuration attributes.
The following gives an overview of this section:
• General OSPF configuration attributes on page 610
• Area configuration attributes on page 614
610 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

General OSPF configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/ip/router/ospf/routerId on page 611
• telindus1423Router/ip/router/ospf/refBandwidth on page 611
• telindus1423Router/ip/router/ospf/keyChains on page 611
• telindus1423Router/ip/router/ospf/importMetrics on page 612
• telindus1423Router/ip/router/ospf/importFilter on page 613
Telindus 1423 SHDSL Router Chapter 12 611
User manual Configuration attributes

²v

telindus1423Router/ip/router/ospf/routerId Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to set the unique sequence number for the router in the
OSPF network.

telindus1423Router/ip/router/ospf/refBandwidth Default:100000 bps

Range: 0 … 2147483647
Use this attribute to set the reference bandwidth. It is used to calculate the
cost of an interface in OSPF. Refer to 8.6.1 - Introducing OSPF on page 211 for more information about
cost.

telindus1423Router/ip/router/ospf/keyChains Default:<empty>
Range: table, see below
Use this attribute to set the key chains that will be used in the MD-5 authen-
tication process. For more information on authentication, refer to …
• 8.6.3 - Enabling OSPF authentication on page 217
• telindus1423Router/ip/router/ospf/area[ ]/networks/authentication on page 618
• telindus1423Router/ip/router/ospf/area[ ]/virtualLinks/authentication on page 620

The keyChains table contains the following elements:

Element Description

name Use this element to assign an administrative name to Default:chain

the key chain. Range: 0 … 24 characters

chain Use this element to set the properties of each key Default:<empty>
chain. Range: table, see below
Refer to telindus1423Router/ip/router/ospf/keyChains/chain on page 612 for a detailed
description of this element.
612 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/ospf/keyChains/chain Default:<empty>
Range: table, see below
The chain table contains the following elements:

Element Description

keyId Use this element to set a unique identifier for each Default:0
secret. Range: 0 … 255

secret Use this element to define the secret. Default:<empty>

Range: 0 … 16 characters

sendDate Use this element to set the start date from which the Default:01/01/01
secret is allowed to be sent. Enter the date as argu- Range: 01/01/01 … 31/12/99
ment value in the format dd/mm/yy (e.g. 01/01/05)

sendTime Use this element to set the time from which the secret Default:00:00:00
is allowed to be sent. Enter the time as argument Range: 00:00:00 … 23:59:59
value in the format hh:mm:ss (e.g. 12:30:45).

sendDuration Use this element to set the period of time during which Default:00000d 00h 00m 00s
the secret is allowed to be sent. Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s

acceptDate Use this element to set the start date from which the Default:01/01/01
secret is allowed to be accepted by the other routers Range: 01/01/01 … 31/12/99
in the OSPF network. Enter the date as argument
value in the format dd/mm/yy (e.g. 01/01/05)

acceptTime Use this element to set the time from which the secret Default:00:00:00
is allowed to be accepted by the other routers in the Range: 00:00:00 … 23:59:59
OSPF network. Enter the time as argument value in
the format hh:mm:ss (e.g. 12:30:45).

acceptDuration Use this element to set the period of time during which Default:00000d 00h 00m 00s
the secret is allowed to be accepted by the other rout- Range: 00000d 00h 00m 00s -
ers in the OSPF network. Enter this value in seconds. 24855d 03h 14m 07s

telindus1423Router/ip/router/ospf/importMetrics Default:-
Range: structure, see below
Use this attribute to configure the default cost for importing RIP and static
routes into OSPF.
The importMetrics structure contains following elements:

Element Description

static Use this element to set the default cost of a static Default:20
route which will be imported into OSPF. Range: 0 … 2147483647

rip Use this element to set the default cost of a RIP route Default:20
which will be imported into OSPF. Range: 0 … 2147483647
Telindus 1423 SHDSL Router Chapter 12 613
User manual Configuration attributes

telindus1423Router/ip/router/ospf/importFilter Default:<empty>
Range: table, see below
Use this attribute to configure the import filter which allows or denies the
import of external routes into OSPF.
The importFilter table contains following elements:

Element Description

type Use this element to select the type of routes which will Default:all
be allowed or denied into OSPF. Range: static / rip / all
Whether a route is allowed into OSPF or denied access to OSPF, is set by the ele-
ment mode which is described further on in this table.
The type element has the following values:
• all. All routes are allowed into OSPF / denied access to OSPF.
• static. Static routes are allowed into OSPF / denied access to OSPF.
• rip. Rip routes are allowed into OSPF / denied access to OSPF.

address Use this element to set the IP address the external Default:0.0.0.0
route has to comply to. Range: up to 255.255.255.255

mask Use this element to set the netmask the external route Default:0.0.0.0
has to comply to. Range: up to 255.255.255.255

Address and mask define the address range the external route has to comply
to.

mode Use this element to allow or deny the import of exter- Default:allow
nal routes into OSPF. Range: deny / allow

costType Use this element to set the type of cost of the external Default:type2
route. Range: type1 / type2
The costType element has the following values:
• type1. The external cost is expressed in the same units as OSPF interface cost
(i.e. in terms of the link state metric).
• type2. The external cost is an order of magnitude larger; any type 2 cost is con-
sidered greater than the cost of any path internal to the OSPF routing domain.
Use of type 2 external cost assumes that routing outside the OSPF domain is
the major cost of routing a packet, and eliminates the need for conversion of
external costs to internal link state costs.

cost Use this element to set the cost of the external route. Default:0
Range: 0 … 65535

tag Each external route can be tagged, enabling the Default:0

passing of additional information between AS bound- Range: 0 … 2147483647
ary routers.
614 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Area configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/ip/router/ospf/area[ ]/areaId on page 615
• telindus1423Router/ip/router/ospf/area[ ]/stub on page 615
• telindus1423Router/ip/router/ospf/area[ ]/networks on page 616
• telindus1423Router/ip/router/ospf/area[ ]/virtualLinks on page 619
• telindus1423Router/ip/router/ospf/area[ ]/ranges on page 621

This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 50.
Telindus 1423 SHDSL Router Chapter 12 615
User manual Configuration attributes

telindus1423Router/ip/router/ospf/area[ ]/areaId Default:0.0.0.0

Range: up to 255.255.255.255
Use this attribute to set the unique sequence number for the area. The back
bone area must always be area 0.

telindus1423Router/ip/router/ospf/area[ ]/stub Default:-

Range: structure, see below
Use this attribute to define an area as a stub area. Refer to 8.6.1 - Introduc-
ing OSPF on page 211 for the definition of a stub area.
The stub structure contains the following elements:

Element Description

mode Use this element to enable or disable the area as a Default:disabled

stub area. Range: enabled / disabled

defaultCost Use this element to assign a default cost to the area. Default:0
This is the cost of the default route of the area. Range: 0 … 2147483647

importSummaries Use this element to enable or disable the import of Default:enabled

summary links into the stub area. Range: disabled / enabled
When this attribute is disabled, only the default route will be injected into the area
(by the Area Border Router). When it is enabled, also the summary links are
injected into the area.
Refer to 8.6.1 - Introducing OSPF on page 211 for the definition of a summary link.

translatorRole Use this element to specify whether or not the Telin- Default:candidate
dus 1423 SHDSL Router will unconditionally translate Range: candidate / always
Type-7 LSAs into Type-5 LSAs.
The translatorRole element has the following values:
• always. The Telindus 1423 SHDSL Router always translates Type-7 LSAs into
Type-5 LSAs regardless of the translator state of other NSSA border routers.
• candidate. The Telindus 1423 SHDSL Router participates in the translator elec-
tion process. I.e. only one NSSA border router is elected as Type-7 translator
among all the NSSA border routers that were set as candidate.

translatorInterval Use this element to define the length of time the Tel- Default:00000d 00h 00m 40s
indus 1423 SHDSL Router, if it is an elected Type-7 Range: 00000d 00h 00m 00s -
translator, will continue to perform its translator duties 00000d 18h 12m 15s
once it has determined that its translator status has
been deposed by another NSSA border router translator.
If an NSSA border router is elected as Type-7 translator among all the NSSA bor-
der routers that were set as candidate, then it will continue to perform translation
duties until supplanted by a reachable NSSA border router whose Nt bit is set or
whose router ID is greater. Such an event may happen when an NSSA router with
translatorRole set to always regains border router status, or when a partitioned NSSA
becomes whole. If an elected translator determines its services are no longer
required, it continues to perform its translation duties for the additional time interval
defined by the translatorInterval. This minimizes excessive flushing of translated
Type-7 LSAs and provides for a more stable translator transition.
616 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/ospf/area[ ]/networks Default:<empty>

Range: table, see below
Use this attribute to identify the interfaces which are part of the area.
The networks table contains following elements:

Element Description

name Use this element to assign an administrative name to Default:<network>

a network. Range: 0 … 24 characters

address Use this element to specify the IP address of the net- Default:0.0.0.0
work. Range: up to 255.255.255.255

mask Use this element to specify the IP address mask of the Default:255.255.255.0
attached network (Network Mask). Range: up to 255.255.255.255

Address and mask define the network address to select the interfaces that will
be part of the OSPF network (with the OSPF parameters defined in this net-
work).

cost Use this element to specify the cost of the link. When Default:0
the cost is set to 0, the actual cost is calculated auto- Range: 0 … 65535
matically.
Refer to 8.6.1 - Introducing OSPF on page 211 for more information about cost.

priority Use this element to set the priority of the link. On the Default:0
basis of this element, the designated router in the net- Range: 0 … 255
work is elected.
Refer to 8.6.1 - Introducing OSPF on page 211 for more information about desig-
nated routers.

This element is only important for broadcast networks. It must not be set for
P2P links.

helloInterval Use this element to specify the length of time, in sec- Default:00000d 00h 00m 30s
onds, between the hello packets that a router sends Range: 00000d 00h 00m 00s -
on an OSPF interface. 00000d 18h 12m 15s

OSPF requires the hello interval and dead interval to be exactly the same
for all routers attached to a common network.
Telindus 1423 SHDSL Router Chapter 12 617
User manual Configuration attributes

Element Description

deadInterval Use this element to specify the maximum length of Default:00000d 00h 02m 00s
time, in seconds, before the neighbours declare the Range: 00000d 00h 00m 00s -
OSPF router down when they stop hearing the 24855d 3h 14m 07s
router's Hello Packets.

retransmitinterval Use this element to specify the length of time, in sec- Default:00000d 00h 00m 05s
onds, after which an hello packet is retransmitted. Range: 00000d 00h 00m 00s -
00000d 00h 4m 15s
authentication Use this element to authenticate OSPF packets. Default:-
OSPF packets can be authenticated so that routers Range: structure, see below
can be part of routing domains based on predefined passwords. By default, a
router uses a Null authentication which means that routing exchanges over a net-
work are not authenticated. There are two other authentication methods: Simple
Password authentication and Message Digest authentication (MD-5).
Refer to telindus1423Router/ip/router/ospf/area[ ]/networks/authentication on page 618 for a
detailed description of this element.

mode Use this element to activate or disable an interface in Default:active

the OSPF network. Range: active / disabled
When an interface is active it is known in the OSPF network, and will pass OSPF
data through the OSPF network. When it is disabled the interface is known in the
OSPF network, but OSPF data will not be passed through (e.g. if an interface is
connected to the outside world using RIP, the other routers in the area will know
this interface, but there is no OSPF link to the outside world).
618 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/ospf/area[ ]/networks/authentication Default:-

Range: structure, see below
The authentication structure contains the following elements:

Element Description

type Use this element to set the type of authentication. Default:disabled

The type element has the following values: Range: disabled / text/ md5

• disabled. No authentication is done.

• test. This allows a password (key) to be configured per interface. Interfaces of
different routers that want to exchange OSPF information will have to be con-
figured with the same key.
• md5. Message Digest authentication. This is a cryptographic authentication. A
key (password) and key-id are configured on each router. The router uses an
algorithm based on the OSPF packet, the key, and the key-id to generate an
"authentication secret" that gets added to the packet. Unlike the simple authen-
tication, the key is not exchanged over the wire.

text Use this element to set the password when using text Default:-
authentication. Range: 0 … 8 characters

keyChain Use this element to set the key chain which will be Default:chain
used in this network when using md5 authentication. Range: 0 … 24 characters
Telindus 1423 SHDSL Router Chapter 12 619
User manual Configuration attributes

telindus1423Router/ip/router/ospf/area[ ]/virtualLinks Default:<empty>

Range: table, see below
Use this attribute to set up a virtual link between the current area and a
remote area which is not physically connected to the backbone area.
Refer to 8.6.1 - Introducing OSPF on page 211 for more information on the back bone area.
The virtual links table contains following elements:

Element Description

remoteId Use this element to set the IP address of the remote Default:0.0.0.0
router with which the virtual link is established. Range: up to 255.255.255.255

helloInterval Use this element to specify the length of time, in sec- Default:00000d 00h 00m 30s
onds, between the hello packets that a router sends Range: 00000d 00h 00m 00s -
on an OSPF interface. 00000d 18h 12m 15s

deadInterval Use this element to specify the maximum length of Default:00000d 00h 02m 00s
time, in seconds, between the sent hello packets after Range: 00000d 00h 00m 00s -
which the neighbours declare the virtual link down. 24855d 3h 14m 07s

retransmitinterval Use this element to specify the length of time, in sec- Default:00000d 00h 00m 05s
onds, after which an hello packet is retransmitted. Range: 00000d 00h 00m 00s -
00000d 00h 4m 15s
authentication Use this element to authenticate OSPF packets. Default:-
OSPF packets can be authenticated so that routers Range: structure, see below
can be part of routing domains based on predefined passwords. By default, a
router uses a Null authentication which means that routing exchanges over a net-
work are not authenticated. There are two other authentication methods: Simple
Password authentication and Message Digest authentication (MD-5).
Refer to telindus1423Router/ip/router/ospf/area[ ]/virtualLinks/authentication on page 620 for
more information.
620 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/ospf/area[ ]/virtualLinks/authentication Default:-

Range: structure, see below
The authentication structure contains the following elements:

Element Description

type Use this element to set the type of authentication. Default:disabled

The type element has the following values: Range: disabled / text/ md5

• disabled. No authentication is done.

• test. This allows a password (key) to be configured per interface. Interfaces of
different routers that want to exchange OSPF information will have to be con-
figured with the same key.
• md5. Message Digest authentication. This is a cryptographic authentication. A
key (password) and key-id are configured on each router. The router uses an
algorithm based on the OSPF packet, the key, and the key-id to generate an
"authentication secret" that gets added to the packet. Unlike the simple authen-
tication, the key is not exchanged over the wire.

text Use this element to set the password when using text Default:--
authentication. Range: 0 … 8 characters

keyChain Use this element to set the key chain which will be Default:chain
used in the virtual link when using md5 authentication. Range: 0 … 24 characters
Telindus 1423 SHDSL Router Chapter 12 621
User manual Configuration attributes

telindus1423Router/ip/router/ospf/area[ ]/ranges Default:<empty>

Range: table, see below
By defining ranges in an area, Summary-LSAs can be condensed before
being injected in an other area (by defining a larger subnet mask).
Refer to 8.6.1 - Introducing OSPF on page 211 for more information about Summary-LSAs.
Each address range is defined as an address-mask pair. Many separate networks may then be con-
tained in a single address range, just as a subnetted network is composed of many separate subnets.
Area border routers then summarize the area contents (for distribution to the backbone) by advertising
a single route for each address range. The cost of the route is the maximum cost to any of the networks
falling in the specified range.
The ranges table contains following elements:

Element Description

type Use this element to set the type of Summary-LSA that Default:all
has to be created. Range: enumerated, see below
The type element has the following values:
• summary. The area's routing information is condensed.
• nssa. In case of an NNSA, multiple Type-7 LSAs are aggregated into a single
Type-5 LSA.
• all. Both tasks are performed.

network Use this element to set the IP address of the network. Default:0.0.0.0
Range: up to 255.255.255.255

mask Use this element to set the subnet mask. Default:255.255.255.0

Range: up to 255.255.255.255

advertise Use this element to enable or disable the advertise- Default:enabled

ment of the Summary-LSAs into the other areas. Range: enabled / disabled
When this element is disabled, the Summary-LSAs which are part of this range,
will not be known in the other area’s in the OSPF network. When this element is
enabled, the summaries are injected in the other areas of the OSPF network.

tag This element is only relevant in case of NSSAs. Default:0

Use this element to retag the summary of the external Range: 0 … 2147483647
routes entering the NSSA.
622 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.12.7 Routing filter configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/ip/router/routingFilter[ ]/filter on page 623

This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 50.
Telindus 1423 SHDSL Router Chapter 12 623
User manual Configuration attributes

telindus1423Router/ip/router/routingFilter[ ]/filter Default:<empty>

Range: table, see below
Use this attribute to set up a routing update filter.
Only the routes to networks that are specified in the filter table are forwarded. All other routes are blocked.
If the filter table is empty, then all routes are forwarded.
The filter table contains the following elements:

Element Description

network This is the IP address of the network. The address Default:0.0.0.0

may be a (sub-)network address. It should match an Range: up to 255.255.255.255
entry in the telindus1423Router/ip/router/routingTable status
attribute of the Telindus 1423 SHDSL Router.

mask This is the IP subnet mask of the network. By combin- Default:255.255.255.0

ing an IP address with a mask you can uniquely iden- Range: up to 255.255.255.255
tify a range of addresses.

Currently, the Telindus 1423 SHDSL Router supports up to 5 routing update filters. Although you can
add more than 5 routingFilter[ ] objects to the containment tree, no more than 5 will be active.

Example

This example shows a filter that only forwards the route to subnet
192.168.48.0.
624 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.12.8 VRRP configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/ip/router/vrrp[ ]/vrId on page 625
• telindus1423Router/ip/router/vrrp[ ]/ipAddresses on page 625
• telindus1423Router/ip/router/vrrp[ ]/interfaces on page 626
• telindus1423Router/ip/router/vrrp[ ]/criticals on page 626
• telindus1423Router/ip/router/vrrp[ ]/advertiseInterval on page 627
• telindus1423Router/ip/router/vrrp[ ]/preemptMode on page 627

This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 50.
Telindus 1423 SHDSL Router Chapter 12 625
User manual Configuration attributes

telindus1423Router/ip/router/vrrp[ ]/vrId Default:0

Range: 0 … 255
Use this attribute to set the identification of the virtual router. Specify a
number between 1 and 255. The VRID has to be set the same on all participating routers.
Setting the vrId to 0 (default) disables this virtual router instance.

telindus1423Router/ip/router/vrrp[ ]/ipAddresses Default:<empty>

Range: table, see below
Use this attribute to configure one or more IP addresses on the virtual
router.
The ipAddresses table contains the following element:

Element Description

address Use this element to configure the IP address of the vir- Default:0.0.0.0
tual router. This address must be the same on all rout- Range: up to 255.255.255.255
ers participating in this virtual router.
By adding several IP addresses, several IP addresses can be configured on a sin-
gle virtual router. This can be used to ensure redundancy while migrating from one
address scheme to another. It cannot be used for load balancing purposes, in this
case multiple virtual routers must be used.
If no IP address is configured, this virtual router instance is not active.

It is important that all VRRP routers have a physical interface configured with an IP address in the same
subnet as the virtual router. The VRRP protocol sends only IP addresses and not subnet information.
Without the corresponding subnet information, the VRRP router will add the virtual router address as a
single IP address with a host (255.255.255.255) netmask. This will prevent routing from working prop-
erly, as the virtual router will not listen to broadcasts from the local network.
626 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/vrrp[ ]/interfaces Default:<empty>

Range: table, see below
Use this attribute to add Ethernet-alike interfaces7 to the virtual router and
assign a priority to them. This priority is used in the master virtual router election process.
The interfaces table contains the following element:

Element Description

name Use this element to specify the name of the interface Default:<empty>
that you want to add to the virtual router. Range: 0 … 36 characters

priority Use this element to specify the priority of the interface. Default:100
Specify a number between 1 and 254. The higher the Range: 1 … 254
number, the higher the priority.
The numbers 0 and 255 are reserved numbers and cannot be set by the user:
• 0 specifies that the master has stopped working and that the backup router
needs to transition to master state.
• 255 specifies that the VRRP router is the IP address owner and therefore is
master, independently from the priority settings.

Refer to 8.9.1 - Introducing VRRP on page 256 for more information on how the
priority plays a role in the election of a master virtual router.

telindus1423Router/ip/router/vrrp[ ]/criticals Default:<empty>

Range: table, see below
Use this attribute to specify which interfaces must be up before a router may
be elected as master virtual router.
The criticals table contains the following element:

Element Description

name Use this element to specify the name of the interface Default:<empty>
that must be up before the router may be elected as Range: 0 … 36 characters
master.
So as soon as an interface that is defined in the criticals table goes down, the com-
plete router is considered to be down (on VRRP level that is). In that case, a new
master has to be elected. So this adds an extra condition to the election process
as shown in How is a master virtual router elected? on page 257.

7. Ethernet-alike interfaces are e.g. an Ethernet interface, a VLAN on an Ethernet interface, a

bridge group, a VLAN on a bridge group, etc.
Telindus 1423 SHDSL Router Chapter 12 627
User manual Configuration attributes

telindus1423Router/ip/router/vrrp[ ]/advertiseInterval Default:00000d 00h 00m 01s

Range: 00000d 00h 00m 00s -
Use this attribute to set the time between VRRP advertisement transmis- 00000d 18h 12m 15s
sions.
Actually, only the master virtual router sends VRRP advertisements. However, the advertisement inter-
val has to be set the same on all participating routers.

telindus1423Router/ip/router/vrrp[ ]/preemptMode Default:enabled

Range: enabled / disabled
Use this attribute to allow a backup virtual router to take over from the mas-
ter virtual router in case the backup virtual router has a higher priority on the enclosing virtual router.
The preemptMode attribute has the following values:

Value Description

enabled If after a router is elected as master a backup appears which has a higher priority
than the master, then the backup begins to send its own advertisements. The cur-
rent master will see that the backup has higher priority and stop functioning as the
master. The backup will then see that the master has stopped sending advertise-
ments and assume the role of master.

disabled Once a router is elected as master, it stays master until it goes down. So the
appearance of a backup with a higher priority after the master has been elected
does not cause a new election process.

While preemption can ensure that a primary router will return to master status once it returns to service,
preemption also causes a brief outage while the election process takes place. Disabling preemption will
ensure maximum up-time on the network, but will not always result in the primary or highest priority
router acting as master.

Note that, regardless of the setting of the preemptMode attribute, the VRRP IP address owner will always
preempt.
628 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.12.9 Firewall configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/ip/router/firewall/inspection on page 629
• telindus1423Router/ip/router/firewall/outboundPolicies on page 629
• telindus1423Router/ip/router/firewall/inboundPolicies on page 634
• telindus1423Router/ip/router/firewall/outboundSelfPolicies on page 639
• telindus1423Router/ip/router/firewall/inboundSelfPolicies on page 643
• telindus1423Router/ip/router/firewall/attacks on page 647
• telindus1423Router/ip/router/firewall/log on page 649
Telindus 1423 SHDSL Router Chapter 12 629
User manual Configuration attributes

telindus1423Router/ip/router/firewall/inspection Default:disabled
Range: enabled / disabled
Use this attribute to enable or disable the firewall.

telindus1423Router/ip/router/firewall/outboundPolicies Default:<empty>
Range: table, see below
Use this attribute to define outbound SNet policies. Refer to 10.9.4 - Defin-
ing an outbound SNet policy on page 386 for more information.
The outboundPolicies table contains the following elements:

Element Description

sNet Use this element to specify the name of the source Default:<name> corp
SNet for which you want to create an outbound SNet Range: choice, see below
policy.
The sNet element is a choice element. The first part of the sNet element has the fol-
lowing values:
• name. Select this value if the source SNet is one of Default:corp
the standard SNets. In the second part of the sNet Range: corp / dmz
element, use the drop-down box to select one of
the standard SNets:
- corp. The source SNet is “corporate”. If you select this
value, then you create a policy for the traffic from the
corporate SNet to any SNet except the self SNet.
- dmz. The source SNet is “DMZ”. If you select this value,
then you create a policy for the traffic from the DMZ
SNet to any SNet except the self SNet.

• custom. Currently, you can only select standard Default:<empty>

SNets. In future releases of the TDRE, it will be Range: 0 … 16 characters
possible to select custom created SNets.

Note that you only have to set the source SNet. The destination SNet is
always any SNet except the self SNet.
630 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

sourceIp Use this element to specify the source IP address(es) Default:<opt>

for which you want to create an outbound SNet policy. Range: choice, see below
The sourceIp element is a choice element. The first part of the sourceIp element has
the following values:
• network. Select this value if you want to create a pol-
icy for the traffic coming from a specific network. In
the second part of the sourceIp element, specify the
address of that network.
The network structure contains the following ele-
ments:
- address. Use this element to specify the IP Default:0.0.0.0
address of the network. Range: up to 255.255.255.255
- netmask. Use this element to specify the net- Default:0.0.0.0
mask of the network. Range: up to 255.255.255.255

• custom. Select this value if you want to create a

policy for the traffic coming from a specific
(range of) IP address(es). In the second part of
the sourceIp element, specify the IP address
(range).
The custom structure contains the following ele-
ments:
- startAddress. Use this element to specify the start Default:0.0.0.0
of the source IP address range. Range: up to 255.255.255.255
- endAddress. Use this element to specify the end Default:<opt>
of the source IP address range. Range: up to 255.255.255.255
Note that you can specify one single source IP
address by filling in the startAddress element and leaving the endAddress ele-
ment at its default value (<opt>).

Note that if you leave the sourceIp element at its default value (<opt>), then no
source IP address(es) is/are specified.
Telindus 1423 SHDSL Router Chapter 12 631
User manual Configuration attributes

Element Description

destIp Use this element to specify the destination IP Default:<opt>

address(es) for which you want to create an outbound Range: choice, see below
SNet policy.
The destIp element is a choice element. The first part of the destIp element has the
following values:
• network. Select this value if you want to create a pol-
icy for the traffic destined for a specific network. In
the second part of the destIp element, specify the
address of that network.
The network structure contains the following ele-
ments:
- address. Use this element to specify the IP Default:0.0.0.0
address of the network. Range: up to 255.255.255.255
- netmask. Use this element to specify the net- Default:0.0.0.0
mask of the network. Range: up to 255.255.255.255

• custom. Select this value if you want to create a

policy for the traffic destined for a specific
(range of) IP address(es). In the second part of
the destIp element, specify the IP address
(range).
The custom structure contains the following ele-
ments:
- startAddress. Use this element to specify the start Default:0.0.0.0
of the destination IP address range. Range: up to 255.255.255.255
- endAddress. Use this element to specify the end Default:<opt>
of the destination IP address range. Range: up to 255.255.255.255
Note that you can specify one single destina-
tion IP address by filling in the startAddress element and leaving the endAddress
element at its default value (<opt>).

Note that if you leave the destIp element at its default value (<opt>), then no
destination IP address(es) is/are specified.
632 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

application Use this element to specify the application for which Default:<opt>
you want to create an outbound SNet policy. Range: choice, see below
The application element is a choice element. Currently, the first part of the application
element is always custom. The custom structure contains the following elements:
• protocol. Use this element to specify the protocol. Default:any
The protocol element has the following values: any, Range: enumerated, see below
icmp, tcp, udp, ah, esp.
Note that if you leave the protocol element at its default value (any), then no pro-
tocol is specified.
• startPort. Use this element to specify the start of the Default:0 (any)
port range. Specify the port by typing the port Range: 0 … 65535
number. For ease of use, some common port num-
bers can be selected from a drop-down box.
Note that if you leave the port element at its default value (any), then no port is
specified.
• endPort. Use this element to specify the end of the Default:<opt>
port range. Specify the port by typing the port Range: 0 … 65535
number. For ease of use, some common port num-
bers can be selected from a drop-down box.
Note that you can specify one single port by filling in the startPort element and
leaving the endPort element at its default value (<opt>).

Note that if you leave the application element at its default value (<opt>), then
no application is specified.

action Use this element to determine whether the outbound Default:allow

SNet policy allows or denies traffic. Range: allow / deny
The action element has the following values:
• allow. Packets that fall within the specification of the policy are passed on.
• deny. Packets that fall within the specification of the policy are dropped.
Telindus 1423 SHDSL Router Chapter 12 633
User manual Configuration attributes

Element Description

nat Use this element to determine whether address trans- Default:<opt>

lation has to be done for the outbound SNet policy Range: choice, see below
and, if so, which translation address has to be taken.
The nat element is a choice element. The first part of the nat element has the fol-
lowing values:
• ipAddress. Select this value if you want to specify a Default:0.0.0.0
fixed IP address for the address translation. In the Range: up to 255.255.255.255
second part of the nat element, specify the IP
address.

• interface. Select this value if you want to that the IP Default:<empty>

address that is used for the address translation is Range: 0 … 24 characters
taken from another interface. In the second part of
the nat element, specify the name of the interface.

Note that if you leave the nat element at its default value (<opt>), then no
address translation is done.

Important remark

If you want to enable NAT on an interface but you also want that the inter-
face is inspected by the firewall, then enable NAT in the policies of the firewall and
not in the ip structure of the interface.

log Use this element to determine whether limited (disa- Default:disabled

bled) or extended (enabled) logging is done for this pol- Range: enabled / disabled
icy.

name Use this element to assign a name (description) to the Default:<empty>

outbound SNet policy. By doing so, you can easily Range: 0 … 24 characters
identify the policy when it is listed in status and per-
formance tables.
634 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/ip/router/firewall/inboundPolicies Default:<empty>
Range: table, see below
Use this attribute to define inbound SNet policies. Refer to 10.9.5 - Defining
an inbound SNet policy on page 388 for more information.
The inboundPolicies table contains the following elements:

Element Description

sNet Use this element to specify the name of the destina- Default:<name> corp
tion SNet for which you want to create an inbound Range: choice, see below
SNet policy.
The sNet element is a choice element. The first part of the sNet element has the fol-
lowing values:
• name. Select this value if the destination SNet is Default:corp
one of the standard SNets. In the second part of Range: corp / dmz
the sNet element, use the drop-down box to select
one of the standard SNets:
- corp. The destination SNet is “corporate”. If you select
this value, then you create a policy for the traffic from
any SNet except the self SNet to the corporate SNet.
- dmz. The destination SNet is “DMZ”. If you select this
value, then you create a policy for the traffic from any
SNet except the self SNet to the DMZ SNet.

• custom. Currently, you can only select standard Default:<empty>

SNets. In future releases of the TDRE, it will be Range: 0 … 16 characters
possible to select custom created SNets.

Note that you only have to set the destination SNet. The source SNet is
always any SNet except the self SNet.
Telindus 1423 SHDSL Router Chapter 12 635
User manual Configuration attributes

Element Description

sourceIp Use this element to specify the source IP address(es) Default:<opt>

for which you want to create an inbound SNet policy. Range: choice, see below
The sourceIp element is a choice element. The first part of the sourceIp element has
the following values:
• network. Select this value if you want to create a pol-
icy for the traffic coming from a specific network. In
the second part of the sourceIp element, specify the
address of that network.
The network structure contains the following ele-
ments:
- address. Use this element to specify the IP Default:0.0.0.0
address of the network. Range: up to 255.255.255.255
- netmask. Use this element to specify the net- Default:0.0.0.0
mask of the network. Range: up to 255.255.255.255

• custom. Select this value if you want to create a

policy for the traffic coming from a specific
(range of) IP address(es). In the second part of
the sourceIp element, specify the IP address
(range).
The custom structure contains the following ele-
ments:
- startAddress. Use this element to specify the start Default:0.0.0.0
of the source IP address range. Range: up to 255.255.255.255
- endAddress. Use this element to specify the end Default:<opt>
of the source IP address range. Range: up to 255.255.255.255
Note that you can specify one single source IP
address by filling in the startAddress element and leaving the endAddress ele-
ment at its default value (<opt>).

Note that if you leave the sourceIp element at its default value (<opt>), then no
source IP address(es) is/are specified.
636 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

destIp Use this element to specify the destination IP Default:<opt>

address(es) for which you want to create an inbound Range: choice, see below
SNet policy.
The destIp element is a choice element. The first part of the destIp element has the
following values:
• network. Select this value if you want to create a pol-
icy for the traffic destined for a specific network. In
the second part of the destIp element, specify the
address of that network.
The network structure contains the following ele-
ments:
- address. Use this element to specify the IP Default:0.0.0.0
address of the network. Range: up to 255.255.255.255
- netmask. Use this element to specify the net- Default:0.0.0.0
mask of the network. Range: up to 255.255.255.255

• custom. Select this value if you want to create a

policy for the traffic destined for a specific
(range of) IP address(es). In the second part of
the destIp element, specify the IP address
(range).
The custom structure contains the following ele-
ments:
- startAddress. Use this element to specify the start Default:0.0.0.0
of the destination IP address range. Range: up to 255.255.255.255
- endAddress. Use this element to specify the end Default:<opt>
of the destination IP address range. Range: up to 255.255.255.255
Note that you can specify one single destina-
tion IP address by filling in the startAddress element and leaving the endAddress
element at its default value (<opt>).

Note that if you leave the destIp element at its default value (<opt>), then no
destination IP address(es) is/are specified.
Telindus 1423 SHDSL Router Chapter 12 637
User manual Configuration attributes

Element Description

application Use this element to specify the application for which Default:<opt>
you want to create an inbound SNet policy. Range: choice, see below
The application element is a choice element. Currently, the first part of the application
element is always custom. The custom structure contains the following elements:
• protocol. Use this element to specify the protocol. Default:any
The protocol element has the following values: any, Range: enumerated, see below
icmp, tcp, udp, ah, esp.
Note that if you leave the protocol element at its default value (any), then no pro-
tocol is specified.
• startPort. Use this element to specify the start of the Default:0 (any)
port range. Specify the port by typing the port Range: 0 … 65535
number. For ease of use, some common port num-
bers can be selected from a drop-down box.
Note that if you leave the port element at its default value (any), then no port is
specified.
• endPort. Use this element to specify the end of the Default:<opt>
port range. Specify the port by typing the port Range: 0 … 65535
number. For ease of use, some common port num-
bers can be selected from a drop-down box.
Note that you can specify one single port by filling in the startPort element and
leaving the endPort element at its default value (<opt>).

Note that if you leave the application element at its default value (<opt>), then
no application is specified.

action Use this element to determine whether the inbound Default:allow

SNet policy allows or denies traffic. Range: allow / deny
The action element has the following values:
• allow. Packets that fall within the specification of the policy are passed on.
• deny. Packets that fall within the specification of the policy are dropped.
638 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

nat Use this element to determine whether address trans- Default:<opt>

lation has to be done for the inbound SNet policy and, Range: choice, see below
if so, which translation address has to be taken.
The nat element is a choice element. Currently, the first part of the nat element is
always custom. The custom structure contains the following elements:
• ipAddress. Use this element to specify the IP Default:0.0.0.0
address of the server that will handle the applica- Range: up to 255.255.255.255
tion specified in the policy.
• port. Use this element to specify the new port Default:<opt>
number. Range: 0 … 65535
Note that if you leave the port element at its default
value (<opt>), then no port translation is done.

Note that if you leave the nat element at its default value (<opt>), then no
address translation is done.

Important remark

If you want to enable NAT on an interface but you also want that the inter-
face is inspected by the firewall, then enable NAT in the policies of the firewall and
not in the ip structure of the interface.

log Use this element to determine whether limited (disa- Default:disabled

bled) or extended (enabled) logging is done for this pol- Range: enabled / disabled
icy.

name Use this element to assign a name (description) to the Default:<empty>

inbound SNet policy. By doing so, you can easily iden- Range: 0 … 24 characters
tify the policy when it is listed in status and perform-
ance tables.
Telindus 1423 SHDSL Router Chapter 12 639
User manual Configuration attributes

telindus1423Router/ip/router/firewall/outboundSelfPolicies Default:<empty>
Range: table, see below
Use this attribute to define outbound self policies. Refer to 10.9.6 - Defining
an outbound self policy on page 390 for more information.
The outboundSelfPolicies table contains the following elements:

Element Description

sNet Use this element to specify the name of the destina- Default:<name> corp
tion SNet for which you want to create an outbound Range: choice, see below
self policy.
The sNet element is a choice element. The first part of the sNet element has the fol-
lowing values:
• name. Select this value if the destination SNet is Default:corp
one of the standard SNets. In the second part of Range: corp / dmz
the sNet element, use the drop-down box to select
one of the standard SNets:
- corp. The destination SNet is “corporate”. If you select
this value, then you create a policy for the traffic from
the device itself (self SNet) to the corporate SNet.
- dmz. The destination SNet is “DMZ”. If you select this
value, then you create a policy for the traffic from the
device itself (self SNet) to the DMZ SNet.
- internet. The destination SNet is “internet”. If you select this value, then you
create a policy for the traffic from the device itself (self SNet) to the internet
SNet.

• custom. Currently, you can only select standard Default:<empty>

SNets. In future releases of the TDRE, it will be Range: 0 … 16 characters
possible to select custom created SNets.

Note that you only have to set the destination SNet. The source SNet is
always the self SNet.
640 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

sourceIp Use this element to specify the source IP address(es) Default:<opt>

for which you want to create an outbound self policy. Range: choice, see below
The sourceIp element is a choice element. The first part of the sourceIp element has
the following values:
• network. Select this value if you want to create a pol-
icy for the traffic coming from a specific network. In
the second part of the sourceIp element, specify the
address of that network.
The network structure contains the following ele-
ments:
- address. Use this element to specify the IP Default:0.0.0.0
address of the network. Range: up to 255.255.255.255
- netmask. Use this element to specify the net- Default:0.0.0.0
mask of the network. Range: up to 255.255.255.255

• custom. Select this value if you want to create a

policy for the traffic coming from a specific
(range of) IP address(es). In the second part of
the sourceIp element, specify the IP address
(range).
The custom structure contains the following ele-
ments:
- startAddress. Use this element to specify the start Default:0.0.0.0
of the source IP address range. Range: up to 255.255.255.255
- endAddress. Use this element to specify the end Default:<opt>
of the source IP address range. Range: up to 255.255.255.255
Note that you can specify one single source IP
address by filling in the startAddress element and leaving the endAddress ele-
ment at its default value (<opt>).

Note that if you leave the sourceIp element at its default value (<opt>), then no
source IP address(es) is/are specified.
Telindus 1423 SHDSL Router Chapter 12 641
User manual Configuration attributes

Element Description

destIp Use this element to specify the destination IP Default:<opt>

address(es) for which you want to create an outbound Range: choice, see below
self policy.
The destIp element is a choice element. The first part of the destIp element has the
following values:
• network. Select this value if you want to create a pol-
icy for the traffic destined for a specific network. In
the second part of the destIp element, specify the
address of that network.
The network structure contains the following ele-
ments:
- address. Use this element to specify the IP Default:0.0.0.0
address of the network. Range: up to 255.255.255.255
- netmask. Use this element to specify the net- Default:0.0.0.0
mask of the network. Range: up to 255.255.255.255

• custom. Select this value if you want to create a

policy for the traffic destined for a specific
(range of) IP address(es). In the second part of
the destIp element, specify the IP address
(range).
The custom structure contains the following ele-
ments:
- startAddress. Use this element to specify the start Default:0.0.0.0
of the destination IP address range. Range: up to 255.255.255.255
- endAddress. Use this element to specify the end Default:<opt>
of the destination IP address range. Range: up to 255.255.255.255
Note that you can specify one single destina-
tion IP address by filling in the startAddress element and leaving the endAddress
element at its default value (<opt>).

Note that if you leave the destIp element at its default value (<opt>), then no
destination IP address(es) is/are specified.
642 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

application Use this element to specify the application for which Default:<opt>
you want to create an outbound self policy. Range: choice, see below
The application element is a choice element. Currently, the first part of the application
element is always custom. The custom structure contains the following elements:
• protocol. Use this element to specify the protocol. Default:any
The protocol element has the following values: any, Range: enumerated, see below
icmp, tcp, udp, ah, esp.
Note that if you leave the protocol element at its default value (any), then no pro-
tocol is specified.
• startPort. Use this element to specify the start of the Default:0 (any)
port range. Specify the port by typing the port Range: 0 … 65535
number. For ease of use, some common port num-
bers can be selected from a drop-down box.
Note that if you leave the port element at its default value (any), then no port is
specified.
• endPort. Use this element to specify the end of the Default:<opt>
port range. Specify the port by typing the port Range: 0 … 65535
number. For ease of use, some common port num-
bers can be selected from a drop-down box.
Note that you can specify one single port by filling in the startPort element and
leaving the endPort element at its default value (<opt>).

Note that if you leave the application element at its default value (<opt>), then
no application is specified.

action Use this element to determine whether the outbound Default:allow

self policy allows or denies traffic. Range: allow / deny
The action element has the following values:
• allow. Packets that fall within the specification of the policy are passed on.
• deny. Packets that fall within the specification of the policy are dropped.

log Use this element to determine whether limited (disa- Default:disabled

bled) or extended (enabled) logging is done for this pol- Range: enabled / disabled
icy.

name Use this element to assign a name (description) to the Default:<empty>

outbound self policy. By doing so, you can easily iden- Range: 0 … 24 characters
tify the policy when it is listed in status and perform-
ance tables.
Telindus 1423 SHDSL Router Chapter 12 643
User manual Configuration attributes

telindus1423Router/ip/router/firewall/inboundSelfPolicies Default:<empty>
Range: table, see below
Use this attribute to define inbound self policies. Refer to 10.9.4 - Defining
an outbound SNet policy on page 386 for more information.
The inboundSelfPolicies table contains the following elements:

Element Description

sNet Use this element to specify the name of the source Default:<name> corp
SNet for which you want to create an inbound self pol- Range: choice, see below
icy.
The sNet element is a choice element. The first part of the sNet element has the fol-
lowing values:
• name. Select this value if the source SNet is one of Default:corp
the standard SNets. In the second part of the sNet Range: corp / dmz
element, use the drop-down box to select one of
the standard SNets:
- corp. The source SNet is “corporate”. If you select this
value, then you create a policy for the traffic from the
corporate SNet to the device itself (self SNet).
- dmz. The source SNet is “DMZ”. If you select this value,
then you create a policy for the traffic from the DMZ
SNet to the device itself (self SNet).
- internet. The source SNet is “internet”. If you select this value, then you create
a policy for the traffic from the internet SNet to the device itself (self SNet).

• custom. Currently, you can only select standard Default:<empty>

SNets. In future releases of the TDRE, it will be Range: 0 … 16 characters
possible to select custom created SNets.

Note that you only have to set the source SNet. The destination SNet is
always the self SNet.
644 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

sourceIp Use this element to specify the source IP address(es) Default:<opt>

for which you want to create an inbound self policy. Range: choice, see below
The sourceIp element is a choice element. The first part of the sourceIp element has
the following values:
• network. Select this value if you want to create a pol-
icy for the traffic coming from a specific network. In
the second part of the sourceIp element, specify the
address of that network.
The network structure contains the following ele-
ments:
- address. Use this element to specify the IP Default:0.0.0.0
address of the network. Range: up to 255.255.255.255
- netmask. Use this element to specify the net- Default:0.0.0.0
mask of the network. Range: up to 255.255.255.255

• custom. Select this value if you want to create a

policy for the traffic coming from a specific
(range of) IP address(es). In the second part of
the sourceIp element, specify the IP address
(range).
The custom structure contains the following ele-
ments:
- startAddress. Use this element to specify the start Default:0.0.0.0
of the source IP address range. Range: up to 255.255.255.255
- endAddress. Use this element to specify the end Default:<opt>
of the source IP address range. Range: up to 255.255.255.255
Note that you can specify one single source IP
address by filling in the startAddress element and leaving the endAddress ele-
ment at its default value (<opt>).

Note that if you leave the sourceIp element at its default value (<opt>), then no
source IP address(es) is/are specified.
Telindus 1423 SHDSL Router Chapter 12 645
User manual Configuration attributes

Element Description

destIp Use this element to specify the destination IP Default:<opt>

address(es) for which you want to create an inbound Range: choice, see below
self policy.
The destIp element is a choice element. The first part of the destIp element has the
following values:
• network. Select this value if you want to create a pol-
icy for the traffic destined for a specific network. In
the second part of the destIp element, specify the
address of that network.
The network structure contains the following ele-
ments:
- address. Use this element to specify the IP Default:0.0.0.0
address of the network. Range: up to 255.255.255.255
- netmask. Use this element to specify the net- Default:0.0.0.0
mask of the network. Range: up to 255.255.255.255

• custom. Select this value if you want to create a

policy for the traffic destined for a specific
(range of) IP address(es). In the second part of
the destIp element, specify the IP address
(range).
The custom structure contains the following ele-
ments:
- startAddress. Use this element to specify the start Default:0.0.0.0
of the destination IP address range. Range: up to 255.255.255.255
- endAddress. Use this element to specify the end Default:<opt>
of the destination IP address range. Range: up to 255.255.255.255
Note that you can specify one single destina-
tion IP address by filling in the startAddress element and leaving the endAddress
element at its default value (<opt>).

Note that if you leave the destIp element at its default value (<opt>), then no
destination IP address(es) is/are specified.
646 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

application Use this element to specify the application for which Default:<opt>
you want to create an inbound self policy. Range: choice, see below
The application element is a choice element. Currently, the first part of the application
element is always custom. The custom structure contains the following elements:
• protocol. Use this element to specify the protocol. Default:any
The protocol element has the following values: any, Range: enumerated, see below
icmp, tcp, udp, ah, esp.
Note that if you leave the protocol element at its default value (any), then no pro-
tocol is specified.
• startPort. Use this element to specify the start of the Default:0 (any)
port range. Specify the port by typing the port Range: 0 … 65535
number. For ease of use, some common port num-
bers can be selected from a drop-down box.
Note that if you leave the port element at its default value (any), then no port is
specified.
• endPort. Use this element to specify the end of the Default:<opt>
port range. Specify the port by typing the port Range: 0 … 65535
number. For ease of use, some common port num-
bers can be selected from a drop-down box.
Note that you can specify one single port by filling in the startPort element and
leaving the endPort element at its default value (<opt>).

Note that if you leave the application element at its default value (<opt>), then
no application is specified.

action Use this element to determine whether the inbound Default:allow

self policy allows or denies traffic. Range: allow / deny
The action element has the following values:
• allow. Packets that fall within the specification of the policy are passed on.
• deny. Packets that fall within the specification of the policy are dropped.

log Use this element to determine whether limited (disa- Default:disabled

bled) or extended (enabled) logging is done for this pol- Range: enabled / disabled
icy.

name Use this element to assign a name (description) to the Default:<empty>

inbound self policy. By doing so, you can easily iden- Range: 0 … 24 characters
tify the policy when it is listed in status and perform-
ance tables.
Telindus 1423 SHDSL Router Chapter 12 647
User manual Configuration attributes

telindus1423Router/ip/router/firewall/attacks Default:-
Range: structure, see below
Use this attribute to determine, per type of attack, whether the firewall has
to check for this type of attack and neutralise it.
The attacks structure contains the following elements:

Element Description

synFlooding Use this element to enable or disable the detection Default:disabled

and neutralisation of the SYN Flooding attack. Refer Range: enabled / disabled
to What is the SYN Flooding attack? on page 381.
If you set the synFlooding element to enabled, then the firewall filters out forged serv-
ice requests while allowing legitimate requests to pass through.

sourceRouting Use this element to enable or disable the detection Default:disabled

and neutralisation of Source Routing attack. Refer to Range: enabled / disabled
What is the Source Routing attack? on page 381.
If you set the sourceRouting element to enabled, then the firewall filters out all data-
grams with strict or loose source routing option enabled.

winNuke Use this element to enable or disable the detection Default:disabled

and neutralisation of the WinNuke attack. Refer to Range: enabled / disabled
What is the WinNuke attack? on page 381.
If you set the winNuke element to enabled, then the firewall filters out this attack.

ftpBounce Use this element to enable or disable the detection Default:disabled

and neutralisation of the FTP Bounce attack. Refer to Range: enabled / disabled
What is the FTP Bounce attack? on page 381.
If you set the ftpBounce element to enabled, then the firewall checks that the data con-
nection is to the same system as that of the control connection.

ipUnalignedTimeS- Use this element to enable or disable the detection Default:disabled

tamp and neutralisation of the IP Unaligned Timestamp Range: enabled / disabled
attack. Refer to What is the IP Unaligned Timestamp
attack? on page 381.
If you set the ipUnalignedTimeStamp element to enabled, then the firewall checks
whether the IP packets received have the timestamp option set. If so, it checks that
it is aligned on a 32-bit boundary and drops the packet if it is not.
648 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

mime Use this element to enable or disable the detection Default:-

and neutralisation of the MIME attack. Refer to What Range: structure, see below
is the MIME attack? on page 381.
By configuring the mime structure, you can close the connection if the number of
received MIME headers exceeds the number of MIME headers you configured.
The mime structure contains the following elements:
• flood. Use this element to enable or disable the Default:disabled
detection and neutralisation of the MIME attack. Range: enabled / disabled
• maxHeaderLength. Use this element to determine the Default:8192
maximum length of the MIME header that may be Range: 256 … 65535
included in the HTTP request.
• maxHeaders. Use this element to determine the Default:16
maximum number of MIME headers that may be Range: 12 … 65535
included in the HTTP request.

seqNumPrediction Use this element to enable or disable the detection Default:disabled

and neutralisation of the Sequence Number Predic- Range: enabled / disabled
tion attack. Refer to What is the Sequence Number
Prediction attack? on page 382.
If you set the seqNumPrediction element to enabled, then the firewall manipulates the
initial sequence number with a new sequence number generated by the firewall
making it difficult to guess the sequence number for the attacker.

seqNumOutOf- Use this element to enable or disable the detection Default:disabled

Range and neutralisation of the Sequence Number Out Of Range: enabled / disabled
Range attack. Refer to What is the Sequence Number
Out Of Range attack? on page 382.
If you set the seqNumOutOfRange element to enabled, then the firewall drops the pack-
ets with sequence numbers that are out of range.

icmpErrorMessages Use this element to enable or disable the detection Default:disabled

and neutralisation of the ICMP Error Message attack. Range: enabled / disabled
Refer to What is the ICMP Error Message attack? on
page 382.
If you set the icmpErrorMessages element to enabled, then the firewall drops ICMP
error packets with a destination different from the internet SNet.
Telindus 1423 SHDSL Router Chapter 12 649
User manual Configuration attributes

telindus1423Router/ip/router/firewall/log Default:-
Range: structure, see below
Use this attribute to enable or disable logging and to determine what is
logged.
The log structure contains the following elements:

Element Description

mode Use this element to enable or disable logging. Default:enabled

The log information can be checked in the log status Range: enabled / disabled
attribute. Refer to telindus1423Router/ip/router/firewall/log on page 807.

attacks Use this element to enable or disable, per type of Default:-

attack, whether it is logged or not. Range: structure, see below
The attacks structure contains the following elements:
• synFlooding. Use this element to enable or disable Default:disabled
the logging of a SYN Flooding attack. Refer to Range: enabled / disabled
What is the SYN Flooding attack? on page 381.
• pingOfDeath. Use this element to enable or disable Default:disabled
the logging of a Ping Of Death attack. Refer to Range: enabled / disabled
What is the Ping Of Death attack? on page 382.
• ipSpoofing. Use this element to enable or disable the Default:disabled
logging of an IP Spoofing attack. Refer to What is Range: enabled / disabled
the IP Spoofing attack? on page 382.
• winNuke. Use this element to enable or disable the Default:disabled
logging of a WinNuke attack. Refer to What is the Range: enabled / disabled
WinNuke attack? on page 381.
• ipOptionAttack. Use this element to enable or disable Default:disabled
the logging of an IP Option attack. Refer to What is Range: enabled / disabled
the IP Option attack? on page 382.
All these attacks are logged with the priority “alert”.
650 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

general Use this element to enable or disable some general Default:-

loggings. Range: structure, see below
The general structure contains the following elements:
• systemErrorMessages. Use this element to enable or Default:enabled
disable the logging of system error messages. E.g. Range: enabled / disabled
memory allocation problems, module initialisation
problems, resource allocation problems. This is logged with the priority “notice”.
• denyPolicies. Use this element to enable or disable Default:enabled
the logging of deny policies. I.e. a policy of which Range: enabled / disabled
the action is set to “deny”. This is logged with the pri-
ority “alert”.
Note that this is only logged if for this policy, the log element is set to enabled.
• allowPolicies. Use this element to enable or disable Default:disabled
the logging of allow policies. I.e. a policy of which Range: enabled / disabled
the action is set to “allow”. This is logged with the pri-
ority “info”.
Note that this is only logged if for this policy, the log element is set to enabled.
• dataInspection. Use this element to enable or disable Default:disabled
the logging of data that is not allowed. E.g. due to Range: enabled / disabled
memory allocation problems, buffer limits, invalid
requests. This is logged with the priority “warning”.
• generalAttacks. Use this element to enable or disable Default:enabled
the general logging of attacks. You can then spec- Range: enabled / disabled
ify per attack whether it is logged or not. Refer to
the attacks element. This is logged with the priority “alert”.
• unavailablePolicies. Use this element to enable or dis- Default:disabled
able the logging of unavailable policies. I.e. when Range: enabled / disabled
no matching policy could be found. This is logged
with the priority “warning”.
• accessStatistics. Use this element to enable or disa- Default:disabled
ble the logging of access statistics. E.g. logs about Range: enabled / disabled
connection termination, closing, time-out, trans-
ferred bytes. This is logged with the priority “info”.
Note that this is only logged if for this policy, the log element is set to enabled.
• verbose. Use this element to enable or disable the Default:disabled
logging of ICMP messages, DNS requests and Range: enabled / disabled
replies. This is logged with the priority “info”.
Telindus 1423 SHDSL Router Chapter 12 651
User manual Configuration attributes

Element Description

thresholds Use this element to set the threshold to trigger the log- Default:-
ging. The threshold is set per log entry type, except for Range: structure, see below
denyPolicies and allowPolicies. In that case the threshold
is set per policy.
Logging thresholds are provided so that the logging system does not get flooded
with a huge number of duplicate logs in case the firewall or the corporate network
connected to it is under attack.
The thresholds structure contains the following elements:
• attack. Use this element to determine the number of Default:50
attacks that should occur before they are logged. Range: 1 … 300
• general. Use this element to determine the number Default:20
of general events that should occur before they are Range: 1 … 300
logged.

tableLength Use this element to set the length of the log table. Default:200
Note that changing this value clears the table. Range: 10 … 500
652 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

12.13 Bridge configuration attributes

This section discusses the configuration attributes concerned with bridging. First it describes the general
bridging configuration attributes. Then it explains the configuration attributes of the extra features as
there are access listing, user priority mapping, etc…
The following gives an overview of this section:
• 12.13.1 - Bridge group configuration attributes on page 653
• 12.13.2 - Bridge access list configuration attributes on page 663
Telindus 1423 SHDSL Router Chapter 12 653
User manual Configuration attributes

12.13.1 Bridge group configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/bridge/bridgeGroup/name on page 654
• telindus1423Router/bridge/bridgeGroup/ip on page 654
• telindus1423Router/bridge/bridgeGroup/arp on page 654
• telindus1423Router/bridge/bridgeGroup/bridgeCache on page 655
• telindus1423Router/bridge/bridgeGroup/bridgeTimeOut on page 656
• telindus1423Router/bridge/bridgeGroup/spanningTree on page 656
• telindus1423Router/bridge/bridgeGroup/localAccess on page 657
• telindus1423Router/bridge/bridgeGroup/macAddress on page 658
• telindus1423Router/bridge/bridgeGroup/vlan on page 659
• telindus1423Router/bridge/bridgeGroup/vlanSwitching on page 661
654 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/bridge/bridgeGroup/name Default:bridge
Range: 1 … 24 characters
Use this attribute to assign an administrative name to the bridge.
This attribute is only present on the default bridge group (bridgeGroup), not on the user instantiatable
bridge groups (vpnBridgeGroup[ ]). The user instantiatable bridge groups their name is the index name that
you have to specify when you add the bridge group object to the containment tree (refer to 9.2.3 - Adding
a bridge group on page 277).

telindus1423Router/bridge/bridgeGroup/ip Default:<empty>
Range: structure, see below
Use this attribute to configure the IP related parameters of the bridge.
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configuring IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip structure.

Important remark

If you set the configuration attribute telindus1423Router/lanInterface/mode to bridging, then the settings of the
configuration attribute telindus1423Router/lanInterface/ip are ignored. As a result, if you want to manage the
Telindus 1423 SHDSL Router via IP, you have to configure an IP address in the bridgeGroup object
instead: telindus1423Router/bridge/bridgeGroup/ip.

telindus1423Router/bridge/bridgeGroup/arp Default:-
Range: structure, see below
Use this attribute to configure the Address Resolution Protocol (ARP) cache
of the bridge.
Refer to telindus1423Router/lanInterface/arp on page 453 for a detailed description of the arp structure.
Telindus 1423 SHDSL Router Chapter 12 655
User manual Configuration attributes

telindus1423Router/bridge/bridgeGroup/bridgeCache Default:learning
Range: enumerated, see below
Use this attribute to determine how the bridge group should act: as a
repeater, a filter or a switch.
The bridgeCache attribute has the following values:

Value Description

disabled The bridge group acts as a

repeater.
All the data which origi-
nates from network 1 will
be let through to network
2. Even if the data is not
destined for that network.

learning The bridge group acts as a filter.

Data coming from network 1, will only be let through by the bridge if this data has
a destination outside network 1 or if it has a broadcast or multicast address. This
means the bridge filters the data and decreases the amount of data traffic on the
separated LAN segments.

switching The bridge group acts as a VLAN switch.

VLANs on network 1 are switched to VLANs on network 2. Use the vlanSwitching
attribute to specify which VLANs you want to switch. Refer to …
• telindus1423Router/bridge/bridgeGroup/vlanSwitching on page 661
• 10.3.4 - Configuring VLAN switching on page 313

What is the bridge cache?

Whereas the ARP cache keeps MAC address - IP address pairs, the bridge cache (also called address
database) keeps MAC address - interface pairs. This allows the bridge to know which device is reacha-
ble through which interface. Refer to telindus1423Router/bridge/bridgeGroup/bridgeCache on page 811 for an
example of such a table.
656 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/bridge/bridgeGroup/bridgeTimeOut Default:00000d 00h 05m 00s

Range: 00000d 00h 00m 00s-
Use this attribute to set the ageing time of the bridge cache entries. 24855d 03h 14m 07s
The bridge cache time-out

If devices on the network are (re)moved then the MAC address - interface relation changes (refer to
What is the bridge cache?). Therefore, the bridge cache entries are automatically removed from the
cache after a fixed time-out. This time-out period can be set with the bridgeTimeOut attribute. This in case
no topology change is detected, otherwise the time-out is equal to the value of the bridgeForwardDelay ele-
ment of the spanningTree attribute.

When checking the bridgeCache it may appear that some entries are present for a longer time than is con-
figured with the bridgeTimeOut attribute. This because the entries in the bridgeCache are not monitored con-
tinuously, but once per minute. As a result, some entries may appear to be “overtime”. However, this
should be no more than ± 75 seconds.

telindus1423Router/bridge/bridgeGroup/spanningTree Default:-
Range: structure, see below
Use this attribute to configure the bridging related parameters.
Whereas the bridging attribute groups the bridging related parameters per interface, the spanningTree
attribute groups the bridging related parameters of the bridge as a whole.
The spanningTree structure contains the following elements:

Element Description

protocol Use this element to select the bridging protocol. Default:none

The protocol element has the following values: Range: enumerated, see below

• none. The Telindus 1423 SHDSL Router uses the self-learning principle.
This means that the bridge itself learns which data it has to forward and which
data it has to block. I.e. it builds its own bridging table.
• p802.1D. The Telindus 1423 SHDSL Router uses the self-learning principle in
conjunction with the Spanning Tree protocol.
Because Spanning Tree bridging is somewhat more complicated than self-
learning bridging, an introduction is given in 9.1.2 - The self-learning and Trans-
parent Spanning Tree bridge on page 266.

When using Frame Relay or ATM encapsulation on the WAN interface

together with the Spanning Tree protocol, every DLCI or PVC link is consid-
ered as a separate bridge port. Each link is than considered as a special
kind of LAN with only both end points connected.
Telindus 1423 SHDSL Router Chapter 12 657
User manual Configuration attributes

Element Description

bridgePriority Use this element to set the priority of the bridge. Default:32768
The bridge its MAC address together with the Range: 0 … 65535
bridgePriority element form a unique bridge identifier. This identifier is used to deter-
mine which bridge becomes the root bridge.
The bridge with the lowest bridgePriority value becomes the root bridge. If two
bridges have the same bridgePriority value, then the bridge with the lowest MAC
address becomes the root bridge.

bridgeMaxAge Use this element to set the time the bridge retains Default:00000d 00h 00m 20s
bridging information before discarding it. Range: 00000d 00h 00m 06s -
00000d 00h 00m 40s

bridgeHelloTime Use this element to set the interval by which the root Default:00000d 00h 00m 02s
bridge sends Configuration BPDUs, also called Hello Range: 00000d 00h 00m 01s -
messages. 00000d 00h 00m 10s

bridgeForwardDelay Use this element to set … Default:00000d 00h 00m 15s

• the delay a bridge port applies to move from listen- Range: 00000d 00h 00m 04s -
00000d 00h 00m 30s
ing state to learning state or from learning state to
forwarding state. Refer to 9.1.5 - The Spanning Tree bridge port states on
page 269 for more information on the possible states of a bridge port.
• the time-out (or ageing) for purging MAC addresses from the bridge cache in
case a topology change is detected.

telindus1423Router/bridge/bridgeGroup/localAccess Default:permitted
Range: enumerated, see below
Use this attribute to allow or deny access to the bridge group itself.
The localAccess attribute has the following values:

Value Description

permitted Bridged packets can be delivered to the bridge group itself.

restricted No bridged packets can be delivered to the bridge group itself. This adds some
security, because the Telindus 1423 SHDSL Router can not be accessed through
the bridge group.
You could for instance create one bridge group specifically for …
• management purposes. In this bridge group, set the localAccess attribute to peri-
mitted.
• the actual data coming from the customers. In this bridge group, set the localAc-
cess attribute to restricted. In this way, the customer can never access the Telin-
dus 1423 SHDSL Router itself.
658 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/bridge/bridgeGroup/macAddress Default:<deviceMac> lan

Range: choice, see below
Use this attribute to determine whether a fixed, a random or a user defined
MAC address is associated with the bridge group.
The macAddress attribute has the following values:

Value Description

deviceMac A MAC address from the Telindus 1423 SHDSL Router itself is associated with the
bridge group.
Use the second part of the macAddress attribute to define which MAC address has
to be selected:
• lan. The LAN interface its MAC address is associated with the bridge group.
• random. The Telindus 1423 SHDSL Router generates a random MAC address
and this is associated with the bridge group.

userMac A user defined MAC address is associated with the bridge group.
Use the second part of the macAddress attribute to enter the MAC address.
Telindus 1423 SHDSL Router Chapter 12 659
User manual Configuration attributes

telindus1423Router/bridge/bridgeGroup/vlan Default:<empty>
Range: table, see below
Use this attribute to set up (a) VLAN(s) on the bridge group in case you want
to manage the Telindus 1423 SHDSL Router over (a) VLAN(s).
Although the Telindus 1423 SHDSL Router bridges VLAN tagged frames when connected to a VLAN
aware switch, the Telindus 1423 SHDSL Router itself can only be managed via IP if a VLAN is configured
on the bridge group. In other words, if you want that the data carried by a VLAN can be delivered to the
protocol stack of the Telindus 1423 SHDSL Router (e.g. so that it can be routed), then you have to con-
figure the VLAN on the bridge group.
The vlan table contains the following elements:

Element Description

name Use this element to assign an administrative name to Default:<empty>

the VLAN. Range: 0 … 24 characters

adminStatus Use this element to activate (up) or deactivate (down) Default:up

the VLAN. Range: up / down

ip Use this element to configure the IP related parame- Default:-

ters of the VLAN. Range: structure, see below
Refer to …
• 5.2 - Configuring IP addresses on page 59 for general information on configur-
ing IP addresses.
• 5.2.3 - Explaining the ip structure on page 63 for a detailed description of the ip
structure.

vlan Use this element to configure the specific VLAN Default:-

parameters. Range: structure, see below
Refer to telindus1423Router/bridge/bridgeGroup/vlan/vlan on page 660 for a detailed descrip-
tion of the vlan structure.
660 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/bridge/bridgeGroup/vlan/vlan Default:-
Range: structure, see below
Use this structure to configure the specific VLAN related parameters of a
VLAN.
The vlan structure contains the following elements:

Element Description

vid Use this element to set the VLAN ID. Default:1

Range: 1 … 4095

txCos Use this element to set the default user priority Default:0
(802.1P, also called COS) of the transmitted VLAN Range: 0 … 7
frames.

changeTos Use this element to enable or disable the COS to TOS Default:disabled
mapping. Range: enabled / disabled
If you set the changeTos attribute to disabled, then the element cosTosMap is ignored.

Note that the TOS to COS mapping is always enabled, irrespective with the
setting of the changeTos attribute.

cosTosMap Use this element to determine how the VLAN user pri- Default:-
ority (COS) maps onto the IP TOS byte value. Range: structure, see below
The cosTosMap structure contains the following elements:
• p0 … p7. Use these elements to define which VLAN Default:0
user priority (0 up to 7) maps onto which IP TOS Range: 0 … 7
byte value (0 up to 255).

tosCosMap Use this element to determine how the IP TOS byte Default:-
value maps onto the VLAN user priority (COS). Range: table, see below
The tosCosMap table contains the following elements:
• startTos and endTos. Use these elements to set the Default:0
TOS byte value range that has to be mapped. Range: 0 … 255
• cos. Use this element to set the VLAN user priority Default:0
(COS) value on which the specified TOS byte Range: 0 … 7
value range has to be mapped.

arp Use this element to configure the Address Resolution Default:-

Protocol (ARP) cache. Range: structure, see below
Refer to telindus1423Router/lanInterface/arp on page 453 for more information.
Telindus 1423 SHDSL Router Chapter 12 661
User manual Configuration attributes

telindus1423Router/bridge/bridgeGroup/vlanSwitching Default:<empty>
Range: table, see below
Use this attribute specify which VLANs you want to switch in case the bridge
group is used as a VLAN switch. Note that you have to enable VLAN switching on the bridge group by
setting the bridgeCache attribute to switching. Refer to …
• telindus1423Router/bridge/bridgeGroup/bridgeCache on page 655
• 10.3.4 - Configuring VLAN switching on page 313

The vlanSwitching attribute contains the following elements:

Element Description

sourceIntf Use this element to enter the name of the (physical) Default:<empty>
source interface which carries the VLAN that has to Range: 0 … 24 characters
be switched.

sourceVlan Use this element to enter the VLAN ID of the VLAN Default:1
that has to be switched. Range: 0 … 4094

Stripping the VLAN tag

Entering 0 as VLAN ID strips the VLAN tag of the Ethernet frame.

Example: suppose you enter 1 as srcVlan and 0 as dstVlan. So VLAN 1 is switched
from the source interface to the destination interface. But before it is sent out on
the destination interface, the VLAN tag is stripped. So instead of VLAN tagged
Ethernet frames, plain Ethernet frames are sent out. In the opposite direction how-
ever, the VLAN tag is added again.

sourcePMap Use this element to, if desired, remap the VLAN prior- Default:-
ities. The priorities defined in the sourcePMap are Range: structure, see below
applied after the VLAN is switched from destinationVlan
to sourceVlan.
The structure contains the elements p0 up to p7, which represent priority
0 up to priority 7. If you want to remap priorities, then enter the new priority
value under one of these priority elements.
Example: suppose you want to remap priority 5 to priority 7, then enter 7
as value of the p5 element.

destinationIntf Use this element to enter the name of the (physical) Default:<empty>
destination interface which carries the VLAN when it Range: 0 … 24 characters
has been switched.
The destination interface can also be a bridge group, in that case just enter the
name of the bridge group.

destinationVlan Use this element to enter the VLAN ID of the VLAN Default:1
when it has been switched. Range: 0 … 4094
Entering 0 as VLAN ID strips the VLAN tag of the Ethernet frame. Refer to Strip-
ping the VLAN tag for more information.
662 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

Element Description

destinationPMap Use this element to, if desired, remap the VLAN prior- Default:-
ities. The priorities defined in the destinationPMap are Range: structure, see below
applied after the VLAN is switched from sourceVlan to
destinationVlan.
Refer to the sourcePMap element for more information on this structure.

Note that the switching always happens in both directions (bidirectional, i.e. from source to destination
and vice versa).
Telindus 1423 SHDSL Router Chapter 12 663
User manual Configuration attributes

12.13.2 Bridge access list configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/bridge/accessList[ ]/macAddress on page 664

This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 50.
664 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/bridge/accessList[ ]/macAddress Default:<empty>

Range: table, see below
Use this attribute to filter bridged frames based on the source MAC address.
This is an outbound access list. Packets coming from MAC addresses that are specified in the access
list are not sent out on the interface on which the access list is applied.
To apply the access list on a bridge interface, type the index name of the accessList[ ] object as value of
the accessList element in the bridging structure.

Example

If you created an accessList object with index name my_access_list (i.e. access-
List[my_access_list]) and you want to apply this access list on a bridge interface, then
enter the index name as value for the accessList element in the bridging structure.
Telindus 1423 SHDSL Router Chapter 12 665
User manual Configuration attributes

12.14 SNMP configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/snmp/trapDestinations on page 666
• telindus1423Router/snmp/mib2Traps on page 666
666 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/snmp/trapDestinations Default:<empty>
Range: table, see below
Use this attribute to define to which IP address the SNMP traps have to be
sent.
The Telindus 1423 SHDSL Router translates all alarm status changes into SNMP traps. These traps can
then be sent to a management system. To enable this, configure in the trapDestinations table the IP
addresses to which the traps have to be sent. If the trapDestinations table is empty then no traps are sent.
The trapDestinations table contains the following elements:

Element Description

address Use this element to set the IP address of the manage- Default:0.0.0.0
ment station to which the SNMP trap messages have Range: up to 255.255.255.255
to be sent.

community Use this element to set the community string which is Default:public
included in the SNMP traps that are sent to the man- Range: 0 … 20 characters
agement station. It is used as a password in the
SNMP communication. Give it the same value as on your SNMP management sta-
tion.

telindus1423Router/snmp/mib2Traps Default:off
Range: on / off
Use this attribute to enable (on) or disable (off) the sending of SNMP traps
as MIB2 traps.
If you want to send the SNMP traps as MIB2 traps, proceed as follows:

Step Action

1 Select the snmp/trapDestinations attribute. Add an entry to this table for each network man-
agement station that should receive SNMP traps. Refer to telindus1423Router/snmp/trapDes-
tinations on page 666.

2 Configure the mib2Traps attribute:

• on. The alarms coldBoot, warmBoot and linkDown are sent as MIB2 traps instead of enter-
prise specific (private) MIB traps.
• off. All alarms are sent as enterprise specific (private) MIB traps.

3 Set for each object of the Telindus 1423 SHDSL Router:

• the alarms that you want to send using the attribute alarmMask.
• the importance of each alarm using the attribute alarmLevel.

By default only the most important alarms are enabled.

Telindus 1423 SHDSL Router Chapter 12 667
User manual Configuration attributes

12.15 Management configuration attributes

This section describes the following configuration attributes:

• telindus1423Router/management/sysLog on page 668
• telindus1423Router/management/timeServer on page 670
• telindus1423Router/management/timeZone on page 670
• telindus1423Router/management/cms2Address on page 671
• telindus1423Router/management/accessList on page 672
• telindus1423Router/management/snmp on page 673
• telindus1423Router/management/telnet on page 673
• telindus1423Router/management/tftp on page 673
• telindus1423Router/management/ftp on page 673
• telindus1423Router/management/accessPolicy on page 673
• telindus1423Router/management/consoleNoTrafficTimeOut on page 674
• telindus1423Router/management/alarmFilter on page 674
• telindus1423Router/management/timedStatsAvailability on page 674
• telindus1423Router/management/atwinGraphics on page 675
• telindus1423Router/management/loginControl on page 676
• telindus1423Router/management/ctrlPortProtocol on page 677
• telindus1423Router/management/loopback/ipAddress on page 677
• telindus1423Router/management/loopback/ipNetMask on page 677
668 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/management/sysLog Default:-
Range: structure, see below
Use this attribute to configure the sending of syslog messages.
The sysLog structure contains the following elements:

Element Description

separator Use this element to specify the separator character in Default:;

the syslog messages. Refer to What is syslog? on Range: 1 character
page 668 for more information on the syslog mes-
ages.

destinations Use this element to enter the IP address(es) of the Default:<empty>

syslog server(s). Up to 3 addresses can be entered. Range: table, see below
As soon a valid syslog server address is entered, a syslog message is sent to this
server for each (unmasked) alarm that occurs. If multiple syslog server addresses
are sent, then the syslog messages are sent to all servers.
The syslog messages are not sent in case the interface or the route through which
they have to be sent is down. In this case, the syslog messages are kept in a his-
tory list (maximum 31 messages). These pending messages are sent as soon as
the interface and/or route comes up again.

What is syslog?

The syslog protocol (RFC 3164) is used for the transmission of event notification messages across net-
works.
A syslog message is sent on UDP port 514. It has the following format:
"<facility*8+severity> date hostname message"
where …
• the priority value is the number contained within the angle brackets, i.e. <facility*8+severity>.
• facility is a part of the priority value: facility = 23 * 8 = 184
In this case no facility has been explicitly assigned and therefore a "local use" facility is used (numer-
ical code value 23).
• severity is a part of the priority value: severity = 6 - <alarmLevel of the alarm>
The severity only ranges from 0 up to 6. So in case the alarm level of an alarm is bigger than 6, the
severity is limited to 0.
• date is the date the syslog message was generated: Mmm dd hh:mm:ss (e.g. Jan 01 12:45:55).
• hostname is the IP address of the interface through which the syslog message was sent (e.g.
10.0.28.3).
• message is the alarm message. It has the following format:
"alarm:<sysName>;<realTimeClock>;<sysUpTime>;<devSeverityLevel>;<severit-
yLevel>;<alarmMessage>"
where …
- <sysName> is the sysName configured in the Telindus 1423 SHDSL Router.
- <realTimeClock> is the value of the real time clock at the moment the alarm was generated: dd/
mm/yy hh:mm:ss (e.g. 25/12/02 22:45:55).
- <sysUpTime> is the system up-time of the Telindus 1423 SHDSL Router at the moment the alarm
was generated: xxxxxd xxh xxm xxs (e.g. 00025d 08h 45m 55s).
Telindus 1423 SHDSL Router Chapter 12 669
User manual Configuration attributes

- <devSeverityLvl> is the device severity level: devSeverityLvl = 6 - <totalAlarmLevel of

the device>. The device severity level only ranges from 0 up to 6. So in case the total alarm level
of the Telindus 1423 SHDSL Router is bigger than 6, the device severity level is limited to 0.
- <severityLvl> is the alarm severity level: severityLvl = 6 - <alarmLevel of the alarm>.
The alarm severity level only ranges from 0 up to 6. So in case the alarm level of an alarm is bigger
than 6, the alarm severity level is limited to 0.
- <alarmMessage> is the alarm itself: path.alarmName on|off (e.g. telindus1423Router/lan-
Interface.linkDown on).
- ; is the separator character. If desired, you can specify another separator character. Refer to the
configuration element separator on page 668.

Example:
The following gives an example of a complete syslog message. In this case, the separator is the ^ char-
acter.
"<189>Feb 28 16:56:15 10.0.28.2 alarm:telindus1423Router^28/02/03 16:56:15^130^3^5^
telindus1423Router.configChanged on"
670 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/management/timeServer Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to enter the IP address of the SNTP time server with which
the Telindus 1423 SHDSL Router can synchronise its clock. Date and time are displayed in the status
attributes telindus1423Router/date and telindus1423Router/time.
You can also set the time zone and the daylight saving time using the configuration attribute
telindus1423Router/management/timeZone on page 670.

What is SNTP?

Short for Simple Network Time Protocol, a simplified version of NTP. SNTP is used when the ultimate
performance of the full NTP implementation described in RFC 1305 is not needed or justified.
The Telindus 1423 SHDSL Router can only act as an SNTP client, not as an SNTP server.

telindus1423Router/management/timeZone Default:-
Range: structure, see below
Use this attribute to set the time zone when using an SNTP time server.
Refer to telindus1423Router/management/timeServer on page 670.
The timeZone structure contains the following elements:

Element Description

timeZone Use this element to set the time zone. Default:utc+1

The timeZone element has the following values: utc, Range: enumerated, see below
utc+1 up to utc+12 and utc-1 up to utc-12.

What is UTC?

UTC is the coordinated universal time, formerly known as Greenwich mean time
(GMT). It is the international time standard.

daylightSaving Use this element to set the daylight saving time. Default:europeanUnion
The daylightSaving element has the following values: Range: europeanUnion / none
europeanUnion and none.
Telindus 1423 SHDSL Router Chapter 12 671
User manual Configuration attributes

telindus1423Router/management/cms2Address Default:0
Range: 0 … 65535
Use this attribute to assign an absolute address to the Telindus 1423
SHDSL Router.

What is relative and absolute addressing?

If you want to connect with TMA to a Telindus device, you have to specify the address of the device in
the Connect… window. Refer to 4 - Maintaining the Telindus 1423 SHDSL Router on page 35.
There are two different address types: relative and absolute. The following table explains the difference
between these address types:

Type Description

relative This type of addressing is meant for a network topology where the Telindus
devices are connected in-line on management level. I.e. with extended manage-
ment connections between two Telindus devices. An extended management con-
nection is realised with a crossed cable between the control connectors of two
Telindus devices.

To enable relative addressing, no address has to be specified in the Telindus

device. In other words, leave the cms2Address attribute at its default value, being 0.

absolute This type of addressing is meant for a network topology where the Telindus
devices are not connected in-line on management level. I.e. when there is a digital
multipoint device present (e.g. an Orchid DM).

To enable absolute addressing, an address has to be specified in the Telindus

device. Do this using the cms2Address attribute. The absolute addressing range
goes from 1 up to 65535.
672 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/management/accessList Default:<empty>
Range: table, see below
Use this attribute to set up an inbound simple access list on the protocol
stack. Refer to 10.2 - Configuring the access restrictions on page 296 for more information on inbound
access lists.
The access list filters incoming traffic, based on the source IP address. You can specify multiple entries
within the access list. When more than one entry applies to the same packet, then only the most specific
one is taken in consideration. I.e. the entry covering the smallest range. If not one entry matches, then
the packet is dropped. If the access list is empty, then all packets are forwarded.
The accessList table contains the following elements:

Element Description

sourceAddress Use this element to set the IP source address of the Default:0.0.0.0
packet. The address may be a (sub)network address. Range: up to 255.255.255.255

mask Use this element to set the IP subnet mask for the Default:255.255.255.255
sourceAddress. By combining an IP address with a Range: up to 255.255.255.255
mask you can uniquely identify a range of addresses.

action Use this element to set the action when a packet Default:deny
arrives with a source IP address that falls within the Range: enumerated, see below
specified address range.
The possible actions are:
• deny. The packet is dropped.
• allow. The packet is forwarded.

If you specify one entry or multiple entries for which the action is set to deny, then also specify at least
one entry for which the action is set to allow. Else all packets are dropped!

Example 1

This example shows an access list that only allows

traffic from subnet 192.168.48.0, except for packets
from station 192.168.48.10.

Example 2

The next example shows an access list that allows all

traffic, except the traffic from subnet 192.168.48.0.
The second entry is the rule to add if you want all pack-
ets that do not match the previous entries to be
allowed.
Telindus 1423 SHDSL Router Chapter 12 673
User manual Configuration attributes

telindus1423Router/management/accessPolicy Default:<empty>
Range: 0 … 24 characters
Use this attribute to apply an inbound extended access list on the protocol
stack.
Do this by entering the index name of the traffic policy you want to apply. You can create the traffic policy
itself by adding a trafficPolicy object and by configuring the attributes in this object.

Important remark

It is possible that the Telindus 1423 SHDSL Router has to answer to DHCP requests or terminate L2TP
and IPSec tunnels. In that case, if you set up an access list on the protocol stack, then make sure that
these protocols are allowed access to the protocol stack.

Refer to 10.2 - Configuring the access restrictions on page 296 for more information on inbound access
lists.

Example

If you created a trafficPolicy object with index name my_traffic_policy (i.e.

trafficPolicy[my_traffic_policy]) and you want to apply this traffic policy here, then enter the
index name as value for the trafficPolicy element.

telindus1423Router/management/snmp Default:enabled
Range: enabled / disabled
Use this attribute to accept (enabled) or discard (disabled) SNMP requests.

telindus1423Router/management/telnet Default:enabled
Range: enabled / disabled
Use this attribute to accept (enabled) or discard (disabled) Telnet sessions.

Use this attribute also to accept (enabled) or discard (disabled) HTTP (Web Interface) sessions.

telindus1423Router/management/tftp Default:enabled
Range: enabled / disabled
Use this attribute to accept (enabled) or discard (disabled) TFTP sessions.

telindus1423Router/management/ftp Default:enabled
Range: enabled / disabled
Use this attribute to accept (enabled) or discard (disabled) FTP sessions.
674 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/management/consoleNoTrafficTimeOut Default:00000d 00h 30m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to set the time-out period after which a management ses- 24855d 03h 14m 07s
sion is closed when there is no user interaction. The purpose of such a timer
is to protect the Telindus 1423 SHDSL Router against unauthorised access in case the last user did not
close his session.
This timer applies on …
• terminal (emulation) sessions (through the control port).
• Telnet and HTTP sessions (over IP).

It does not apply on TMA or TMA CLI sessions (nor through the control port, nor over IP). They have a
fixed time-out of 15 minutes.

telindus1423Router/management/alarmFilter Default:0
Range: 0 … 50000
Use this attribute to selectively ignore / drop alarms in TMA for HP Open-
View if these alarms are below a certain level.
The filter number that you define using the alarmFilter attribute, has to correspond with a filter that you
have to define in the Alarm Manager of TMA for HP OpenView. In the Alarm Manager, it is possible to
specify a minimum alarm level that is needed before alarms are logged in HP OpenView. This can be
specified for each filter number.

telindus1423Router/management/timedStatsAvailability Default:basic
Range: enumerated, see below
Use this attribute to determine whether the nested tables in the timed per-
formance statistics (i.e. 2 hour, 24 hour and 7 days performance statistics) are visible or not.
The timedStatsAvailability attribute has the following values:

Value Description

none Only the “first level” timed performance statistics are available. In other words, the
nested tables (i.e. a table in a table) in the timed performance statistics are not dis-
played.

basic The full performance statistics are available on the physical interfaces only (e.g.
the LAN interface, etc.). Not on the logical interfaces (e.g. a PVC, a VLAN, etc.).

full The full performance statistics are available on both the physical (e.g. the LAN
interface, etc.) and logical (e.g. a PVC, a VLAN, etc.) interfaces

If you have a lot of PVCs this may require quite some memory space and
processing power.
Telindus 1423 SHDSL Router Chapter 12 675
User manual Configuration attributes

telindus1423Router/management/atwinGraphics Default:enabled
Range: enabled / disabled
Use this attribute to enable or disable the graphical symbols in the ATWIN
user interface.
One of the tools that allows you to manage the Telindus 1423 SHDSL Router is ATWIN (refer to 1.4 -
Maintenance and management tools on page 8). ATWIN is a basic, menu-driven user interface. You can
start it using a terminal (emulation program) on the control port or using Telnet on an IP interface (e.g.
the LAN interface) and by typing atwin at the command prompt (refer to the Maintenance tools manual
(PDF) for more information).
By default, ATWIN uses graphical symbols to draw the borders of the “windows”. In some cases how-
ever, these graphical symbols are displayed incorrectly. In that case you can choose to disable the
graphical symbols. By doing so, the window borders are drawn using + and - signs.
The atwinGraphics attribute has the following values:

Value Description

enabled The ATWIN window borders are drawn using graphical symbols.

disabled The ATWIN window borders are drawn using + and - signs.
676 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes

telindus1423Router/management/loginControl Default:-
Range: structure, see below
Use this attribute to configure the monitoring of management access to the
device.
The loginControl structure contains the following elements:

Element Description

alarm Use this element to determine when the access failure Default:-
alarm should be logged in the accessLog table and a Range: structure, see below
syslog message is sent.
The alarm structure contains the following elements:
• maxFailCnt. Use this element to set the access fail- Default:3
ure alarm threshold. If this value is exceeded Range: 0 … 100
within the access failure alarm period, then the
access failure alarm is raised.
• period. Use this element to set the access failure Default:00000d 00h 15m 00s
alarm period. If within this period the access failure Range: 00000d 00h 00m 00s -
alarm threshold is exceeded, then the access fail- 00001d 00h 00m 00s
ure alarm is raised.

Example

By default, if within a period of 15 minutes 3 access attempts fail, then the access
failure alarm is logged in the accessLog table as follows:
Jul 13 11:00:00 00000d 00h 15m 58s accessFailureOn

If within the consecutive period of 15 minutes no or less than 3 access attempts

fail, then the access failure alarm is cleared in the accessLog table as follows:
Jul 13 11:15:00 00000d 00h 30m 58s accessFailureOff

Also see telindus1423Router/management/accessLog on page 817.

Telindus 1423 SHDSL Router Chapter 12 677
User manual Configuration attributes

telindus1423Router/management/ctrlPortProtocol Default:console
Range: enumerated, see below
Use this attribute to set the function of the control connector.
The ctrlPortProtocol attribute has the following values:

Value Description

management Select this value if you want to connect the control connector of the Telindus 1423
SHDSL Router to …
• a management concentrator for management purposes.
• the control connector of another Telindus device using a crossed cable (i.e.
they are connected back-to-back) in order to create an extended management
link. Refer to What is relative and absolute addressing? on page 671 for more
information on extended management links.

When connecting the control connector of the Telindus 1423 SHDSL Router to a
COM port of your computer, you can still open a TMA session on the Telindus 1423
SHDSL Router. You can however not open a CLI or ATWIN session.

console Select this value if you want to connect the control connector of the Telindus 1423
SHDSL Router to a COM port of your computer in order to manage the Telindus
1423 SHDSL Router using TMA, CLI, ATWIN, etc.

telindus1423Router/management/loopback/ipAddress Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to assign an IP address to the loopback interface.
The loopback interface is a software interface which can be used for management purposes. This inter-
face is always up, regardless of the state of the physical interfaces. This means the router will always
respond to ICMP echo requests sent to this address. In every other respect the loopback address
behaves the same as an IP address of a physical interface.
If the loopback address is used and RIP is active, then a host route to the loopback address is included
in the RIP updates.

telindus1423Router/management/loopback/ipNetMask Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to assign an IP netmask to the loopback interface.
Also see telindus1423Router/management/loopback/ipAddress on page 677.
678 Telindus 1423 SHDSL Router Chapter 12
User manual Configuration attributes
Telindus 1423 SHDSL Router Chapter 13 679
User manual Status attributes

13 Status attributes
This chapter discusses the status attributes of the Telindus 1423 SHDSL Router. The following gives an
overview of this chapter:
• 13.1 - Status attribute overview on page 680
• 13.2 - General status attributes on page 689
• 13.3 - LAN interface status attributes on page 693
• 13.4 - WAN interface status attributes on page 702
• 13.5 - Encapsulation status attributes on page 705
• 13.6 - SHDSL line status attributes on page 728
• 13.7 - End and repeater status attributes on page 733
• 13.8 - BRI status attributes on page 737
• 13.9 - AUX status attributes on page 749
• 13.10 - Profile status attributes on page 752
• 13.11 - Dial maps status attributes on page 754
• 13.12 - Bundle status attributes on page 757
• 13.13 - Router status attributes on page 765
• 13.14 - Bridge status attributes on page 808
• 13.15 - Management status attributes on page 815
• 13.16 - File system status attributes on page 820
• 13.17 - Operating system status attributes on page 830
680 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.1 Status attribute overview

Refer to 4.3 - The objects in the Telindus 1423 SHDSL Router containment tree on page 46 to find out
which objects are present by default, which ones you can add yourself and which ones are added auto-
matically.

> telindus1423Router
sysDescr
sysObjectID
sysUpTime
sysServices
flash1Version
flash2Version
activeFlash
flashVersions
bootVersion
tdreVersion
messages
deviceId
configurationSaving
date
time
Action: Set Date
Action: Set Time

>> lanInterface
ifDescr
ifType
ifOperStatus
ifLastChange
ifSpeed
ifMtu
ip
macAddress
arpCache
bridging
adapter1
vlan
ports2
ipAdEntBcastAddr
ipAdEntReasmMaxSize
Action: clearArpCache

1. Only present on the single port LAN interface.

2. Only present on the 4 port LAN interface.
Telindus 1423 SHDSL Router Chapter 13 681
User manual Status attributes

>> wanInterface
ifDescr
ifType
ifOperStatus
ifLastChange
ifSpeed
ifMtu

>>> atm
atmSync
pvcTable
vp

>>> frameRelay
ip
dlciTable
lmi
cllmLastCongestionCause

>>> ppp
ip
bridging
lcpState
ipcpState
bcpState
ccpState
lcpMyOptions
lcpHisOptions
ipcpMyOptions
ipcpHisOptions
bcpMyOptions
bcpHisOptions
ccpMyOptions
ccpHisOptions
myCompressionRatio
hisCompressionRatio
myAuthenticationStatus
hisAuthenticationStatus

>>> hdlc
bridging
682 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

>>> errorTest
status
type
startSysUpTime
duration
blockSize
programmablePattern
receiveSample

>>> line
ifDescr
ifType
ifOperStatus
ifSpeed
region
maxSpeedSearch
maxSpeedResult
linePairsSwapped
numDiscoveredRepeaters
eocAlarmThresholds
Action: maximumSpeedSearch

>>>> linePair[ ]
ifSpeed
ifOperStatus
status
timeSinceLastRetrain
lineAttenuation
signalNoise
actualBitRate

>>> repeater[ ]
vendorId
vendorModel
vendorSerial
vendorSoftVersion
eocSoftVersion
shdslVersion
eocState
eocAlarmThresholds
Action: loopbackActivation

>>>> networkLinePair[ ]
lineAttenuation
signalNoise

>>>> customerLinePair[ ]
lineAttenuation
signalNoise
Telindus 1423 SHDSL Router Chapter 13 683
User manual Status attributes

>>> end
vendorId
vendorModel
vendorSerial
vendorSoftVersion
eocSoftVersion
shdslVersion
eocState
eocAlarmThresholds

>>>> linePair[ ]
lineAttenuation
signalNoise

>> bri[1]3
ifDescr
ifType
ifOperStatus
ifLastChange
ifMtu
l1Status
lapdLinks
bChannelUsage
testType
testStatus
Action: loopbackActivation
Action: clearIsdnCall

>>> bChannel[1]
ifDescr
ifType
ifOperStatus
ifLastChange
ifMtu
dialMapEntry
localPhoneNr
remotePhoneNr
callDirection

3. Only present on the Telindus 1423 SHDSL Router ISDN version.

684 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

>>>> ppp
ip
lcpState
ipcpState
ccpState
lcpMyOptions
lcpHisOptions
ipcpMyOptions
ipcpHisOptions
ccpMyOptions
ccpHisOptions
myCompressionRatio
hisCompressionRatio
myAuthenticationStatus
hisAuthenticationStatus

>>> leasedLine[ ]
ifDescr
ifType
ifOperStatus
ifLastChange
ifSpeed
ifMtu

>>>> frameRelay
ip
dlciTable
lmi
cllmLastCongestionCause

>>>> ppp
ip
bridging
lcpState
ipcpState
bcpState
ccpState
lcpMyOptions
lcpHisOptions
ipcpMyOptions
ipcpHisOptions
bcpMyOptions
bcpHisOptions
ccpMyOptions
ccpHisOptions
myCompressionRatio
hisCompressionRatio
myAuthenticationStatus
hisAuthenticationStatus
Telindus 1423 SHDSL Router Chapter 13 685
User manual Status attributes

>>>> hdlc
bridging

>>>> errorTest
status
type
startSysUpTime
duration
blockSize
programmablePattern
receiveSample

>>> bChannel[2]
<Contains the same attributes as the bChannel[1] object.>

>> bri[2]3
<Contains the same attributes as the bri[1] object.>

>> profiles3

>>> dial

>>>> defaultIsdn
profileUsers

>>>> isdn[ ]
profileUsers

>>> encapsulation

>>>> defaultPpp
profileUsers

>>>> ppp[ ]
profileUsers

>>> forwardingMode

>>>> defaultRouting
profileUsers

>>>> routing[ ]
profileUsers

>> dialMaps3
mapping
686 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

>> bundle

>>> pppBundle[ ]4
ifDescr
ifType
ifOperStatus
ifSpeed
members
ip
bridging
ipcpState
ipcpMyOptions
ipcpHisOptions
bcpState
bcpMyOptions
bcpHisOptions
multiclassInterfaces

>>> isdnBundle[ ]5
ifDescr
ifType
ifOperStatus
ifSpeed
members
ip
ipcpState
ipcpMyOptions
ipcpHisOptions
bacpState
bacpMyOptions
bacpHisOptions
inBandwidth
outBandwidth

>> router
routingTable
igmpTable
dhcpBinding
dhcpStatistics
dhcpBlackList
radius
dns
dnsServers
addrPools3
Action: unBlacklist

4. This is the PPP bundle in case of MLPPP on the WAN interface.

5. This is the PPP bundle in case of MLPPP on the ISDN interfaces.
Telindus 1423 SHDSL Router Chapter 13 687
User manual Status attributes

>>> defaultNat
addresses

>>> tunnels
l2tpTunnels
ipsecL2tpTunnels

>>> ikeSA[ ]
phase1
phase2

>>> ospf
type
routers
externalRoutes
asExtLsas

>>>> area
interfaces
hosts
neighbors
routers
stub
routerLsas
networkLsas
summLsas
asbrLsas
nssaLsas

>>> vrrp[ ]
macAddress
interfaces
criticals

>>> firewall
sessions
reverseSessions
log
sNet
688 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

>> bridge

>>> bridgeGroup
ifDescr
ifType
ifOperStatus
ifMtu
ip
arpCache
bridgeCache
bridging
spanningTree
Action: clearArpCache
Action: clearBridgeCache

>> management
cms2Address
timeServer
alarmLog
accessLog

>>> loopback
ifDescr
ifType
ifOperStatus
ifMtu
ipAddress

>> fileSystem
fileList
freeSpace
status
corruptBlocks
trustedCertificates
selfCertificates
Action: Delete File
Action: Rename File
Action: loadTrustedCertificate
Action: generateSelfCertificateRequest
Action: loadSelfCertificate
Action: getTrustedCertificateScep
Action: getSelfCertificateScep
Action: getCrlScep
Action: saveCertificates

>> operatingSystem
taskInfo
Telindus 1423 SHDSL Router Chapter 13 689
User manual Status attributes

13.2 General status attributes

This section describes the following status attributes:

• telindus1423Router/sysDescr on page 690
• telindus1423Router/sysObjectID on page 690
• telindus1423Router/sysUpTime on page 690
• telindus1423Router/sysServices on page 690
• telindus1423Router/flash1Version on page 690
• telindus1423Router/flash2Version on page 690
• telindus1423Router/activeFlash on page 691
• telindus1423Router/flashVersions on page 691
• telindus1423Router/bootVersion on page 691
• telindus1423Router/tdreVersion on page 691
• telindus1423Router/messages on page 691
• telindus1423Router/deviceId on page 692
• telindus1423Router/configurationSaving on page 692
• telindus1423Router/date on page 692
• telindus1423Router/time on page 692
This section describes the following actions:
• telindus1423Router/Set Date on page 692
• telindus1423Router/Set Time on page 692
690 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/sysDescr

This attribute displays a textual description of the device.

Example: Telindus 1423 SHDSL Router Txxxx/xxxxx 01/01/00 12:00
In this example the following parameters are visible:
• Telindus 1423 SHDSL Router is the device name.
• Txxxx/xxxxx is the application software code and version.
• 01/01/00 12:00 is the application software release date and time.

telindus1423Router/sysObjectID

This attribute displays the identification string.

telindus1423Router/sysUpTime

This attribute displays the elapsed time since the last power-on or cold boot of the Telindus 1423 SHDSL
Router.

telindus1423Router/sysServices

This attribute displays the service identification.

telindus1423Router/flash1Version

This attribute displays the code and version of the application software stored as CONTROL1.
Example: Txxxx/xxxxx 01/01/00 12:00
In this example the following parameters are visible:
• Txxxx is the application software code for this device.
• /xxxxx is the application software version.
• 01/01/00 is the application software release date.
• 12:00 is the application software release time.

telindus1423Router/flash2Version

This attribute displays the code and version of the application software stored as CONTROL2.
Example: Txxxx/xxxxx 01/01/00 12:00
In this example the following parameters are visible:
• Txxxx is the application software code for this device.
• /xxxxx is the application software version.
• 01/01/00 is the application software release date.
• 12:00 is the application software release time.
Telindus 1423 SHDSL Router Chapter 13 691
User manual Status attributes

telindus1423Router/activeFlash

This attribute displays which application software is currently active. Possible values are:

Value Description

flash1 The application software CONTROL1 is active.

flash2 The application software CONTROL2 is active.

telindus1423Router/flashVersions

This attribute displays how many application software versions can be stored in the file system.

telindus1423Router/bootVersion

This attribute displays the code, version, release date and time of the boot software currently used in the
Telindus 1423 SHDSL Router.

telindus1423Router/tdreVersion

This attribute displays the version of the TDRE (Telindus Dynamic Routing Engine) currently used in the
Telindus 1423 SHDSL Router.
Example: xxx.yyy.zzz
In this example the following parameters are visible:
• xxx is the major TDRE version. This number is incremented only when a complete new version of the
TDRE is released.
• yyy is the minor TDRE version. This number is incremented every time new features are added to the
TDRE.
• zzz is the build version. This number is incremented every time a new TDRE version is built (also in
case of bug fixes etc.).

telindus1423Router/messages

This attribute displays informative and error messages, e.g. Reconfigured, Cold Boot, … The messages table
displays maximum 20 messages.

If you open a TMA session on the Telindus 1423 SHDSL Router over IP, i.e. not through the control port,
then the messages are also sent to the control port. This means that if you open a terminal emulation
session on the control port, you can monitor these messages. If you hit the ENTER key, the messages
stop and you get the (CLI) password prompt.
692 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/deviceId

This attribute displays a unique code. This code is programmed into the Telindus 1423 SHDSL Router
before it leaves the factory. You can use this code for inventory purposes.

telindus1423Router/configurationSaving

This attribute indicates when the Telindus 1423 SHDSL Router is writing its (new) configuration to the
flash memory. Possible values are:

Value Description

busy The Telindus 1423 SHDSL Router is busy writing its configuration to the flash
memory. During this state, do not power-down or reboot the Telindus 1423 SHDSL
Router else the new configuration will be lost.

done The Telindus 1423 SHDSL Router has finished writing its configuration to the flash
memory.

telindus1423Router/date

This attribute displays the current date in the format dd/mm/yy (e.g. 01/01/00).

telindus1423Router/time

This attribute displays the current time in the format hh:mm:ss (e.g. 12:30:45).

telindus1423Router/Set Date

Use this action to set the current date. Enter the date as argument value in the format dd/mm/yy (e.g. 01/
01/00). Then execute the action.

telindus1423Router/Set Time

Use this action to set the current time. Enter the time as argument value in the format hh:mm:ss (e.g.
12:30:45). Then execute the action.
Telindus 1423 SHDSL Router Chapter 13 693
User manual Status attributes

13.3 LAN interface status attributes

This section describes the following status attributes:

• telindus1423Router/lanInterface/ifDescr on page 694
• telindus1423Router/lanInterface/ifType on page 694
• telindus1423Router/lanInterface/ifOperStatus on page 694
• telindus1423Router/lanInterface/ifLastChange on page 694
• telindus1423Router/lanInterface/ifSpeed on page 694
• telindus1423Router/lanInterface/ifMtu on page 694
• telindus1423Router/lanInterface/ip on page 695
• telindus1423Router/lanInterface/macAddress on page 695
• telindus1423Router/lanInterface/arpCache on page 696
• telindus1423Router/lanInterface/bridging on page 697
• telindus1423Router/lanInterface/adapter on page 699
• telindus1423Router/lanInterface/vlan on page 699
• telindus1423Router/lanInterface/ports on page 700
• telindus1423Router/lanInterface/ipAdEntBcastAddr on page 700
• telindus1423Router/lanInterface/ipAdEntReasmMaxSize on page 700
This section describes the following actions:
• telindus1423Router/lanInterface/clearArpCache on page 701
694 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/lanInterface/ifDescr

This attribute displays the interface description.

telindus1423Router/lanInterface/ifType

This attribute displays the interface type.

telindus1423Router/lanInterface/ifOperStatus

This attribute displays the current operational status of the interface.

telindus1423Router/lanInterface/ifLastChange

This attribute shows the system-up time on the moment the interface entered its current operational
state. I.e. the moment the value of the ifOperStatus status attribute changes (from up to down or vice versa),
the system-up time value is written into the ifLastChange status attribute.

telindus1423Router/lanInterface/ifSpeed

This attribute displays the interface speed in bits per second (bps).

telindus1423Router/lanInterface/ifMtu

This attribute displays the interface its Maximum Transfer Unit, i.e. the maximum number of bytes that
one packet can contain on this interface.
Telindus 1423 SHDSL Router Chapter 13 695
User manual Status attributes

telindus1423Router/lanInterface/ip

This attribute displays the IP information of the interface.

The ip structure contains the following elements:

Element Description

status This is the current operational status of the IP layer (layer 3).

address This is the IP address of the interface. It is either configured or retrieved automat-
ically.

netMask This is the IP subnet mask of the interface. It is either configured or retrieved auto-
matically.

telindus1423Router/lanInterface/macAddress

This attribute displays the MAC address of the Telindus 1423 SHDSL Router its LAN interface.
The LAN interface has been allocated a fixed Ethernet address, also called MAC (Medium Access Con-
trol) address. The MAC address is globally unique and can not be modified. It is a 6 byte code, repre-
sented in hexadecimal format. Each byte in the code is separated by a colon.
Refer to What is the ARP cache? on page 453 for more information on the MAC addresses.
696 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/lanInterface/arpCache

This attribute displays all the MAC address - IP address pairs from ARP requests and replies received
on the LAN interface. Refer to What is the ARP cache? on page 453 for more information.
The arpCache table contains the following elements:

Element Description

macAddress This is the MAC address.

ipAddress This is the associated IP address.

type This is the ARP cache entry type. Possible values are:
• dynamic. The MAC - IP address pair is retrieved from an ARP request or reply
message.
• static. The MAC - IP address pair is configured.
There is only one static entry, i.e. the Telindus 1423 SHDSL Router its own IP
and MAC address.

timeOut This is the time the entry will remain in the ARP cache. For the static entry, this
value is 0.

Example

The following figure shows part of an ARP cache table as an example:

Telindus 1423 SHDSL Router Chapter 13 697
User manual Status attributes

telindus1423Router/lanInterface/bridging

This attribute displays the bridging status of the interface.

The bridging structure contains the following elements:

Element Description

state This displays the current state of the port. Possible values are:
• disabled1. The port is not in use because of a management action.
• blocking. The port does not participate in frame forwarding.
• listening. The port prepares to participate in frame forwarding, but it does not
update its MAC address database (also called bridge cache).
• learning. The port prepares to participate in frame forwarding, and it learns the
present MAC addresses.
• forwarding1. The port participates in frame forwarding.

Refer to 9.1.5 - The Spanning Tree bridge port states on page 269 for more infor-
mation on port states2.

subState2 This gives additional information on the port state. Possible values are:
• root. This is the port through which the root bridge can be reached. Conse-
quently, the root bridge itself does not have a root port. All other bridges must
have a root port.
• designated. This is the designated port for this (virtual) LAN. All ports of the root
bridge are designated ports.
• alternate. This port is not active. Either because of a management action, or
through protocol intervention.

designatedPriority2 Together, these two elements form a unique bridge identifier. Depending whether
the current port is a designated port or not, these two elements display the unique
designatedMac2
bridge identifier of …
• the bridge to which this port belongs, in case of a designated port.
• the bridge believed to be the designated bridge for the LAN that is currently
connected to this port, in all other cases.
This bridge identifier is used …
• together with the designatedPortPriority and designatedPortId attributes to determine
whether this port should be the designated port for the LAN that is currently
connected to this port.
• to test the value of the bridge identifier parameter conveyed in received Config-
uration BPDUs.
698 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

Element Description

designatedPort- Together, these two elements form a unique port identifier. They display the
Priority2 unique port identifier of the bridge port through which the designated bridge trans-
designatedPortId2 mits the configuration message information stored by this port.
This port identifier is used …
• together with the designatedPriority and designatedMac attributes to determine
whether this port should be the designated port for the LAN that is currently
connected to this port.
• by the management system to determine the topology of the bridged LAN.

topologyChangeAck This displays the value of the Topology Change Acknowledgement flag in the next
2
Configuration BPDU that will be transmitted on this port.
This element is used to assess the need to set the Topology Change Acknowl-
edgement flag in response to a received Topology Change Notification BPDU.

configuration- This is used to determine whether a Configuration BPDU should be transmitted on

Pending2 this port after expiry of the hold timer. This avoids that Configuration BPDUs are
transmitted too often, although ensuring that up-to-date information is transmitted.

1. These are the only possible port states for a bridge that is not running the Spanning Tree pro-
tocol (IEEE p802.1D).
2. Only relevant when the bridge uses the Spanning Tree Protocol.
Telindus 1423 SHDSL Router Chapter 13 699
User manual Status attributes

telindus1423Router/lanInterface/adapter

Only present on the single port LAN interface.

This attribute displays the Ethernet mode of the LAN interface as set using the telindus1423Router/lanInter-
face/adapter attribute.
The adapter structure contains the following elements:

Element Description

speed This is the Ethernet speed in Mbps. Possible values are: 10 and 100.

duplex This is the Ethernet duplex mode. Possible values are: halfDuplex and fullDuplex.

telindus1423Router/lanInterface/vlan

This attribute displays the status of the VLAN(s) on this interface.

The vlan table contains the following elements:

Element Description

name This is the name of the VLAN as you configured it. If you did not configure a name,
then this element displays: <LAN interface name> “vlan” <VLAN ID>.
E.g. lan vlan 2

ifOperStatus This is the current operational status of the VLAN.

ifLastChange This is the system-up time on the moment the VLAN entered its current operational
state. I.e. the moment the value of the ifOperStatus element changes (from up to down
or vice versa), the system-up time value is written into the ifLastChange element.

ip This displays the IP address and subnet mask of the VLAN.

bridging This displays the bridging information of the VLAN.

Refer to telindus1423Router/lanInterface/bridging on page 697 for a detailed description of
the bridging structure.

vlan This displays the specific VLAN related status information.

The vlan structure contains the following elements:
• identifier. This element displays the VLAN identifier.
• arpCache. This element displays all the MAC address - IP address pairs from
ARP requests and replies received on the VLAN.
Refer to telindus1423Router/lanInterface/arpCache on page 696 for a detailed descrip-
tion of the arpCache table.
700 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/lanInterface/ports

Only present on the 4 port Ethernet LAN interface.

This attribute displays the status of each port of the 4 port Ethernet interface (including the local port,
refer to What is the 4 port Ethernet switch? on page 317).
The ports table contains the following elements:

Element Description

portName This element displays the port name. Possible values are port1, port2, port3, port4 or
localPort. Refer to What is the 4 port Ethernet switch? on page 317 for more infor-
mation on what the local port is.

ifOperStatus This element displays the current operational status of the port.

speed This element displays the port speed in megabits per second (Mbps).

duplex This element displays the duplex mode of the port. Possible values are: fullDuplex
or halfDuplex.

autoNegotiate This element displays the status of the Ethernet mode auto negotiation process.
Possible values are:
• disabled. The adapter element in ports configuration attribute is set to fixed. I.e. the
auto negotiation process is disabled.
• done. The adapter element in ports configuration attribute is set to autoNegotiate and
the auto negotiation process is finished.
• notDone. The adapter element in ports configuration attribute is set to autoNegotiate
but the auto negotiation process is not finished (yet).

linkPartnerCaps This element displays the Ethernet mode capabilities of the port its link partner. So
this structure contains the following elements: 10Mb/halfDuplex, 10Mb/fullDuplex, 100Mb/
halfDuplex, 100Mb/fullDuplex, flowControl. Each element can have the value capable or
notCapable.

vlanMembership This element displays the VLAN membership of the port. The vlanMembership table
contains the following elements:
• vid. This element displays the VLAN ID.
• portMembership. This element displays which port is a member (yes) or no mem-
ber (no) of the corresponding VLAN.

telindus1423Router/lanInterface/ipAdEntBcastAddr

This attribute displays the value of the least-significant bit in the IP broadcast address. This address is
used for sending packets on the interface which is associated with the IP address of this entry. The value
applies to the general broadcast, the subnet and network broadcasts.

telindus1423Router/lanInterface/ipAdEntReasmMaxSize

This attribute displays the size of the largest IP packet which this entity can re-assemble from incoming
IP fragmented packets received on this interface.
Telindus 1423 SHDSL Router Chapter 13 701
User manual Status attributes

telindus1423Router/lanInterface/clearArpCache

Use this action to clear the ARP cache table.

702 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.4 WAN interface status attributes

This section describes the following status attributes:

• telindus1423Router/wanInterface/ifDescr on page 703
• telindus1423Router/wanInterface/ifType on page 703
• telindus1423Router/wanInterface/ifSpeed on page 703
• telindus1423Router/wanInterface/ifMtu on page 703
• telindus1423Router/wanInterface/ifLastChange on page 703
• telindus1423Router/wanInterface/ifOperStatus on page 703
Telindus 1423 SHDSL Router Chapter 13 703
User manual Status attributes

telindus1423Router/wanInterface/ifDescr

This attribute displays the interface description.

telindus1423Router/wanInterface/ifType

This attribute displays the interface type.

telindus1423Router/wanInterface/ifSpeed

This attribute displays the interface speed in bits per second (bps).

telindus1423Router/wanInterface/ifMtu

This attribute displays the interface its Maximum Transfer Unit, i.e. the maximum number of bytes that
one packet can contain on this interface.

telindus1423Router/wanInterface/ifLastChange

This attribute shows the system-up time on the moment the interface entered its current operational
state. I.e. the moment the value of the ifOperStatus status attribute changes (from up to down or vice versa),
the system-up time value is written into the ifLastChange status attribute.

telindus1423Router/wanInterface/ifOperStatus

This attribute displays the current operational status of the interface. Possible values are:

Value Description

up The WAN interface is up, data transfer is possible.

down The WAN interface is down, data transfer is not possible.

The ifOperStatus attribute is down in case of …
• ATM, when …
- the ATM synchronisation status is “not synched”.
- the line is not in data state.
- the bit pump is not synchronised.

• PPP(oA), when …
- LCP is not open.
- the line is not in data state.
- the bit pump is not synchronised.

• Frame Relay, when …

- LMI is not up.
- the line is not in data state.
- the bit pump is not synchronised.
704 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

Important remarks

• Whether the Telindus 1423 SHDSL Router is configured in bridging or routing has no effect on the
value of the attributes wanInterface/ifOperStatus:Status and wanInterface/alarmInfo/linkDown:Alarms.
• In case of ATM, if the configuration element pvcTable/atm/oamF5Loopback is set to disabled, then the ifOp-
erStatus of the PVC becomes up when the ATM is synchronised globally. However, this does not guar-
antee that the PVC is configured (correctly) on the remote side. However, the other conditions as
stated in the table above remain.
• In case of PPP(oA), if the configuration element linkMonitoring/operation is set to disabled, then it is pos-
sible that the wanInterface/ifOperStatus value does not go down even if the link quality is too bad for a
proper data link. This because the link monitoring mechanism is the only PPP mechanism that will
start a renegotiation of the LCP layer.
• In case of Frame Relay, if the configuration element lmi/auto is set to noLmi, then the value of the status
element lmi/status:Status is always up. However, the other conditions as stated in the table above
remain.
Telindus 1423 SHDSL Router Chapter 13 705
User manual Status attributes

13.5 Encapsulation status attributes

This section discusses the status attributes of the encapsulation protocols that can be used on the Tel-
indus 1423 SHDSL Router.

Note that these encapsulation protocols cannot only be used on the xDSL line but, if your Telindus 1423
SHDSL Router is equipped with (an) ISDN interface(s), also on the ISDN interface(s).
The protocols Frame Relay, PPP and HDLC are only relevant for TDM operation.
Refer to 1.3 - Telindus 1423 SHDSL Router family overview on page 7 for more information about which
protocols are available on which Telindus 1423 SHDSL Router version.

The following gives an overview of this section:

• 13.5.1 - ATM status attributes on page 706
• 13.5.2 - Frame Relay status attributes on page 711
• 13.5.3 - PPP status attributes on page 716
• 13.5.4 - HDLC status attributes on page 724
• 13.5.5 - Error test status attributes on page 726
706 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.5.1 ATM status attributes

This section describes the following status attributes:

• telindus1423Router/wanInterface/channel[wan_1]/atm/atmSync on page 707
• telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable on page 707
• telindus1423Router/wanInterface/channel[wan_1]/atm/vp on page 710
Telindus 1423 SHDSL Router Chapter 13 707
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/atmSync

This attribute displays the ATM synchronisation status. Possible values are: synced, notSynced.

telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable

This attribute gives the complete status information of all known PVCs.
The pvcTable table contains the following elements:

Element Description

name This is the name of the PVC as you configured it. If you did not configure a name,
then this element displays: <interface name> “vpi” <vpi number> “vci” <vci number>.
E.g. wan vpi 102 vci 102

ifOperStatus This is the current operational status of the PVC.

In case OAM F5 …
• LoopBack (LB) or Continuity Check (CC) is disabled, i.e. no OAM F4 LB/CC
cells are sent, then the ifOperStatus of the PVC becomes up when the ATM is syn-
chronised globally. However, this does not guarantee that the PVC is config-
ured (correctly) on the remote side.
• LoopBack (LB) is enabled, i.e. OAM F5 loopback cells are sent at regular inter-
vals, then the ifOperStatus of the PVC becomes up when the loopback cells are
returned and down when the loopback cells are not returned by the remote side.

ifLastChange This is the system-up time on the moment the PVC entered its current operational
state. I.e. the moment the value of the ifOperStatus element changes (from up to down
or vice versa), the system-up time value is written into the ifLastChange element.

ip This displays the IP information of the PVC.

Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/ip on page 708 for a
detailed description of the ip structure.

bridging This displays the bridging information of the PVC.

Refer to telindus1423Router/lanInterface/bridging on page 697 for a detailed description of
the bridging structure.

atm This displays the specific ATM related status information of the PVC.
Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm on page 709 for a
detailed description of the atm structure.
708 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/ip

The ip structure in the pvcTable displays the IP information of the PVC.

The ip structure contains the following elements:

Element Description

address This is the IP address of the PVC. It is either configured or retrieved automatically.

netMask This is the IP subnet mask of the PVC. It is either configured or retrieved automat-
ically.

remote This is the IP address of the remote end of the PVC. It is either configured or
retrieved automatically.
Telindus 1423 SHDSL Router Chapter 13 709
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm

The atm structure in the pvcTable displays the specific ATM related status information of the PVC.
The atm structure contains the following elements:

Element Description

vpi This displays the Virtual Path Identifier (VPI).

vci This displays the Virtual Channel Identifier (VCI).

The VPI in conjunction with the VCI identifies the next destination of a cell as it
passes through a series of ATM switches on the way to its destination.

peakCellRate This displays the Peak Cell Rate (PCR) of the PVC in bps.

sustCellRate This displays the Sustainable Cell Rate (SCR) of the PVC in bps.

maxBurstSize This displays the Maximum Burst Size (MBS) of the PVC in cell times.

pppOverEth When the Telindus 1423 SHDSL Router wants to initiate a PPP over Ethernet
(PPPoE) session, it must first perform a discovery to identify the Ethernet MAC
address of the host and to establish a PPPoE session ID. The pppOverEth structure
displays information on the PPPoE discovery.
The pppOverEth structure contains the following elements:
• discState. This is the state of the discovery. The discovery goes as follows:
- The Telindus 1423 SHDSL Router sends a PADI packet (PPPoE Active Dis-
covery Initiation).
- When the host receives a PADI that it can serve, it replies by sending a
PADO packet (PPPoE Active Discovery Offer).
- The Telindus 1423 SHDSL Router then sends one PADR packet (PPPoE
Active Discovery Request) to the host that it has chosen.
- When the host receives a PADR packet, it prepares to begin a PPP session.
It generates a unique session ID for the PPPoE session and replies to the
Telindus 1423 SHDSL Router with a PADS packet (PPPoE Active Discov-
ery Session-confirmation).
So possible discState values are: idle, waitForPADO, waitForPADS, established.
• remoteMacAddress. This is the MAC address of the remote system as learned dur-
ing the discovery.

ppp This displays the PPP information of the PVC.

Refer to 13.5.3 - PPP status attributes on page 716 for a detailed description of the
elements in the ppp structure.
710 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/vp

Whereas the pvcTable gives the current operational status for each Virtual Channel, the vp table gives the
current operational status of a complete Virtual Path.
The vp table contains the following elements:

Element Description

vpi This is the Virtual Path Identifier (VPI).

ifOperStatus This is the current operational status of the Virtual Path.

In case OAM F4 …
• LoopBack (LB) or Continuity Check (CC) is disabled, i.e. no OAM F4 LB/CC
cells are sent, then the ifOperStatus of the VP becomes up when the ATM is syn-
chronised globally. However, this does not guarantee that the VP is configured
(correctly) on the remote side.
• LoopBack (LB) is enabled, i.e. OAM F4 loopback cells are sent at regular inter-
vals, then the ifOperStatus of the VP becomes up when the loopback cells are
returned and down when the loopback cells are not returned by the remote side.
In case a VP goes down, also all VCs belonging to the VP go down.
Telindus 1423 SHDSL Router Chapter 13 711
User manual Status attributes

13.5.2 Frame Relay status attributes

This section describes the following status attributes:

• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/ip on page 712
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable on page 712
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/lmi on page 714
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/cllmLastCongestionCause on page 715
712 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/ip

This attribute displays the IP information of the Frame Relay link.

Refer to telindus1423Router/lanInterface/ip on page 695 for a detailed description of the ip structure.

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable

This attribute gives the complete status information of all known DLCIs.
The dlciTable table contains the following elements:

Element Description

name This is the name of the DLCI as you configured it. If you did not configure a name,
then this element displays: <interface name> “dlci” <dlci number>.
E.g. wan dlci 16

ifOperStatus This is the current operational status of the DLCI.

ifLastChange This is the system-up time on the moment the DLCI entered its current operational
state. I.e. the moment the value of the ifOperStatus element changes (from up to down
or vice versa), the system-up time value is written into the ifLastChange element.

ip This displays the IP information of the DLCI.

Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/ip on page 708 for a
detailed description of the ip structure.

bridging This displays the bridging information of the DLCI.

Refer to telindus1423Router/lanInterface/bridging on page 697 for a detailed description of
the bridging structure.

frameRelay This displays the specific Frame Relay related status information of the DLCI.
Refer to telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable/frameRelay on
page 713 for a detailed description of the frameRelay structure.
Telindus 1423 SHDSL Router Chapter 13 713
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable/frameRelay

The frameRelay structure in the dlciTable displays the specific Frame Relay related status information of the
DLCI.
The frameRelay structure contains the following elements:

Element Description

dlci This is the DLCI identification number.

active This indicates whether the corresponding DLCI is active (on) or not (off).

new This is set to on if the DLCI has just been created, else it is off.

deleted This is set to on if the DLCI has been deleted, else it is off.

rr This element is only relevant for LMI revision 1. It is the flow control flag. If it is on,
then no traffic can be sent on this DLCI. Else it is off.

bandwidth This element is only relevant for LMI revision 1 (in all other cases this value is 0).
It is the CIR value, in bps, as it is configured on the remote.

cllmLastCongestion- CLLM (Consolidated Link Layer Management) is a Frame Relay protocol used for
Cause traffic management. The cllmLastCongestionCause element indicates the last reason,
which was received from the network, for congestion on the corresponding DLCI.
Refer to telindus1423Router/wanInterface/channel[wan_1]/frameRelay/cllmLastCongestion-
Cause on page 715 for the possible values of the cllmLastCongestionCause element.
714 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/lmi

This attribute gives a complete LMI status information overview.

The lmi structure contains the following elements:

Element Description

mode This displays the Frame Relay mode. Possible values are: noLmi, user, network, auto.
Refer to telindus1423Router/wanInterface/channel[wan_1]/frameRelay/lmi on page 483 for
more information on these values.

type This displays the LMI variant. Possible values are: lmiRev1, ansiT1-617-d, q933-Annex-
A, frf1-2.
Refer to telindus1423Router/wanInterface/channel[wan_1]/frameRelay/lmi on page 483 for
more information on these values.

status This displays the current state of LMI. Possible values are:
• up. LMI messages can and are exchanged.
• down. No LMI messages can be exchanged.

lastStatusChange This is the system-up time when the LMI status entered its current state. I.e. the
moment the value of the status element changes (from up to down or vice versa), the
system-up time value is written into the lastStatusChange element.

lastError This displays the last error condition reported by LMI. Possible values are: none,
protocol error, unknown information element, sequence error, unknown report, timer expired,
invalid report type, unsolicited status.

netTxSeqNum This is the sequence number of the last LMI Status Response frame that was sent.
Since only a Frame Relay network or DCE can transmit Status Responses, the
value of this element only changes in case the Telindus 1423 SHDSL Router is
defined as a Frame Relay network or both user and network. I.e. in case the mode
element is set to network, auto or nni.

netRxSeqNum This is the sequence number of the last LMI Status Enquiry frame that was
received.
Since only a Frame Relay network or DCE can receive Status Enquiries, the value
of this element only changes in case the Telindus 1423 SHDSL Router is defined
as a Frame Relay network or both user and network. I.e. in case the mode element
is set to network, auto or nni.

netErrors This is the number of errors on LMI commands issued by the Frame Relay network
or DCE during the last monitoredEvents period.

userTxSeqNum This is the sequence number of the last LMI Status Enquiry frame that was sent.
Since only a Frame Relay user or DTE can transmit Status Enquiries, the value of
this element only changes in case the Telindus 1423 SHDSL Router is defined as
a Frame Relay user or both user and network. I.e. in case the mode element is set
to user, auto or nni.
Telindus 1423 SHDSL Router Chapter 13 715
User manual Status attributes

Element Description

userRxSeqNum This is the sequence number of the last LMI Status Response frame that was
received.
Since only a Frame Relay user or DTE can receive Status Responses, the value
of this element only changes in case the Telindus 1423 SHDSL Router is defined
as a Frame Relay user or both user and network. I.e. in case the mode element is
set to user, auto or nni.

userErrors This is the number of errors on LMI commands issued by the Frame Relay user or
DTE during the last monitoredEvents period.

userWaitFullEnquiry This is the number of LMI frames still to be sent before a Full Status Enquiry will
be requested.

userLastReport- This displays the type of the most recent report that was sent. Possible values are:
TypeSent
• full status. The last report contained the full status.
• link integrity. The last report only contained the link integrity information.

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/cllmLastCongestionCause

This attribute indicates the last reason, which was received from the network, for congestion on any of
the DLCIs. Possible values are:
• none
• short term, excessive traffic
• long term, excessive traffic
• short term, equipment failure
• long term, equipment failure
• short term, maintenance action
• long term, maintenance action
• short term, unknown cause
• long term, unknown cause
• unknown cause
716 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.5.3 PPP status attributes

This section describes the following status attributes:

• telindus1423Router/wanInterface/channel[wan_1]/ppp/ip on page 717
• telindus1423Router/wanInterface/channel[wan_1]/ppp/bridging on page 717
• telindus1423Router/wanInterface/channel[wan_1]/ppp/lcpState on page 718
• telindus1423Router/wanInterface/channel[wan_1]/ppp/ipcpState on page 718
• telindus1423Router/wanInterface/channel[wan_1]/ppp/bcpState on page 718
• telindus1423Router/wanInterface/channel[wan_1]/ppp/ccpState on page 718
• telindus1423Router/wanInterface/channel[wan_1]/ppp/lcpMyOptions on page 719
• telindus1423Router/wanInterface/channel[wan_1]/ppp/lcpHisOptions on page 719
• telindus1423Router/wanInterface/channel[wan_1]/ppp/ipcpMyOptions on page 720
• telindus1423Router/wanInterface/channel[wan_1]/ppp/ipcpHisOptions on page 720
• telindus1423Router/wanInterface/channel[wan_1]/ppp/bcpMyOptions on page 721
• telindus1423Router/wanInterface/channel[wan_1]/ppp/bcpHisOptions on page 721
• telindus1423Router/wanInterface/channel[wan_1]/ppp/ccpMyOptions on page 722
• telindus1423Router/wanInterface/channel[wan_1]/ppp/ccpHisOptions on page 722
• telindus1423Router/wanInterface/channel[wan_1]/ppp/myCompressionRatio on page 722
• telindus1423Router/wanInterface/channel[wan_1]/ppp/hisCompressionRatio on page 722
• telindus1423Router/wanInterface/channel[wan_1]/ppp/myAuthenticationStatus on page 723
• telindus1423Router/wanInterface/channel[wan_1]/ppp/hisAuthenticationStatus on page 723
Telindus 1423 SHDSL Router Chapter 13 717
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/ip

This attribute displays the IP information of the PPP link.

The ip structure contains the following elements:

Element Description

status This is the current operational status of the IP layer (layer 3) of the PPP link.

address This is the IP address of the PPP link. It is either configured or retrieved automat-
ically.

netMask This is the IP subnet mask of the PPP link. It is either configured or retrieved auto-
matically.

remote This is the IP address of the remote end of the PPP link. It is either configured or
retrieved automatically.

telindus1423Router/wanInterface/channel[wan_1]/ppp/bridging

This attribute displays the bridging status of the PPP link.

Refer to telindus1423Router/lanInterface/bridging on page 697 for a detailed description of the bridging structure.
718 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/lcpState

This attribute reflects the status of the LCP (Link Control Protocol) protocol. Possible values are:

Value Description

Initial LCP handshake has not started yet.

Starting, Closed, These values correspond with the transient states in the LCP state diagram.
Stopped, Closing,
Stopping

Req-Sent The local side of the PPP link has sent an LCP request. The remote side did not
answer yet.

Ack-Rcvd The local side of the PPP link has received an LCP acknowledge from the remote
side. This is a transient state.

Ack-Sent The local side of the PPP link has acknowledged the LCP request from the remote
side.

Opened The LCP handshake succeeded.

telindus1423Router/wanInterface/channel[wan_1]/ppp/ipcpState

This attribute reflects the status of the IPCP (Internet Protocol Control Protocol) protocol. The possible
values are the same as those of the lcpState attribute.
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/lcpState on page 718.

telindus1423Router/wanInterface/channel[wan_1]/ppp/bcpState

This attribute reflects the status of the BCP (Bridging Control Protocol) protocol. The possible values are
the same as those of the lcpState attribute.
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/lcpState on page 718.

telindus1423Router/wanInterface/channel[wan_1]/ppp/ccpState

This attribute reflects the status of the CCP (Compression Control Protocol) protocol. The possible val-
ues are the same as those of the lcpState attribute.
Refer to telindus1423Router/wanInterface/channel[wan_1]/ppp/lcpState on page 718.
Telindus 1423 SHDSL Router Chapter 13 719
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/lcpMyOptions

During the LCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the LCP options for the router at this side (local side) of the link.
The lcpMyOptions table contains the following elements:

Element Description

option The Telindus 1423 SHDSL Router supports the following LCP options:
• 3: the Authentication-Protocol option.
• 5: the Magic-Number option.

For more information on the LCP configuration options, refer to RFC 1661.

length This is the length of the option field.

value This is the option value represented as an octet string (hexadecimal ASCII repre-
sentation).

telindus1423Router/wanInterface/channel[wan_1]/ppp/lcpHisOptions

This attribute lists the LCP options for the router at the other side (remote side) of the link. The
lcpHisOptions table contains the same elements as the lcpMyOptions table. Refer to telindus1423Router/wanIn-
terface/channel[wan_1]/ppp/lcpMyOptions on page 719.
Other option values than the ones supported by the Telindus 1423 SHDSL Router may be present.
720 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/ipcpMyOptions

During the IPCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the IPCP options for the router at this side (local side) of the link.
The ipcpMyOptions table contains the following elements:

Element Description

option The Telindus 1423 SHDSL Router supports the following IPCP option:
• 3: the IP-Address option.
• ip-vso: the IP-Vendor Specific option. This is used to negotiate the netmask.

For more information on the IPCP configuration options, refer to RFC 1332.

length This is the length of the option field.

value This is the option value represented as an octet string (hexadecimal ASCII repre-
sentation).

telindus1423Router/wanInterface/channel[wan_1]/ppp/ipcpHisOptions

This attribute lists the IPCP options for the router at the other side (remote side) of the link. The
ipcpHisOptions table contains the same elements as the ipcpMyOptions table. Refer to telindus1423Router/wan-
Interface/channel[wan_1]/ppp/ipcpMyOptions on page 720.
Other option values than the ones supported by the Telindus 1423 SHDSL Router may be present.
Telindus 1423 SHDSL Router Chapter 13 721
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/bcpMyOptions

During the BCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the BCP options for the router at this side (local side) of the link.
The bcpMyOptions table contains the following elements:

Element Description

option The Telindus 1423 SHDSL Router supports the following BCP options:
• 1: the Bridge-Identification option.
• 2: the Line-Identification option.
• 3: the MAC-Support option.
• 4: the Tinygram-Compression option.
• 5: the LAN-Identification option.
• 6: the MAC-Address option.
• 7: the Spanning-Tree-Protocol option.

For more information on the BCP configuration options, refer to RFC 2878.

length This is the length of the option field.

value This is the option value represented as an octet string (hexadecimal ASCII repre-
sentation).

telindus1423Router/wanInterface/channel[wan_1]/ppp/bcpHisOptions

This attribute lists the BCP options for the router at the other side (remote side) of the link. The
bcpHisOptions table contains the same elements as the bcpMyOptions table. Refer to telindus1423Router/wanIn-
terface/channel[wan_1]/ppp/bcpMyOptions on page 721.
Other option values than the ones supported by the Telindus 1423 SHDSL Router may be present.
722 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/ccpMyOptions

During the CCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the CCP options for the router at this side (local side) of the link.
The ccpMyOptions table contains the following elements:

Element Description

option The Telindus 1423 SHDSL Router supports the following CCP option:
• 1: the Predictor1 option.

For more information on the CCP configuration options, refer to RFC 1962.

length This is the length of the option field.

value This is the option value represented as an octet string (hexadecimal ASCII repre-
sentation).

telindus1423Router/wanInterface/channel[wan_1]/ppp/ccpHisOptions

This attribute lists the CCP options for the router at the other side (remote side) of the link. The
ccpHisOptions table contains the same elements as the ccpMyOptions table. Refer to telindus1423Router/wanIn-
terface/channel[wan_1]/ppp/ccpMyOptions on page 722.
Other option values than the ones supported by the Telindus 1423 SHDSL Router may be present.

telindus1423Router/wanInterface/channel[wan_1]/ppp/myCompressionRatio

When PPP compression is enabled, this attribute displays the compression ratio achieved by the router
at this side (local side) of the link.

telindus1423Router/wanInterface/channel[wan_1]/ppp/hisCompressionRatio

When PPP compression is enabled, this attribute displays the compression ratio achieved by the router
at the other side (remote side) of the link.
Telindus 1423 SHDSL Router Chapter 13 723
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/ppp/myAuthenticationStatus

This attribute displays the authentication state of the router at this side (local side) of the link. I.e. the
state of the authenticator. Possible values are:

Value Description

No-Authentication The local side does not request PPP authentication or still has to start the CHAP
authentication (LCP handshake is busy).

Wait-On-Response The local side has sent a challenge packet and is waiting for an answer.

Authen-Successful The response packet is found to be correct. This is the state when authentication
succeeded.

Authen-Failure The response packet is found to be incorrect. This is a transient state since the
router starts the LCP handshake again after a failing authentication.

telindus1423Router/wanInterface/channel[wan_1]/ppp/hisAuthenticationStatus

This attribute displays the authentication state of the router at the other side (remote side) of the link. I.e.
the state of the peer. Possible values are:

Value Description

No-Authentication This is the start-up state.

Wait-On-Challenge During the LCP handshake the authenticator already indicates it wants to authen-
ticate. From that moment on, the peer awaits a challenge packet.

Wait-On-Success Once the peer has sent a response, it awaits a success or failure message.

Authen-Successful The peer has received a success packet. It remains in this state during data trans-
fer.

Authen-Failure The peer has received a failure packet. This is a transient state since the router
starts the LCP handshake again after a failing authentication.

Authen-Not-Allowed This state only occurs when the peer does not accept the authentication request
during the LCP handshake. A possible reason might be that the peer router does
not support CHAP.
724 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.5.4 HDLC status attributes

This section describes the following status attributes:

• telindus1423Router/wanInterface/channel[wan_1]/hdlc/bridging on page 725
Telindus 1423 SHDSL Router Chapter 13 725
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/hdlc/bridging

This attribute displays the bridging status of the HDLC link.

Refer to telindus1423Router/lanInterface/bridging on page 697 for a detailed description of the bridging structure.
726 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.5.5 Error test status attributes

This section describes the following status attributes:

• telindus1423Router/wanInterface/channel[wan_1]/errorTest/status on page 727
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/type on page 727
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/startSysUpTime on page 727
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/duration on page 727
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/blockSize on page 727
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/programmablePattern on page 727
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/receiveSample on page 727
This section describes the following actions:
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/startTest on page 727
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/stopTest on page 727
Telindus 1423 SHDSL Router Chapter 13 727
User manual Status attributes

telindus1423Router/wanInterface/channel[wan_1]/errorTest/status

This attribute displays the status of the error test.

Due to RAM limitations, it is possible that not all test patterns are supported. In that case the string ram-
Limit is displayed as value of the status attribute telindus1423Router/wanInterface/channel[wan_1]/errorTest/status.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/type

This attribute displays the type of error test.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/startSysUpTime

This attribute displays the value of the sysUpTime attribute at the moment the error test was started.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/duration

This attribute displays the duration of the error test.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/blockSize

This attribute displays the size of the test blocks.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/programmablePattern

This attribute displays the bit string pattern as you configured it in the programmablePattern configuration
attribute.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/receiveSample

This attribute displays the received test pattern.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/startTest

Use this action to start an error test.

Refer to 7.6 - Configuring an error test on page 183 for more information on setting up an error test.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/stopTest

Use this action to stop an error test.

728 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.6 SHDSL line status attributes

This section describes the following line status attributes:

• telindus1423Router/wanInterface/line/ifDescr on page 729
• telindus1423Router/wanInterface/line/ifType on page 729
• telindus1423Router/wanInterface/line/ifOperStatus on page 729
• telindus1423Router/wanInterface/line/ifSpeed on page 729
• telindus1423Router/wanInterface/line/region on page 729
• telindus1423Router/wanInterface/line/maxSpeedSearch on page 729
• telindus1423Router/wanInterface/line/maxSpeedResult on page 729
• telindus1423Router/wanInterface/line/linePairsSwapped on page 730
• telindus1423Router/wanInterface/line/numDiscoveredRepeaters on page 730
• telindus1423Router/wanInterface/line/eocAlarmThresholds on page 730
This section describes the following line pair status attributes:
• telindus1423Router/wanInterface/line/linePair[ ]/ifOperStatus on page 732
• telindus1423Router/wanInterface/line/linePair[ ]/ifSpeed on page 732
• telindus1423Router/wanInterface/line/linePair[ ]/status on page 732
• telindus1423Router/wanInterface/line/linePair[ ]/timeSinceLastRetrain on page 732
• telindus1423Router/wanInterface/line/linePair[ ]/lineAttenuation on page 732
• telindus1423Router/wanInterface/line/linePair[ ]/signalNoise on page 732
• telindus1423Router/wanInterface/line/linePair[ ]/actualBitRate on page 732
This section describes the following actions:
• telindus1423Router/wanInterface/line/maximumSpeedSearch on page 731
Telindus 1423 SHDSL Router Chapter 13 729
User manual Status attributes

telindus1423Router/wanInterface/line/ifDescr

This attribute displays the interface description.

telindus1423Router/wanInterface/line/ifType

This attribute displays the interface type.

telindus1423Router/wanInterface/line/ifOperStatus

This attribute displays the current operational status of the line. Possible values are:

Value Description

up The line is up, data transfer is possible.

down The line is down, data transfer is not possible.

testing A line test is active.

telindus1423Router/wanInterface/line/ifSpeed

This attribute displays the current line speed in bits per second (bps).

In case of a Telindus 1423 SHDSL Router 2 pair version, the line/ifSpeed attribute displays the sum of the
speed of line pair 1 and 2.

telindus1423Router/wanInterface/line/region

This attribute displays the SHDSL standard currently used. Possible values are: auto, annexA, annexB.
Refer to telindus1423Router/wanInterface/line/region on page 498 for more information on these values.

telindus1423Router/wanInterface/line/maxSpeedSearch

This attribute displays the status of the maximumSpeedSearch action. Possible values are:

Value Description

idle No maximumSpeedSearch action has been performed.

progressing The maximumSpeedSearch action is running.

aborted The maximumSpeedSearch action stopped without result.

completed The maximumSpeedSearch action is finished. The result is displayed in the

maxSpeedResult attribute.

telindus1423Router/wanInterface/line/maxSpeedResult

This attribute displays the maximum speed, in bits per second (bps), that was achieved during the exe-
cution of the maximumSpeedSearch action.
730 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/line/linePairsSwapped

This attribute is only present on the Telindus 1423 SHDSL Router 2 pair version.
This attribute indicates whether the line pairs have been swapped when connecting the central with the
remote device. Possible values are:

Value Description

yes The line pairs are swapped.

no The line pairs are not swapped.

unknown The Telindus 1423 SHDSL Router is unable to determine whether the line pairs
have been swapped (e.g. because it is still training).

telindus1423Router/wanInterface/line/numDiscoveredRepeaters

This attribute displays the number of Crocus SHDSL repeaters that the Telindus 1423 SHDSL Router
discovered on the SHDSL line.

telindus1423Router/wanInterface/line/eocAlarmThresholds

What this attribute displays depends on the setting of the telindus1423Router/wanInterface/line/eocHandling

attribute:

If eocHandling is then …
set to …

none the eocAlarmThresholds attribute does not display relevant information. It always dis-
plays 0.0.

discovery • on the central1 device, the eocAlarmThresholds attribute displays the values as set
in the telindus1423Router/wanInterface/line/linkAlarmThresholds attribute.
inventory
• on the remote2 device, the eocAlarmThresholds attribute does not display relevant
info information. It always displays 0.0.

alarmConfiguration the eocAlarmThresholds attribute displays the values as set in the telindus1423Router/
wanInterface/line/linkAlarmThresholds attribute on the central device.

1. The central device is the device on which the channel attribute is set to central.
2. The remote device is the device on which the channel attribute is set to remote.

The eocAlarmThresholds structure contains the following elements:

• lineAttenuation
• signalNoise
Telindus 1423 SHDSL Router Chapter 13 731
User manual Status attributes

telindus1423Router/wanInterface/line/maximumSpeedSearch

Use this action to determine the highest possible line speed that can be achieved between the central
and remote Telindus 1423 SHDSL Router.
When you execute this test, the following happens:

Phase Action

1 The Telindus 1423 SHDSL Router interrupts the normal data transfer.

2 Both local and remote Telindus 1423 SHDSL Router go to auto speed mode in order to
determine the highest possible line speed. Meanwhile, the status of the test can be mon-
itored with the maxSpeedSearch attribute.

3 When the test ends, the result is displayed by the maxSpeedResult attribute.

4 The Telindus 1423 SHDSL Router resumes normal data transfer at the speed that was
selected before the test.

Important remarks

• The Telindus 1423 SHDSL Router has to be in data state (i.e. after a successful training sequence
and when the data connection is up) before you can execute the maximumSpeedSearch action.
• While the maximumSpeedSearch action is running, no data transmission is possible.
• In case of a Telindus 1423 SHDSL Router 2 pair version, you can not execute the maximumSpeedSearch
action because you can not define a speed range on both the central and remote Telindus 1423
SHDSL Router.
732 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/line/linePair[ ]/ifOperStatus

This attribute displays the current operational status of the line pair. Possible values are:

Value Description

up The line pair is up, data transfer is possible. This is the case when the value of the
linePair[ ]/status attribute is dataState.

down The line pair is down, data transfer is not possible.

testing A line test is active.

telindus1423Router/wanInterface/line/linePair[ ]/ifSpeed

This attribute displays the line pair speed, in bits per second (bps), when the line pair is in data state.

telindus1423Router/wanInterface/line/linePair[ ]/status

This attribute displays the current status of the line pair. Possible values are:

Value Description

idle No link is present.

training A training cycle is in progress.

dataState A data link is present.

telindus1423Router/wanInterface/line/linePair[ ]/timeSinceLastRetrain

This attribute displays the elapsed time since the last retrain cycle.

telindus1423Router/wanInterface/line/linePair[ ]/lineAttenuation

This attribute displays the current line pair attenuation in dB.

The lineAttenuation attribute does not display meaningful information when the line is not trained. It is only
relevant for a line that is in data state for at least 5 minutes.

telindus1423Router/wanInterface/line/linePair[ ]/signalNoise

This attribute displays the current signal to noise ratio on the line pair in dB.

The signalNoise attribute does not display meaningful information when the line is not trained. It is only
relevant for a line that is in data state for at least 5 minutes.

telindus1423Router/wanInterface/line/linePair[ ]/actualBitRate

This attribute displays the maximum speed, in bits per second (bps), that could be negotiated on the line
pair during the training sequence.
Telindus 1423 SHDSL Router Chapter 13 733
User manual Status attributes

13.7 End and repeater status attributes

This section describes the following status attributes:

• telindus1423Router/wanInterface/end/vendorId on page 734
• telindus1423Router/wanInterface/end/vendorModel on page 734
• telindus1423Router/wanInterface/end/vendorSerial on page 734
• telindus1423Router/wanInterface/end/vendorSoftVersion on page 734
• telindus1423Router/wanInterface/end/eocSoftVersion on page 734
• telindus1423Router/wanInterface/end/shdslVersion on page 734
• telindus1423Router/wanInterface/end/eocState on page 735
• telindus1423Router/wanInterface/end/eocAlarmThresholds on page 735
• telindus1423Router/wanInterface/end/linePair[ ]/lineAttenuation on page 735
• telindus1423Router/wanInterface/end/linePair[ ]/signalNoise on page 735
This section describes the following actions:
• telindus1423Router/wanInterface/repeater/loopbackActivation on page 736

• Exactly which information is retrieved from the remote SHDSL device(s) through the EOC channel
depends on the setting of the eocHandling attribute. Refer to 5.4.4 - none or passiveWhich standard EOC
information is retrieved? on page 80 for an overview.
• The repeater[ ] and end objects contain the same attributes, therefore only the attributes of the end
object are listed here.
734 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/end/vendorId

This attribute is only retrieved in case the eocHandling attribute is set to discovery, inventory, info or alarmCon-
figuration.
This attribute displays information about the vendor of the repeater or end device. The vendorId structure
contains the following elements:
• countryCode E.g. 65295 for Belgium.
• providerCode E.g. TLS_ for Telindus.
• vendorSpecific

telindus1423Router/wanInterface/end/vendorModel

This attribute is only retrieved in case the eocHandling attribute is set to inventory, info or alarmConfiguration.
This attribute displays the model of the repeater or end device. E.g. SHDSL TT 2P for a Crocus SHDSL
Table Top 2 pair version.

telindus1423Router/wanInterface/end/vendorSerial

This attribute is only retrieved in case the eocHandling attribute is set to inventory, info or alarmConfiguration.
This attribute displays the serial number of the repeater or end device. For a Telindus devices this is the
deviceId attribute (refer to telindus1423Router/deviceId on page 692).

telindus1423Router/wanInterface/end/vendorSoftVersion

This attribute is only retrieved in case the eocHandling attribute is set to inventory, info or alarmConfiguration.
This attribute displays the version of the firmware used on the repeater or end device. For a Telindus
device this is the part after “/” of the T-code string displayed in the flashVersion attribute (refer to
telindus1423Router/flash1Version on page 690).

telindus1423Router/wanInterface/end/eocSoftVersion

This attribute is only retrieved in case the eocHandling attribute is set to discovery, inventory, info or alarmCon-
figuration.
This attribute displays the EOC software version used on the repeater or end device.

telindus1423Router/wanInterface/end/shdslVersion

This attribute is only retrieved in case the eocHandling attribute is set to discovery, inventory, info or alarmCon-
figuration.
This attribute displays the SHDSL version used on the repeater or end device.
Telindus 1423 SHDSL Router Chapter 13 735
User manual Status attributes

telindus1423Router/wanInterface/end/eocState

This attribute is only retrieved in case the eocHandling attribute is set to discovery, inventory, info or alarmCon-
figuration.
This attribute displays the state of the EOC channel.

telindus1423Router/wanInterface/end/eocAlarmThresholds

This attribute is only retrieved in case the eocHandling attribute is set to info or alarmConfiguration.
What this attribute displays depends on the setting of the telindus1423Router/wanInterface/line/eocHandling
attribute:

If eocHandling is then …
set to …

info the eocAlarmThresholds attribute displays the values as set in the telindus1423Router/
wanInterface/line/linkAlarmThresholds attribute on the remote1 device.

alarmConfiguration the eocAlarmThresholds attribute displays the values as set in the telindus1423Router/
wanInterface/line/linkAlarmThresholds attribute on the central2 device.

1. The remote device is the device on which the channel attribute is set to remote.
2. The central device is the device on which the channel attribute is set to central.

The eocAlarmThresholds structure contains the following elements:

• lineAttenuation
• signalNoise

telindus1423Router/wanInterface/end/linePair[ ]/lineAttenuation

This attribute is only retrieved in case the eocHandling attribute is set to info or alarmConfiguration.
This attribute displays the line attenuation, in dB, as it is measured on the line pair of the repeater or end
device.

telindus1423Router/wanInterface/end/linePair[ ]/signalNoise

This attribute is only retrieved in case the eocHandling attribute is set to info or alarmConfiguration.
This attribute displays the noise margin, in dB, as it is measured on the line pair of the repeater or end
device.
736 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/wanInterface/repeater/loopbackActivation

This action is only present in the repeater[ ] object.

Use this action to set up a loop at the network side of the Crocus SHDSL Repeater:

network loop- customer

side back side

central device repeater

Set the loop by selecting the action argument value initiateNetworkLoopback and executing the action (in
TMA, double-click the loopbackActivation string). Stop the loop by selecting the action argument value
clearAllMaintenanceStates and executing the action (in TMA, double-click the loopbackActivation string).

Important remarks

• You can only set up a loop at the network side of the Crocus SHDSL Repeater. Not at the customer
side.
• You can only start the loopbackActivation action on the central device. Not on the remote device.
• You can only start the loopbackActivation action in case the telindus1423Router/wanInterface/line/eocHandling
attribute is set to alarmConfiguration.
Telindus 1423 SHDSL Router Chapter 13 737
User manual Status attributes

13.8 BRI status attributes

This section discusses the status attributes of the BRI interface. First it describes the status attributes of
the BRI interface in general. Then it describes more specifically the status attributes of the B-channels
and of the leasedLine[ ] object that can be added under the bri[ ] object.
The following gives an overview of this section:
• 13.8.1 - General BRI status attributes on page 738
• 13.8.2 - B-channel status attributes on page 744
• 13.8.3 - ISDN leased line status attributes on page 746
738 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.8.1 General BRI status attributes

This section describes the following status attributes:

• telindus1423Router/bri[ ]/ifDescr on page 739
• telindus1423Router/bri[ ]/ifType on page 739
• telindus1423Router/bri[ ]/ifOperStatus on page 739
• telindus1423Router/bri[ ]/ifLastChange on page 739
• telindus1423Router/bri[ ]/ifMtu on page 739
• telindus1423Router/bri[ ]/l1Status on page 740
• telindus1423Router/bri[ ]/lapdLinks on page 741
• telindus1423Router/bri[ ]/bChannelUsage on page 742
• telindus1423Router/bri[ ]/testType on page 742
• telindus1423Router/bri[ ]/testStatus on page 742
This section describes the following actions:
• telindus1423Router/bri[ ]/loopbackActivation on page 743
• telindus1423Router/bri[ ]/clearIsdnCall on page 743
Telindus 1423 SHDSL Router Chapter 13 739
User manual Status attributes

telindus1423Router/bri[ ]/ifDescr

This attribute displays the interface description of the BRI interface.

telindus1423Router/bri[ ]/ifType

This attribute displays the interface type of the BRI interface.

telindus1423Router/bri[ ]/ifOperStatus

This attribute displays the current operational status of the LAPD (Link Access Protocol - Channel D,
which is layer 2) of the BRI interface.
Possible values are:

Value Description

up LAPD is up.

down LAPD is down.

telindus1423Router/bri[ ]/ifLastChange

This attribute shows the system-up time on the moment the interface entered its current operational
state. I.e. the moment the value of the ifOperStatus status attribute changes (from up to down or vice versa),
the system-up time value is written into the ifLastChange status attribute.

telindus1423Router/bri[ ]/ifMtu

This attribute displays the BRI interface its Maximum Transfer Unit, i.e. the maximum number of bytes
that one packet can contain on this interface.
740 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/bri[ ]/l1Status

This attribute displays the status of ISDN layer 1, i.e. the physical connection with the telecom operator
ISDN switch, of the BRI interface. The most common states are f7Activated and f3Deacivated. Possible val-
ues are:

Value Description

f1Inactive In this inactive (powered-off) state, the TE1 is not transmitting and cannot detect
the presence of any input signals.

f2Sensing This state is entered after the TE has been powered on but has not determined the
type of signal (if any) that the TE is receiving.

f3Deacivated This is the deactivated state of the physical protocol. Neither the NT2 nor the TE is
transmitting.

f4AwaitingSignal When the TE wishes to initiate activation, it sends an activation signal to the NT
and awaits a response.

f5IdentifyingInput At first receipt of any signal from the NT, the TE ceases sending activation signals
and awaits the activation signal or synchronized frame from the NT.

f6Synchronized When the TE has received an activation signal from the NT, it responds with a syn-
chronized frame and is awaiting a synchronized frame from the NT.

f7Activated This is the normal active state with the protocol activated in both directions. Both
the NT and TE are transmitting normal frames. State F7 is the only state where B-
and D-channel contain operational data.

f8LostFraming This is the condition when the TE has lost frame synchronization and is awaiting
re-synchronization.

1. TE: Terminal Equipment

2. NT: Network Termination device
Telindus 1423 SHDSL Router Chapter 13 741
User manual Status attributes

telindus1423Router/bri[ ]/lapdLinks

This attribute displays the status of ISDN layer 2 with Terminal Endpoint Identifier (TEI) number and
multi-frame structure state of the BRI interface.
The lapdLinks table contains the following elements:

Element Description

l2State This is the multi-frame structure state. The most common states are multiple-
FrameEstablished and teiAssigned:
• multipleFrameEstablished. This indicates there is data link connectivity to the tele-
com operator ISDN switch. This is the state that you should see under normal
operations. Any other state usually indicates a problem on the circuit.
• teiAssigned. This indicates that the router has lost connectivity to the switch. This
is normal if the telecom operator deactivates layers 1 and 2 when there are no
active calls.

Refer to ITU Q.921 Annex B for more information on all the other possible layer 2
states such as: teiUnassigned, assignAwaitingTei, establishAwaitingTei, awaitingEstablish-
ment, awaitingRelease, timerRecovery.

tei This is the Terminal Endpoint Identifier.

742 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/bri[ ]/bChannelUsage

This attribute displays the usage of the B-channels on the BRI interface.
The bChannelUsage table contains the following elements:

Element Description

channel This displays the B-channel number: 1 or 2.

dialMapEntry This indicates which dial map uses this B-channel.

localTelNr This displays which local telephone number is entered in the dial map for this B-
channel.

remoteTelNr This displays which remote telephone number is entered in the dial map for this B-
channel.

callDirection This displays the call direction of the B-channel. Possible values are: incall, outcall
or undefined.

telindus1423Router/bri[ ]/testType

This attribute displays which BRI loop is currently active.

Refer to telindus1423Router/bri[ ]/loopbackActivation on page 743 for more information on BRI loops.

telindus1423Router/bri[ ]/testStatus

This attribute displays the status of the active BRI loop. Possible values are:

Value Description

progressing The loop is started.

running The loop is active.

ending The loop is ended.

unknown There are two possibilities:

• No loop is active.
• For some reason it is not possible to retrieve the status of the loop.

Refer to telindus1423Router/bri[ ]/loopbackActivation on page 743 for more information on BRI loops.
Telindus 1423 SHDSL Router Chapter 13 743
User manual Status attributes

telindus1423Router/bri[ ]/loopbackActivation

Use this action to activate a loop on the BRI interface of the Telindus 1423 SHDSL Router. These loops
are useful to trace possible problems. First select a loop type (i.e. an argument value), then execute the
loopbackActivation action.
The loopbackActivation action has the following argument values:

Value Description

noLoopback No loop is activated. In case you want to stop a loop, then select this value and
execute the loopbackActivation action.

internalLoopback The data coming from the remote side is looped back to the remote side on the
BRI interface.

externalLoopback The data coming from the Telindus 1423 SHDSL Router is looped back into the
Telindus 1423 SHDSL Router on the BRI interface.

If a loop is active, then deactivate this loop before starting a new loop.

The following figure gives an overview of the different loops:

telindus1423Router/bri[ ]/clearIsdnCall

Use this action to break off an ISDN call. Do this by typing the dial map name of the corresponding ISDN
call as argument value and executing the action.
For example, suppose the ISDN call is initiated by an entry in the dialMaps/mapping table called myMap, then
type myMap as argument value of the clearIsdnCall action and execute the action.
744 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.8.2 B-channel status attributes

This section describes the following status attributes:

• telindus1423Router/bri[ ]/bChannel[ ]/ifDescr on page 745
• telindus1423Router/bri[ ]/bChannel[ ]/ifType on page 745
• telindus1423Router/bri[ ]/bChannel[ ]/ifOperStatus on page 745
• telindus1423Router/bri[ ]/bChannel[ ]/ifLastChange on page 745
• telindus1423Router/bri[ ]/bChannel[ ]/ifMtu on page 745
• telindus1423Router/bri[ ]/bChannel[ ]/dialMapEntry on page 745
• telindus1423Router/bri[ ]/bChannel[ ]/localPhoneNr on page 745
• telindus1423Router/bri[ ]/bChannel[ ]/remotePhoneNr on page 745
• telindus1423Router/bri[ ]/bChannel[ ]/callDirection on page 745

For the status attributes of the ppp object which is located under the bChannel object, refer to 13.5.3 - PPP
status attributes on page 716.
Telindus 1423 SHDSL Router Chapter 13 745
User manual Status attributes

telindus1423Router/bri[ ]/bChannel[ ]/ifDescr

This attribute displays the interface description of the B-channel.

telindus1423Router/bri[ ]/bChannel[ ]/ifType

This attribute displays the interface type of the B-channel.

telindus1423Router/bri[ ]/bChannel[ ]/ifOperStatus

This attribute displays the current operational status of the B-channel.

Possible values are:

Value Description

up The B-channel is up, data transfer is possible.

down The B-channel is down, data transfer is not possible.

telindus1423Router/bri[ ]/bChannel[ ]/ifLastChange

This attribute shows the system-up time on the moment the B-channel entered its current operational
state. I.e. the moment the value of the ifOperStatus status attribute changes (from up to down or vice versa),
the system-up time value is written into the ifLastChange status attribute.

telindus1423Router/bri[ ]/bChannel[ ]/ifMtu

This attribute displays the B-channel its Maximum Transfer Unit, i.e. the maximum number of bytes that
one packet can contain on this B-channel.

telindus1423Router/bri[ ]/bChannel[ ]/dialMapEntry

This attribute displays which dial map uses this B-channel.

telindus1423Router/bri[ ]/bChannel[ ]/localPhoneNr

This attribute displays which local telephone number is entered in the dial map for this B-channel.

telindus1423Router/bri[ ]/bChannel[ ]/remotePhoneNr

This attribute displays which remote telephone number is entered in the dial map for this B-channel.

telindus1423Router/bri[ ]/bChannel[ ]/callDirection

This attribute displays the call direction of the B-channel. Possible values are: incall, outcall or undefined.
746 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.8.3 ISDN leased line status attributes

This section describes the following status attributes:

• telindus1423Router/wanInterface/ifDescr on page 703
• telindus1423Router/wanInterface/ifType on page 703
• telindus1423Router/wanInterface/ifSpeed on page 703
• telindus1423Router/wanInterface/ifMtu on page 703
• telindus1423Router/wanInterface/ifLastChange on page 703
• telindus1423Router/wanInterface/ifOperStatus on page 703

For the status attributes of the encapsulation objects (frameRelay, ppp, hdlc and errorTest) which are located
under the leasedLine[ ] object, refer to 13.5 - Encapsulation status attributes on page 705.
Telindus 1423 SHDSL Router Chapter 13 747
User manual Status attributes

telindus1423Router/bri[ ]/leasedLine[ ]/ifDescr

This attribute displays the interface description.

telindus1423Router/bri[ ]/leasedLine[ ]/ifType

This attribute displays the interface type.

telindus1423Router/bri[ ]/leasedLine[ ]/ifSpeed

This attribute displays the interface speed in bits per second (bps).

telindus1423Router/bri[ ]/leasedLine[ ]/ifMtu

This attribute displays the interface its Maximum Transfer Unit, i.e. the maximum number of bytes that
one packet can contain on this interface.

telindus1423Router/bri[ ]/leasedLine[ ]/ifLastChange

This attribute shows the system-up time on the moment the interface entered its current operational
state. I.e. the moment the value of the ifOperStatus status attribute changes (from up to down or vice versa),
the system-up time value is written into the ifLastChange status attribute.

telindus1423Router/bri[ ]/leasedLine[ ]/ifOperStatus

This attribute displays the current operational status of the interface. Possible values are:

Value Description

up The leased line ISDN connection is up, data transfer is possible.

down The leased line ISDN connection is down, data transfer is not possible.
The ifOperStatus attribute is down in case of …
• Frame Relay, when …
- LMI is not up.
- the line is not in data state.
- the bit pump is not synchronised.

• PPP, when …
- LCP is not open.
- the line is not in data state.
- the bit pump is not synchronised.
748 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

Important remarks

• Whether the Telindus 1423 SHDSL Router is configured in bridging or routing has no effect on the
value of the attributes wanInterface/ifOperStatus:Status and wanInterface/alarmInfo/linkDown:Alarms.
• In case of PPP, if the configuration element linkMonitoring/operation is set to disabled, then it is possible
that the wanInterface/ifOperStatus value does not go down even if the link quality is too bad for a proper
data link. This because the link monitoring mechanism is the only PPP mechanism that will start a
renegotiation of the LCP layer.
• In case of Frame Relay, if the configuration element lmi/auto is set to noLmi, then the value of the status
element lmi/status:Status is always up. However, the other conditions as stated in the table above
remain.
Telindus 1423 SHDSL Router Chapter 13 749
User manual Status attributes

13.9 AUX status attributes

This section describes the following status attributes:

• telindus1423Router/aux/ifDescr on page 750
• telindus1423Router/aux/ifType on page 750
• telindus1423Router/aux/ifOperStatus on page 750
• telindus1423Router/aux/ifLastChange on page 750
• telindus1423Router/aux/ifSpeed on page 750
• telindus1423Router/aux/ifMtu on page 750
• telindus1423Router/aux/txdItu103 on page 750
• telindus1423Router/aux/rxdItu104 on page 750
• telindus1423Router/aux/rtsItu105 on page 750
• telindus1423Router/aux/ctsItu106 on page 750
• telindus1423Router/aux/dsrItu107 on page 750
• telindus1423Router/aux/dtrItu108 on page 750
• telindus1423Router/aux/dcdItu109 on page 751
• telindus1423Router/aux/riItu125 on page 751

For the status attributes of the dialPpp object which is located under the aux object, refer to 13.5.3 - PPP
status attributes on page 716.
750 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/aux/ifDescr

This attribute displays the interface description.

telindus1423Router/aux/ifType

This attribute displays the interface type.

telindus1423Router/aux/ifOperStatus

This attribute displays the current operational status of the interface.

telindus1423Router/aux/ifLastChange

This attribute shows the system-up time on the moment the interface entered its current operational
state. I.e. the moment the value of the ifOperStatus status attribute changes (from up to down or vice versa),
the system-up time value is written into the ifLastChange status attribute.

telindus1423Router/aux/ifSpeed

This attribute displays the interface speed in bits per second (bps).

telindus1423Router/aux/ifMtu

This attribute displays the interface its Maximum Transfer Unit, i.e. the maximum number of bytes that
one packet can contain on this interface.

telindus1423Router/aux/txdItu103

This attribute displays the status (on / off) of the transmit data signal (circuit 103). The txdItu103 attribute
only indicates the presence of the TxD signal, it does not monitor the real data signal.

telindus1423Router/aux/rxdItu104

This attribute displays the status (on / off) of the receive data signal (circuit 104). The rxdItu104 attribute
only indicates the presence of the RxD signal, it does not monitor the real data signal.

telindus1423Router/aux/rtsItu105

This attribute displays the status (on / off) of the request to send signal (circuit 105).

telindus1423Router/aux/ctsItu106

This attribute displays the status (on / off) of the clear to send signal (circuit 106).

telindus1423Router/aux/dsrItu107

This attribute displays the status (on / off) of the data set ready signal (circuit 107).

telindus1423Router/aux/dtrItu108

This attribute displays the status (on / off) of the data terminal ready signal (circuit 108).
Telindus 1423 SHDSL Router Chapter 13 751
User manual Status attributes

telindus1423Router/aux/dcdItu109

This attribute displays the status (on / off) of the data carrier detect signal (circuit 109).

telindus1423Router/aux/riItu125

This attribute displays the status (on / off) of the Ring Indicator signal (circuit 125).
752 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.10 Profile status attributes

This section describes the following status attributes:

• telindus1423Router/profiles/<profile>/profileUsers on page 753
Telindus 1423 SHDSL Router Chapter 13 753
User manual Status attributes

telindus1423Router/profiles/<profile>/profileUsers

This attribute shows which profile is applied on which dial map.

The profileUsers table contains the following elements:

Element Description

type This always displays dialmap.

name This is the dial map name. It is the name as you configured it in the name element
of the dial map.

Example

Suppose you created an ISDN dial profile (myIsdn) and you applied this profile on 3 dial maps (myMap,
yourMap and ourMap), then the profileUsers attribute of the ISDN dial profile displays the following:
754 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.11 Dial maps status attributes

This section describes the following status attributes:

• telindus1423Router/dialMaps/mapping on page 755
Telindus 1423 SHDSL Router Chapter 13 755
User manual Status attributes

telindus1423Router/dialMaps/mapping

This attribute displays the status of all the dial maps. The mapping table contains the following elements:

Element Description

name This displays the dial map name. It is the name as you configured it in the name
element of the dial map.

status This displays the dial map status. Possible values are:
• invalidProfile. This means that the dial map refers to a nonexistent profile. In this
case, the dial map is not activated.
• standBy. This means the dial map its configuration is valid.

Note that the status element says something about the configuration of the dial
map, not about the status of the connections that are defined by this dial map!

connections This displays the status of the active ISDN connection(s) that are defined by the
dial map.
Refer to telindus1423Router/dialMaps/mapping/connections on page 756 for a detailed
description of the connections table.
756 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/dialMaps/mapping/connections

The connections table in the mapping table displays the status of the active ISDN connection(s) that are
defined by the dial map.
The connections table contains the following elements:

Element Description

interface This displays on which interface the connection has been set up.
E.g. bri1-bChannel1.

localTelNr This displays the local telephone number of the connection.

remoteTelNr This displays the remote telephone number of the connection.

callDirection This displays the call direction of the connection. Possible values are: incall, outcall
or undefined.

connectState This displays the status of the connection. Possible values are:
• notConnected. There is no connection.
• callSetup. The call is being set up.
• connected. The call was set up successfully.
• encapsUp. The encapsulation protocol was set up successfully.
• callClear. The call is being cleared.

When a connection is …
• established, the normal procedure is: notConnected → callSetup → connected →
encapsUp.
• terminated, the normal procedure is: encapsUp → callClear → notConnected.
Telindus 1423 SHDSL Router Chapter 13 757
User manual Status attributes

13.12 Bundle status attributes

This section describes the status attributes of the different bundles that can be set up on the Telindus
1423 SHDSL Router. The following gives an overview of this section:
• 13.12.1 - PPP bundle status attributes on page 758
758 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.12.1 PPP bundle status attributes

This section describes the following status attributes:

• telindus1423Router/bundle/pppBundle[ ]/ifDescr on page 759
• telindus1423Router/bundle/pppBundle[ ]/ifType on page 759
• telindus1423Router/bundle/pppBundle[ ]/ifOperStatus on page 759
• telindus1423Router/bundle/pppBundle[ ]/ifSpeed on page 759
• telindus1423Router/bundle/pppBundle[ ]/members on page 759
• telindus1423Router/bundle/pppBundle[ ]/ip on page 760
• telindus1423Router/bundle/pppBundle[ ]/ipcpState on page 760
• telindus1423Router/bundle/pppBundle[ ]/ipcpMyOptions on page 761
• telindus1423Router/bundle/pppBundle[ ]/ipcpHisOptions on page 761
• telindus1423Router/bundle/pppBundle[ ]/bridging on page 762
• telindus1423Router/bundle/pppBundle[ ]/bcpState on page 762
• telindus1423Router/bundle/pppBundle[ ]/bcpMyOptions on page 762
• telindus1423Router/bundle/pppBundle[ ]/bcpHisOptions on page 762
• telindus1423Router/bundle/isdnBundle[ ]/bacpState on page 763
• telindus1423Router/bundle/isdnBundle[ ]/bacpMyOptions on page 763
• telindus1423Router/bundle/isdnBundle[ ]/bacpHisOptions on page 763
• telindus1423Router/bundle/isdnBundle[ ]/inBandwidth on page 763
• telindus1423Router/bundle/isdnBundle[ ]/outBandwidth on page 763
• telindus1423Router/bundle/pppBundle[ ]/multiclassInterfaces on page 764
Telindus 1423 SHDSL Router Chapter 13 759
User manual Status attributes

telindus1423Router/bundle/pppBundle[ ]/ifDescr

This attribute displays the interface description of the PPP bundle.

telindus1423Router/bundle/pppBundle[ ]/ifType

This attribute displays the interface type of the PPP bundle.

telindus1423Router/bundle/pppBundle[ ]/ifOperStatus

This attribute displays the current operational status of the PPP bundle.

telindus1423Router/bundle/pppBundle[ ]/ifSpeed

This attribute displays the current speed of the PPP bundle in bits per second (bps). It is the sum of the
speeds of all the bundle links in the bundle.

telindus1423Router/bundle/pppBundle[ ]/members

This attribute displays the status of the different bundle links in the PPP bundle.
The members table contains the following elements:

Element Description

ifDescr This element displays the name of the bundle link as you entered it in the members
configuration attribute.
Refer to 7.4.11 - Setting up multilink PPP on page 173 for more information.

memberStatus This element displays the member status of the bundle link in the bundle. Possible
values are:
• notJoined. The bundle link is currently not an active member of the bundle. E.g.
because the bundle link is down.
• joined. The bundle link is currently an active member of the bundle.
• notFound. The bundle link that you specified in the members configuration attribute
could not be found. E.g. because you entered a wrong channel index name or
because you did not create a channel yet.
Refer to 7.4.11 - Setting up multilink PPP on page 173 for more information on
the channels and channel index names.

ifLastChange This element displays the system-up time on the moment the bundle link entered
its current operational state. I.e. the moment the value of the memberStatus status
element changes (from notJoined to joined or vice versa), the system-up time value
is written into the ifLastChange status element.

ifSpeed This element displays the current speed of the bundle link in bits per second (bps).
760 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/bundle/pppBundle[ ]/ip

This attribute displays the IP information of the PPP bundle.

The ip structure contains the following elements:

Element Description

status This is the current operational status of the IP layer (layer 3) of the PPP bundle.

address This is the IP address of the PPP bundle. It is either configured or retrieved auto-
matically.

netMask This is the IP subnet mask of the PPP bundle. It is either configured or retrieved
automatically.

remote This is the IP address of the remote end of the PPP bundle. It is either configured
or retrieved automatically.

telindus1423Router/bundle/pppBundle[ ]/ipcpState

This attribute reflects the status of the IPCP (Internet Protocol Control Protocol) protocol. Possible val-
ues are:

Value Description

Initial IPCP handshake has not started yet.

Starting, Closed, These values correspond with the transient states in the IPCP state diagram.
Stopped, Closing,
Stopping

Req-Sent The local side of the PPP link has sent an IPCP request. The remote side did not
answer yet.

Ack-Rcvd The local side of the PPP link has received an IPCP acknowledge from the remote
side. This is a transient state.

Ack-Sent The local side of the PPP link has acknowledged the IPCP request from the remote
side.

Opened The IPCP handshake succeeded.

Telindus 1423 SHDSL Router Chapter 13 761
User manual Status attributes

telindus1423Router/bundle/pppBundle[ ]/ipcpMyOptions

During the IPCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the IPCP options for the router at this side (local side) of the link.
The ipcpMyOptions table contains the following elements:

Element Description

option The Telindus 1423 SHDSL Router supports the following IPCP option:
• 3: the IP-Address option.
• ip-vso: the IP-Vendor Specific Option. This is used to negotiate the netmask.

For more information on the IPCP configuration options, refer to RFC 1332.

length This is the length of the option field.

value This is the option value represented as an octet string (hexadecimal ASCII repre-
sentation).

telindus1423Router/bundle/pppBundle[ ]/ipcpHisOptions

This attribute lists the IPCP options for the router at the other side (remote side) of the link. The
ipcpHisOptions table contains the same elements as the ipcpMyOptions table. Refer to telindus1423Router/bun-
dle/pppBundle[ ]/ipcpMyOptions on page 761.
Other option values than the ones supported by the Telindus 1423 SHDSL Router may be present.
762 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/bundle/pppBundle[ ]/bridging

This attribute is not present in the PPP bundle of the ISDN interfaces.
This attribute displays the bridging status of the PPP bundle.
Refer to telindus1423Router/lanInterface/bridging on page 697 for a detailed description of the bridging structure.

telindus1423Router/bundle/pppBundle[ ]/bcpState

This attribute is not present in the PPP bundle of the ISDN interfaces.
This attribute reflects the status of the BCP (Bridging Control Protocol) protocol. The possible values are
the same as those of ipcpState attribute. Refer to telindus1423Router/bundle/pppBundle[ ]/ipcpState on page 760.

telindus1423Router/bundle/pppBundle[ ]/bcpMyOptions

This attribute is not present in the PPP bundle of the ISDN interfaces.
During the BCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the BCP options for the router at this side (local side) of the link.
The bcpMyOptions table contains the following elements:

Element Description

option The Telindus 1423 SHDSL Router supports the following BCP options:
• 1: the Bridge-Identification option.
• 2: the Line-Identification option.
• 3: the MAC-Support option.
• 4: the Tinygram-Compression option.
• 5: the LAN-Identification option.
• 6: the MAC-Address option.
• 7: the Spanning-Tree-Protocol option.

For more information on the BCP configuration options, refer to RFC 2878.

length This is the length of the option field.

value This is the option value represented as an octet string (hexadecimal ASCII repre-
sentation).

telindus1423Router/bundle/pppBundle[ ]/bcpHisOptions

This attribute is not present in the PPP bundle of the ISDN interfaces.
This attribute lists the BCP options for the router at the other side (remote side) of the link. The
bcpHisOptions table contains the same elements as the bcpMyOptions table. Refer to telindus1423Router/bundle/
pppBundle[ ]/bcpMyOptions on page 762.
Other option values than the ones supported by the Telindus 1423 SHDSL Router may be present.
Telindus 1423 SHDSL Router Chapter 13 763
User manual Status attributes

telindus1423Router/bundle/isdnBundle[ ]/bacpState

This attribute is only present in the PPP bundle of the ISDN interfaces.
This attribute reflects the status of the BACP (Bandwidth Allocation Control Protocol) protocol. The pos-
sible values are the same as those of ipcpState attribute. Refer to telindus1423Router/bundle/pppBundle[ ]/ipcp-
State on page 760.

telindus1423Router/bundle/isdnBundle[ ]/bacpMyOptions

This attribute is only present in the PPP bundle of the ISDN interfaces.
During the BACP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the BACP options for the router at this side (local side) of the link.
The bacpMyOptions table contains the following elements:

Element Description

option The Telindus 1423 SHDSL Router supports the following BACP options:
• 1: the Favored-Peer option.

For more information on the BACP configuration options, refer to RFC 2125.

length This is the length of the option field.

value This is the option value represented as an octet string (hexadecimal ASCII repre-
sentation).

telindus1423Router/bundle/isdnBundle[ ]/bacpHisOptions

This attribute is only present in the PPP bundle of the ISDN interfaces.
This attribute lists the BACP options for the router at the other side (remote side) of the link. The
bacpHisOptions table contains the same elements as the bacpMyOptions table. Refer to telindus1423Router/bun-
dle/isdnBundle[ ]/bacpMyOptions on page 763.
Other option values than the ones supported by the Telindus 1423 SHDSL Router may be present.

telindus1423Router/bundle/isdnBundle[ ]/inBandwidth

This attribute is only present in the PPP bundle of the ISDN interfaces.
In case BAP is enabled, this attribute shows the amount of bandwidth, in percent, of the total amount of
available bandwidth that is currently used.

telindus1423Router/bundle/isdnBundle[ ]/outBandwidth

This attribute is only present in the PPP bundle of the ISDN interfaces.
In case BAP is enabled, this attribute shows the amount of bandwidth, in percent, of the total amount of
available bandwidth that is currently not used.
764 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/bundle/pppBundle[ ]/multiclassInterfaces

This attribute is not present in the PPP bundle of the ISDN interfaces.
This attribute displays the status of the different multiclass PPP links in the PPP bundle.
The multiclassInterfaces table contains the following elements:

Element Description

name This element displays the name of the multiclass PPP link as you defined it in the
multiclassInterfaces configuration attribute.

ifOperStatus This element displays the current operational status of the multiclass PPP link.

ifLastChange This element shows the system-up time on the moment the multiclass PPP link
entered its current operational state. I.e. the moment the value of the ifOperStatus
status attribute changes (from up to down or vice versa), the system-up time value
is written into the ifLastChange status attribute.

ip This element displays the IP information of the multiclass PPP link.

Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/ip on page 708 for a
detailed description of the ip structure.

bridging This element displays the bridging information of the multiclass PPP link.
Refer to telindus1423Router/lanInterface/bridging on page 697 for a detailed description of
the bridging structure.

ppp This element displays the PPP information of the multiclass PPP link.
Refer to for a detailed description of the elements in the ppp structure.

multiclass This element displays the multiclass identifier of the multiclass PPP link.
Telindus 1423 SHDSL Router Chapter 13 765
User manual Status attributes

13.13 Router status attributes

This section discusses the status attributes concerned with routing. First it describes the general routing
status attributes. Then it explains the status attributes of the extra features as there are NAT, L2TP tun-
nelling, etc…
The following gives an overview of this section:
• 13.13.1 - General router status attributes on page 766
• 13.13.2 - NAT status attributes on page 776
• 13.13.3 - L2TP tunnel status attributes on page 778
• 13.13.4 - IKE SA status attributes on page 783
• 13.13.5 - OSPF status attributes on page 785
• 13.13.6 - VRRP status attributes on page 803
• 13.13.7 - Firewall status attributes on page 805
766 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.13.1 General router status attributes

This section describes the following status attributes:

• telindus1423Router/ip/router/routingTable on page 767
• telindus1423Router/ip/router/igmpTable on page 770
• telindus1423Router/ip/router/dhcpBinding on page 772
• telindus1423Router/ip/router/dhcpStatistics on page 772
• telindus1423Router/ip/router/dhcpRelayInfo on page 773
• telindus1423Router/ip/router/dhcpBlackList on page 773
• telindus1423Router/ip/router/radius on page 774
• telindus1423Router/ip/router/dns on page 774
• telindus1423Router/ip/router/dnsServers on page 774
• telindus1423Router/ip/router/addrPools on page 775
This section describes the following actions:
• telindus1423Router/ip/router/unBlacklist on page 775
Telindus 1423 SHDSL Router Chapter 13 767
User manual Status attributes

telindus1423Router/ip/router/routingTable

This attribute lists all known routes (both static and learned routes) with their operating status.
The routingTable contains the following elements:

Element Description

network This is the IP address of the destination network.

mask This is the network mask of the destination network.

gateway This is the IP address of the next router on the path to the destination network.

interface This is the interface through which the destination network can be reached. Pos-
sible values are:
• internal. The own protocol stack is used.
• <name>. The destination network can be reached through this particular inter-
face. The <name> of the interface is the name as you configured it.
Note that the “interface” can also be a DLCI, an ATM PVC, a tunnel, etc.
• discard. Packets for this destination are discarded.

encapsulation This is the used encapsulation. It is related to the interface for this route. Possible
values are:
• none. The IP packets are not encapsulated.
• ethernet. The IP packets are encapsulated with the ARPA MAC header.
• frameRelay. The IP packets are encapsulated in Frame Relay.
• ppp. The IP packets are encapsulated in PPP.
• atm. The IP packets are encapsulated in ATM.
768 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

Element Description

status This is the route status. Possible values are:

• up. The route is up, data transfer is possible.
• down. The route is down, data transfer is not possible.
• discard. Packets for this destination are discarded.
• spoofing. This applies on routes over an ISDN dial-up connection or through an
L2TP outgoing dial tunnel.
It means that the route is available, but that it is not truly up (yet). I.e. the (dial)
connection can be made, but is currently not up. As soon as a connection is
established, then the status of the route changes from spoofing to up.
• holdDown. This applies on RIP routes.
A route enters into a hold-down state when an update packet is received that
indicates the route is unreachable. The route is marked inaccessible and adver-
tised as unreachable. However, the route is still used for forwarding packets.
When hold-down expires, routes advertised by other sources are accepted and
the route is no longer inaccessible.
Refer to telindus1423Router/ip/router/ripHoldDownTime on page 562 for more informa-
tion.
• closed. This applies on L2TP tunnels and VRRP. In case of …
- L2TP tunnels where you configure a main and a backup tunnel (refer to
10.5.4 - Setting up a main and back-up tunnel on page 331) and the main
tunnel goes down, then it is not desirable that the route to the main tunnel
its status returns from up to spoofing because in that case the Telindus 1423
SHDSL Router will keep trying to send data across the main route/tunnel.
That is why in such a case the route to the main tunnel is “artificially”
blocked. I.e. its status is set to closed.
- VRRP (refer to 8.9 - Configuring VRRP on page 255), it is sometimes desir-
able that the IP address on an Ethernet interface no longer answers to
pings, even if the Ethernet interface is up. That is why in such a case the
host route is “artificially” blocked. I.e. its status is set to closed.

preference This displays the route preference. If more than one route matches the IP destina-
tion address, this attribute determines which route is used. The route with the low-
est preference value will be used.

type This is the type of the route. Possible values are:

• host. This is a host route, i.e. a route to a single IP address instead of a complete
network. This is also used for the router its own IP address.
• internal. A route with this status is irrelevant.
• local. This is a route to a directly connected network.
• rip. This is a route that has been received via a RIP update.
• static. This is a route that has been configured, i.e. it is a static route.
• float. This is a route that has been added for a PPP link for which no local or
remote IP address was configured. These were learned from the other side.
Refer to 7.4.4 - Imposing IP addresses on the remote in PPP on page 164 for
more information.
Telindus 1423 SHDSL Router Chapter 13 769
User manual Status attributes

Element Description

metric If two routes exist with the same preference, then the route with the lowest metric
value is chosen. The metric attribute serves as a cost for using the route. In most
cases it indicates the number of hops (= routers) required to reach a destination.

timeOut In case of a RIP route, the timeOut attribute displays the time the route will remain
in the routing table if no RIP updates are received anymore. For other routes this
attribute always displays 00000d 00h 00m 00s.

Example

The following figure displays an example of a routing table:

The lines in the routing table depicted above represent the following:
• Line 1 represents the default gateway, which is not defined.
• Lines 2 and 5 represent the subnets on the LAN and WAN interface respectively.
• Lines 3 and 6 represent the interface its IP addresses.
• Line 7 represents the static route to the remote LAN.
• Finally, line 4 represents the multicast address for RIP version 2.

Remark

If the LAN is not connected to the Telindus 1423 SHDSL Router, it is still possible to contact the Telindus
1423 SHDSL Router with e.g. TMA or Telnet over the WAN link by using the IP address of the LAN inter-
face. This means that the status attribute telindus1423Router/lanInterface/ip/status still indicates up, although in
the routingTable the corresponding route to the network is down. This implementation seems not logical
but is necessary to insure correct operation with HP OpenView.
770 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/igmpTable

This attribute shows the multicast address, reported by one or more clients. The igmpTable is always
updated, even if no proxy is configured.
The igmpTable contains the following elements:

Element Description

multicast This is the multicast address.

interface This is the interface name of the client(s). In case of multiple interface names, they
are separated from each other by a comma.

What is IGMP?

Internet Group Management Protocol (IGMP) is defined in RFC 1112 as the standard for IP multicasting
in the Internet.
It is used to establish host memberships in particular multicast groups on a single network. The mecha-
nisms of the protocol allow a host to inform its local router, using Host Membership Reports, that it wants
to receive messages addressed to a specific multicast group.
All hosts conforming to level 2 of the IP multicasting specification require IGMP.

IGMP topology

Consider the following multicasting topology:

In this topology …
• Client 1 and Client 2 are multicast clients.
• Router 1, 2 and 3 are multicast enabled routers.
• Server 1 is a multicast server.
Telindus 1423 SHDSL Router Chapter 13 771
User manual Status attributes

The following are some characteristics of an IGMP topology:

• Only 1 IGMP proxy can be defined per device.
• The TTL of an IGMP frame is always 1. IGMP messages are never forwarded.
• An IGMP frame contains an IP router alert option.
• IGMPv1 routers may be present in the network.

The multicasting IGMP protocol can be configured on every IP interface. Refer to the igmp element in
5.2.3 - Explaining the ip structure on page 63.
A client can leave or join a multicast group by erasing or adding a multicast address from a table, defined
in the client application. A list of multicast group addresses is maintained in the routers. The reported
multicast addresses can be seen in the igmpTable. Refer to telindus1423Router/ip/router/igmpTable on page 770.
On a router interface, IGMP join and leave messages are interpreted and the multicast member list is
adapted accordingly. Multicast frames are forwarded if they are present in the multicast member list. On
a proxy interface, IGMP join and leave messages are transmitted according to the multicast member list.
Multicast frames are always forwarded.
Since IGMP is send in UDP (join/leave can be lost), the clients (proxies) are polled every 125 seconds:
• A general query is send to 224.0.0.1 (poll all systems).
• A leave group message is send to 224.0.0.2 (all routers).
772 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/dhcpBinding

This attribute contains a list of dynamically assigned (i.e. leased) IP addresses.

The dhcpBinding table contains the following elements:

Element Description

ipAddress This is the IP address that is dynamically assigned to a client.

macAddress This is the MAC address of the client.

leaseTime This is the remaining lease time.

hostName This is the hostname of the client.

interface This is the name of the interface on which the client has been bound.

state This is the state of the lease. Possible values are leased and onHold.

telindus1423Router/ip/router/dhcpStatistics

This attribute contains the statistics of all IP address ranges that have been specified in the configuration
attribute telindus1423Router/ip/router/dhcpDynamic.
The dhcpStatistics table contains the following elements:

Element Description

startRange Displays the IP start address of an IP address range.

endRange Displays the IP end address of an IP address range.

interface For the corresponding IP address range, this is the name of the interface on which
the clients have been bound.

free For the corresponding IP address range, this displays the number of IP addresses
that are still free.

leased For the corresponding IP address range, this displays the number of IP addresses
that are leased.

hold For the corresponding IP address range, this displays the number of IP addresses
that are on hold.

During power-down of the DHCP server, some leased IP addresses can still be active. Because the
duration of the power-down can not be known, all timer information about lease and hold time becomes
meaningless. Therefore, the DHCP server incorporated in the Telindus 1423 SHDSL Router sends a
ping to all leased addresses after a warm boot. When the client responds to this ping, the DHCP server
resets all timers to their default value and keeps the lease with this client.
Telindus 1423 SHDSL Router Chapter 13 773
User manual Status attributes

telindus1423Router/ip/router/dhcpRelayInfo

This attribute displays the status information of the DHCP relay process in case the Telindus 1423
SHDSL Router is configured to act as DHCP relay agent.
The dhcpRelayInfo table contains the following elements:

Element Description

sourceIntf This is the name of the interface on which the DHCP request has been received.

mac This is the MAC address of the client.

assignedIp This is the IP address that has been dynamically assigned to the client by the
remote DHCP server.

serverIp This is the IP address of the remote DHCP server.

dhcpStatus This is the status of the DHCP process. Possible values are: discover, offer, request,
decline, ack, nack, release, inform, idle.

leaseTime This is the remaining lease time.

telindus1423Router/ip/router/dhcpBlackList

This attribute displays the MAC and IP address of blacklisted clients and the reason why they are on the
black list.
The dhcpBlackList table contains the following elements:

Element Description

ipAddress This is the IP address of the blacklisted client.

macAddress This is the MAC address of the blacklisted client.

reason This is the reason why the client is on the black list. Possible values are:
• arp. The ARP request probing indicated that the IP address is already in use by
a client on the network. Refer to telindus1423Router/ip/router/dhcpCheckAddress on
page 572.
• ping. The ICMP Echo Request (ping) probing indicated that the IP address is
already in use by a client on the network. Refer to telindus1423Router/ip/router/dhcp-
CheckAddress on page 572.
• alienAck. Another DHCP server assigned an IP address to the client.
• declined. The client explicitly declined the IP address that was assigned.
• networkOrBroadcast. The DHCP server tried to assign a network or broadcast
address to a client. This indicates that the IP address ranges in the DHCP
server have been misconfigured.
774 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/radius

This attribute shows some RADIUS status information. Refer to What is RADIUS? on page 356 for more
information.
The radius structure contains the following elements:

Element Description

authServer This is the IP address of the authentication server the Telindus 1423 SHDSL
Router is connected to.

acctServer This is the IP address of the accounting server the Telindus 1423 SHDSL Router
is connected to.

pendingRequests This is the amount of pending requests on these servers.

telindus1423Router/ip/router/dns

This attribute shows some DNS status information. Refer to What is DNS? on page 940 for more infor-
mation.
The dns table contains the following elements:

Element Description

ipAddress This is the IP address of the DNS server.

hostname This is the hostname of the DNS server.

ttl This is the time-to-live of the cached DNS data.

infiniteTimeOut This indicates that the DNS record has an infinite TTL or at least longer than 24
days.

telindus1423Router/ip/router/dnsServers

This attribute displays the IP address(es) of the DNS server(s) that have been configured or learned.
The dns table contains the following elements:

Element Description

primaryDns This is the IP address of the primary DNS server.

secondaryDns This is the IP address of the secondary DNS server.

Telindus 1423 SHDSL Router Chapter 13 775
User manual Status attributes

telindus1423Router/ip/router/addrPools

This attribute shows which IP addresses have already been picked out of the IP address pool. Refer to
What is an IP address pool? on page 64 for more information.
The addrPools table contains the following elements:

Element Description

name This is the name of the IP address pool, as you configured it, from which the IP
addresses have been picked.

type This is the type of IP address pool from which the IP addresses have been picked.
Possible values are: list or interval.

local This is the local IP address that has been picked out of the IP address pool.

remote This is the remote IP address that has been picked out of the IP address pool.

netMask This is the subnet mask that has been picked out of the IP address pool.

interface This is the name of the interface on which the IP addresses are used.

telindus1423Router/ip/router/unBlacklist

This action removes an entry from the blacklist.

The unBlacklist action contains the following argument values:

Element Description

startIp Use this element to specify an IP address (range) that has to be removed from the
blacklist.
If you want to specify …
• a single IP address, then just enter the IP address in the startIp element and
leave the stopIp element at its default value (<opt>).
• an IP address range, then enter the first IP address of the range in the startIp
element and the last IP address of the range in the stopIp element.

stopIp Use this element to specify the last IP address of an IP address range that has to
be removed from the blacklist.

mac Use this element to specify a MAC address of an entry that has to be removed from
the blacklist.
776 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.13.2 NAT status attributes

This section describes the following status attributes:

• telindus1423Router/ip/router/defaultNat/addresses on page 777
Telindus 1423 SHDSL Router Chapter 13 777
User manual Status attributes

telindus1423Router/ip/router/defaultNat/addresses

This attribute displays the status of each official IP address that is configured in the configuration
attribute telindus1423Router/ip/router/defaultNat/addresses.
The addresses table contains the following elements:

Element Description

officialAddress This is the official IP address as you entered it in the addresses configuration
attribute.

privateAddress This is the private IP address that is currently linked with the official IP address.

status This is the status of the official IP address. Possible values are:
• free. This official IP address is currently not in use.
• fixed. This address has a pre-configured mapping between the official and pri-
vate IP address.
• allocated. This official IP address is currently assigned to a private IP address,
but it is not fixed.

uses This indicates how many sessions are currently used by this official IP address.
If the attribute value becomes zero, the assigned official IP address becomes free
again and can be assigned to another private IP address.
778 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.13.3 L2TP tunnel status attributes

This section describes the following status attributes:

• telindus1423Router/ip/router/tunnels/l2tpTunnels on page 779
• telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels on page 780
Telindus 1423 SHDSL Router Chapter 13 779
User manual Status attributes

telindus1423Router/ip/router/tunnels/l2tpTunnels

This attribute displays status information of the L2TP tunnels.

The l2tpTunnels table contains the following elements:

Element Description

name This is the name of the tunnel as you configured it. If you did not configure a name,
then this element displays: “tunnel” <local IP address of the tunnel>.
E.g. tunnel 192.168.5.1

ifOperStatus This displays the operational status of the tunnel. Possible values are:
• up. The tunnel is up, data transfer is possible.
• down. The tunnel is down, data transfer is not possible.
• dormant. The tunnel is "stand-by". As soon as data has to be sent over the tun-
nel, control connect messages are exchanged and the operational status of the
tunnel becomes up.

ifLastChange This is the system-up time on the moment the tunnel entered its current opera-
tional state. I.e. the moment the value of the ifOperStatus status element changes
(from up to down or vice versa), the system-up time value is written into the
ifLastChange status element.

ip This displays the IP information of the tunnel.

Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/ip on page 708 for a
detailed description of the ip structure.

bridging This displays the bridging information of the tunnel.

Refer to telindus1423Router/lanInterface/bridging on page 697 for a detailed description of
the bridging structure.

l2tp This displays the specific L2TP related status information of the tunnel.
Refer to the telindus1423Router/ip/router/tunnels/l2tpTunnels/l2tp on page 780 for a detailed
description of the l2tp structure.

ppp This displays the PPP information of the tunnel.

Refer to 13.5.3 - PPP status attributes on page 716 for a detailed description of the
elements in the ppp structure.
780 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/tunnels/l2tpTunnels/l2tp

The l2tp structure in the l2tpTunnels table displays the specific L2TP related status information of the tun-
nel.
The l2tp structure contains the following elements:

Element Description

sendingSeqNum In case sequence numbering on the data messages is enabled (dataChannelSequen-

ceNumbering = on), then this displays the transmit data sequence numbers.

receivingSeqNum In case sequence numbering on the data messages is enabled (dataChannelSequen-

ceNumbering = on), then this displays the receive data sequence numbers.

l2tpType This displays which L2TP server type the Telindus 1423 SHDSL Router currently
is: LAC or LNS.
If you set the configuration attribute l2tpMode to auto, then the status attribute l2tpType
displays the auto value until the Telindus 1423 SHDSL Routers have mutually
decided who will be the LAC and who the LNS.

controlState This displays the states associated with the LNS or LAC control connection estab-
lishment. Refer to L2TP status - control states on page 781 for more information.

callState This displays the states associated with the LNS or LAC incoming or outgoing
calls. Refer to L2TP status - call states on page 781 for more information.

deliveryState This displays the states associated with the LNS or LAC packet delivery. Refer to
L2TP status - delivery states on page 782 for more information.

authenState This displays the states associated with the LNS or LAC authentication. Refer to
L2TP status - authentication states on page 782 for more information.

telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels

This attribute displays status information of the IPSEC L2TP tunnels.

The ipsecL2tpTunnels table contains the same elements as the l2tpTunnels table. Refer to telindus1423Router/
ip/router/tunnels/l2tpTunnels on page 779.
Telindus 1423 SHDSL Router Chapter 13 781
User manual Status attributes

L2TP status - control states

The states associated with the LNS or LAC for control connection establishment are:

Value Description

idle No control connection is present.

Both initiator and recipient start from this state. An initiator transmits a Start Control
Connection Request, while a recipient remains in the idle state until receiving a
Start Control Connection Request.

waitCtlReply This is the state where a Start Control Connection Reply is awaited.

waitCtlConn This is the state where a Start Control Connection Connected is awaited. Upon
receipt, the challenge response is checked. The tunnel either is established, or is
torn down if an authorisation failure is detected.

established The control connection is established.

An established connection may be terminated by either a local condition or the
receipt of a Stop Control Connection Notification. The session then returns to the
idle state.

L2TP status - call states

The states associated with the LNS or LAC incoming or outgoing calls are:

Value Description

idle No data is exchanged over the tunnel.

waitTunnel This is the state in which is waited …

• either for the control connection to be opened,
• or for verification that the tunnel is already open.
Once an indication is received that the tunnel has/was opened, session control
messages may be exchanged. The first of these is the Incoming Call Request.

waitReply This is the state where an Incoming or Outgoing Call Reply message is awaited. If
an Incoming or Outgoing Call Reply message is received, an incoming or Outgoing
Call Connected message is sent and the session moves to the established state.

waitConnect This is the state where an Incoming or Outgoing Call Connected message is
awaited. If an Incoming or Outgoing Call Connected message is received, the call
was successful and the session moves to the established state.

established Data is exchanged over the tunnel.

The session is terminated when receiving or sending a Call Disconnect Notify mes-
sage. The session then returns to the idle state.
782 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

L2TP status - delivery states

The states associated with the packet delivery are:

Value Description

operating The Telindus 1423 SHDSL Router has sent a packet, but has not received an
acknowledgement on this packet yet.

idle All transmitted packets have been acknowledged.

L2TP status - authentication states

The states associated with the LNS or LAC authentication are:

Value Description

noAuthentication Authentication is not enabled. This is also the start-up state for the authentication
process.

authenSuccessful Authentication was successful. The Telindus 1423 SHDSL Router remains in this
state during data transfer.

authenFailure Authentication failed. This is a transient state since the Telindus 1423 SHDSL
Router starts the handshake again after a failing authentication.
Telindus 1423 SHDSL Router Chapter 13 783
User manual Status attributes

13.13.4 IKE SA status attributes

This section describes the following status attributes:

• telindus1423Router/ip/router/ikeSA[ ]/phase1 on page 784
• telindus1423Router/ip/router/ikeSA[ ]/phase2 on page 784
This section describes the following actions:
• telindus1423Router/ip/router/ikeSA[ ]/clearSAs on page 784
784 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/ikeSA[ ]/phase1

This attribute displays status information of phase 1 in the IKE negotiation process.
The phase1 table contains the following elements:

Element Description

remoteIp This element displays the IP address of the remote.

remainingSecs This element displays the time the IKE SA will remain active for.

telindus1423Router/ip/router/ikeSA[ ]/phase2

This attribute displays status information of phase 2 in the IKE negotiation process.
The phase2 table contains the following elements:

Element Description

tunnel This element displays the L2TP tunnel name.

direction This element displays the direction of the IPSEC SA. Possible values are: inbound
or outbound.

spi This element displays the Security Parameter Index of the IPSEC SA.

protocol This element displays which protocol is used in the IPSEC SA. Possible values
are: esp or ah.

localIp This element displays the local IP address.

remoteIp This element displays the remote IP address.

encryptionAlgorithm This element displays which encryption algorithm is used on the IPSEC SA. Pos-
sible values are: null, des, 3des or disabled.

authenticationAlgo- This element displays which authentication algorithm is used on the IPSEC SA.
rithm Possible values are: hmac_md5, hmac_sha-1 or disabled.

age This element displays the age of the IPSEC SA.

softLifeTime This element displays the soft life time of the IPSEC SA.
When the soft life time expires, the IKE peers know that the hard lifetime is about
to expire. This gives them the time to rekey the SA without disrupting communica-
tion before the hard lifetime expires.

hardLifeTime This element displays the hard life time of the IPSEC SA.
When the hard life time expires, the IPSEC SA is actually disconnected.

telindus1423Router/ip/router/ikeSA[ ]/clearSAs

Use this action to clear all SAs.

Telindus 1423 SHDSL Router Chapter 13 785
User manual Status attributes

13.13.5 OSPF status attributes

This section discusses the status attributes concerned with OSPF. First it describes the general OSPF
status attributes. Then it explains the OSPF area status attributes.
The following gives an overview of this section:
• General OSPF status attributes on page 786
• Area status attributes on page 791
786 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

General OSPF status attributes

This section describes the following status attributes:

• telindus1423Router/ip/router/ospf/type on page 787
• telindus1423Router/ip/router/ospf/routes on page 788
• telindus1423Router/ip/router/ospf/externalRoutes on page 789
• telindus1423Router/ip/router/ospf/asExtLsas on page 790
Telindus 1423 SHDSL Router Chapter 13 787
User manual Status attributes

telindus1423Router/ip/router/ospf/type

This attribute indicates the kind of router link being described.

The type structure contains the following elements

Element Description

areaBorder This element indicates whether the router is an Area Border Router.

asbr This element indicates whether the router is an Autonomous System Border
Router.
Refer to 8.6.1 - Introducing OSPF on page 211 for more information.

virtualLink This element indicates whether a virtual link is present on the router.

wildCardMulticast This element indicates whether multicast extensions are supported by the router.

Note that wildcard multicast is not yet supported by the Telindus 1423
SHDSL Router.

nssaTranslator This element indicates whether the router is an NSSA border router translator.
788 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/ospf/routes

This attribute displays all detected routes in the OSPF network. All detected routes are transferred to the
routing table of this router as type OSPF.
The routes table contains the following elements:

Element Description

network This element displays the IP address of the sub network.

mask This element displays the network mask.

type This element displays the type of the network. Possible values are:
• direct. This value indicates a direct route. This is a route to a host connected
directly to the router.
• intra. This value indicates an intra-area route. This is a route with destinations
belonging to one of the router's attached areas.
• inter. This value indicates an inter-area route.This is a route with destinations in
other OSPF areas.
• extType1. This value indicates an external route of type 1.
• extType2. This value indicates an external route of type 2.
• reject. This value indicates a rejected route.
• static. This value indicates a static route.
• none. This value indicates a non-existing route.

cost This element displays the cost of the route.

There are two exceptions, when another value is displayed. These are:
• unknown. This value indicates that the cost of the route is unknown.
• infinite. This value indicates that the route is not available.

gateway This element displays the IP address of the next interface on the path to the des-
tination network.

outgoingIp This element displays the IP address of the outgoing router interface.

interface This element displays the administrative name of the interface.

Telindus 1423 SHDSL Router Chapter 13 789
User manual Status attributes

telindus1423Router/ip/router/ospf/externalRoutes

This attribute displays all external routes which are injected into the OSPF network by this router.
The externalRoutes table contains following elements:

Element Description

network This element displays the IP address of the sub network.

mask This element displays the network mask.

gateway This element displays the IP address of the next interface on the path to the des-
tination network.

interface This element displays the administrative name of the interface.

costType This element displays the type of cost of the external route. Possible values are:
• type1. The type of cost of the external route is type 1.
• type2. The type of cost of the external route is type 2.

Also refer to telindus1423Router/ip/router/ospf/importFilter on page 613.

cost This element displays the cost of the route.

There are two exceptions, when another value is displayed. These are:
• unknown. This value indicates that the cost of the route is unknown.
• infinite. This value indicates that the route is not available.

tag This element displays the 32-bit field attached to each external route. This is not
used by the OSPF protocol itself. It is used to communicate information between
AS boundary routers.

advertise This element displays whether the router advertises the external route to the rest
of the OPSF network. Possible values are:
• yes. The router advertises the external route to the rest of the OPSF network.
• no. The router does not advertise the external route to the rest of the OPSF net-
work.

routeType This element displays how the external route is injected into OSPF. Possible val-
ues are:
• static. Static route configured by the user.
• rip. This route was learned through the rip protocol.
790 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/ospf/asExtLsas

This attribute displays the database entries for all external routes in the OSPF network.
The asExtLsas table contains following elements:

Element Description

linkStateId This element displays the portion of the network that is being described by the
LSA. The contents of this field depend on the type of LSA.

advRouterId This element displays the router ID of the router that originated the LSA.

age This element displays the time in seconds since the LSA was originated.

sequenceNr This element displays the LS sequence number (successive instances of an LSA
are given successive LS sequence numbers).

options This element indicates if the advertising router supports optional OSPF capabili-
ties. Routers of differing capabilities can be mixed within an OSPF routing domain.
The options structure contains the following elements:
• floodExternal. Entire OSPF areas can be configured as "stubs". AS-external-
LSAs will not be flooded into stub areas. This capability is represented by the
element floodExternal.
• multicast. This element indicates whether IP multicast datagrams are forwarded.
• nssa. This element indicates whether the router supports nssa area‘s.
• externalAttributes. This element indicates the router's willingness to receive and
forward external LSAs.
• demandCircuit. This element indicates the router's handling of demand circuits.
• opaque. This element indicates if the router can handle opaque-LSAs.

netMask This element displays the IP address mask for the advertised destination.

costType This element displays the type of cost of the external route. Possible values are:
• type1. The type of cost of the external route is type 1.
• type2. The type of cost of the external route is type 2.

Also refer to telindus1423Router/ip/router/ospf/importFilter on page 613.

cost This element displays the cost of this route.

tag This element displays a 32-bit field attached to each external route. This is not
used by the OSPF protocol itself. It is used to communicate information between
AS boundary routers.

forwardAddress This element displays the address to which data traffic for the advertised destina-
tion is forwarded to.
Telindus 1423 SHDSL Router Chapter 13 791
User manual Status attributes

Area status attributes

This section describes the following status attributes:

• telindus1423Router/ip/router/ospf/area[ ]/interfaces on page 792
• telindus1423Router/ip/router/ospf/area[ ]/hosts on page 794
• telindus1423Router/ip/router/ospf/area[ ]/neighbors on page 794
• telindus1423Router/ip/router/ospf/area[ ]/routers on page 796
• telindus1423Router/ip/router/ospf/area[ ]/routerLsas on page 797
• telindus1423Router/ip/router/ospf/area[ ]/networkLsas on page 799
• telindus1423Router/ip/router/ospf/area[ ]/summLsas on page 800
• telindus1423Router/ip/router/ospf/area[ ]/asbrLsas on page 801
• telindus1423Router/ip/router/ospf/area[ ]/nssaLsas on page 802
792 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/ospf/area[ ]/interfaces

This attribute displays all interfaces available in the area. If an interface is part of more than one network,
the interface belongs to the network with the most significant subnet mask.
The interfaces table contains following elements:

Element Description

name This element displays the name of the interface.

address This element displays the IP address of the interface.

netMask This element displays the subnet mask.

network This element displays the name of the sub network the interface is part of.

type This element displays the interface type. Possible values are:
• pointToPoint: The interface is a point-to-point interface.
• broadcast: The interface is a broadcast interface.
• virtualLink: The interface is a virtual link interface.
• loopback: The interface is a loopback interface.

cost This element displays the cost of the link.

priority This element displays the priority of the network.

status This element displays the status of the router interface.

Refer to telindus1423Router/ip/router/ospf/area[ ]/interfaces/status on page 793 for more infor-
mation.

dr This element displays the IP address of the Designated Router of the sub network.

backupDr This element displays the IP address of the Backup Designated Router.

neighbors This element displays the amount of neighbors of the router.

adjNeighbors This element displays the amount of adjacent neighbors of the router.

bandwidth This element displays the bandwidth of the link.

Telindus 1423 SHDSL Router Chapter 13 793
User manual Status attributes

telindus1423Router/ip/router/ospf/area[ ]/interfaces/status

The states are listed in order of progressing functionality. For example, the inoperative state is listed
first, followed by a list of intermediate states before the final, fully functional state is achieved.
Possible values are:

Value Description

unknown The router status is unknown.

down This is the initial interface state. No protocol traffic at all will be sent or received.

loopback The router's interface to the network is looped back. The interface will be unavail-
able for regular data traffic.

waiting The router is trying to determine the identity of the (Backup) Designated Router for
the network. To do this, the router monitors the Hello Packets it receives. The
router is not allowed to elect a Backup Designated Router nor a Designated Router
until it transitions out of Waiting state. This prevents unnecessary changes of
(Backup) Designated Router.

pointToPoint The interface is operational, and connects either to a physical point-to-point net-
work or to a virtual link. Upon entering this state, the router attempts to form an
adjacency with the neighbouring router. Hello Packets are sent to the neighbour
every helloInterval seconds.

drOther The interface is connected to a broadcast or NBMA network on which another

router has been selected to be the Designated Router. In this state, the router itself
has not been selected Backup Designated Router either. The router forms adja-
cencies to both the Designated Router and the Backup Designated Router (if they
exist).

backupDr The router itself is the Backup Designated Router on the attached network. It will
be promoted to Designated Router when the present Designated Router fails. The
router establishes adjacencies to all other routers attached to the network.

dr In this state, this router itself is the Designated Router on the attached network.
Adjacencies are established to all other routers attached to the network. The router
must also originate a network-LSA for the network node.
794 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/ospf/area[ ]/hosts

This attribute displays all hosts in the OSPF network.

Loopback interfaces that are added to the OSPF network are referred to as hosts. The loop-back inter-
face is a software interface which can be used for management purposes. This interface is always up,
regardless of the state of the physical interfaces.
The hosts table contains following elements

Element Description

intfName This element displays the administrative name of the loop-back interface.

address This element displays the IP address of the loop-back interface.

netMask This element displays the subnet mask of the loop-back interface.

network This element displays the administrative name of the network that the loop-back
interface is part of.

cost This element displays the cost of the loop-back interface link.

telindus1423Router/ip/router/ospf/area[ ]/neighbors

This attribute displays the neighbours of the router.

Routers that share a common segment become neighbours on that segment. Neighbours are discov-
ered via the Hello protocol. Bidirectional communication is indicated when the router sees itself listed in
the neighbour’s Hello Packet.
The neighbors table contains following elements:

Element Description

interface This element displays the administrative name of the neighbouring interface.

routerId This element displays the unique sequence number for the router in the OSPF net-
work.

routerPriority This element displays the priority of the neighbouring router.

ipAddress This element displays the IP address of the neighbouring interface.

status This element displays the status of the neighbouring router.

Refer to telindus1423Router/ip/router/ospf/area[ ]/neighbors/status on page 795 for more infor-
mation.
Telindus 1423 SHDSL Router Chapter 13 795
User manual Status attributes

telindus1423Router/ip/router/ospf/area[ ]/neighbors/status

The states are listed in order of progressing functionality. For example, the inoperative state is listed
first, followed by a list of intermediate states before the final, fully functional state is achieved.
Possible values are:

Value Description

down This is the initial state of a neighbour conversation. It indicates that there has been
no recent information received from the neighbour.

attempt This state is only valid for neighbors attached to NBMA networks. It indicates that
no recent information has been received from the neighbour, but that a more con-
certed effort should be made to contact the neighbour. This is done by sending
the neighbour Hello packets at intervals of helloInterval

init An Hello packet has recently been seen from the neighbour. However, bidirec-
tional communication has not yet been established with the neighbour (i.e., the
router itself did not appear in the neighbour’s Hello packet). All neighbors in this
state (or higher) are listed in the Hello packets sent from the associated interface.

2way Communication between the two routers is bidirectional. This has been assured
by the operation of the Hello Protocol.

exchangeStart This is the first step in creating an adjacency between the two neighbouring rout-
ers. The goal of this step is to decide which router is the master. Neighbour con-
versations in this state or greater are called adjacencies.

exchange The router is describing its entire link state database by sending Database
Description packets to the neighbour. Link State Request Packets may also be
sent asking for the neighbour’s more recent LSAs.

loading Link State Request packets are sent to the neighbour asking for the more recent
LSAs that have been discovered (but not yet received) in the Exchange state.

fullAdjacency The neighbouring routers are fully adjacent. These adjacencies will now appear in
router-LSAs and network-LSAs.
796 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/ospf/area[ ]/routers

This attribute displays all routers in the current area.

The routers table contains following elements:

Element Description

routerId This element displays the unique sequence number for the router in this OSPF
autonomous system.

gateway This element displays the IP address of the next interface on the path to reach this
router.

cost This element displays the cost of the route.

routerType This element indicates which type of router is detected.

The routerType structure contains the following elements:
• areaBorder. This element indicates that the detected router is an Area Border
Router (ABR).
• asbr. This element indicates that the detected router is an Autonomous System
Border Router (ASBR).
• virtualLink. This element indicates that the link to the detected router is a virtual
link.
• wildCardMulticast. This element indicates if multicast extensions are supported by
the router.
Telindus 1423 SHDSL Router Chapter 13 797
User manual Status attributes

telindus1423Router/ip/router/ospf/area[ ]/routerLsas

This attribute displays the router-LSAs.

Each router in an area originates router-LSAs. The LSA describes the state and cost of the router's links
(i.e., interfaces) to the area. All of the router's links to the area must be described in a single router-LSA.
The routerLsas table contains following elements:

Element Description

linkStateId This element displays the router's OSPF Router ID.

It displays the portion of the network that is being described by the LSA. The con-
tents of this field depend on the type of LSA.

advRouterId This element displays the router ID of the router that originated the LSA.

age This element displays the time in seconds since the LSA was originated.

sequenceNr This element displays the LS sequence number (successive instances of an LSA
are given successive LS sequence numbers).

options This element indicates if the advertising router supports optional OSPF capabili-
ties. Routers of differing capabilities can be mixed within an OSPF routing domain.
The options structure contains following elements:
• floodExternal. Entire OSPF areas can be configured as "stubs". AS-external-
LSAs will not be flooded into stub areas. This capability is represented by the
element floodExternal.
• multicast. This element indicates whether IP multicast datagrams are forwarded.
• nssa. This element indicates whether the router supports nssa area‘s.
• externalAttributes. This element indicates the router's willingness to receive and
forward external LSAs.
• demandCircuit. This element indicates the router's handling of demand circuits.
• opaque. This element indicates if the router can handle opaque-LSAs.

routerType This element indicates the kind of router link being described. The routerType struc-
ture contains following elements:
• areaBorder. This element indicates a link to an ABR.
• asbr. This element indicates a link to an ASBR.
• virtualLink. This element indicates a virtual link.
• wildCardMulticast. This element indicates a multicast link.

linkNr This element displays the number of router links described in this LSA.

linkId This element identifies the object that this router link connects to. When connecting
to an object that also originates an LSA (i.e., another router or a transit network)
the Link ID is equal to the neighbouring LSAs Link State ID. This provides the key
for looking up the neighbouring LSA in the link state database during the routing
table calculation.
798 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

Element Description

linkData The value of this element depends on the linkType:

• For connections to stub networks, linkData specifies the network's IP address
mask.
• For unnumbered point-to-point connections, it specifies the interface's MIB-II
interface Index value.
• For the other link types it specifies the router interface's IP address.
This latter piece of information is needed during the routing table build process,
when calculating the IP address of the next hop.

linkType This element displays the type of the link. Possible values are:
• pointToPoint. The link is a point-to-point connection.
• transit. The link is a transit connection.
• stub. The link is a connection within a stub area.
• virtualLink. The link is a virtual link.

cost This element displays the cost of this link.

Telindus 1423 SHDSL Router Chapter 13 799
User manual Status attributes

telindus1423Router/ip/router/ospf/area[ ]/networkLsas

This attribute displays the network-LSAs.

A network-LSA is originated for each network in the area which supports two or more routers. The net-
work-LSA is originated by the network's Designated Router. The LSA describes all routers attached to
the network, including the Designated Router itself.
The networkLsas table contains following elements:

Element Description

linkStateId This element displays the IP interface address of the Designated Router.
It displays the portion of the network that is being described by the LSA. The con-
tents of this field depend on the type of LSA.

AdvRouterId This element displays the router ID of the router that originated the LSA.

age This element displays the time in seconds since the LSA was originated.

sequenceNr This element displays the LS sequence number (successive instances of an LSA
are given successive LS sequence numbers).

options This element indicates if the advertising router supports optional OSPF capabili-
ties. Routers of differing capabilities can be mixed within an OSPF routing domain.
The options structure contains the following elements:
• floodExternal. Entire OSPF areas can be configured as "stubs". AS-external-
LSAs will not be flooded into stub areas. This capability is represented by the
element floodExternal.
• multicast. This element indicates whether IP multicast datagrams are forwarded.
• nssa. This element indicates whether the router supports nssa area‘s.
• externalAttributes. This element indicates the router's willingness to receive and
forward external LSAs.
• demandCircuit. This element indicates the router's handling of demand circuits.
• opaque. This element indicates if the router can handle opaque-LSAs.

netMask This element displays the IP address mask for the network.

linkNr This element displays the number of router links described in this LSA.

routerId This element displays the router IDs of each of the routers attached to the network.
Only those routers that are fully adjacent to the Designated Router are listed. The
Designated Router itself is included in this list.
800 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/ospf/area[ ]/summLsas

This attribute displays the Summary-LSAs. Summary-LSAs are originated by area border routers and
describe inter-area destinations.
The summLsas table contains following elements:

Element Description

linkStateId If the destination is an IP network, then the linkStateId element is an IP network

number. If the destination is an AS boundary router, then the linkStateId element is
the AS boundary router's OSPF Router ID.
This element displays the portion of the network that is being described by the
LSA. The contents of this field depend on the type of LSA.

AdvRouterId This element displays the router ID of the router that originated the LSA.

age This element displays the time in seconds since the LSA was originated.

sequenceNr This element displays the LS sequence number (successive instances of an LSA
are given successive LS sequence numbers).

options This element indicates if the advertising router supports optional OSPF capabili-
ties. Routers of differing capabilities can be mixed within an OSPF routing domain.
The options structure contains the following elements:
• floodExternal. Entire OSPF areas can be configured as "stubs". AS-external-
LSAs will not be flooded into stub areas. This capability is represented by the
element floodExternal.
• multicast. This element indicates whether IP multicast datagrams are forwarded.
• nssa. This element indicates whether the router supports nssa area‘s.
• externalAttributes. This element indicates the router's willingness to receive and
forward external LSAs.
• demandCircuit. This element indicates the router's handling of demand circuits.
• opaque. This element indicates if the router can handle opaque-LSAs.

netMask This element displays the IP address mask for the destination network.

cost This element displays the cost of this route.

Telindus 1423 SHDSL Router Chapter 13 801
User manual Status attributes

telindus1423Router/ip/router/ospf/area[ ]/asbrLsas

This attribute displays the ASBR-LSAs.

The asbrLsas table contains following elements:

Element Description

linkStateId This element displays the portion of the network that is being described by the
LSA. The contents of this field depend on the type of LSA.

AdvRouterId This element displays the router ID of the router that originated the LSA.

age This element displays the time in seconds since the LSA was originated.

sequenceNr This element displays the LS sequence number (successive instances of an LSA
are given successive LS sequence numbers).

options This element indicates if the advertising router supports optional OSPF capabili-
ties. Routers of differing capabilities can be mixed within an OSPF routing domain.
The options structure contains the following elements:
• floodExternal. Entire OSPF areas can be configured as "stubs". AS-external-
LSAs will not be flooded into stub areas. This capability is represented by the
element floodExternal.
• multicast. This element indicates whether IP multicast datagrams are forwarded.
• nssa. This element indicates whether the router supports nssa area‘s.
• externalAttributes. This element indicates the router's willingness to receive and
forward external LSAs.
• demandCircuit. This element indicates the router's handling of demand circuits.
• opaque. This element indicates if the router can handle opaque-LSAs.

cost This element displays the cost of this route.

802 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/ospf/area[ ]/nssaLsas

This attribute displays the NSSA-LSAs.

The nssaLsas table contains following elements:

Element Description

linkStateId This element displays the portion of the network that is being described by the
LSA. The contents of this field depend on the type of LSA.

AdvRouterId This element displays the router ID of the router that originated the LSA.

age This element displays the time in seconds since the LSA was originated.

sequenceNr This element displays the LS sequence number (successive instances of an LSA
are given successive LS sequence numbers).

options This element indicates if the advertising router supports optional OSPF capabili-
ties. Routers of differing capabilities can be mixed within an OSPF routing domain.
The options structure contains the following elements:
• floodExternal. Entire OSPF areas can be configured as "stubs". AS-external-
LSAs will not be flooded into stub areas. This capability is represented by the
element floodExternal.
• multicast. This element indicates whether IP multicast datagrams are forwarded.
• nssa. This element indicates whether the router supports nssa area‘s.
• externalAttributes. This element indicates the router's willingness to receive and
forward external LSAs.
• demandCircuit. This element indicates the router's handling of demand circuits.
• opaque. This element indicates if the router can handle opaque-LSAs.

netMask This element displays the IP address mask for the advertised destination.

costType This element displays the type of cost of the external route. Possible values are:
• type1. The type of cost of the external route is type 1.
• type2. The type of cost of the external route is type 2.

cost This element displays the cost of this route.

tag This element displays a 32-bit field attached to each external route. This is not
used by the OSPF protocol itself. It is used to communicate information between
AS boundary routers.

forwardAddress This element displays the address to which data traffic for the advertised destina-
tion is forwarded to.
Telindus 1423 SHDSL Router Chapter 13 803
User manual Status attributes

13.13.6 VRRP status attributes

This section describes the following status attributes:

• telindus1423Router/ip/router/vrrp[ ]/macAddress on page 804
• telindus1423Router/ip/router/vrrp[ ]/interfaces on page 804
• telindus1423Router/ip/router/vrrp[ ]/criticals on page 804
804 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/vrrp[ ]/macAddress

This attribute displays the for VRRP reserved MAC address. The first 5 bytes are fixed (00:00:5e:00:01).
The last byte is the virtual router ID.

telindus1423Router/ip/router/vrrp[ ]/interfaces

This attribute displays the status of the virtual router its interfaces.
The interfaces table contains the following elements:

Element Description

name This element displays the interface name.

priority This element displays the interface priority.

status This element displays the interface status. Possible values are:
• initial: The virtual router interface is in an initial state (e.g. during the master/
backup election process).
• master: The virtual router interface is elected master after the master/backup
election process.
• backup: The virtual router interface is elected backup after the master/backup
election process.
• inactive: The virtual router interface is inactive (e.g. because VRRP is not active).

telindus1423Router/ip/router/vrrp[ ]/criticals

This attribute displays the status of the virtual router interfaces that you defined as critical (refer to
telindus1423Router/ip/router/vrrp[ ]/criticals on page 626).
The criticals table contains the following elements:

Element Description

interface This element displays the name of the critical interface.

status This element displays the operational status (e.g. up, down, etc.) of the critical
interface.
Telindus 1423 SHDSL Router Chapter 13 805
User manual Status attributes

13.13.7 Firewall status attributes

This section describes the following status attributes:

• telindus1423Router/ip/router/firewall/sessions on page 806
• telindus1423Router/ip/router/firewall/reverseSessions on page 806
• telindus1423Router/ip/router/firewall/log on page 807
• telindus1423Router/ip/router/firewall/sNet on page 807
This section describes the following actions:
• telindus1423Router/ip/router/firewall/clearLog on page 807
806 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/ip/router/firewall/sessions

This attribute displays the status of the sessions that are currently going through the firewall.
The sessions table contains the following elements:

Element Description

sNet This element displays the name of the source SNet. I.e. the SNet in which the orig-
inator of the session is located.

policyDirection This element displays the direction of the policy that applies on the session. Pos-
sible values are: inbound or outbound.

sourceIp This element displays the source IP address.

destIp This element displays the destination IP address.

protocol This element displays the protocol that is used. Possible values are: icmp, tcp, udp,
esp, ah, other.

destPort This element displays the destination port number.

bytesTransferred This element displays the number of bytes transferred in this session.

natIp This element displays the IP address of the NAT gateway (if NAT is enabled for
this session).

name This element displays the name of the policy that applies on the session.

telindus1423Router/ip/router/firewall/reverseSessions

This attribute displays the status of the reverse sessions that are currently going through the firewall.
You do not have to set up policies to allow the reverse session (i.e. the return path) of a session that was
initiated. These reverse sessions are set up and allowed automatically.
For example, if you define an outbound policy from the corporate network to the Internet to allow web
browsing (HTTP) and if a HTTP session from the corporate network to the Internet is set up, then a
reverse session from the Internet to the corporate network is set up and allowed automatically.
The reverseSessions table contains the same elements as the sessions table. Refer to telindus1423Router/ip/
router/firewall/sessions on page 806.
Telindus 1423 SHDSL Router Chapter 13 807
User manual Status attributes

telindus1423Router/ip/router/firewall/log

This attribute displays the firewall log.

The sessions table contains the following elements:

Element Description

date This element displays the date and time the event was logged.

sysUpTime This element displays the system-up time at the moment the event was logged.

priority This element displays the priority of the event. Possible values are: debug, info,
notice, warning, error, critical, alert, emergency.

event This element displays a description of the event.

E.g. “access policy not found, dropping packet from corp n/w”.

sourceIp This element displays the source IP address.

destIp This element displays the destination IP address.

sourcePort This element displays the source port number.

destPort This element displays the destination port number.

protocol This element displays the protocol that is used. Possible values are: icmp, tcp, udp,
esp, ah, other.

telindus1423Router/ip/router/firewall/sNet

This attribute displays the SNets that are available (standard and custom). However, it says nothing
about which SNets are actually in use (i.e. assigned to an interface).

telindus1423Router/ip/router/firewall/clearLog

Use this action to clear the log.

808 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.14 Bridge status attributes

This section describes the following status attributes:

• telindus1423Router/bridge/bridgeGroup/ifDescr on page 809
• telindus1423Router/bridge/bridgeGroup/ifType on page 809
• telindus1423Router/bridge/bridgeGroup/ifOperStatus on page 809
• telindus1423Router/bridge/bridgeGroup/ifMtu on page 809
• telindus1423Router/bridge/bridgeGroup/ip on page 809
• telindus1423Router/bridge/bridgeGroup/macAddress on page 809
• telindus1423Router/bridge/bridgeGroup/arpCache on page 810
• telindus1423Router/bridge/bridgeGroup/bridgeCache on page 811
• telindus1423Router/bridge/bridgeGroup/bridging on page 812
• telindus1423Router/bridge/bridgeGroup/spanningTree on page 812
This section describes the following actions:
• telindus1423Router/bridge/bridgeGroup/clearArpCache on page 814
• telindus1423Router/bridge/bridgeGroup/clearBridgeCache on page 814
Telindus 1423 SHDSL Router Chapter 13 809
User manual Status attributes

telindus1423Router/bridge/bridgeGroup/ifDescr

This attribute displays the interface description.

telindus1423Router/bridge/bridgeGroup/ifType

This attribute displays the interface type.

telindus1423Router/bridge/bridgeGroup/ifOperStatus

This attribute displays the current operational status of the bridge group.

telindus1423Router/bridge/bridgeGroup/ifMtu

This attribute displays the interface its Maximum Transfer Unit, i.e. the maximum number of bytes that
one packet can contain on this interface.

telindus1423Router/bridge/bridgeGroup/ip

This attribute displays the IP information of the bridge.

The ip structure contains the following elements:

Element Description

address This is the IP address of the bridge. It is either configured or retrieved automati-
cally.

netMask This is the IP subnet mask of the interface. It is either configured or retrieved auto-
matically.

telindus1423Router/bridge/bridgeGroup/macAddress

This attribute displays the MAC address of the bridge group.

810 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/bridge/bridgeGroup/arpCache

This attribute displays all the MAC address - IP address pairs from ARP requests and replies received
on the LAN interface. Refer to What is the ARP cache? on page 453 for more information.
The arpCache table contains the following elements:

Element Description

macAddress This is the MAC address.

ipAddress This is the associated IP address.

type This is the ARP cache entry type. Possible values are:
• dynamic. The MAC - IP address pair is retrieved from an ARP request or reply
message.
• static. The MAC - IP address pair is configured.
There is only one static entry, i.e. the Telindus 1423 SHDSL Router its own IP
and MAC address.

timeOut This is the time the entry will remain in the ARP cache. For the static entry, this
value is 0.
Telindus 1423 SHDSL Router Chapter 13 811
User manual Status attributes

telindus1423Router/bridge/bridgeGroup/bridgeCache

When a port of the bridge enters the learning state, it stores the MAC addresses of the stations situated
on the network that is connected to this port. The MAC addresses are stored in a MAC address database
or bridge cache. The bridgeCache attribute visualises this address database. Refer to What is the bridge
cache? on page 655 for more information.
The bridgeCache table contains the following elements:

Element Description

interface This is the interface through which the station can be reached.

macAddress This is the MAC address of the station situated on the network connected to the
interface.

type This displays whether the MAC address entry is static or dynamic:
• dynamic. The corresponding MAC address is learned on one of the interfaces.
• static. There are only two static entries:
- the Telindus 1423 SHDSL Router its own MAC address.
- a MAC address used for Spanning Tree.

age This is the elapsed time since a frame was received from the station.

Example

The following figure shows part of a bridge cache table as an example:

812 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/bridge/bridgeGroup/bridging

The bridging attributes or elements in the individual interface objects display the bridging information for
that particular interface. This bridging attribute, however, displays the bridging information of all the
(bridged) interfaces of the Telindus 1423 SHDSL Router.
Refer to telindus1423Router/lanInterface/bridging on page 697 for a detailed description of the bridging structure.
Note however that the bridge group bridging structure contains one extra element: name. This is the name
of the interface as you configured it. Note that the interface can also be a DLCI, an ATM PVC, a tunnel,
etc.

telindus1423Router/bridge/bridgeGroup/spanningTree

This attribute gives you the Spanning Tree status information of the bridge.
The spanningTree structure contains the following elements:

Element Description

designatedPriority Together, these two elements form the unique bridge identifier.

designatedMAC They display the unique bridge identifier of the root bridge as it is indicated in the
root identifier parameter of the Configuration BPDUs. These BPDUs are transmit-
ted by the designated bridge for the LAN that is currently connected to this port.
This bridge identifier is used to test the value of the root identifier parameter con-
veyed in received Configuration BPDUs.

rootPathCost This is the cost of the path from this bridge to the root bridge.
If this bridge is the root bridge, the rootPathCost value equals 0. Else, the rootPathCost
value equals the sum of …
• the path cost as it is up to the designated bridge for the LAN that is currently
connected to this port (this cost is transmitted in Configuration BPDUs by the
designated bridge)
and
• the path cost as it is configured for the root port.
The rootPathCost element is used …
• to test the value of the root path cost parameter conveyed in received Config-
uration BPDUs.
• as the value of the root path cost parameter in transmitted Configuration
BPDUs.

The total cost of the path to the root bridge should not exceed 65500.

rootPort This is the port identifier of the port that offers the lowest cost path to the root.
If two or more ports offer equal least cost paths to the root bridge, then the root port
is selected to be that with the highest designatedPriority (i.e. the lowest numerical
value).
If two or more ports offer equal least cost paths to the root bridge and the same
designatedPriority, then the root port is selected to be that with the highest
designatedPortPriority (i.e. the lowest numerical value).
Telindus 1423 SHDSL Router Chapter 13 813
User manual Status attributes

Element Description

bridgePriority Together, these two attributes form the unique bridge identifier of this bridge.

bridgeMAC

maxAge This is the time-out value to be used by all bridges in the bridged LAN for discard-
ing bridging information.
The maxAge element displays the value as it is set by the root bridge. This informa-
tion is conveyed by the root bridge to ensure that each bridge in the bridged LAN
has a consistent value against which to test the age of stored configuration infor-
mation.

helloTime This is the interval between the generation of Configuration BPDUs by the root
bridge.
The helloTime element displays the value as it is set by the root bridge. This attribute
is not directly used by the Spanning Tree algorithm, but it is conveyed by the root
bridge to facilitate the monitoring of protocol performance by the management sys-
tem.

forwardDelay This is the time-out value to be used by all bridges in the bridged LAN for …
• a bridge port applies to move from listening state to learning state or from learn-
ing state to forwarding state.
• time-out (or ageing) for purging MAC addresses from the bridge cache in case
a topology change is detected.
The forwardDelay element displays the value as it is set by the root bridge. This infor-
mation is conveyed by the root bridge to ensure that each bridge in the bridged
LAN has a consistent value for the forward delay timer.

topologyChange This is a Boolean value (0 or 1) to report …

• for a bridge that is not a root bridge, whether or not the most recently accepted
Configuration BPDU indicates a change in the active topology.
• for the root bridge, whether or not a change in topology has been detected
within the preceding topologyChangeTime period.
The topologyChange element is used to …
• propagate the topology change indication in transmitted Configuration BPDUs.
• determine whether the short (bridgeForwardDelay) or long (bridgeTimeOut) time-out
(or ageing) value is used to purge dynamic MAC addresses from the bridge
cache.

topologyChange- This is a Boolean value (0 or 1) to report that a topology change has been detected
Detection by or notified to the bridge.

topologyChange- This displays the time during which the root bridge transmits Configuration BPDUs
Time indicating a topology change, after it detected this topology change.
The topologyChangeTime element value is equal to the sum of the root bridge its
bridgeMaxAge element value and bridgeForwardDelay element value.
Refer to telindus1423Router/bridge/bridgeGroup/spanningTree on page 656 for more informa-
tion on the latter two elements.
814 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/bridge/bridgeGroup/clearArpCache

Use this action to clear the ARP cache table.

telindus1423Router/bridge/bridgeGroup/clearBridgeCache

Use this action to clear the bridge cache table.

Telindus 1423 SHDSL Router Chapter 13 815
User manual Status attributes

13.15 Management status attributes

This section describes the following status attributes:

• telindus1423Router/management/cms2Address on page 816
• telindus1423Router/management/timeServer on page 816
• telindus1423Router/management/alarmLog on page 816
• telindus1423Router/management/accessLog on page 817
• telindus1423Router/management/loopback/ifDescr on page 819
• telindus1423Router/management/loopback/ifType on page 819
• telindus1423Router/management/loopback/ifOperStatus on page 819
• telindus1423Router/management/loopback/ifMtu on page 819
• telindus1423Router/management/loopback/ipAddress on page 819
• telindus1423Router/management/loopback/mask on page 819
816 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/management/cms2Address

This attribute displays the absolute device address as you configured it.

telindus1423Router/management/timeServer

This attribute displays the status of the SNTP function.

The timeServer structure contains the following elements:

Element Description

state This is the state of the Telindus 1423 SHDSL Router its clock. Possible values are:
• notConfigured. The Telindus 1423 SHDSL Router is not configured for SNTP.
• notSynchronised. The Telindus 1423 SHDSL Router its clock is not synchronised
with the time server.
• synchronised. The Telindus 1423 SHDSL Router its clock is synchronised with
the time server.

connection This is the state of the connection with the time server. Possible values are:
• notConfigured. The Telindus 1423 SHDSL Router is not configured for SNTP.
• notSynchronised. The connection with the time server is not synchronised.
• synchronised. The connection with the time server is synchronised.
• noContact. The connection with the time server is lost.

stratum This is the stratum level of the time server its reference clock. Possible values are:
• 0: unspecified or unavailable
• 1: primary reference (e.g. radio clock)
• 2 - 15: secondary reference (via SNTP)

delay This is the total roundtrip delay of the time server with its reference clock.

telindus1423Router/management/alarmLog

This attribute displays the alarm log. It displays the 32 most recent alarms that occurred on the Telindus
1423 SHDSL Router.
The alarmLog table contains the following elements:

Element Description

timeStamp This is the value of the real time clock at the moment the alarm was generated.

sysUpTime This is the system up-time of the Telindus 1423 SHDSL Router at the moment the
alarm was generated.

totalAlarmLevel This is the total alarm level of the Telindus 1423 SHDSL Router.

alarmLevel This is the alarm level of the alarm.

alarm This is the alarm itself in the format path.alarmName on|off (e.g. telindus1423Router/lanIn-
terface.linkDown on).
Telindus 1423 SHDSL Router Chapter 13 817
User manual Status attributes

telindus1423Router/management/accessLog

This attribute displays the access log. It displays the 32 most recent login events that occurred on the
Telindus 1423 SHDSL Router.
The accessLog table contains the following elements:

Element Description

timeStamp This element displays the value of the real time clock at the moment the access
event occurred.

sysUpTime This element displays the system up-time of the Telindus 1423 SHDSL Router at
the moment the access event occurred.

type This element displays the type of access event. Possible values are:
• login. A successful login was detected.
• loginFailure. A failed login was detected.
• accessFailureOn. The number of failed logins exceeded the access failure thresh-
old within the access failure period. Refer to telindus1423Router/management/login-
Control on page 676.
• accessFailureOff. After an accessFailureOn event was logged, the number of failed
logins dropped below the access failure threshold within the access failure
period. Refer to telindus1423Router/management/loginControl on page 676.

user This element displays the name of the user who caused the access event. If you
entered a …
• password string only in the password element of the security table, then the user
element displays nothing.
• user/password string in the password element of the security table (of the type
"username:password"), then the user element displays the username part of
the user/password string. Also see telindus1423Router/security on page 447.

application This element displays the type of application that caused the access event. Possi-
ble values are:
• cms2. The access event is caused by any maintenance application. For exam-
ple, TMA, TMA CLI, CLI or ATWIN (via a Telnet or terminal session), WebInter-
face, etc.
• ftp. The access event is caused by FTP.
• fileSystem. The access event is caused by any maintenance application access-
ing the file system. For example, FTP, TFTP, TML, etc. when downloading
firmware.
• snmp. The access event is caused by SNMP. Note that since SNMP is not ses-
sion oriented, each successful SNMP request would result in an access event.
So an SNMP walk would result in thousands of access events being logged.
Therefore, in case of SNMP, only the failed requests are logged.
• proxy. The access event is caused by any maintenance application accessing a
CMS device through the Telindus 1423 SHDSL Router (i.e. the Telindus 1423
SHDSL Router acts as proxy). This since the password of the Telindus 1423
SHDSL Router is used to control the access to the CMS devices.
818 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

Element Description

accessRights This element displays the access rights that are associated with the access event.

Note that some applications may cause more than one access event. For example, suppose you access
the Telindus 1423 SHDSL Router with FTP and download a file to the file system. In that case two events
are logged in the accessLog table:
1. One event logging the access of the FTP application to the Telindus 1423 SHDSL Router.
2. One event logging the access of the FTP application to the file system when downloading the file.
Telindus 1423 SHDSL Router Chapter 13 819
User manual Status attributes

telindus1423Router/management/loopback/ifDescr

This attribute displays the interface description.

telindus1423Router/management/loopback/ifType

This attribute displays the interface type.

telindus1423Router/management/loopback/ifOperStatus

This attribute displays the current operational status of the loopback interface.

The loopback interface is always up.

telindus1423Router/management/loopback/ifMtu

This attribute displays the interface its Maximum Transfer Unit, i.e. the maximum number of bytes that
one packet can contain on this interface.

telindus1423Router/management/loopback/ipAddress

This attribute displays the IP address of the loopback interface as you configured it.

telindus1423Router/management/loopback/mask

This attribute displays the subnet mask of the loopback interface as you configured it.
820 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.16 File system status attributes

This section describes the following status attributes:

• telindus1423Router/fileSystem/fileList on page 821
• telindus1423Router/fileSystem/freeSpace on page 821
• telindus1423Router/fileSystem/status on page 821
• telindus1423Router/fileSystem/corruptBlocks on page 821
• telindus1423Router/fileSystem/trustedCertificates on page 822
• telindus1423Router/fileSystem/selfCertificates on page 822
This section describes the following actions:
• telindus1423Router/fileSystem/Delete File on page 823
• telindus1423Router/fileSystem/Rename File on page 823
• telindus1423Router/fileSystem/loadTrustedCertificate on page 823
• telindus1423Router/fileSystem/generateSelfCertificateRequest on page 824
• telindus1423Router/fileSystem/loadSelfCertificate on page 825
• telindus1423Router/fileSystem/getTrustedCertificateScep on page 826
• telindus1423Router/fileSystem/getSelfCertificateScep on page 827
• telindus1423Router/fileSystem/getCrlScep on page 829
• telindus1423Router/fileSystem/saveCertificates on page 829
Telindus 1423 SHDSL Router Chapter 13 821
User manual Status attributes

telindus1423Router/fileSystem/fileList

Part of the flash memory of the Telindus 1423 SHDSL Router is organised as a file system and a number
of files are stored in it. The fileList attribute shows all the files that are present on the file system. Usually,
the following files are present:
• The configuration file of the Telindus 1423 SHDSL Router (file config1.db).
• Up to two application software files of the Telindus 1423 SHDSL Router (files CONTROL1 and CON-
TROL 2).

The fileList table contains the following elements:

Element Description

name This is the filename. Maximum length of the filename is 24 characters. All charac-
ters are allowed (including spaces). The filename is case sensitive.

length This is the length of the file in bytes.

telindus1423Router/fileSystem/freeSpace

This attribute displays the number of free bytes on the file system.

telindus1423Router/fileSystem/status

This attribute displays the status of the file system. Possible values are:

Value Description

ready Normal situation.

formatting The file system is being formatted. This can be triggered when the file system is
found to be corrupt at boot.

corrupt The file system is in a state were no guarantee can be given about the correct
operation of the file system. The file system will be formatted at the following boot.

corruptBlocks A certain block can not be erased.

telindus1423Router/fileSystem/corruptBlocks

The file system of the Telindus 1423 SHDSL Router consists of several blocks. When a block can not
be erased, the corruptBlocks count is incremented. This block can no longer be used to store data.
822 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/fileSystem/trustedCertificates

This attribute displays the trusted certificates that are currently loaded.
The trustedCertificates table contains the following elements:

Element Description

name This element displays the certificate name. Possible values are: ca-0, ca-1, ca-2.

expiry This element displays when the certificate expires.

issuer This element displays who issued the certificate.

subject This element displays the subject information of the certificate. In case of a trusted
certificate this is information of the CA.

telindus1423Router/fileSystem/selfCertificates

This attribute displays the signed self-certificates that are currently loaded.
The selfCertificates table contains the following elements:

Element Description

name This element displays the certificate name. In this case, this is the same string as
entered in the privateKeyName element of the loadSelfCert action.

expiry This element displays when the certificate expires.

issuer This element displays who issued the certificate.

subject This element displays subject information of the certificate. In case of a self-certif-
icate this is information of the device (e.g. the IP address).
Telindus 1423 SHDSL Router Chapter 13 823
User manual Status attributes

telindus1423Router/fileSystem/Delete File

Use this action to remove obsolete files from the file system. You have to enter the filename you want to
delete as argument value.

Filenames are case sensitive!

telindus1423Router/fileSystem/Rename File

Use this action to rename a file on the file system. You have to enter the old and new filename in a struc-
ture.

Filenames are case sensitive!

telindus1423Router/fileSystem/loadTrustedCertificate

This action is used in the procedure where security certificates are obtained and loaded manually in
order to set up an L2TP tunnel secured with IPSEC using an IKE certificate SA. Refer to 10.6.3 - Setting
up an IPSEC secured L2TP tunnel using a manual SA on page 342.
Use this action to load the trusted certificate you obtained from your Certificate Authority (CA) into the
memory of the Telindus 1423 SHDSL Router. Enter the filename of the trusted certificate as argument
value and execute the action.

• The trusted certificate file has to be present on the file system of the Telindus 1423 SHDSL Router.
• The filename is case sensitive.
• The saveCerts action has to be executed after the loadTrustedCert action so that the trusted certificate is
also loaded every time the Telindus 1423 SHDSL Router reboots.
824 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/fileSystem/generateSelfCertificateRequest

This action is used in the procedure where security certificates are obtained and loaded manually in
order to set up an L2TP tunnel secured with IPSEC using an IKE certificate SA. Refer to 10.6.3 - Setting
up an IPSEC secured L2TP tunnel using a manual SA on page 342.
Use this action to create a request for a signed self-certificate. Then this request has to be submitted to
your Certificate Authority (CA) which signs it and returns a signed self-certificate. Fill in the elements in
the argument value structure and execute the action.
The argument value structure of the generateCertReq action contains the following elements:

Element Description

fileName Use this element to specify the name of the self-certif- Default:<empty>
icate request file. Range: 0 … 24 characters
After you filled in all the elements and executed the generateCertReq action, a file is
written to the file system of the Telindus 1423 SHDSL Router. The name of this file
is the name you specified using the fileName element.

type Use this element to set the authentication algorithm. Default:rsa-md5

The type element has the following values: rsa-md5, rsa- Range: enumerated, see below
sha1, dss-sha1.

subjectName Use this element to specify the subject name. Default:<empty>

Range: 0 … 24 characters

privateKeyName Use this element to specify the name of the private Default:<empty>
key. Range: 0 … 8 characters
Remember the private key name. You need it to load the associated signed self-
certificate into the memory of the Telindus 1423 SHDSL Router. Refer to
telindus1423Router/fileSystem/loadSelfCertificate on page 825.

ipAddress Use this element to specify the IP address that will be Default:0.0.0.0
used in the self-certificate. This is then used for Range: up to 255.255.255.255
authentication purposes.

hostname Use this element to specify the hostname that will be Default:<empty>
used in the self-certificate. This is then used for Range: 0 … 32 characters
authentication purposes.
The hostname has to be of the form “host.domain.com”.

user Use this element to specify the username that will be Default:<empty>
used in the self-certificate. This is then used for Range: 0 … 32 characters
authentication purposes.
The username has to be of the form “[email protected]”.

keyLength Use this element to specify the length of the public/pri- Default:512
vate keys. Note that the longer the key length, the Range: 512 / 1024 / 2048
longer it takes to generate the keys.
Telindus 1423 SHDSL Router Chapter 13 825
User manual Status attributes

telindus1423Router/fileSystem/loadSelfCertificate

This action is used in the procedure where security certificates are obtained and loaded manually in
order to set up an L2TP tunnel secured with IPSEC using an IKE certificate SA. Refer to 10.6.3 - Setting
up an IPSEC secured L2TP tunnel using a manual SA on page 342.
Use this action to load the signed self-certificate you first submitted and then retrieved from your Certif-
icate Authority (CA) into the memory of the Telindus 1423 SHDSL Router. Fill in the elements in the argu-
ment value structure and execute the action.
The argument value structure of the loadSelfCert action contains the following elements:

Element Description

fileName Use this element to specify the name of the signed Default:<empty>
self-certificate file. Range: 0 … 24 characters

privateKeyName Use this element to specify the name of the private Default:<empty>
key. Range: 0 … 8 characters
This has to be exact the same name as you specified in the privateKeyName element
of the generateCertReq action. Refer to telindus1423Router/fileSystem/generateSelfCertifica-
teRequest on page 824.

• The signed self-certificate file has to be present on the file system of the Telindus 1423 SHDSL
Router.
• The filename is case sensitive.
• The saveCerts action has to be executed after the loadSelfCert action so that the signed self-certificate
is also loaded every time the Telindus 1423 SHDSL Router reboots.
826 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

telindus1423Router/fileSystem/getTrustedCertificateScep

This action is used in the procedure where security certificates are obtained and loaded through SCEP
in order to set up an L2TP tunnel secured with IPSEC using an IKE certificate SA. Refer to 10.6.3 - Set-
ting up an IPSEC secured L2TP tunnel using a manual SA on page 342.
Use this action to obtain and load the trusted certificate from a SCEP server. Fill in the elements in the
argument value structure and execute the action.
The argument value structure of the getTrustedCertScep action contains the following elements:

Element Description

server Use this element to specify the IP address of the Default:0.0.0.0

SCEP server. Range: up to 255.255.255.255
Together with the url element this makes up the complete path to which the SCEP
requests are submitted.

url Use this element to specify the URL to which the Default:<empty>
SCEP requests have to be submitted. Range: 0 … 40 characters
Together with the server element this makes up the complete path to which the
SCEP requests are submitted. Consult the manual of your SCEP server to find out
which URL you have to specify.

Example

Suppose you set the server element to 172.31.127.6 and the url element to certsrv/
mscep/mscep.dll, then the SCEP requests are submitted to http://172.31.127.6/certsrv/
mscep/mscep.dll.

caName Use this element to set the name of the CA. Default:<empty>
This element is more for information purposes. It may Range: 0 … 20 characters
be omitted.

port Use this element to set the port on which the SCEP Default:<opt>
requests are sent. By default, this is port 80. Range: 1 … 65535

The saveCerts action has to be executed after the getTrustedCertScep action so that the trusted certificate is
also loaded every time the Telindus 1423 SHDSL Router reboots.
Telindus 1423 SHDSL Router Chapter 13 827
User manual Status attributes

telindus1423Router/fileSystem/getSelfCertificateScep

This action is used in the procedure where security certificates are obtained and loaded through SCEP
in order to set up an L2TP tunnel secured with IPSEC using an IKE certificate SA. Refer to 10.6.3 - Set-
ting up an IPSEC secured L2TP tunnel using a manual SA on page 342.
Use this action to obtain and load the self-certificate from a SCEP server. Fill in the elements in the argu-
ment value structure and execute the action.
The argument value structure of the getSelfCertScep action contains the following elements:

Element Description

server Use this element to specify the IP address of the Default:0.0.0.0

SCEP server. Range: up to 255.255.255.255
Together with the url element this makes up the complete path to which the SCEP
requests are submitted.

url Use this element to specify the URL to which the Default:<empty>
SCEP requests have to be submitted. Range: 0 … 40 characters
Together with the server element this makes up the complete path to which the
SCEP requests are submitted.

Example

Suppose you set the server element to 172.31.127.6 and the url element to certsrv/
mscep/mscep.dll, then the SCEP requests are submitted to http://172.31.127.6/certsrv/
mscep/mscep.dll.

type Use this element to set the authentication algorithm. Default:rsa-md5

Range: rsa-md5 / rsa-sha1

subjectName Use this element to specify the subject name. Default:<empty>

Range: 0 … 20 characters

challenge Use this element to specify the challenge phrase. Default:<empty>

When installing a SCEP server, you usually have the Range: 0 … 20 characters
possibility to specify a challenge phrase. If you specify a challenge phrase on the
SCEP server, then also enter this phrase in the challenge element. If you do not
specify a challenge phrase, then any user can enrol for a certificate.

caName Use this element to select a certificate. Default:ca-0

Range: ca-0 / ca-1 / ca-2

privateKeyName Use this element to specify the name of the private Default:<empty>
key. Range: 0 … 8 characters

ipAddress Use this element to specify the IP address that will be Default:0.0.0.0
used in the self-certificate. This is then used for Range: up to 255.255.255.255
authentication purposes.
828 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

Element Description

hostname Use this element to specify the hostname that will be Default:<empty>
used in the self-certificate. This is then used for Range: 0 … 32 characters
authentication purposes.
The hostname has to be of the form “host.domain.com”.

user Use this element to specify the username that will be Default:<empty>
used in the self-certificate. This is then used for Range: 0 … 32 characters
authentication purposes.
The username has to be of the form “[email protected]”.

port Use this element to set the port on which the SCEP Default:<opt>
requests are sent. By default, this is port 80. Range: 1 … 65535

keyLength Use this element to specify the length of the public/pri- Default:512
vate keys. Note that the longer the key length, the Range: 512 / 1024 / 2048
longer it takes to generate the keys.

The saveCerts action has to be executed after the getSelfCertScep action so that the signed self-certificate
is also loaded every time the Telindus 1423 SHDSL Router reboots.
Telindus 1423 SHDSL Router Chapter 13 829
User manual Status attributes

telindus1423Router/fileSystem/getCrlScep

Use this action to get the Certificate Revocation List (CRL). A CRL is a list of certificates that have been
revoked before their scheduled expiration date. Fill in the elements in the argument value structure and
execute the action.
The argument value structure of the getCertRevListScep action contains the following elements:

Element Description

server Use this element to specify the IP address of the Default:0.0.0.0

SCEP server. Range: up to 255.255.255.255
Together with the url element this makes up the complete path to which the SCEP
requests are submitted.

url Use this element to specify the URL to which the Default:<empty>
SCEP requests have to be submitted. Range: 0 … 40 characters
Together with the server element this makes up the complete path to which the
SCEP requests are submitted.

Example

Suppose you set the server element to 172.31.127.6 and the url element to certsrv/
mscep/mscep.dll, then the SCEP requests are submitted to http://172.31.127.6/certsrv/
mscep/mscep.dll.

caName Use this element to select a certificate. Default:ca-0

Range: ca-0 / ca-1 / ca-2

port Use this element to set the port on which the SCEP Default:<opt>
requests are sent. By default, this is port 80. Range: 1 … 65535

telindus1423Router/fileSystem/saveCertificates

This action is used in the procedure where security certificates are obtained and loaded in order to set
up an L2TP tunnel secured with IPSEC using an IKE certificate SA. Refer to 10.6.3 - Setting up an IPSEC
secured L2TP tunnel using a manual SA on page 342.
Use this action to save the trusted certificate and the signed self-certificate that were either obtained and
loaded manually or by using SCEP. Saving the certificates ensures that they are loaded every time the
Telindus 1423 SHDSL Router reboots.
830 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes

13.17 Operating system status attributes

This section describes the following status attributes:

• telindus1423Router/operatingSystem/taskInfo on page 831
Telindus 1423 SHDSL Router Chapter 13 831
User manual Status attributes

telindus1423Router/operatingSystem/taskInfo

This attribute displays status information about the operating system.

The taskInfo table contains the following elements:

Element Description

taskName This is the name of the task.

taskStatus This is the current status of the task. Possible values are:
• awake. This task is actually running.
• asleep. This task is waiting on an event.
• inactive. This task slot is not active, i.e. no task has been assigned to this slot.

load30s This is the load on the processor, in percent, during the last 30 seconds.

load5m This is the load on the processor, in percent, during the last 5 minutes.

runningInMedium Each task can be running with a low, medium or high priority. This element gives
the percentage of time this task has been running with medium priority during the
last 30 seconds.

runningInHigh Each task can be running with a low, medium or high priority. This element gives
the percentage of time this task has been running with high priority during the last
30 seconds.
The percentage of time this task has been running with low priority can be calcu-
lated using the following formula:
running in low priority = 100% - runningInMedium - runningInHigh

programCounter This is the current value of the program counter. The program counter is the mem-
ory address for the current instruction of this task.
832 Telindus 1423 SHDSL Router Chapter 13
User manual Status attributes
Telindus 1423 SHDSL Router Chapter 14 833
User manual Performance attributes

14 Performance attributes
This chapter discusses the performance attributes of the Telindus 1423 SHDSL Router. The following
gives an overview of this chapter:
• 14.1 - Performance attributes overview on page 834
• 14.2 - General performance attributes on page 841
• 14.3 - LAN interface performance attributes on page 843
• 14.4 - WAN interface performance attributes on page 848
• 14.5 - Encapsulation performance attributes on page 849
• 14.6 - SHDSL line performance attributes on page 862
• 14.7 - End and repeater performance attributes on page 866
• 14.8 - BRI performance attributes on page 867
• 14.9 - AUX performance attributes on page 872
• 14.10 - Dial maps performance attributes on page 873
• 14.11 - Bundle performance attributes on page 875
• 14.12 - Router performance attributes on page 878
• 14.13 - IP traffic policy performance attributes on page 900
• 14.14 - Bridge performance attributes on page 902
• 14.15 - Management performance attributes on page 908
• 14.16 - Operating system performance attributes on page 911
834 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.1 Performance attributes overview

> telindus1423Router
Action: resetAllCounters

>> lanInterface
ifInOctets
ifInUcastPkts
ifInNUcastPkts
ifInDiscards
ifInErrors
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts
ifOutDiscards
ifOutErrors
ifOutQLen
h2Performance
h24Performance
ifOutPQLen
ifDropLevelExceeded
vlan
mibCounters1
Action: resetCounters

>> wanInterface
ifInOctets
ifInUcastPkts
ifInNUcastPkts
ifInDiscards
ifInErrors
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts
ifOutDiscards
ifOutErrors
ifOutQLen
ifOutPQLen
ifDropLevelExceeded
h2Performance
h24Performance
Action: resetCounters

1. Only present on the 4 port LAN interface.

Telindus 1423 SHDSL Router Chapter 14 835
User manual Performance attributes

>>> atm
pvcTable
unknownCells
vp
Action: resetCounters

>>> frameRelay
dlciTable
lmi
cllmInFrames
Action: resetCounters

>>> errorTest
status
duration
ifUpTime
ifDownCount
rxBitErrors
rxBlockErrors
rxBlocks
rxAllOneBlocks
rxAllZeroBlocks
rxPatternSlip
rxShiftCount
rxSyncLoss
txBlocks
txInjectErrors
Action: startTest
Action: stopTest
Action: injectError
Action: clearCounters

>>> line
h2Line
h24Line
d7Line
line
Action: retrain
Action: resetCounters

>>>> linePair[ ]
h2LineParameters
h2Performance
h24LineParameters
h24Performance
d7LineParameters
d7Performance
lineParameters
performance
Action: resetCounters
836 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

>>> repeater[ ]

>>>> networkLinePair[ ]
h2LineParameters
h2Performance
h24LineParameters
h24Performance
d7LineParameters
d7Performance
lineParameters
performance
Action: resetCounters

>>>> customerLinePair[ ]
h2LineParameters
h2Performance
h24LineParameters
h24Performance
d7LineParameters
d7Performance
lineParameters
performance
Action: resetCounters

>>> end

>>>> linePair[ ]
h2LineParameters
h2Performance
h24LineParameters
h24Performance
d7LineParameters
d7Performance
lineParameters
performance
Action: resetCounters

>> bri[1]2
h2DialupStats
h24DialupStats
d7DialupStats
Action: resetCounters

2. Only present on the Telindus 1423 SHDSL Router ISDN version.

Telindus 1423 SHDSL Router Chapter 14 837
User manual Performance attributes

>>> bChannel[1]
ifInOctets
ifInUcastPkts
ifInNUcastPkts
ifInDiscards
ifInErrors
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts
ifOutDiscards
ifOutErrors
ifOutQLen
ifOutPQLen
ifDropLevelExceeded
h2Performance
h24Performance
Action: resetCounters

>>> bChannel[2]
<Contains the same attributes as the bChannel[1] object.>

>> bri[2]2
<Contains the same attributes as the bri[1] object.>

>> dialMaps2
mapping
Action: resetCounters

>> profiles

>>> policy

>>>> traffic

>>>>> ipTrafficPolicy[ ]
discards
trafficShaping
Action: resetCounters
838 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

>> bundle

>>> pppBundle[ ]3
ifInOctets
ifInUcastPkts
ifInNUcastPkts
ifInDiscards
ifInErrors
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts
ifOutDiscards
ifOutErrors
ifOutQLen
h2Performance
h24Performance
multiclassinterfaces
Action: resetCounters

>>> isdnBundle[ ]4
ifInOctets
ifInUcastPkts
ifInNUcastPkts
ifInDiscards
ifInErrors
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts
ifOutDiscards
ifOutErrors
ifOutQLen
h2Performance
h24Performance
Action: resetCounters

3. This is the PPP bundle in case of MLPPP on the WAN interface.

4. This is the PPP bundle in case of MLPPP on the ISDN interfaces.
Telindus 1423 SHDSL Router Chapter 14 839
User manual Performance attributes

>> router
routingTable
radiusAuth
radiusAcct
pingResults
tracertResults
Action: startPing
Action: stopPing
Action: startTracert
Action: stopTracert
Action: clearTracert
Action: resetCounters

>>> defaultNat
socketsFree
allocFails
discards
addressesAvailable
tcpSocketsUsed
udpSocketsUsed
icmpSocketsUsed
tcpAllocs
udpAllocs
icmpAllocs
Action: reset
Action: resetCounters

>>> tunnels
l2tpTunnels
ipsecL2tpTunnels
Action: resetCounters

>>> manualSA[ ]
inPackets
outPackets
espAuthenticationFailure
espDecryptionFailure
espSequenceNrReplay
espDroppedFrames
Action: resetCounters

>>> ikeSA[ ]
phase2Negotiations
phase2Sessions
Action: resetCounters
840 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

>>> firewall
h24General
d7General
h24Attack
d7Attack
Action: resetCounters

>> bridge

>>> bridgeGroup
bridgeCache
bridgeDiscards
bridgeFloods
multiVlans
Action: resetCounters

>>> accessList[ ]
bridgeAccessList
Action: resetCounters

>> management
cms2SessionCount
tftpSessionCount
cliSessionCount
tcpSessionCount
ipStackEvents
Action: resetCounters

>> operatingSystem
currUsedProcPower
usedProcPower
freeDataBuffers
totalDataBuffers
largestFreeBlockSize
freeBlockCount
freeMemory
totalMemory
taskInfo
Action: resetCounters
Telindus 1423 SHDSL Router Chapter 14 841
User manual Performance attributes

14.2 General performance attributes

There are no general performance attributes. However, there is one general performance action:
• telindus1423Router/resetAllCounters on page 842
842 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/resetAllCounters

Use this action to reset all counters in all objects in the containment tree of the Telindus 1423 SHDSL
Router.
You can also reset the counters per object. To do so, use the resetCounters action located in the corre-
sponding object.
Telindus 1423 SHDSL Router Chapter 14 843
User manual Performance attributes

14.3 LAN interface performance attributes

This section describes the following performance attributes:

• telindus1423Router/lanInterface/ifInOctets on page 844
• telindus1423Router/lanInterface/ifInUcastPkts on page 844
• telindus1423Router/lanInterface/ifInNUcastPkts on page 844
• telindus1423Router/lanInterface/ifInDiscards on page 844
• telindus1423Router/lanInterface/ifInErrors on page 844
• telindus1423Router/lanInterface/ifInUnknownProtos on page 844
• telindus1423Router/lanInterface/ifOutOctets on page 845
• telindus1423Router/lanInterface/ifOutUcastPkts on page 845
• telindus1423Router/lanInterface/ifOutNUcastPkts on page 845
• telindus1423Router/lanInterface/ifOutDiscards on page 845
• telindus1423Router/lanInterface/ifOutErrors on page 845
• telindus1423Router/lanInterface/ifOutQLen on page 845
• telindus1423Router/lanInterface/h2Performance on page 846
• telindus1423Router/lanInterface/h24Performance on page 846
• telindus1423Router/lanInterface/ifOutPQLen on page 846
• telindus1423Router/lanInterface/ifDropLevelExceeded on page 846
• telindus1423Router/lanInterface/vlan on page 847
• telindus1423Router/lanInterface/mibCounters on page 847
844 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/lanInterface/ifInOctets

This attribute displays the number of octets (bytes) received on this interface.

telindus1423Router/lanInterface/ifInUcastPkts

This attribute displays the number of unicast packets received on this interface and delivered to a higher-
layer protocol. Unicast packets are all non-multicast and non-broadcast packets.

telindus1423Router/lanInterface/ifInNUcastPkts

This attribute displays the number of non-unicast packets received on this interface and delivered to a
higher-layer protocol. Non-unicast packets are all the multicast and broadcast packets.

telindus1423Router/lanInterface/ifInDiscards

This attribute displays the number of incoming packets that were discarded, to prevent their deliverance
to a higher-layer protocol. This even though no errors were detected in these packets.

telindus1423Router/lanInterface/ifInErrors

This attribute displays the number of incoming packets that could not be delivered to a higher-layer pro-
tocol because they contained errors.

telindus1423Router/lanInterface/ifInUnknownProtos

This attribute displays the number of incoming packets that were discarded because they contained an
unknown or unsupported protocol.
Telindus 1423 SHDSL Router Chapter 14 845
User manual Performance attributes

telindus1423Router/lanInterface/ifOutOctets

This attribute displays the total number of octets (bytes) transmitted by the interface, including framing
characters.

telindus1423Router/lanInterface/ifOutUcastPkts

This attribute displays the total number of packets that higher-level protocols requested to be transmitted
to a unicast address, including those that were discarded or not sent.

telindus1423Router/lanInterface/ifOutNUcastPkts

This attribute displays the number of non-unicast packets that higher-level protocols requested to be
transmitted to a non-unicast (i.e. a broadcast or multicast) address, including those that were discarded
or not sent.

telindus1423Router/lanInterface/ifOutDiscards

This attribute displays the number of outgoing packets that were discarded, to prevent they are transmit-
ted by the interface. This could be due to, for instance, the presence of an access list.

telindus1423Router/lanInterface/ifOutErrors

This attribute displays the number of outgoing packets that could not be transmitted by the interface
because they contained errors. On the LAN interface ifOutErrors are also generated in case of extensive
collisions.

telindus1423Router/lanInterface/ifOutQLen

This attribute displays the length, expressed in packets, of the output packet queue on the interface.
846 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/lanInterface/h2Performance

This attribute displays the 2 hours performance summary of the LAN interface.
The h2Performance table contains the following elements:

Element For the corresponding period, this element displays …

sysUpTime the elapsed time since the last cold boot.

ifUpTime the time during which the interface was up.

ifStatusChanges the number of times the ifOperStatus value of the interface changed (from up to down
or vice versa).

ifInOctets the number of octets (bytes) received on this interface.

ifInPackets the number of packets received on this interface.

ifInErrors the number of packets received on this interface that could not be delivered to a
higher-layer protocol because they contained errors.

ifOutOctets the number of octets (bytes) transmitted by the interface, including framing char-
acters.

ifOutPackets the number of packets transmitted by the interface.

ifOutDiscards the number of outgoing packets that were discarded, to prevent they were trans-
mitted by the interface. This could be due to, for instance, the presence of an
access list.

ifOutErrors the number of packets that could not be transmitted by the interface because they
contained errors.

telindus1423Router/lanInterface/h24Performance

This attribute displays the 24 hours performance summary of the LAN interface. The h24Performance table
contains the same elements as the telindus1423Router/lanInterface/h2Performance table.

telindus1423Router/lanInterface/ifOutPQLen

In case an overload condition occurs and priority queuing is activated, then this attribute displays how
many packets the different queues contain.
Refer to 8.8.1 - Introducing traffic and priority policy on page 238 for more information on the priority
queues.

telindus1423Router/lanInterface/ifDropLevelExceeded

This attribute displays how many times the drop levels of the user configurable queues have been
exceeded (and hence packets have been dropped).
Refer to telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/dropLevels on page 537 for more information on the
drop levels.
Telindus 1423 SHDSL Router Chapter 14 847
User manual Performance attributes

telindus1423Router/lanInterface/vlan

This attribute displays the SNMP MIB2 performance parameters of the VLANs that are present on the
LAN interface.
The vlan table contains the following elements:

Element Description

name This element displays the name of the VLAN as you configured it.

vlan This element displays the VLAN ID.

mibCounters This element displays the SNMP MIB2 performance parameters of the VLAN.
Refer to 14.3 - LAN interface performance attributes on page 843 for an explana-
tion of the individual SNMP MIB2 performance parameters.

telindus1423Router/lanInterface/mibCounters

Only present on the 4 port Ethernet LAN interface.

Whereas the previous performance attributes show the SNMP MIB2 performance parameters of the
complete 4 port Ethernet interface, this attribute displays the SNMP MIB2 performance parameters for
each port (including the local port, refer to What is the 4 port Ethernet switch? on page 317).
848 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.4 WAN interface performance attributes

All performance attributes of the WAN interface are the same as on the LAN interface. Therefore, they
are not explained here again. Refer to 14.3 - LAN interface performance attributes on page 843 for a
complete description of these attributes.
Telindus 1423 SHDSL Router Chapter 14 849
User manual Performance attributes

14.5 Encapsulation performance attributes

This section discusses the performance attributes of the encapsulation protocols that can be used on
the Telindus 1423 SHDSL Router.

Note that these encapsulation protocols cannot only be used on the xDSL line but, if your Telindus 1423
SHDSL Router is equipped with (an) ISDN interface(s), also on the ISDN interface(s).
The protocols Frame Relay, PPP and HDLC are only relevant for TDM operation.
Refer to 1.3 - Telindus 1423 SHDSL Router family overview on page 7 for more information about which
protocols are available on which Telindus 1423 SHDSL Router version.

The following gives an overview of this section:

• 14.5.1 - ATM performance attributes on page 850
• 14.5.2 - Frame Relay performance attributes on page 855
• 14.5.3 - Error test performance attributes on page 859
850 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.5.1 ATM performance attributes

This section describes the following performance attributes:

• telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable on page 851
• telindus1423Router/wanInterface/channel[wan_1]/atm/unknownCells on page 854
• telindus1423Router/wanInterface/channel[wan_1]/atm/vp on page 854
Telindus 1423 SHDSL Router Chapter 14 851
User manual Performance attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable

This attribute lists the complete performance information of all known PVCs.
The pvcTable table contains the following elements:

Element Description

name This is the name of the PVC as you configured it.

mibCounters This displays the SNMP MIB2 parameters of the PVC.

These are the same as the SNMP MIB2 parameters on the LAN interface. Refer
to 14.3 - LAN interface performance attributes on page 843.

priorityQLengths In case an overload condition occurs and priority queuing is activated, then this
elements displays how many packets the different queues contain.
Refer to 8.8.1 - Introducing traffic and priority policy on page 238 for more informa-
tion on the priority queues.

atm This displays the specific ATM related performance information of the PVC.
Refer to telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm on page 852 for a
detailed description of the atm structure
852 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/pvcTable/atm

The atm structure in the pvcTable displays the specific ATM related performance information of the PVC.
The atm structure contains the following elements:

Element Description

vpi This displays the Virtual Path Identifier (VPI).

vci This displays the Virtual Channel Identifier (VCI).

The VPI in conjunction with the VCI identifies the next destination of a cell as it
passes through a series of ATM switches on the way to its destination.

oamF5 This displays the performance information of the OAM F5 loopback cells.
The oamF5 structure contains the following elements:
• rxLoopback. This displays the number of received loopback cells.
• txLoopback. This displays the number of transmitted loopback cells.
• rxCC. This displays the number of received continuity check cells.
• txCC. This displays the number of transmitted continuity check cells.
• rxAD. This displays the number of received and accepted continuity check acti-
vator/deactivator cells.
• rxADdrop. This displays the number of received continuity check activator/deac-
tivator cells that were dropped (e.g. because the correlation tag was wrong).
• txAD. This displays the number of transmitted continuity check activator/deacti-
vator cells.
• rxSegAis. This displays the number of received segment Alarm Indication Sig-
nals.
• txSegAis. This displays the number of transmitted segment Alarm Indication Sig-
nals.
• rxSegRdi. This displays the number of received segment Remote Defect Indica-
tions.
• txSegRdi. This displays the number of transmitted segment Remote Defect Indi-
cations.
• rxEteAis. This displays the number of received end-to-end Alarm Indication Sig-
nals.
• txEteAis. This displays the number of transmitted end-to-end Alarm Indication
Signals.
• rxEteRdi. This displays the number of received end-to-end Remote Defect Indi-
cations.
• txEteRdi. This displays the number of transmitted end-to-end Remote Defect
Indications.
Telindus 1423 SHDSL Router Chapter 14 853
User manual Performance attributes

Element Description

What is OAM segment/end-to-end VP/VC AIS and RDI?

OAM VP/VC AIS (Alarm Indication Signal) and RDI (Remote Defect Indication) are
cells that are used for identifying and reporting VP/VC defects on a segment/end-
to-end level. When a physical link or interface failure occurs, intermediate nodes
insert AIS cells into all the downstream VP/VCs affected by the failure. Upon
receiving an AIS cell on a VP/VC, the router marks the logical interface down and
sends an RDI cell on the same VP/VC to let the remote end know the error status.
When an RDI cell is received on a VP/VC, the router sets the logical interface sta-
tus to down.
854 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/wanInterface/channel[wan_1]/atm/unknownCells

This attribute displays the number of received cells that are not in-band for a certain PVC.

Example

Suppose router A sends OAM F4 loopback cells on VPI 5. On router B no VPI 5 is configured or no OAM
F4 loopback cells are configured for VPI 5. In that case, the unknownCells value on router B will increase.

telindus1423Router/wanInterface/channel[wan_1]/atm/vp

Whereas the atm structure in the pvcTable displays the OAM F5 loopback cell performance information for
each Virtual Channel, the vp table displays the OAM F4 loopback cell performance information of a com-
plete Virtual Path.
The vp table contains the following elements:

Element Description

vpi This is the Virtual Path Identifier (VPI).

oamF4 This displays the performance information of the OAM F4 loopback cells.
The oamF4 structure contains the following elements:
• rxLoopback. This displays the number of received OAM F4 loopback cells.
• txLoopback. This displays the number of transmitted OAM F4 loopback cells.
Telindus 1423 SHDSL Router Chapter 14 855
User manual Performance attributes

14.5.2 Frame Relay performance attributes

This section describes the following performance attributes:

• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable on page 856
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/lmi on page 858
• telindus1423Router/wanInterface/channel[wan_1]/frameRelay/cllmInFrames on page 858
856 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable

This attribute lists the complete performance information of all known DLCIs.
The dlciTable table contains the following elements:

Element Description

name This is the name of the DLCI as you configured it.

mibCounters This displays the SNMP MIB2 parameters of the DLCI.

These are the same as the SNMP MIB2 parameters on the LAN interface. Refer
to 14.3 - LAN interface performance attributes on page 843.

frameRelay This displays the specific Frame Relay related performance information of the
DLCI.
Refer to telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable/frameRelay on
page 857 for a detailed description of the frameRelay structure.
Telindus 1423 SHDSL Router Chapter 14 857
User manual Performance attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/dlciTable/frameRelay

The frameRelay structure in the dlciTable displays the specific Frame Relay related performance information
of the DLCI.
The frameRelay structure contains the following elements:

Element Description

dlci This is the DLCI identification number.

inFecn This is the number of frames received from the network indicating forward conges-
tion and this since the virtual circuit was created.

inBecn This is the number of frames received from the network indicating backward con-
gestion and this since the virtual circuit was created.

inDe This is the number of frames received with the Discard Eligibility bit set.

inOctets This is the number of octets received over this virtual circuit since it was created.

inFrames This is the number of frames received over this virtual circuit since it was created.

outFecn This is the number of frames sent to the network indicating forward congestion and
this since the virtual circuit was created.

outBecn This is the number of frames sent to the network indicating backward congestion
and this since the virtual circuit was created.

outDe This is the number of frames sent to the network with the Discard Eligibility bit set.

outOctets This is the number of octets sent over this virtual circuit since it was created.

outFrames This is the number of frames sent over this virtual circuit since it was created.
858 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/lmi

This attribute gives a complete LMI performance overview.

The lmi structure contains the following elements:

Element Description

inStatusEnquiry This is the number of Status Enquiries received from the network.

inStatus This is the number of Status Reports received from the network.

inStatusUpdate This is the number of unsolicited Status Updates received from the network.

outStatusEnquiry This is the number of Status Enquiries sent to the network.

outStatus This is the number of Status Reports sent to the network.

outStatusUpdate This is the number of unsolicited Status Updates sent to the network.

netPollNotRcvd This is the number of times the expectedPollInterval expired without an incoming sta-
tus enquiry.

userNoResponse- This is the number of times a response was not received.

Rcvd

userBadResponses- This is the number of times an invalid response was received.

Rcvd

telindus1423Router/wanInterface/channel[wan_1]/frameRelay/cllmInFrames

This attribute displays the total number of received CLLM (Consolidated Link Layer Management)
frames.
Telindus 1423 SHDSL Router Chapter 14 859
User manual Performance attributes

14.5.3 Error test performance attributes

This section describes the following performance attributes:

• telindus1423Router/wanInterface/channel[wan_1]/errorTest/status on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/duration on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/ifUpTime on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/ifDownCount on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxBitErrors on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxBlockErrors on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxBlocks on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxAllOneBlocks on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxAllZeroBlocks on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxPatternSlip on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxShiftCount on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxSyncLoss on page 860
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/txBlocks on page 861
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/txInjectErrors on page 861
This section describes the following actions:
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/startTest on page 861
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/stopTest on page 861
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/injectError on page 861
• telindus1423Router/wanInterface/channel[wan_1]/errorTest/clearCounters on page 861
860 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/wanInterface/channel[wan_1]/errorTest/status

This attribute displays the status of the error test.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/duration

This attribute displays the duration of the error test.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/ifUpTime

This attribute displays the time during which the interface was up, since the start of the error test.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/ifDownCount

This attribute displays the amount of times the interface went down, since the start of the error test.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxBitErrors

This attribute displays the amount of received bit errors.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxBlockErrors

This attribute displays the amount of received block errors.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxBlocks

This attribute displays the amount of received test blocks.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxAllOneBlocks

This attribute displays the amount of received blocks in which all bits were set to “1”.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxAllZeroBlocks

This attribute displays the amount of received blocks in which all bits were set to “0”.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxPatternSlip

This attribute displays the amount of received pattern slips.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxShiftCount

This attribute displays the amount of received shifts.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/rxSyncLoss

This attribute displays the amount of received synchronisation losses.

Telindus 1423 SHDSL Router Chapter 14 861
User manual Performance attributes

telindus1423Router/wanInterface/channel[wan_1]/errorTest/txBlocks

This attribute displays the amount of transmitted test blocks.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/txInjectErrors

This attribute displays the amount of transmitted errors that were injected using the injectError action.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/startTest

Use this action to start an error test.

Refer to 7.6 - Configuring an error test on page 183 for more information on setting up an error test.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/stopTest

Use this action to stop an error test.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/injectError

Use this action to inject an error.

telindus1423Router/wanInterface/channel[wan_1]/errorTest/clearCounters

Use this action to clear the counters.

862 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.6 SHDSL line performance attributes

This section describes the following line performance attributes:

• telindus1423Router/wanInterface/line/h2Line on page 863
• telindus1423Router/wanInterface/line/h24Line on page 863
• telindus1423Router/wanInterface/line/d7Line on page 863
• telindus1423Router/wanInterface/line/line on page 863
This section describes the following line pair performance attributes:
• telindus1423Router/wanInterface/line/linePair[ ]/h2LineParameters on page 864
• telindus1423Router/wanInterface/line/linePair[ ]/h24LineParameters on page 864
• telindus1423Router/wanInterface/line/linePair[ ]/d7LineParameters on page 864
• telindus1423Router/wanInterface/line/linePair[ ]/lineParameters on page 864
• telindus1423Router/wanInterface/line/linePair[ ]/h2Performance on page 865
• telindus1423Router/wanInterface/line/linePair[ ]/h24Performance on page 865
• telindus1423Router/wanInterface/line/linePair[ ]/d7Performance on page 865
• telindus1423Router/wanInterface/line/linePair[ ]/performance on page 865
This section describes the following actions:
• telindus1423Router/wanInterface/line/retrain on page 863
Telindus 1423 SHDSL Router Chapter 14 863
User manual Performance attributes

telindus1423Router/wanInterface/line/h2Line

This attribute displays the 2 hours performance information summary of the line.
The h2Line table contains the following elements:

Element For the corresponding period, this element displays …

sysUpTime the elapsed time since the last cold boot.

linkDownCount the number of times the link went down.

linkDownTime the total amount of time the link was down.

telindus1423Router/wanInterface/line/h24Line

This attribute displays the 24 hours performance information summary of the line. The h24Line table con-
tains the same elements as the telindus1423Router/wanInterface/line/h2Line table.

telindus1423Router/wanInterface/line/d7Line

This attribute displays the 7 days performance information summary of the line. The d7Line table contains
the same elements as the telindus1423Router/wanInterface/line/h2Line table.

telindus1423Router/wanInterface/line/line

This attribute displays the performance information summary of the line since the last cold boot. Except
for the sysUpTime, the line structure contains the same elements as the telindus1423Router/wanInterface/line/
h2Line table.

telindus1423Router/wanInterface/line/retrain

Use this action to force a retrain on the line.

864 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/wanInterface/line/linePair[ ]/h2LineParameters

This attribute displays the 2 hours line parameter summary.

The h2LineParameters table contains the following elements:

Element For the corresponding period, this element displays …

sysUpTime the elapsed time since the last cold boot.

lineAttenuationMin the minimum line attenuation that was measured.

lineAttenuationAvrg the average line attenuation that was calculated

lineAttenuationMax the maximum line attenuation that was measured.

signalNoiseMin the minimum signal to noise ratio that was measured.

signalNoiseAvrg the average signal to noise ratio that was calculated.

signalNoiseMax the maximum signal to noise ratio that was measured.

telindus1423Router/wanInterface/line/linePair[ ]/h24LineParameters

This attribute displays the 24 hours line parameter summary. The h24LineParameters table contains the
same elements as the telindus1423Router/wanInterface/line/linePair[ ]/h2LineParameters table.

telindus1423Router/wanInterface/line/linePair[ ]/d7LineParameters

This attribute displays the 7 days line parameter summary. The d7LineParameters table contains the same
elements as the telindus1423Router/wanInterface/line/linePair[ ]/h2LineParameters table.

telindus1423Router/wanInterface/line/linePair[ ]/lineParameters

This attribute displays the line parameter summary since the last cold boot. Except for the sysUpTime, the
lineParameters table contains the same elements as the telindus1423Router/wanInterface/line/linePair[ ]/
h2LineParameters table.
Telindus 1423 SHDSL Router Chapter 14 865
User manual Performance attributes

telindus1423Router/wanInterface/line/linePair[ ]/h2Performance

This attribute displays the 2 hours performance summary of the line.

The h2Performance table contains the following elements:

Element For the corresponding period, this element displays …

sysUpTime the elapsed time since the last cold boot.

codeViolations the number of line errors that was counted.

errSec the number of erroneous seconds that was counted.

sevErrSec the number of severely erroneous seconds that was counted.

unavailSec the number of unavailable seconds that was counted.

loswSec the number of lost synchronisation words seconds that was counted.

moniSec the number of monitored seconds.

• Errors are counted based on the SHDSL frame CRC.

• For the correct and unambiguous definition of code violations, errored and severely errored seconds,
unavailability and lost synchronisation words seconds, refer to the recommendation G.826.

telindus1423Router/wanInterface/line/linePair[ ]/h24Performance

This attribute displays the 24 hours performance summary of the line. The h24Performance table contains
the same elements as the telindus1423Router/wanInterface/line/linePair[ ]/h2Performance table.

telindus1423Router/wanInterface/line/linePair[ ]/d7Performance

This attribute displays the 7 days performance summary of the line. The d7Performance table contains the
same elements as the telindus1423Router/wanInterface/line/linePair[ ]/h2Performance table.

telindus1423Router/wanInterface/line/linePair[ ]/performance

This attribute displays the performance summary of the line since the last cold boot. Except for the sysUp-
Time, the performance table contains the same elements as the telindus1423Router/wanInterface/line/linePair[ ]/
h2Performance table.
866 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.7 End and repeater performance attributes

Exactly which information is retrieved from the remote SHDSL device(s) through the EOC channel
depends on the setting of the eocHandling attribute. Refer to 5.4.4 - none or passiveWhich standard EOC
information is retrieved? on page 80 for an overview.
The performance information of the line pairs of the repeater and end device is only retrieved in case the
eocHandling attribute is set to info or alarmConfiguration. Other than that, the repeater[ ]/linePair[ ] and end/linePair[
] objects contain the same performance attributes as the line/linePair[ ] object. Refer to 14.6 - SHDSL line
performance attributes on page 862 for more information on these attributes.

Note that the sysUpTime in the performance attributes of the repeater[ ]/linePair[ ] and end/linePair[ ] objects is
not the elapsed time since the last cold boot, but the elapsed time since the creation of the repeater[ ] or
end object.
Telindus 1423 SHDSL Router Chapter 14 867
User manual Performance attributes

14.8 BRI performance attributes

This section discusses the performance attributes of the BRI interface. First it describes the performance
attributes of the BRI interface in general. Then it describes more specifically the performance attributes
of the B-channels and of the leasedLine[ ] object that can be added under the bri[ ] object.
The following gives an overview of this section:
• 14.8.1 - General BRI performance attributes on page 868
• 14.8.2 - B-channel performance attributes on page 870
• 14.8.3 - ISDN leased line performance attributes on page 871
868 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.8.1 General BRI performance attributes

This section describes the following performance attributes:

• telindus1423Router/bri[ ]/h2DialupStats on page 869
• telindus1423Router/bri[ ]/h24DialupStats on page 869
• telindus1423Router/bri[ ]/d7DialupStats on page 869
Telindus 1423 SHDSL Router Chapter 14 869
User manual Performance attributes

telindus1423Router/bri[ ]/h2DialupStats

This attribute displays the 2 hours dial-up statistics of the BRI interface. The h2DialupStats table contains
the following elements:

Element For the corresponding period, this element displays …

sysUpTime the elapsed time since the last cold boot.

sucDialOuts the number of successful dial-out calls.

sucDialIns the number of successful dial-in calls.

failDialOuts the number of failed dial-out calls.

failDialIns the number of failed dial-in calls.

onlineSec the number of seconds that both the dial-in and dial-out calls were active.

outOnlineSec the number of seconds that the dial-out calls were active.

telindus1423Router/bri[ ]/h24DialupStats

This attribute displays the 24 hours dial-up statistics of the BRI interface. The h24DialupStats table contains
the same elements as the telindus1423Router/bri[ ]/h2DialupStats table.

telindus1423Router/bri[ ]/d7DialupStats

This attribute displays the 7 days dial-up statistics of the BRI interface. The d7DialupStats table contains
the same elements as the telindus1423Router/bri[ ]/h2DialupStats table.
870 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.8.2 B-channel performance attributes

The performance attributes of the B-channels are the same as on the LAN interface. Therefore, they are
not explained here again. Refer to 14.3 - LAN interface performance attributes on page 843 for a com-
plete description of these attributes.
Telindus 1423 SHDSL Router Chapter 14 871
User manual Performance attributes

14.8.3 ISDN leased line performance attributes

The performance attributes of the ISDN leased line are the same as on the LAN interface. Therefore,
they are not explained here again. Refer to 14.3 - LAN interface performance attributes on page 843 for
a complete description of these attributes.
The performance attributes of the encapsulation objects (frameRelay, ppp, hdlc and errorTest) which are
located under the leasedLine[ ] object are explained in 14.5 - Encapsulation performance attributes on
page 849.
872 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.9 AUX performance attributes

All performance attributes of the AUX interface are the same as on the LAN interface. Therefore, they
are not explained here again. Refer to 14.3 - LAN interface performance attributes on page 843 for a
complete description of these attributes.
Telindus 1423 SHDSL Router Chapter 14 873
User manual Performance attributes

14.10 Dial maps performance attributes

This section describes the following performance attributes:

• telindus1423Router/dialMaps/mapping on page 874
874 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/dialMaps/mapping

This attribute displays the dial-up statistics of all the dial maps. The mapping table contains the following
elements:

Element Description

name This displays the dial map name. It is the name as you configured it in the name
element of the dial map.

h2DialupStats This displays the 2 hour dial-up statistics of the dial map.
Refer to telindus1423Router/bri[ ]/h2DialupStats on page 869 for a detailed description of
the h2DialupStats table.

h24DialupStats This displays the 24 hour dial-up statistics of the dial map.
Refer to telindus1423Router/bri[ ]/h24DialupStats on page 869 for a detailed description of
the h24DialupStats table.

d7DialupStats This displays the 7 days dial-up statistics of the dial map.
Refer to telindus1423Router/bri[ ]/d7DialupStats on page 869 for a detailed description of
the d7DialupStats table.
Telindus 1423 SHDSL Router Chapter 14 875
User manual Performance attributes

14.11 Bundle performance attributes

This section describes the performance attributes of the different bundles that can be set up on the Tel-
indus 1423 SHDSL Router. The following gives an overview of this section:
• 14.11.1 - PPP bundle performance attributes on page 876
876 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.11.1 PPP bundle performance attributes

All performance attributes, except one, of the PPP bundle are the same as those of the LAN interface.
Therefore, they are not explained here again. Refer to 14.3 - LAN interface performance attributes on
page 843 for a complete description of these attributes.
However, the following attribute is only present in the PPP bundle object and therefore explained in this
section:
• telindus1423Router/bundle/pppBundle[ ]/multiclassinterfaces on page 877
Telindus 1423 SHDSL Router Chapter 14 877
User manual Performance attributes

telindus1423Router/bundle/pppBundle[ ]/multiclassinterfaces

This attribute displays the performance of the different multiclass PPP links in the PPP bundle.
The multiclassinterfaces table contains following elements:

Element Description

name This element displays the name of the multiclass PPP link as you defined it in the
multiclassInterfaces configuration attribute.

mibCounters This element displays the SNMP MIB2 parameters of the multiclass PPP link.
These are the same as the SNMP MIB2 parameters of the LAN interface. Refer to
14.3 - LAN interface performance attributes on page 843.
878 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.12 Router performance attributes

This section discusses the performance attributes concerned with routing. First it describes the general
routing performance attributes. Then it explains the performance attributes of the extra features as there
are NAT, filtering, L2TP tunnelling, etc…
The following gives an overview of this section:
• 14.12.1 - General router performance attributes on page 879
• 14.12.2 - NAT performance attributes on page 886
• 14.12.3 - L2TP tunnel performance attributes on page 889
• 14.12.4 - Manual SA performance attributes on page 891
• 14.12.5 - IKE SA performance attributes on page 893
• 14.12.6 - Firewall performance attributes on page 896
Telindus 1423 SHDSL Router Chapter 14 879
User manual Performance attributes

14.12.1 General router performance attributes

This section describes the following performance attributes:

• telindus1423Router/ip/router/routingTable on page 880
• telindus1423Router/ip/router/radiusAuth on page 881
• telindus1423Router/ip/router/radiusAcct on page 881
• telindus1423Router/ip/router/pingResults on page 882
• telindus1423Router/ip/router/tracertResults on page 882
This section describes the following actions:
• telindus1423Router/ip/router/startPing on page 883
• telindus1423Router/ip/router/stopPing on page 883
• telindus1423Router/ip/router/startTracert on page 884
• telindus1423Router/ip/router/stopTracert on page 885
• telindus1423Router/ip/router/clearTracert on page 885
880 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/ip/router/routingTable

This attribute lists all known routes and how many times they are used.
The routingTable contains the following elements:

Element Description

network This element displays the IP address of the destination network.

mask This element displays the network mask of the destination network.

gateway This element displays the IP address of the next router on the path to the destina-
tion network.

interface This element displays the interface through which the destination network can be
reached. Possible values are:
• internal. The own protocol stack is used.
• <name>. The destination network can be reached through this particular inter-
face. The <name> of the interface is the name as you configured it.
Note that the “interface” can also be a DLCI, an ATM PVC, a tunnel, etc.
• discard. Packets for this destination are discarded.

uses This element displays how many times the route has been used since it is listed in
the routing table.
For each IP packet that matches this route, the attribute value is incremented by
one. RIP routes may disappear from the routing table, and re-appear afterwards.
The attribute value is reset when a RIP route disappears from the routing table.
Telindus 1423 SHDSL Router Chapter 14 881
User manual Performance attributes

telindus1423Router/ip/router/radiusAuth

This attribute lists the RADIUS authentication server performance information.

The radiusAuth table contains the following elements:

Element Description

server This element displays the IP address of the authentication server.

requests This element displays the number of access requests that is sent to the authenti-
cation server.

accepts This element displays the number of access accepts that is received from the
authentication server.

rejects This element displays the number of access rejects that is received from the
authentication server.

challenges This element displays the number of access challenges that is received from the
authentication server.

badAuthenticators This element displays the total number of packets that contained invalid Message-
Authenticator attributes.

timeOuts This element displays the authentication time-out.

droppedPackets This element displays the number of incoming packets dropped for reasons other
than being malformed, bad authenticators, or unknown types.

telindus1423Router/ip/router/radiusAcct

This attribute lists the RADIUS accounting server performance information.

The radiusAcct structure contains the following elements:

Element Description

server This element displays the IP address of the accounting server.

requests This element displays the number of accounting requests that is sent to the
accounting server.

responses This element displays the number of accounting responses that is received from
the accounting server.

badAuthenticators This element displays the number of packets that contained invalid Signature
attributes.

timeOuts This element displays the accounting time-out.

droppedPackets This element displays the number of incoming packets dropped for reasons other
than being malformed, bad authenticators, or unknown types.
882 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/ip/router/pingResults

This attribute displays the results of a ping to an IP address started with the startPing action.
The pingResults structure contains the following elements:

Element Description

ipAddress This element displays the IP address of the host that is being pinged.

numOfTxPackets This element displays the number of transmitted pings.

numOfRxPackets This element displays the number of correct answers on the transmitted pings.

minReplyTime This element displays the lowest reply time of all correct answers.

maxReplyTime This element displays the highest reply time of all correct answers.

avrgReplyTime This element displays the average reply time of all correct answers.

telindus1423Router/ip/router/tracertResults

This attribute displays the results of a traceroute to an IP address/host started with the startTracert action.
The tracertResults table contains the following elements:

Element Description

ttl This element displays the Time To Live.

ipAddress This element displays the IP address of the hop that has been passed.

hostName This element displays the hostname of the hop that has been passed. Note that
this only displays

nrTx This element displays the number of traceroute queries that have been transmitted
to the hop.

nrRx This element displays the number of correct answers on the transmitted traceroute
queries that have been received from the hop.

minRtt This element displays the minimum Round-Trip Time that has been measured.

maxRtt This element displays the maximum Round-Trip Time that has been measured.

avrgRtt This element displays the average Round-Trip Time that has been calculated.

successRate This element displays the success rate. It is the ratio of nrRx/nrTx expressed in per-
cents.

comment This element displays some comments. E.g. Destination reached, Maximum number of
hops reached, etc.
Telindus 1423 SHDSL Router Chapter 14 883
User manual Performance attributes

telindus1423Router/ip/router/startPing

Use this action to start transmitting pings to an IP address or host. The result of the ping can be seen in
the pingResults attribute. Refer to telindus1423Router/ip/router/pingResults on page 882.
The argument value structure of the startPing action contains the following elements:

Argument Description

ipAddress Use this element to specify the IP address of the host Default:0.0.0.0
you want to ping. Range: up to 255.255.255.255
If you fill in the ipAddress element you may omit the hostName element.

hostName Use this element to specify the hostname of the host Default:<empty>
you want to ping. Range: 0 … 255 characters
If you fill in the hostName element you may omit the ipAddress element.

sourceIp Use this element to specify the source IP address. Default:0.0.0.0

This can be used to force the source address to be Range: up to 255.255.255.255
something other than the IP address of the interface on which the traceroute query
is sent. If this IP address is not one of the Telindus 1423 SHDSL Router interface
addresses, then nothing is sent.

iterations Use this element to specify the number of pings. Default:5

If you set the iterations element to 0, then the host is Range: 0 …
pinged an indefinite number of times. The only way to stop the ping session is by
executing the stopPing action.

interval Use this element to specify the interval, in seconds, Default:1

between consecutive pings. Range: 0 … 100

dataLength Use this element to specify the length, in bytes, of the Default:31
data transmitted in a ping. Range: 0 … 1300

timeOut Use this element to specify the time-out period. Default:00000d 00h 00m 05s
If a ping is sent, the Telindus 1423 SHDSL Router Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
waits during this time-out period on the answer. If the
answer is received …
• within this time-out period, then ping is considered successful.
• outside this time-out period, then the ping is considered unsuccessful.

telindus1423Router/ip/router/stopPing

Use this action to stop pending pings.

884 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/ip/router/startTracert

Use this action to start a traceroute to an IP address or host. The result of the traceroute can be seen in
the tracertResults attribute. Refer to telindus1423Router/ip/router/tracertResults on page 882.
The argument value structure of the startTracert action contains the following elements:

Argument Description

ipAddress Use this element to specify the IP address of the host Default:0.0.0.0
you want to trace. Range: up to 255.255.255.255
If you fill in the ipAddress element you may omit the hostName element.

hostName Use this element to specify the hostname of the host Default:<empty>
you want to trace. Range: 0 … 255 characters
If you fill in the hostName element you may omit the ipAddress element.

sourceIp Use this element to specify the source IP address. Default:0.0.0.0

This can be used to force the source address to be Range: up to 255.255.255.255
something other than the IP address of the interface on which the traceroute query
is sent. If this IP address is not one of the Telindus 1423 SHDSL Router interface
addresses, then nothing is sent.

startTtl Use this element to specify from which TTL onwards Default:1
you want to see the traceroute results. Range: 1 … 255
For example, if you set the startTtl element to 5, then the traceroute result displayed
in the tracertResult attribute starts from TTL number 5. 1 up to 4 is not displayed.

maxHops Use this element to specify the maximum number of Default:30

hops. Range: 1 … 255
If the maximum number of hops is reached but the destination host is still not
reached, then the last traceroute result displays the comment “Maximum number of
hops reached“.
The default of 30 hops is the same default used for TCP connections.

queriesPerHop Use this element to specify how many traceroute que- Default:3
ries have to be sent to each hop. Range: 1 … 65536

resolveHosts Use this element to enable or disable the resolving of Default:enabled

hop IP addresses to hostnames. Range: enabled / disabled
If you set the resolveHosts elements to …
• enabled (default), then the hostName element in the tracertResults attribute displays
the hostname of the hop.
• disabled, then the hostName element in the tracertResults attribute remains empty.

dnsTimeOut Use this element to set the DNS time-out. Default:00000d 00h 00m 03s
When hop IP addresses are resolved to hostnames, Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
then the DNS replies are expected within this time-out
period. Else they are no longer accepted.
Telindus 1423 SHDSL Router Chapter 14 885
User manual Performance attributes

Argument Description

icmpTimeOut Use this element to set the ICMP time-out. Default:00000d 00h 00m 03s
When a hop is queried, then the ICMP replies are Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
expected within this time-out period. Else they are no
longer accepted.

tos Use this element to set the Type Of Service in the Default:0
traceroute query. Range: 0 … 255
This can be used to investigate whether different service types result in different
paths. Useful values are 16 (low delay) and 8 (high throughput).

packetLength Use this element to set the traceroute query datagram Default:32
length in bytes. Range: 32 … 1300

telindus1423Router/ip/router/stopTracert

Use this action to stop pending traceroute queries.

telindus1423Router/ip/router/clearTracert

Use this action to clear the tracertResults table.

886 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.12.2 NAT performance attributes

This section describes the following performance attributes:

• telindus1423Router/ip/router/defaultNat/socketsFree on page 887
• telindus1423Router/ip/router/defaultNat/allocFails on page 887
• telindus1423Router/ip/router/defaultNat/discards on page 887
• telindus1423Router/ip/router/defaultNat/addressesAvailable on page 887
• telindus1423Router/ip/router/defaultNat/tcpSocketsUsed on page 887
• telindus1423Router/ip/router/defaultNat/udpSocketsUsed on page 887
• telindus1423Router/ip/router/defaultNat/icmpSocketsUsed on page 887
• telindus1423Router/ip/router/defaultNat/tcpAllocs on page 888
• telindus1423Router/ip/router/defaultNat/udpAllocs on page 888
• telindus1423Router/ip/router/defaultNat/icmpAllocs on page 888
This section describes the following actions:
• telindus1423Router/ip/router/defaultNat/reset on page 888
Telindus 1423 SHDSL Router Chapter 14 887
User manual Performance attributes

telindus1423Router/ip/router/defaultNat/socketsFree

This attribute shows the remaining number of new connections (i.e. sockets) that can be initiated. A
socket is a set of source and destination IP addresses and port numbers.
Initially, 2048 simultaneous sockets can be initiated. Sockets are freed using a garbage mechanism.
This means that every five minutes all sockets are checked. If a socket has been released by PAT or
NAT, then this socket is returned to the pool of free sockets.
ICMP and UDP sockets are released when they have no data traffic during five minutes. TCP sockets
are released after the TCP session has been closed or when the session has been idle for 24 hours.

telindus1423Router/ip/router/defaultNat/allocFails

If no sockets are available anymore but an attempt to set up a new connection is being made, then the
natAllocFails attribute value is incremented by 1.
Because the sockets are distributed using a hashing function, it is possible that natAllocFails increases
even though natSocketsFree still indicates free sockets.

ICMP requires a new socket for each transmitted packet. This implies that, for instance, a permanent
ping or trace-route command may eventually use all free sockets.

telindus1423Router/ip/router/defaultNat/discards

This attribute indicates how many times a packet has been discarded for reasons other than a lack of
free sockets. This could be, for instance, because an attempt was made to connect from the Internet to
a service that was not present in the servicesAvailable table.

telindus1423Router/ip/router/defaultNat/addressesAvailable

This attribute displays the number of NAT addresses that are currently free.

telindus1423Router/ip/router/defaultNat/tcpSocketsUsed

This attribute displays the number of sockets currently in use by PAT and NAT for TCP applications.

telindus1423Router/ip/router/defaultNat/udpSocketsUsed

This attribute displays the number of sockets currently in use by PAT and NAT for UDP applications.

telindus1423Router/ip/router/defaultNat/icmpSocketsUsed

This attribute displays the number of sockets currently in use by PAT and NAT for ICMP applications.
888 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/ip/router/defaultNat/tcpAllocs

This attribute indicates how many TCP sockets have been allocated since cold boot. Together with the
performance attributes natUdpAllocs and natIcmpAllocs it gives an indication of the type of traffic that is being
routed.

telindus1423Router/ip/router/defaultNat/udpAllocs

This attribute indicates how many UDP sockets have been allocated since cold boot. Together with the
performance attributes natTcpAllocs and natIcmpAllocs it gives an indication of the type of traffic that is being
routed.

telindus1423Router/ip/router/defaultNat/icmpAllocs

This attribute indicates how many ICMP sockets have been allocated since cold boot. Together with the
performance attributes natTcpAllocs and natUdpAllocs it gives an indication of the type of traffic that is being
routed.

telindus1423Router/ip/router/defaultNat/reset

Use this action to release all sockets currently in use and return them to the free socket pool.
In other words, executing this action resets all NAT/PAT sessions that are currently established. It also
releases all official IP addresses that are dynamically assigned to a private IP address. If any TCP ses-
sions are still active, these sessions will be aborted.

Take care when using this action! All TCP information is lost when the sockets are released with this
action. Any TCP sessions in use at the time of the reset will go into a hang-up state. These applications
will need to restart.
Telindus 1423 SHDSL Router Chapter 14 889
User manual Performance attributes

14.12.3 L2TP tunnel performance attributes

This section describes the following performance attributes:

• telindus1423Router/ip/router/tunnels/l2tpTunnels on page 890
• telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels on page 890
890 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/ip/router/tunnels/l2tpTunnels

This attribute displays the performance information of the L2TP tunnels.

The l2tpTunnels table contains the following elements:

Element Description

name This is the name of the tunnel as you configured it.

mibCounters This displays the SNMP MIB2 parameters of the tunnel.

These are the same as the SNMP MIB2 parameters on the LAN interface. Refer
to 14.3 - LAN interface performance attributes on page 843.

telindus1423Router/ip/router/tunnels/ipsecL2tpTunnels

This attribute displays the performance information of the L2TP tunnels.

The ipsecL2tpTunnels table contains the same elements as the l2tpTunnels table. Refer to telindus1423Router/
ip/router/tunnels/l2tpTunnels on page 890.
Telindus 1423 SHDSL Router Chapter 14 891
User manual Performance attributes

14.12.4 Manual SA performance attributes

This section describes the following performance attributes:

• telindus1423Router/ip/router/manualSA[ ]/inPackets on page 892
• telindus1423Router/ip/router/manualSA[ ]/outPackets on page 892
• telindus1423Router/ip/router/manualSA[ ]/espDecryptionFailure on page 892
• telindus1423Router/ip/router/manualSA[ ]/espAuthenticationFailure on page 892
• telindus1423Router/ip/router/manualSA[ ]/espSequenceNrReplay on page 892
• telindus1423Router/ip/router/manualSA[ ]/espDroppedFrames on page 892
892 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/ip/router/manualSA[ ]/inPackets

Upon receipt of a (reassembled) packet containing an ESP Header, the receiver determines the appro-
priate SA, based on the destination IP address, security protocol (ESP), and the SPI. Once the appro-
priate SA is determined, the inPackets attribute is incremented for this SA.

telindus1423Router/ip/router/manualSA[ ]/outPackets

ESP is applied to an outbound packet only after it is determined that the packet is associated with an SA
that calls for ESP processing. Once the appropriate SA is determined, the outPackets attribute is incre-
mented for this SA.

telindus1423Router/ip/router/manualSA[ ]/espDecryptionFailure

This attribute displays the number of times the decryption of an incoming ESP packet failed.

telindus1423Router/ip/router/manualSA[ ]/espAuthenticationFailure

This attribute displays the number of times the authentication of an incoming ESP packet failed.

telindus1423Router/ip/router/manualSA[ ]/espSequenceNrReplay

For each incoming ESP packet, the receiver verifies that the packet contains a sequence number that
does not duplicate the sequence number of any other packets received during the life of this SA. Should
this be the case, then these packets are dropped and the espSequenceNrReplay attribute is incremented for
this SA.

telindus1423Router/ip/router/manualSA[ ]/espDroppedFrames

This attribute displays the number of ESP packets that were successfully decrypted and authenticated,
but that could not be delivered to the L2TP tunnel (e.g. because the tunnel was down) and had to be
dropped.
Telindus 1423 SHDSL Router Chapter 14 893
User manual Performance attributes

14.12.5 IKE SA performance attributes

This section describes the following performance attributes:

• telindus1423Router/ip/router/ikeSA[ ]/phase2Negotiations on page 894
• telindus1423Router/ip/router/ikeSA[ ]/phase2Sessions on page 894
894 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/ip/router/ikeSA[ ]/phase2Negotiations

This attribute displays performance information of the IKE phase 2 negotiation process.
The phase2Negotiations table contains the following elements:

Element Description

tunnel This element displays the L2TP tunnel name.

initStarted This element displays the number of IKE phase 2 negotiation initiations that were
started.

respStarted This element displays the number of IKE phase 2 negotiation responses that were
started.

succeeded This element displays the number of IKE phase 2 negotiations that succeeded.

failed This element displays the number of IKE phase 2 negotiations that failed.

expiredSA This element displays the number of IKE SAs that expired.

telindus1423Router/ip/router/ikeSA[ ]/phase2Sessions

This attribute displays performance information of the IKE phase 2 sessions.

The phase2 table contains the following elements:

Element Description

tunnel This element displays the L2TP tunnel name.

direction This element displays the direction of the IPSEC SA. Possible values are: inbound
or outbound.

spi This element displays the Security Parameter Index of the IPSEC SA.

protocol This element displays which protocol is used in the IPSEC SA. Possible values
are: esp or ah.

outPackets This element displays the number of outbound packets for which an appropriate
SA could be determined.
Only after an appropriate SA could be determined, the security protocol (ESP or
AH) is applied to the outbound packet.

outOctets This element displays the number of outbound octets (bytes) for which an appro-
priate SA could be determined.

inPackets This element displays the number of inbound packets for which an appropriate SA
could be determined.
Only after an appropriate SA could be determined, the inbound packet is accepted.

inOctets This element displays the number of inbound octets (bytes) for which an appropri-
ate SA could be determined.

authenticationFail- This element displays the number of times the authentication of an incoming
ure packet failed.
Telindus 1423 SHDSL Router Chapter 14 895
User manual Performance attributes

Element Description

decryptionFailure This element displays the number of times the decryption of an incoming packet
failed.

sequenceNrReplay For each incoming packet, the receiver verifies that the packet contains a
sequence number that does not duplicate the sequence number of any other pack-
ets received during the life of this SA. Should this be the case, then these packets
are dropped and the sequenceNrReplay attribute is incremented for this SA.

droppedFrames This element displays the number of packets that were successfully decrypted and
authenticated, but that could not be delivered to the L2TP tunnel (e.g. because the
tunnel was down) and had to be dropped.
896 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.12.6 Firewall performance attributes

This section describes the following performance attributes:

• telindus1423Router/ip/router/firewall/h24General on page 897
• telindus1423Router/ip/router/firewall/d7General on page 897
• telindus1423Router/ip/router/firewall/h24Attack on page 898
• telindus1423Router/ip/router/firewall/d7Attack on page 899
Telindus 1423 SHDSL Router Chapter 14 897
User manual Performance attributes

telindus1423Router/ip/router/firewall/h24General

This attribute displays the 24 hours general performance summary.

The h24General table contains the following elements:

Element For the corresponding period, this element displays …

sysUpTime the elapsed time since the last cold boot.

maxConn the number of times that the maximum number of connections was reached.

maxResource the number of times that the used resources exceeded 80%. This could indicate
flooding.

serviceAcc the number of service access requests that were successful.

noSrcRoute the number of times that no route to the source could be found.

srcBcast the number of source address broadcasts.

synUnable the number of times that no SYN packet could be sent.

finalAckFail the number of times that no final ACK could be sent.

denyPolicy the number of times that a deny policy matched.

connLimit the number of times that the maximum number of connections was reached.

srcRouteOpt the number of times that the source routing option was set for an IP packet.

policyDeleted the number of times that the policy was already deleted.

noDestRoute the number of times that no route to the destination could be found.

rejToSelf the number of times that packets to self were rejected.

destBcast the number of destination address broadcasts.

noInPol the number of times that no inbound policy could be found.

noOutPol the number of times that no outbound policy could be found.

telindus1423Router/ip/router/firewall/d7General

This attribute displays the 7 days general performance summary.

The d7General table contains same elements as the h24General table. Refer to telindus1423Router/ip/router/fire-
wall/h24General on page 897.
898 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/ip/router/firewall/h24Attack

This attribute displays the 24 hours attack summary.

The h24Attack table contains the following elements:

Element For the corresponding period, this element displays …

sysUpTime the elapsed time since the last cold boot.

landAttack the number of (possible) land attacks.

spoofedPacket the number of spoofed packets.

badTcpConnReq the number of invalid TCP connection requests.

badTcpAck the number of invalid TCP ACKs.

unexpUdpE- the number of received UDP echo responses for uninitiated requests.
choResp

unexpIcmpE- the number of received ICMP echo responses for uninitiated requests.
choResp

genAttack the number of general attacks.

minIpHdrLen the number of packets with an IP header length less than the minimum length.

emptyPacket the number of packets without data.

badTcpLen the number of times the TCP packet length was invalid.

shortTcpHdr the number of packets with short TCP header length.

tcpNullScan the number of TCP null scan attacks.

badUdpLen the number of times the UDP packet length was invalid.

shortUdpHdr the number of packets with short UDP header length.

shortIcmpLen the number of packets with short ICMP length.

synAttack the number of SYN attacks.

postTcpRst the number of data packets received after reset.

blindSpoofing the number of blind spoofing attacks.

zeroBytes the number of times zero bytes were transferred for a connection.

seqNumOutOf- the number of packets with an out-of-range sequence number.

Range

winNuke the number of WinNuke attacks.

badTcpSeqNumRst the number of invalid sequence numbers with reset.

zeroLenIpOpt the number of zero length IP options detected.

badIpTimeStamp the number of unaligned timestamp options detected.

unexpData the number of times unexpected data was received for uninitiated traffic.

unexpIcmpErr the number of received ICMP error messages for uninitiated requests.

badSrcIf the number of times the source interface was invalid.

Telindus 1423 SHDSL Router Chapter 14 899
User manual Performance attributes

telindus1423Router/ip/router/firewall/d7Attack

This attribute displays the 7 days attack summary.

The d7Attack table contains same elements as the h24Attack table. Refer to telindus1423Router/ip/router/firewall/
h24Attack on page 898.
900 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.13 IP traffic policy performance attributes

This section describes the following performance attributes:

• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/discards on page 901
• telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/trafficShaping on page 901
Telindus 1423 SHDSL Router Chapter 14 901
User manual Performance attributes

telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/discards

This attribute indicates how many packets have been discarded based on the criteria that are defined by
the IP traffic policy.

telindus1423Router/profiles/policy/traffic/ipTrafficPolicy[ ]/trafficShaping

This attribute shows the usage of each line in the traffic shaping table.
The trafficShaping table contains the following elements:

Element Description

name This is the name of the line in the traffic shaping table as you configured it.

uses This is the number of times this line in the traffic shaping table is used.

sourceIpStart- This is the IP source address range as you configured it.

Address
Packets that fall within the specified range are forwarded and queued if applicable.
sourceIpEnd-
Address

destinationIpStart- This is the IP destination address range as you configured it.

Address
Packets that fall within the specified range are forwarded and queued if applicable.
destinationIpEnd-
Address

tosStartValue This is the TOS range as you configured it.

tosEndValue Packets that fall within the specified range are forwarded and queued if applicable.

ipProtocol This is the protocol field as you configured it.

Packets that have the specified protocol field are forwarded and queued if applica-
ble.

sourcePortStart This is the source port range as you configured it.

sourcePortEnd Packets that fall within the specified range are forwarded and queued if applicable.

destinationPortStart This is the destination port range as you configured it.

destinationPortEnd Packets that fall within the specified range are forwarded and queued if applicable.

newTosValue This is the new TOS value as you configured it.

priority This is the destination queue as you configured it.

In case an overload condition occurs, then a packet that matches an entry in the
trafficShaping table is sent to the specified queue.
902 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.14 Bridge performance attributes

This section discusses the performance attributes concerned with bridging. First it describes the general
bridging performance attributes. Then it explains the performance attributes of the extra features as
there are access listing, etc…
The following gives an overview of this section:
• 14.14.1 - Bridge group performance attributes on page 903
• 14.14.2 - Bridge access list performance attributes on page 906
Telindus 1423 SHDSL Router Chapter 14 903
User manual Performance attributes

14.14.1 Bridge group performance attributes

This section describes the following performance attributes:

• telindus1423Router/bridge/bridgeGroup/bridgeCache on page 904
• telindus1423Router/bridge/bridgeGroup/bridgeDiscards on page 904
• telindus1423Router/bridge/bridgeGroup/bridgeFloods on page 904
• telindus1423Router/bridge/bridgeGroup/multiVlans on page 904
• telindus1423Router/bridge/bridgeGroup/vlanSwitching on page 905
904 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/bridge/bridgeGroup/bridgeCache

When a port of the bridge enters the learning state, it stores the MAC addresses of the stations situated
on the network that is connected to this port. The MAC addresses are stored in a MAC address database
or bridge cache. The bridgeCache attribute visualises this address database. Refer to What is the bridge
cache? on page 655 for more information.
The bridgeCache table contains the following elements:

Element Description

interface This is the interface through which the station can be reached.

macAddress This is the MAC address of the station situated on the network connected to the
interface.

rxCount This is the number of frames received from the corresponding MAC address.

txCount This is the number of frames forwarded to the corresponding MAC address.

telindus1423Router/bridge/bridgeGroup/bridgeDiscards

This attribute displays the number of times a frame was discarded because …
• it was received on the same interface as the one through which the destination address can be
reached.
• it was received on an interface that is not in the forwarding state.

telindus1423Router/bridge/bridgeGroup/bridgeFloods

This attribute displays the number of times a frame was flooded on all interfaces because …
• it was a broadcast / multicast.
• the position of the station with the destination MAC address was not known (yet).

telindus1423Router/bridge/bridgeGroup/multiVlans

This attribute displays the SNMP MIB2 performance parameters of the VLANs that are present on the
bridge group.
The multiVlans table contains the following elements:

Element Description

name This element displays the name of the VLAN as you configured it.

vlan This element displays the VLAN ID.

mibCounters This element displays the SNMP MIB2 performance parameters of the VLAN.
Refer to 14.3 - LAN interface performance attributes on page 843 for an explana-
tion of the individual SNMP MIB2 performance parameters.
Telindus 1423 SHDSL Router Chapter 14 905
User manual Performance attributes

telindus1423Router/bridge/bridgeGroup/vlanSwitching

This attribute displays the performance information of the VLAN switching process.
The vlanSwitching table contains the following elements:

Element Description

sourceIntf This element displays the name of the source interface.

sourceVlan This element displays the VLAN ID of the source VLAN.

destinationIntf This element displays the name of the destination interface.

destinationVlan This element displays the VLAN ID of the destination VLAN.

uses This element displays the number of packets that have been switched.
906 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.14.2 Bridge access list performance attributes

This section describes the following performance attributes:

• telindus1423Router/bridge/accessList[ ]/bridgeAccessList on page 907
Telindus 1423 SHDSL Router Chapter 14 907
User manual Performance attributes

telindus1423Router/bridge/accessList[ ]/bridgeAccessList

This attribute shows information on the use of the bridge access list.
The bridgeAccessList table contains the following elements:

Element Description

macAddress This is the MAC address as configured in the configuration attribute

telindus1423Router/bridge/accessList[ ]/bridgeAccessList.

uses This indicates the number of times a packet has been discarded for the corre-
sponding MAC address.
908 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

14.15 Management performance attributes

This section describes the following performance attributes:

• telindus1423Router/management/cms2SessionCount on page 909
• telindus1423Router/management/cliSessionCount on page 909
• telindus1423Router/management/tftpSessionCount on page 910
• telindus1423Router/management/tcpSessionCount on page 910
• telindus1423Router/management/ipStackEvents on page 910
Telindus 1423 SHDSL Router Chapter 14 909
User manual Performance attributes

telindus1423Router/management/cms2SessionCount

This attribute displays the number of CMS2 sessions that are currently active on the Telindus 1423
SHDSL Router.
There are always minimum two fixed sessions active. Connecting with TMA, TMA CLI, Telnet, etc. opens
additional sessions. This is explained in the following table:

Session count Purpose

1 fixed session A fixed session for SNMP.

1 fixed session A fixed session for O10.

+ 2 sessions When connecting with TMA.

+ 1 session When connecting with TMA for HP OpenView or the Alarm Manager.

+ 1 session When connecting with TMA CLI.

+ 2 sessions When downloading a config.cli or config.cms file.

+ 1 session When connecting with Telnet.

+ 1 session When downloading software.

+ 1 session When connecting with the Web Interface.

telindus1423Router/management/cliSessionCount

This attribute displays the number of CLI sessions that are currently active on the Telindus 1423 SHDSL
Router.
There are always minimum two fixed sessions active. Connecting with TMA CLI, the Web Interface, etc.
opens additional sessions. This is explained in the following table:

Session count Purpose

1 fixed session A fixed session for the control port.

1 fixed session A fixed session for Web Interface.

+ 1 session When connecting with TMA CLI or starting a CLI session.

+ 1 session When connecting with the Web Interface.

910 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/management/tftpSessionCount

This attribute displays the number of TFTP sessions that are currently active on the Telindus 1423
SHDSL Router.

telindus1423Router/management/tcpSessionCount

This attribute displays the number of TCP sessions that are currently active on the Telindus 1423 SHDSL
Router. The following table shows when a TCP session opens:

Session count Purpose

+ 1 session When connecting with Telnet.

+ 1 session When connecting with the Web Interface.

telindus1423Router/management/ipStackEvents

This attribute gives an indication of the internal load of the protocol stack.
Telindus 1423 SHDSL Router Chapter 14 911
User manual Performance attributes

14.16 Operating system performance attributes

This section describes the following performance attributes:

• telindus1423Router/operatingSystem/currUsedProcPower on page 912
• telindus1423Router/operatingSystem/usedProcPower on page 912
• telindus1423Router/operatingSystem/freeDataBuffers on page 912
• telindus1423Router/operatingSystem/totalDataBuffers on page 912
• telindus1423Router/operatingSystem/largestFreeBlockSize on page 912
• telindus1423Router/operatingSystem/freeBlockCount on page 912
• telindus1423Router/operatingSystem/freeMemory on page 913
• telindus1423Router/operatingSystem/totalMemory on page 913
• telindus1423Router/operatingSystem/taskInfo on page 913
912 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes

telindus1423Router/operatingSystem/currUsedProcPower

This attribute displays the amount of processing power used during the last 650 milliseconds, expressed
as a percentage of the total available processing power.

telindus1423Router/operatingSystem/usedProcPower

This attribute lists the used processing power for the 11 most recent 30 seconds intervals. The process-
ing power is expressed as a percentage of the total processing power.
The usedProcPower table contains the following elements:

Element Description

sysUpTime This is the elapsed time since the last cold boot. The next values are for the 30
seconds period before this relative time stamp.

min This is the minimum percentage of processing power in use during the last 30 sec-
onds.

average This is the average percentage of processing power in use during the last 30 sec-
onds.

max This is the maximum percentage of processing power in use during the last 30 sec-
onds.

telindus1423Router/operatingSystem/freeDataBuffers

The processor uses buffers for storing the packets during processing and/or queuing. Each buffer has a
256 byte size, headers included. This attribute is the number of data buffers currently not in use and
available for e.g. incoming data.

telindus1423Router/operatingSystem/totalDataBuffers

This attribute displays the total number of available data buffers.

telindus1423Router/operatingSystem/largestFreeBlockSize

The processor uses RAM memory for storing internal information and buffering. The different tasks allo-
cate RAM memory on request. Tasks may also free memory again. In this way the total RAM memory
becomes fragmented. This attribute gives the size of the largest contiguous free memory block
expressed in bytes.

telindus1423Router/operatingSystem/freeBlockCount

This attribute displays the number of free contiguous memory blocks.

Telindus 1423 SHDSL Router Chapter 14 913
User manual Performance attributes

telindus1423Router/operatingSystem/freeMemory

This attribute displays the total free memory expressed in bytes.

telindus1423Router/operatingSystem/totalMemory

This attribute displays the total RAM memory expressed in bytes.

telindus1423Router/operatingSystem/taskInfo

This attribute contains status information concerning the different tasks running on the processor. It is a
table grouping up to 31 task slots, which is the maximum number of parallel tasks running on the proc-
essor's operating system.
This attribute contains the same elements as the status attribute telindus1423Router/operatingSystem/taskInfo
on page 831.
914 Telindus 1423 SHDSL Router Chapter 14
User manual Performance attributes
Telindus 1423 SHDSL Router Chapter 15 915
User manual Alarm attributes

15 Alarm attributes
This chapter discusses the alarm attributes of the Telindus 1423 SHDSL Router. The following gives an
overview of this chapter:
• 15.1 - Alarm attributes overview on page 916
• 15.2 - Introducing the alarm attributes on page 919
• 15.3 - General alarms on page 922
• 15.4 - LAN interface alarms on page 924
• 15.5 - WAN interface alarms on page 925
• 15.6 - SHDSL line alarms on page 926
• 15.7 - SHDSL line pair alarms on page 927
• 15.8 - End and repeater alarms on page 929
• 15.9 - BRI alarms on page 931
• 15.10 - B-channel alarms on page 932
• 15.11 - AUX alarms on page 933
• 15.12 - Bundle alarms on page 934
• 15.13 - Router alarms on page 935
916 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes

15.1 Alarm attributes overview

> telindus1423Router
totalAlarmLevel
alarmInfo
notResponding
alarmSyncLoss
configChanged
access
unknownStatus
coldBoot
warmBoot
codeConsistencyFail
configConsistencyFail

>> lanInterface
alarmInfo
linkDown

>> wanInterface
alarmInfo
linkDown

>>> line
alarmInfo
linkDown
invalidNumRepeaters

>>>> linePair[ ]
alarmInfo
linkDown
lineAttenuation
signalNoise
errSecRatioExceeded
sevErrSecRatioExceeded
bbErrRatioExceeded

>>> repeater[ ]

>>>> networkLinePair[ ]
alarmInfo
lineAttenuation
signalNoise
errSecRatioExceeded
sevErrSecRatioExceeded
bbErrRatioExceeded
Telindus 1423 SHDSL Router Chapter 15 917
User manual Alarm attributes

>>>> customerLinePair[ ]
alarmInfo
lineAttenuation
signalNoise
errSecRatioExceeded
sevErrSecRatioExceeded
bbErrRatioExceeded

>>> end

>>>> linePair[ ]
alarmInfo
lineAttenuation
signalNoise
errSecRatioExceeded
sevErrSecRatioExceeded
bbErrRatioExceeded

>> bri[1]1
alarmInfo
linkDown
sucDialOut
sucDialIn
failDialOut
failDialIn

>>> bChannel[1]
alarmInfo
linkDown

>>> bChannel[1]
<Contains the same attributes as the bChannel[1] object.>

>>> leasedLine[ ]
alarmInfo
linkDown

>> bri[2]1
<Contains the same attributes as the bri[1] object.>

>> bundle

>>> pppBundle
alarmInfo
linkDown

1. Only present on the Telindus 1423 SHDSL Router ISDN version.

918 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes

>> router
alarmInfo
pingActive
Telindus 1423 SHDSL Router Chapter 15 919
User manual Alarm attributes

15.2 Introducing the alarm attributes

Before discussing the alarm attributes of the Telindus 1423 SHDSL Router in detail, some general infor-
mation on the alarm attributes of the Telindus 1423 SHDSL Router is given.
The following gives an overview of this chapter:
• 15.2.1 - Configuration alarm attributes on page 920
• 15.2.2 - General alarm attributes on page 921
920 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes

15.2.1 Configuration alarm attributes

This section describes the following alarm attributes:

• telindus1423Router/…/alarmMask
• telindus1423Router/…/alarmLevel

telindus1423Router/…/alarmMask

Use this attribute to mask or unmask the alarms of an object. This determines whether an active alarm
is forwarded to the central management system (e.g. HP OpenView) or not.
The alarms in the alarmMask attribute have the following values:

Value Is the active alarm being forwarded to the central management system?

enabled Yes. So the alarm is unmasked.

disabled No. So the alarm is masked.

Alarms are always seen in the alarmInfo alarm attribute of an object, regardless of the masking of the
alarm. I.e. even if an alarm is set to disabled in the alarmMask of an object, if the alarm condition is fulfilled
then the alarm will be set to on in the alarmInfo of that object. However, because this alarm is disabled it
will not be sent to the central management system (e.g. HP OpenView).

Only the most important alarms are unmasked (i.e. enabled) by default. All other alarms are masked (i.e.
disabled).

telindus1423Router/…/alarmLevel

Use this attribute to assign a priority level to each alarm of the corresponding object. The alarm level
range goes from 0 to 254, where 0 is the lowest and 254 is the highest priority level.
The alarmLevel of an unmasked, active alarm is sent to the totalAlarmLevel alarm attribute of the top object
telindus1423Router.
Telindus 1423 SHDSL Router Chapter 15 921
User manual Alarm attributes

15.2.2 General alarm attributes

This section describes the following alarm attributes:

• telindus1423Router/totalAlarmLevel
• telindus1423Router/…/alarmInfo

telindus1423Router/totalAlarmLevel

This attribute is only present in the top object of the containment tree of the Telindus 1423 SHDSL
Router, being telindus1423Router.
It displays the priority level of an unmasked, active alarm. When several alarms are generated at the
same time, the highest priority level is shown. If the alarm levels are set in a structured manner, one look
at the totalAlarmLevel attribute enables the operator to make a quick estimation of the problem.
The value of the totalAlarmLevel attribute is also communicated to the central management system (e.g.
HP OpenView) where it determines the colour of the icon. This colour is an indication of the severity of
the alarm.

telindus1423Router/…/alarmInfo

This attribute contains the actual alarm information of the corresponding object.
The alarmInfo structure contains the following elements:

Element This element displays for the corresponding object …

discriminator the total alarm count since the last cold boot.

currentAlarms the current alarms.

previousAlarms the second most recent alarms.

alarmMask the alarmMask as you configured it.

alarmLevel the alarmLevel as you configured it.

922 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes

15.3 General alarms

This section describes the alarms of the alarm attribute telindus1423Router/alarmInfo.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/alarmInfo

The different alarms related to the telindus1423Router object together with their explanation and default
alarmMask and alarmLevel value are given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

notResponding by the management concentrator when the Telindus enabled 4

1423 SHDSL Router does not respond on its polling ses-
sion.

alarmSyncLoss when the internal alarm buffer overflows. enabled 4

configChanged when the local configuration has been changed. disabled 1

access when a management session is started on the Telindus disabled 1

1423 SHDSL Router itself. This alarm is not activated
when the management session is established through a
management concentrator.

Example

The alarm is activated in case of …

• a TMA, TMA CLI, terminal (CLI or ATWIN) or Easy-
Connect session via the control connector of the Tel-
indus 1423 SHDSL Router.
• a TMA, TMA CLI, TMA for HP OpenView, Telnet (CLI
or ATWIN), HTTP (Web Interface) or TFTP session
using the LAN / WAN IP address of the Telindus
1423 SHDSL Router.

The alarm is not activated in case of …

• any management session (TMA, terminal, Telnet,
HTTP, etc.) established through a management con-
centrator on the Telindus 1423 SHDSL Router.
• SNMP management.

unknownState each time a new Telindus 1423 SHDSL Router is added disabled 0
to the network and before the management concentrator
has completed a first successful polling session.

coldBoot each time the Telindus 1423 SHDSL Router performs a disabled 1
cold boot.

warmBoot each time the Telindus 1423 SHDSL Router performs a disabled 1
warm boot.
Telindus 1423 SHDSL Router Chapter 15 923
User manual Alarm attributes

The alarm … is generated … Default value

alarmMask alarmLevel

codeConsistency- when the software consistency imposed by the manage- disabled 1

Fail ment concentrator on the Telindus 1423 SHDSL Router
fails. For example, because of a loss of contact.
In the management concentrator that manages the Tel-
indus 1423 SHDSL Router (e.g. the Orchid 1003 LAN,
Telindus 1035 Orchid, etc.), check the status attribute
nmsgroup/softConsistencyStatus to determine the problem.

configConsistency- when the configuration consistency imposed by the disabled 1

Fail management concentrator on the Telindus 1423 SHDSL
Router fails. For example, because of a loss of contact.
In the management concentrator that manages the Tel-
indus 1423 SHDSL Router (e.g. the Orchid 1003 LAN,
Telindus 1035 Orchid, etc.), check the status attribute
status attributes nmsgroup/objectTable/configState and config-
Diag to determine the problem.
924 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes

15.4 LAN interface alarms

This section describes the alarms of the alarm attribute telindus1423Router/lanInterface/alarmInfo.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/lanInterface/alarmInfo

The alarm related to the lanInterface object together with its explanation and default alarmMask and
alarmLevel value is given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

linkDown when no valid LAN data is detected. I.e. when the con- enabled 3
nection between the interface and the LAN is down.
Telindus 1423 SHDSL Router Chapter 15 925
User manual Alarm attributes

15.5 WAN interface alarms

This section describes the alarms of the alarm attribute telindus1423Router/wanInterface/alarmInfo.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/wanInterface/alarmInfo

The alarm related to the wanInterface object together with its explanation and default alarmMask and
alarmLevel value is given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

linkDown when an error situation is detected in the encapsulation enabled 3

protocol.
For instance, no ATM synchronisation, a failed PPP
authentication, …
926 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes

15.6 SHDSL line alarms

This section describes the alarms of the alarm attribute telindus1423Router/wanInterface/line/alarmInfo.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/wanInterface/line/alarmInfo

The alarms related to the line object together with their explanation and default alarmMask and alarmLevel
value are given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

linkDown when the line is down. I.e. no data can be transmitted enabled 3
over the line.

invalidNum- if the number of repeaters you entered in the disabled 1

Repeaters telindus1423Router/wanInterface/line/numExpectedRepeaters
attribute does not match the actual number of repeaters
discovered by the Telindus 1423 SHDSL Router.
The actual number of repeaters discovered by the Telin-
dus 1423 SHDSL Router can be seen in the
telindus1423Router/wanInterface/line/numDiscoveredRepeaters
attribute.
Telindus 1423 SHDSL Router Chapter 15 927
User manual Alarm attributes

15.7 SHDSL line pair alarms

This section describes the alarms of the alarm attribute telindus1423Router/wanInterface/line/linePair[ ]/alarmInfo.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/wanInterface/line/linePair[ ]/alarmInfo

The alarms related to the linePair[ ] object together with their explanation and default alarmMask and
alarmLevel value are given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

linkDown when the line pair is down. I.e. no data can be transmit- disabled 3
ted over the line pair.

lineAttenuation when the line attenuation exceeds the value configured disabled 1
in the telindus1423Router/wanInterface/line/linkAlarmThresholds
for at least 10 seconds. The alarm is cleared when the
line attenuation drops below this value for at least 10
seconds.
Note that in case the telindus1423Router/wanInterface/line/
eocHandling attribute is set to alarmConfiguration, the central
SHDSL device forces the remote SHDSL device to use
the linkAlarmThresholds/lineAttenuation as configured on the
central device.
For more information, refer to …
• 5.4.3 - Controlling the standard EOC message
exchange on page 78
• 5.4.4 - none or passiveWhich standard EOC informa-
tion is retrieved? on page 80

signalNoise when the signal noise exceeds the value configured in disabled 1
the telindus1423Router/wanInterface/line/linkAlarmThresholds for
at least 10 seconds. The alarm is cleared when the sig-
nal noise drops below this value for at least 10 seconds.
Note that in case the telindus1423Router/wanInterface/line/
eocHandling attribute is set to alarmConfiguration, the central
SHDSL device forces the remote SHDSL device to use
the linkAlarmThresholds/signalNoise as configured on the
central device.
For more information, refer to …
• 5.4.3 - Controlling the standard EOC message
exchange on page 78
• 5.4.4 - none or passiveWhich standard EOC informa-
tion is retrieved? on page 80
928 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes

The alarm … is generated … Default value

alarmMask alarmLevel

errSecRatioEx- when the amount of erroneous seconds exceeds the disabled 1

ceeded value configured in the telindus1423Router/wanInterface/line/
linkAlarmThresholds within a 15 minutes period1. The alarm
is cleared when the amount of erroneous seconds drops
below this value within a 15 minutes period.

sevErrSecRatioEx- when the amount of severely erroneous seconds disabled 2

ceeded exceeds the value configured in the telindus1423Router/
wanInterface/line/linkAlarmThresholds within a 15 minutes
period1. The alarm is cleared when the amount of
severely erroneous seconds drops below this value
within a 15 minutes period.

bbErrRatioEx- when the background block error ratio exceeds the disabled 1
ceeded value configured in the telindus1423Router/wanInterface/line/
linkAlarmThresholds configuration attribute within a 15
minute period1. The alarm is cleared when the back-
ground block error ratio drops below this value within a
15 minute period.

1. The 15 minutes periods run synchronous with the 15 minutes periods of the telindus1423Router/
wanInterface/line/h2Line performance attribute.
Because alarms are raised or cleared within 15 minutes periods, there is a delay in the alarm
status. For example, suppose that in the first minute of a 15 minutes period the errSecOn value
is exceeded, then the errSecExceeded alarm is raised. The alarm stays on for the remainder of
the 15 minutes period. The alarm is only cleared if also in the next 15 minutes period the
errSecOn value is not exceeded.
Telindus 1423 SHDSL Router Chapter 15 929
User manual Alarm attributes

15.8 End and repeater alarms

This section describes the alarms of the alarm attribute telindus1423Router/wanInterface/end/linePair[ ]/alarmInfo.
The repeater[ ] and end objects contain the same attributes, therefore only the alarms of the end object are
described.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/wanInterface/end/linePair[ ]/alarmInfo

The alarm related to the end/linePair[ ] object together with its explanation and default alarmMask and
alarmLevel value is given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

lineAttenuation when the lineAttenuation value configured in the disabled 1

telindus1423Router/wanInterface/line/linkAlarmThresholds of the
local device is exceeded for at least 10 seconds. The
alarm is cleared when the line attenuation drops below
this value for at least 10 seconds.
Note however that in case the telindus1423Router/wanInter-
face/line/eocHandling attribute is set to alarmConfiguration, the
central SHDSL device forces the remote SHDSL device
to use the linkAlarmThresholds/lineAttenuation as configured
on the central device.
For more information, refer to …
• 5.4.3 - Controlling the standard EOC message
exchange on page 78
• 5.4.4 - none or passiveWhich standard EOC informa-
tion is retrieved? on page 80

signalNoise when the signalNoise value configured in the disabled 1

telindus1423Router/wanInterface/line/linkAlarmThresholds of the
local device is exceeded for at least 10 seconds. The
alarm is cleared when the signal noise drops below this
value for at least 10 seconds.
Note however that in case the telindus1423Router/wanInter-
face/line/eocHandling attribute is set to alarmConfiguration, the
central SHDSL device forces the remote SHDSL device
to use the linkAlarmThresholds/signalNoise as configured on
the central device.
For more information, refer to …
• 5.4.3 - Controlling the standard EOC message
exchange on page 78
• 5.4.4 - none or passiveWhich standard EOC informa-
tion is retrieved? on page 80
930 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes

The alarm … is generated … Default value

alarmMask alarmLevel

errSecRatioEx- when the errSecOn value configured in the disabled 1

ceeded telindus1423Router/wanInterface/line/linkAlarmThresholds of the
local device is exceeded within a 15 minutes period1.
The alarm is cleared when the amount of erroneous sec-
onds drops below this value within a 15 minutes period.

sevErrSecRatioEx- when the sevErrSecOn value configured in the disabled 2

ceeded telindus1423Router/wanInterface/line/linkAlarmThresholds of the
local device is exceeded within a 15 minutes period1.
The alarm is cleared when the amount of severely erro-
neous seconds drops below this value within a 15 min-
utes period.

bbErrRatioEx- when the background block error ratio exceeds the disabled 1
ceeded value configured in the telindus1423Router/wanInterface/line/
linkAlarmThresholds configuration attribute within a 15
minute period1. The alarm is cleared when the back-
ground block error ratio drops below this value within a
15 minute period.

1. The 15 minutes periods run synchronous with the 15 minutes periods of the telindus1423Router/
wanInterface/line/h2Line performance attribute.
Because alarms are raised or cleared within 15 minutes periods, there is a delay in the alarm
status. For example, suppose that in the first minute of a 15 minutes period the errSecOn value
is exceeded, then the errSecExceeded alarm is raised. The alarm stays on for the remainder of
the 15 minutes period. The alarm is only cleared if also in the next 15 minutes period the
errSecOn value is not exceeded.
Telindus 1423 SHDSL Router Chapter 15 931
User manual Alarm attributes

15.9 BRI alarms

This section describes the alarms of the alarm attribute telindus1423Router/bri[ ]/alarmInfo.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/bri[ ]/alarmInfo

The alarms related to the bri[ ] object together with their explanation and default alarmMask and alarmLevel
value are given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

linkDown when ISDN layer 1 is down, i.e. there is no physical con- disabled 2
nection between the BRI interface and the telecom oper-
ator ISDN switch.

sucDialOut when a dial-out call is established successfully. disabled 1

sucDialIn when a dial-in call is established successfully. disabled 1

failDialOut when a dial-out call failed. This can be due to a problem disabled 2
on the dial-up interface itself (e.g. no physical connec-
tion, no answer to a call, etc.) or an error situation in the
encapsulation protocol.

failDialIn when a dial-in call failed. This can be due to a problem disabled 2
on the dial-up interface itself (e.g. no physical connec-
tion, no answer to a call, etc.) or an error situation in the
encapsulation protocol.
932 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes

15.10 B-channel alarms

This section describes the alarms of the alarm attribute telindus1423Router/bri[ ]/bChannel[ ]/alarmInfo.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/bri[ ]/bChannel[ ]/alarmInfo

The alarm related to the bChannel[ ] object together with its explanation and default alarmMask and alarmLevel
value is given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

linkDown when ISDN layer 2 is down, i.e. the B-channel is down. disabled 2
Telindus 1423 SHDSL Router Chapter 15 933
User manual Alarm attributes

15.11 AUX alarms

This section describes the alarms of the alarm attribute telindus1423Router/aux/alarmInfo.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/aux/alarmInfo

The alarms related to the aux object together with their explanation and default alarmMask and alarmLevel
values are given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

linkDown when layer 1 is down. disabled 2

sucDialOut when a dial-out call is established successfully. disabled 1

sucDialIn when a dial-in call is established successfully. disabled 1

failDialOut when a dial-out call failed. This can be due to a problem disabled 2
on the dial-up interface itself (e.g. no physical connec-
tion, no answer to a call, etc.) or an error situation in the
encapsulation protocol.

failDialIn when a dial-in call failed. This can be due to a problem disabled 2
on the dial-up interface itself (e.g. no physical connec-
tion, no answer to a call, etc.) or an error situation in the
encapsulation protocol.
934 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes

15.12 Bundle alarms

This section describes the alarms of the alarm attribute telindus1423Router/bundle/xxxBundle[ ]/alarmInfo.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/bundle/xxxBundle[ ]/alarmInfo

The alarm related to the xxxBundle[ ] object together with its explanation and default alarmMask and
alarmLevel value is given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

linkDown when all the bundle links in the bundle are down. enabled 3
Telindus 1423 SHDSL Router Chapter 15 935
User manual Alarm attributes

15.13 Router alarms

This section describes the alarms of the alarm attribute telindus1423Router/ip/router/alarmInfo.

Refer to 15.2 - Introducing the alarm attributes on page 919 for general information on the alarm
attributes.

telindus1423Router/ip/router/alarmInfo

The alarm related to the router object together with its explanation and default alarmMask and alarmLevel
value is given in the following table:

The alarm … is generated … Default value

alarmMask alarmLevel

pingActive when a ping is pending (for example, an indefinite ping). enabled 3

This notification is necessary because you can only
transmit one ping at a time. Furthermore, there is no pro-
tection when a new ping is started before the previous is
stopped.
936 Telindus 1423 SHDSL Router Chapter 15
User manual Alarm attributes
Telindus 1423 SHDSL Router Chapter 16 937
User manual TMA sub-system picture

16 TMA sub-system picture

The sub-system picture is a TMA tool that visualises the status information of the Telindus 1423 SHDSL
Router. This chapter explains how to display the sub-system picture, and how to interpret the visual indi-
cations.

How to display the sub-system picture?

To display the sub-system picture of the Telindus 1423 SHDSL Router, click on the sub-system picture
button located in the TMA toolbar: .

Structure of the sub-system picture

This paragraph displays and labels the different elements of the sub-system picture. It also explains how
the visual indications should be interpreted.
Below, the Telindus 1423 SHDSL Router sub-system picture is displayed:

The following table gives an overview of the sub-system picture elements and what they indicate:

Element Description

LEDs These reflect the actual status of the device.

The LED indication on the sub-system picture corresponds with the LED indication
on the Telindus 1423 SHDSL Router itself. Refer to 2.7 - The front panel LED indi-
cators on page 24 for more information on the interpretation of the LEDs.

LAN This reflects the status of the LAN interface. The possible indications are:
• green. There is no alarm active in the corresponding lanInterface object.
• red. An alarm is active in the corresponding lanInterface object.

The colour of the LAN interface only changes if the alarms related to the
lanInterface object are set to enabled in the alarmMask.
938 Telindus 1423 SHDSL Router Chapter 16
User manual TMA sub-system picture

Element Description

LINE This reflects the status of the WAN interface and of the line pair(s). The possible
indications are:
• green outside. There is no alarm active in the corresponding
wanInterface object.
• red outside. An alarm is active in the corresponding wanInterface
object.
• green inside, left. There is no alarm active in the corresponding linePair[1] object.
• red inside, left. An alarm is active in the corresponding linePair[1] object.
• green inside, right. There is no alarm active in the corresponding linePair[2]
object.
• red inside, right. An alarm is active in the corresponding linePair[2] object.

The colours of the WAN interface / line pair(s) only change if the alarms
related to the wanInterface / linePair[ ] objects are set to enabled in the alarm-
Mask.
Telindus 1423 SHDSL Router Chapter 17 939
User manual Auto installing the Telindus 1423 SHDSL Router

17 Auto installing the Telindus 1423 SHDSL Router

Auto-install includes a number of features that allow you to partially or completely configure the Telindus
1423 SHDSL Router without on-site intervention. This is shown in this chapter.
The following gives an overview of this chapter:
• 17.1 - Introducing the auto-install protocols on page 940
• 17.2 - Auto-install on the LAN interface on page 942
• 17.3 - Auto-install on the WAN interface on page 947
• 17.4 - Creating a configuration file on page 954
• 17.5 - Restoring a configuration file on page 961
940 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

17.1 Introducing the auto-install protocols

The Telindus 1423 SHDSL Router uses several protocols during its auto-install sequence. These are
introduced below.

What is BootP?

BootP (RFC 951) is used by IP devices that have no IP address to obtain one.
The client IP device sends a limited broadcast request on its interfaces requesting an IP address. The
request contains the client its MAC address, which is a unique identifier (refer to What is the ARP cache?
on page 453 for more information).
A workstation with a BootP server interprets incoming BootP requests. You can configure a file on the
server with MAC address and IP address/subnet mask pairs for all devices in the network you want to
service. If the MAC address in the BootP request matches a MAC address in this file, the BootP server
replies with the corresponding IP address and subnet mask.
Assigning an IP address in this way is done through a simple request - response handshake.

The Telindus 1423 SHDSL Router, being a router, always requests a static IP address.

What is DHCP?

DHCP (RFC 2131 and RFC 2132) is used by IP devices that have no IP address to obtain one.
The client IP device sends a limited broadcast request on its interfaces requesting an IP address. The
request contains the client its MAC address, which is a unique identifier (refer to What is the ARP cache?
on page 453 for more information).
A workstation with a DHCP server works in a similar way as with a BootP server. The difference with
BootP is that you can additionally configure a list of IP addresses on the server. These IP addresses are
dynamically assigned to the IP devices requesting an IP address, independently of their MAC address.
Those address assignments are limited in time.
Assigning an IP address in this way is done through a 4-way handshake and with regular renewals.

The Telindus 1423 SHDSL Router, being a router, always requests a static IP address.

What is DNS?

The Domain Name Service (DNS) is an Internet service that translates domain names into IP addresses.
Because domain names are alphabetic, they are easier to remember. The Internet however, is really
based on IP addresses. Therefore, every time you use a domain name, a DNS service must translate
the name into the corresponding IP address. For example, the domain name www.mywebsite.com might
translate to 198.105.232.4.
The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular
domain name, it asks another one, and so on, until the correct IP address is returned.
Telindus 1423 SHDSL Router Chapter 17 941
User manual Auto installing the Telindus 1423 SHDSL Router

What is TFTP?

Trivial File Transfer Protocol (TFTP) is an Internet software utility for transferring files that is simpler to
use than the File Transfer Protocol (FTP) but less capable. It is used where user authentication and
directory visibility are not required. TFTP uses the User Datagram Protocol (UDP) rather than the Trans-
mission Control Protocol (TCP). TFTP is described formally in Request for Comments (RFC) 1350.
TFTP is typically used in combination with BootP or DHCP to obtain the configuration of a device from
a TFTP server. The configuration file on this TFTP can be in a binary or an ASCII (CLI) format. How to
build such files is explained in 17.4 - Creating a configuration file on page 954.

The Telindus 1423 SHDSL Router as relay agent

Being broadcast packets, BootP, DHCP, DNS and TFTP requests can cross a router using IP helper
addresses. The Telindus 1423 SHDSL Router is a relay agent for these protocols. This means it adds
additional information to the request packets allowing servers on distant networks to send back the
answer.
942 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

17.2 Auto-install on the LAN interface

This section shows the auto-install sequence on the Telindus 1423 SHDSL Router its LAN interface.
The following gives an overview of this section:
• 17.2.1 - Set-up for auto-install on the LAN interface on page 943
• 17.2.2 - Auto-install in case of Ethernet on page 944
• 17.2.3 - Example of auto-install on the LAN interface on page 945
Telindus 1423 SHDSL Router Chapter 17 943
User manual Auto installing the Telindus 1423 SHDSL Router

17.2.1 Set-up for auto-install on the LAN interface

The following figure shows the set-up for auto-install on the LAN interface:
944 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

17.2.2 Auto-install in case of Ethernet

Telindus 1423 SHDSL Router Chapter 17 945
User manual Auto installing the Telindus 1423 SHDSL Router

17.2.3 Example of auto-install on the LAN interface

Suppose you have the following situation:

• The Telindus 1423 SHDSL Router is still in its default configuration (absolutely nothing is configured).
This means that the LAN interface …
- is in bridging mode.
- no IP address is configured on the LAN interface.
- no IP address is configured on the bridge group.
⇒This means that if an IP address is obtained through BootP/DHCP, then it will be assigned to the
bridge group, not to the LAN interface itself (since it is in bridging mode)!
• A BootP server is present on the LAN, containing the Telindus 1423 SHDSL Router MAC address
(00:C0:89:00:94:6F) and a corresponding IP address (192.168.47.1).
• A DNS server is present on the LAN, containing the Telindus 1423 SHDSL Router its hostname
“TlsRouter“.
• A TFTP server is present on the LAN, containing the Telindus 1423 SHDSL Router its binary config-
uration file “TlsRouter.cms”.
• The Telindus 1423 SHDSL Router is plugged on to the LAN.
946 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

The following shows how the Telindus 1423 SHDSL Router obtains an IP address and its configuration
file:

Note again that the obtained IP address is assigned to the bridge group, not to the LAN interface itself
(since it is in bridging mode)! So if you check the status of the bridge group, you will see the IP address
there:
Telindus 1423 SHDSL Router Chapter 17 947
User manual Auto installing the Telindus 1423 SHDSL Router

17.3 Auto-install on the WAN interface

This section shows the auto-install sequence on the Telindus 1423 SHDSL Router its WAN interface.
The following gives an overview of this section:
• 17.3.1 - Set-up for auto-install on the WAN interface on page 948
• 17.3.2 - Auto-install in case of ATM on page 949
• 17.3.3 - Auto-install in case of Frame-Relay on page 950
• 17.3.4 - Example of auto-install on the WAN interface running ATM on page 951
948 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

17.3.1 Set-up for auto-install on the WAN interface

The following figure shows the set-up for auto-install on the WAN interface:
Telindus 1423 SHDSL Router Chapter 17 949
User manual Auto installing the Telindus 1423 SHDSL Router

17.3.2 Auto-install in case of ATM

950 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

17.3.3 Auto-install in case of Frame-Relay

Telindus 1423 SHDSL Router Chapter 17 951
User manual Auto installing the Telindus 1423 SHDSL Router

17.3.4 Example of auto-install on the WAN interface running ATM

Suppose you have the following situation:

• On the local Telindus Router you add an ATM PVC to the atm/pvcTable. For this ATM PVC you specify
the VPI/VCI values 1/100. All other elements of the ATM PVC remain at their default value.
• On the central Telindus Router you also add an ATM PVC to the atm/pvcTable. For this ATM PVC you
specify …
- the VPI/VCI values 1/100.
- the helper IP addresses 192.168.47.251 (DHCP server) and 192.168.47.252 (TFTP server).
- the helper protocols DHCP (68) and TFTP (69).
• A DHCP server is present on the remote network, containing the Telindus 1423 SHDSL Router MAC
address (00:C0:89:00:94:6F), a corresponding IP address (192.168.100.1) and a corresponding con-
figuration filename “TlsRouterConfig.cms”.
• A TFTP server is present on the remote network, containing the Telindus 1423 SHDSL Router its
binary configuration file “TlsRouterConfig.cms”.
• The Telindus Router is plugged on to the WAN.

So the initial configuration on the local Telindus Router is as shown below:

952 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

In order for the auto-install of the local Telindus Router to be successful, the following must be configured
on the central Telindus Router:
Telindus 1423 SHDSL Router Chapter 17 953
User manual Auto installing the Telindus 1423 SHDSL Router

The following shows how the local Telindus Router obtains an IP address and its configuration file:
954 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

17.4 Creating a configuration file

In 17.2 - Auto-install on the LAN interface on page 942 and 17.3 - Auto-install on the WAN interface on
page 947, you can see how the configuration file is retrieved using TFTP during the auto-install
sequence. This section explains which two configuration file formats can be used for this purpose and
how to create such a configuration file.
The following gives an overview of this section:
• 17.4.1 - The different configuration file formats on page 955
• 17.4.2 - Creating a binary file using TMA on page 956
• 17.4.3 - Creating an ASCII CLI file using TMA on page 957
• 17.4.4 - Creating an ASCII CLI file using TFTP on page 959
• 17.4.5 - Creating an ASCII CLI file using Telnet on page 960
Telindus 1423 SHDSL Router Chapter 17 955
User manual Auto installing the Telindus 1423 SHDSL Router

17.4.1 The different configuration file formats

In 17.2 - Auto-install on the LAN interface on page 942 and 17.3 - Auto-install on the WAN interface on
page 947, you can see how the configuration file is retrieved using TFTP during the auto-install
sequence. The two possible configuration file formats used for this purpose are:

File type Extension How to create the configuration file

binary .cms Use the TMA export utility and choose the CMS file type. This
is the most compact format.
Refer to 17.4.2 - Creating a binary file using TMA on page 956.

ASCII CLI .cli • Use the TMA export utility and choose the CLI file type.
• Use the TFTP get command.
• Use the CLI get command.
Refer to …
• 17.4.3 - Creating an ASCII CLI file using TMA on page 957
• 17.4.4 - Creating an ASCII CLI file using TFTP on page 959
• 17.4.5 - Creating an ASCII CLI file using Telnet on
page 960

When you download an ASCII CLI (*.cli) configuration

file to the Telindus 1423 SHDSL Router, make sure that
each line in this file contains no more than 500 charac-
ters.
956 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

17.4.2 Creating a binary file using TMA

To create a configuration file in binary (*.cms) format using TMA, proceed as follows:

Step Action

1 Start a TMA session on the Telindus 1423 SHDSL Router.

2 Make changes to its configuration (if necessary) in order to obtain the desired configura-
tion.

3 Click on the Export data to file button: .

4 In the Export configuration parameters window, select the following:

• Choose a directory where to save the file.
• Enter a name for the file.
• Make sure the file type is CMS.
• Make sure the Full configuration option is selected.

5 Click on the Save button.

The edited configuration of the Telindus 1423 SHDSL Router is stored on the PC in
binary format. The file contains the complete configuration including the Activate Config-
uration command. As a result, the configuration is immediately activated if you download
it to the device again.
Telindus 1423 SHDSL Router Chapter 17 957
User manual Auto installing the Telindus 1423 SHDSL Router

17.4.3 Creating an ASCII CLI file using TMA

To create a configuration file in ASCII CLI (*.cli) format using TMA, proceed as follows:

Step Action

1 Start a TMA session on the Telindus 1423 SHDSL Router.

2 Make changes to its configuration (if necessary) in order to obtain the desired configura-
tion.

3 Click on the Export data to file button: .

4 In the Export configuration parameters window, select the following:

• Choose a directory where to save the file.
• Enter a name for the file.
• Make sure the file type is CLI.
• Make sure the Full configuration option is selected.

Do not select the file extension for ASCII text (*.txt)! This is for documentation pur-
poses only, not for configuration purposes.
958 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

Step Action

5 Click on the Save button.

⇒The edited configuration of the Telindus 1423 SHDSL Router is stored on the PC
in ASCII CLI format. The file contains the configuration attributes that differ from
their default value including the Load Default Configuration command at the begin-
ning of the file and the Activate Configuration command at the end of the file. As a
result, the configuration is immediately activated if you download it to the device
again.
Telindus 1423 SHDSL Router Chapter 17 959
User manual Auto installing the Telindus 1423 SHDSL Router

17.4.4 Creating an ASCII CLI file using TFTP

To create a configuration file in ASCII CLI (*.cli) format using TFTP, proceed as follows:

Step Action

1 Start a TFTP session on the Telindus 1423 SHDSL Router.

For example by typing tftp 10.0.11.1 at the command prompt of your workstation,
where 10.0.11.1 is the IP address of the Telindus 1423 SHDSL Router.

2 Get the configuration file of the Telindus 1423 SHDSL Router.

Example

tftp> get CONFIG.CLI dest_file.cli

Where …
• get is the TFTP command to retrieve a file.
• CONFIG.CLI (in capitals!) is the source file (i.e. the Telindus 1423 SHDSL Router con-
figuration file).
• dest_file.cli is the destination file.

3 When the file transfer is finished, close the TFTP session.

Note that the procedure described above does not work with FTP.
960 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

17.4.5 Creating an ASCII CLI file using Telnet

To create a configuration file in ASCII CLI (*.cli) format using Telnet logging and the CLI get command,
proceed as follows:

Step Action

1 Start a Telnet session on the Telindus 1423 SHDSL Router. You are automatically in CLI
mode.

2 You are automatically located in the top object (telindus1423Router) and in the "Edit Config-
uration" group. Check to make sure (just press the Enter key).

3 Log the CLI output to a file. Refer to the documentation of your Telnet software how to
do so.

4 Execute the get -r -d command.

>get -r -d

5 Stop the logging.

6 The log file you now obtained, modify it as follows:

• At the beginning of the log file …
- remove all logging before the get -r -d command.
- remove the get -r -d command itself.
- change the string GET into SET.
- type the string action “Load Default Configuration” (case sensitive!) on the line
above the SET command.
• At the end of the log file…
- remove all logging until the last character is a closing curled bracket “}”.
- type the string action “Activate Configuration” (case sensitive!) on the line below
the closing curled bracket “}”.

7 Save this file to a file with an extension *.cli.

Telindus 1423 SHDSL Router Chapter 17 961
User manual Auto installing the Telindus 1423 SHDSL Router

17.5 Restoring a configuration file

In 17.2 - Auto-install on the LAN interface on page 942 and 17.3 - Auto-install on the WAN interface on
page 947, you can see how the configuration file is retrieved using TFTP during the auto-install
sequence. It is, however, also possible to restore previously saved configuration files by downloading
them yourself to the Telindus 1423 SHDSL Router. You can do this by using various applications. This
is explained in this section.
The following gives an overview of this section:
• 17.5.1 - Downloading a configuration file using TMA on page 962
• 17.5.2 - Downloading a configuration file using (T)FTP on page 963
• 17.5.3 - Downloading a configuration file using Telnet on page 964
962 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

17.5.1 Downloading a configuration file using TMA

To download a configuration file using TMA, proceed as follows:

Step Action

1 Start a TMA session on the Telindus 1423 SHDSL Router.

2 Click on the Import data from file button: .

3 In the Import configuration window, select the following:

• Select the directory where the configuration file is located.
• Select which type of configuration file you want to import: CMS or CLI.
• Select the configuration file you want to import.

4 Click on the Open button.

⇒The configuration is downloaded to the Telindus 1423 SHDSL Router.
Telindus 1423 SHDSL Router Chapter 17 963
User manual Auto installing the Telindus 1423 SHDSL Router

17.5.2 Downloading a configuration file using (T)FTP

To download a configuration file using (T)FTP, proceed as follows:

Step Action

1 Start a (T)FTP session on the Telindus 1423 SHDSL Router.

For example by typing (t)ftp 10.0.11.1 at the command prompt of your computer,
where 10.0.11.1 is the IP address of the Telindus 1423 SHDSL Router. If a write access
password is configured on the Telindus 1423 SHDSL Router, then enter it as well.

2 Set the transfer mode to binary (octet) format. The syntax to do this is typically binary or
octet.

3 Type the following command:

(t)ftp> put source_file.cli CONFIG.CLI
or
(t)ftp> put source_file.cms CONFIG.CMS
Where …
• put is the (T)FTP command to send a file.
• source_file.* is the source file. This may either be a CLI or CMS file1.
• CONFIG.* (in capitals!) is the destination file (i.e. the Telindus 1423 SHDSL Router
configuration file). This may either be a CLI or CMS file1.

4 When the file transfer is finished, close the (T)FTP session.

1. However, make sure that source and destination file format are both the same!
964 Telindus 1423 SHDSL Router Chapter 17
User manual Auto installing the Telindus 1423 SHDSL Router

17.5.3 Downloading a configuration file using Telnet

To download a configuration file using Telnet, proceed as follows:

Step Action

1 Start a Telnet session on the Telindus 1423 SHDSL Router. You are automatically in CLI
mode.

2 You are automatically located in the top object (telindus1423Router) and in the "Edit Config-
uration" group. Check to make sure (just press the Enter key).

3 Use the “send” feature of your Telnet software to send the ASCII CLI configuration file to
the Telindus 1423 SHDSL Router. Refer to the documentation of your Telnet software
how to do so.
Telindus 1423 SHDSL Router Chapter 18 965
User manual Downloading software

18 Downloading software
This chapter explains how to download application software to the Telindus 1423 SHDSL Router. It also
shows how to download any other file to the file system of the Telindus 1423 SHDSL Router. But first it
explains the difference between boot and application software.
The following gives an overview of this chapter:
• 18.1 - What is boot and application software? on page 966
• 18.2 - Downloading application software using TMA on page 967
• 18.3 - Downloading application software using TFTP on page 968
• 18.4 - Downloading application software using TML on page 969
• 18.5 - Downloading application software using FTP on page 970
• 18.6 - Downloading application software in boot mode on page 971
• 18.7 - Downloading files to the file system on page 972
966 Telindus 1423 SHDSL Router Chapter 18
User manual Downloading software

18.1 What is boot and application software?

What is boot software?

The boot software takes care of the initial phase in the start-up sequence of the Telindus 1423 SHDSL
Router. It is located on the lowest software level. If the Telindus 1423 SHDSL Router only loads its boot
software, then we say that the Telindus 1423 SHDSL Router runs in boot mode.
The Telindus 1423 SHDSL Router …
• runs in boot mode if no application software is present.
• can be forced to run in boot mode by using a DIP switch. This may be necessary in case a software
download failed or a flash memory error occurred making the Telindus 1423 SHDSL Router inacces-
sible or even inoperative. Refer to 18.6 - Downloading application software in boot mode on
page 971.
• can temporarily be forced to run in boot mode by using the -b option of the TML command. Refer to
18.4 - Downloading application software using TML on page 969.

In boot mode …
• you can download application software (using TML).
• you cannot establish a TMA session. You can only use TML to download application software.

What is application software

The application software, also called control software or firmware, completely controls the Telindus 1423
SHDSL Router. It is located on the highest software level. If the Telindus 1423 SHDSL Router loads its
boot, loader and application software, then we say that the Telindus 1423 SHDSL Router runs in appli-
cation mode.
In application mode …
• you can download application software (using TMA, TFTP or TML).
• you can establish a TMA session.
Telindus 1423 SHDSL Router Chapter 18 967
User manual Downloading software

18.2 Downloading application software using TMA

To download application software to the Telindus 1423 SHDSL Router using TMA, proceed as follows:

Step Action

1 Establish a link between TMA and the Telindus 1423 SHDSL Router either over a serial
or an IP connection. Refer to 4 - Maintaining the Telindus 1423 SHDSL Router on
page 35.

2 In the TMA window select Tools → Download…

3 In case you made …

• an IP connection, skip this step.
• a serial connection, select the Options tab in
the TMA - Download window. Then set the
following:
- Set the initial transfer speed to 9600 bps.
- Select a maximum transfer speed. If you
select e.g. 57600 bps, then the actual
transfer speed will be negotiated between
9600 bps and 57600 bps.

4 In the TMA - Download window, select the Configuration tab and click on Add…

5 In the Remote filename window, do the

following:
1. Select the file you want to download
(e.g. T1234001.00).
2. Type CONTROL in the Remote file
field.
3. Click on Open.

6 If you are currently connected to the Telindus 1423 SHDSL Router without write access,
then you can enter a password in the Password tab which gives you write access. Else
leave the Password tab blank.

7 When the TMA - Download window reappears,

click on OK.
⇒A window opens and shows the download
progress.
968 Telindus 1423 SHDSL Router Chapter 18
User manual Downloading software

18.3 Downloading application software using TFTP

When downloading with TMA over an IP connection, you actually evoke TFTP (Trivial File Transfer Pro-
tocol) through TMA. You can also use TFTP without opening TMA.
To download application software to the Telindus 1423 SHDSL Router using TFTP, proceed as follows:

Step Action

1 Start a TFTP session on the Telindus 1423 SHDSL Router.

For example by typing tftp 10.0.11.1 at the command prompt of your computer, where
10.0.11.1 is the LAN IP address of the Telindus 1423 SHDSL Router. If a write access
password is configured on the Telindus 1423 SHDSL Router, you can either enter it now
or when you actually download the application software (see step 3).

2 Set the following TFTP parameters:

• Set the retransmission time-out to at least 20 seconds. The syntax to do this is typi-
cally rexmt 20.
• Set the total TFTP time-out sufficiently large (e.g. 40 seconds). The syntax to do this
is typically timeout 40.
• Set the transfer mode to binary (octet) format. The syntax to do this is typically binary
or octet.

3 Type the following command:

tftp> put Txxxxxxx.00 CONTROL?my_pwd
Where …
• put is the TFTP command to send a file.
• Txxxxxxx.00 is the application software file (e.g. T1234001.00).
• CONTROL (in capitals!) specifies that the file being downloaded is an application soft-
ware file.
• ?my_pwd is the write access password as configured in the Telindus 1423 SHDSL
Router. If no password has been configured or if you already entered one when start-
ing the TFTP session (see step 1), you may omit the ? and the password.

4 When the file transfer is finished, close the TFTP session.

Telindus 1423 SHDSL Router Chapter 18 969
User manual Downloading software

18.4 Downloading application software using TML

When downloading with TMA over a serial connection, you actually evoke TML (Telindus Memory
Loader) through TMA. You can also use TML without opening TMA.
To download application software to the Telindus 1423 SHDSL Router using TML, proceed as follows:

Step Action

1 Connect a serial port of your com-

puter (e.g. COM1) through a
straight DB9 male - female cable
with the control connector of the
Telindus 1423 SHDSL Router.

2 Open a DOS window on your computer.

3 Go to the directory where the TML executable is located. Typically this is

C:\Program Files\TMA.

4 Place the software file you want to download in this directory.

5 Type the following command to download application software:

tml -c1 -v -fTxxxxxxx.00@CONTROL?my_pwd

where …
• tml is the executable (Telindus Memory Loader) to download files to the Telindus
devices through their control port.
• -c1 specifies the COM port of the computer connected to the Telindus 1423 SHDSL
Router (in this example COM1).
• -v returns graphical information on the download status.
• -fTxxxxxxx.00 is the software file you want to download (e.g. T1234001.00).
• CONTROL (in capitals!) specifies that the file being downloaded is an application or
loader software file.
• ?my_pwd is the write access password as configured in the Telindus 1423 SHDSL
Router. If no password has been configured, you may omit the ? and the password.

To see a list of all the possible TML options: type TML in your DOS windows and press
the ENTER key.

6 If you press the ENTER key, the software download begins.

If you used the -v option together with the TML command, a graphical bar shows the
download progress.
970 Telindus 1423 SHDSL Router Chapter 18
User manual Downloading software

18.5 Downloading application software using FTP

To download application software to the Telindus 1423 SHDSL Router using FTP, proceed as follows:

Step Action

1 Start an FTP session on the Telindus 1423 SHDSL Router.

For example by typing ftp 10.0.11.1 at the command prompt of your computer, where
10.0.11.1 is the LAN IP address of the Telindus 1423 SHDSL Router. If a write access
password is configured on the Telindus 1423 SHDSL Router, you can either enter it now
or when you actually download the application software (see step 3).

2 Make sure the transfer mode is set to binary (octet) format. The syntax to do this is typi-
cally binary.

3 Type the following command:

ftp> put Txxxxxxx.00 CONTROL?my_pwd
Where …
• put is the FTP command to send a file.
• Txxxxxxx.00 is the application software file (e.g. T1234001.00).
• CONTROL (in capitals!) specifies that the file being downloaded is an application soft-
ware file.
• ?my_pwd is the write access password as configured in the Telindus 1423 SHDSL
Router. If no password has been configured or if you already entered one when start-
ing the FTP session (see step 1), you may omit the ? and the password.

4 When the file transfer is finished, close the FTP session.

Telindus 1423 SHDSL Router Chapter 18 971
User manual Downloading software

18.6 Downloading application software in boot mode

When a software download failed or when a flash memory error occurs, it may be possible that the Tel-
indus 1423 SHDSL Router becomes inaccessible or even inoperative. In that case, new software can
still be downloaded by forcing the Telindus 1423 SHDSL Router in loader mode. Do this by means of the
Boot mode DIP switch. Refer to 3.2 - DIP switches of the Telindus 1423 SHDSL Router on page 31.
To download loader or application software to a Telindus 1423 SHDSL Router in loader mode, proceed
as follows:

Step Action

1 Disconnect the power supply and open the housing as described in 3.4 - Opening and
closing the housing on page 33.

2 Set the Boot mode DIP switch to off.

Refer to 3.1 - The Telindus 1423 SHDSL Router motherboard on page 30 to locate this
DIP switch.

3 Replace the cover without fastening the screws and reconnect the power supply.
⇒The Telindus 1423 SHDSL Router reboots in boot mode.
4 Now proceed as explained in the previous section, 18.4 - Downloading application soft-
ware using TML on page 969.

5 When the software download is finished, again disconnect the power supply and open
the housing.

6 Reset the Boot mode DIP switch to on.

7 Properly replace the cover as described in 3.4 - Opening and closing the housing on
page 33 and reconnect the power supply.
972 Telindus 1423 SHDSL Router Chapter 18
User manual Downloading software

18.7 Downloading files to the file system

You might want to download other files than the firmware files only. In fact, any file can be downloaded
to the file system of the Telindus 1423 SHDSL Router. You can do this using the same tools you use to
download application software. These tools are:
• TMA (refer to 18.2 - Downloading application software using TMA on page 967).
• TFTP (refer to 18.3 - Downloading application software using TFTP on page 968).
• TML (refer to 18.4 - Downloading application software using TML on page 969).
• FTP (refer to 18.5 - Downloading application software using FTP on page 970).
The major difference is that instead of specifying CONTROL as target filename for the application software,
you now can specify any filename as target filename.

Tool Example

TMA In the Remote filename window,

do the following:
1. Select the file you want to
download (e.g. sdsltt.mod).
2. Type the target filename in the
Remote file field (e.g.
sdsltt.mod).
3. Click on Open.

(T)FTP and TML • tftp> put filename1.ext filename2.ext?my_pwd

• ftp> put filename1.ext filename2.ext?my_pwd
• tml -c1 -v [email protected]?my_pwd
Where …
• filename1.ext is the source filename. This is a file on your computer.
• filename2.ext is the target filename. This is the filename the source file will
get when it is placed on the file system. Source and target filename may be the
same, but if wanted, you may specify a different target filename.

Example:
• tftp> put models.nms models.nms?pwd123
• tml -c1 -v [email protected]?pwd123
Telindus 1423 SHDSL Router Chapter 19 973
User manual Technical specifications

19 Technical specifications
This chapter gives the technical specifications of the Telindus 1423 SHDSL Router. The following gives
an overview of this chapter:
• 19.1 - SHDSL line specifications on page 974
• 19.2 - Basic Rate ISDN interface specifications on page 976
• 19.3 - LAN interface specifications on page 977
• 19.4 - 4 port Ethernet switch specifications on page 977
• 19.5 - Control connector specifications on page 978
• 19.6 - IP address assignment and auto-provisioning on page 979
• 19.7 - ATM encapsulation specifications on page 980
• 19.8 - Frame Relay encapsulation specifications on page 981
• 19.9 - PPP encapsulation specifications on page 981
• 19.10 - Other WAN encapsulation specifications on page 981
• 19.11 - IP routing specifications on page 982
• 19.12 - Bridging specifications on page 984
• 19.13 - Network address translation specifications on page 985
• 19.14 - Tunnelling and VPN specifications on page 986
• 19.15 - Priority and traffic policy specifications on page 987
• 19.16 - Routing and bridging performance specifications on page 989
• 19.17 - Firewall specifications on page 989
• 19.18 - Access security specifications on page 990
• 19.19 - Maintenance and management specifications on page 990
• 19.20 - Memory specifications on page 991
• 19.21 - Power requirements on page 991
• 19.22 - Dimensions on page 991
• 19.23 - Safety compliance on page 992
• 19.24 - Over-voltage and over-current protection compliance on page 992
• 19.25 - EMC compliance on page 992
• 19.26 - Environmental compliance on page 992
974 Telindus 1423 SHDSL Router Chapter 19
User manual Technical specifications

19.1 SHDSL line specifications

• Single pair or dual pair line access

• Connector: RJ45
• Impedance: 135 ohm
• Cable to be used: 2*2*CAT5E twisted pair
• Coding: TC PAM, compliant to ITU-T G.991.2 (G.SHDSL)
• Line speeds:
- Single pair: N x 64 kbps (N = 1 … 36)
- Two pair: N x 128 kbps (N = 1 … 36)
• Handshaking: compliant G.994.1 (automatic speed negotiation) or fixed speed
• Performance monitoring: compliant G.826 (errored seconds, severely errored seconds, unavailability
seconds)
• Encapsulation: ATM, Frame Relay, PPP, HDLC (Note that not all encapsulation protocols are present
on all Telindus 1423 SHDSL Router versions.)

The line connector lay-out

The following table shows the connector layout of the RJ45 line connector:

Pin Signal Figure

1 not used

2 cable shield (optional)

3 line 21

4 line 1

5 line 1

6 line 21

7 cable shield (optional)

8 not used

1. For a Telindus 1423 SHDSL Router 2 pair version only.

Telindus 1423 SHDSL Router Chapter 19 975
User manual Technical specifications

Maximum covered distance

The following table gives the maximum covered distance over a noise-free line:

Covered distance (km)

Line speed (kbps) Wire diameter (mm)

1 Pair 2 Pair 0.4 0.5 0.6 0.8 1.0 1.2

64 128 11,0 15,1 21,5 27,2 38,2 42,4

128 256 8,0 11,0 15,6 19,8 27,8 30,8

256 512 8,2 11,3 16,0 20,3 28,5 31,6

512 1024 7,2 9,9 14,0 17,8 25,0 27,7

1024 2048 5,5 7,6 10,7 13,6 19,1 21,2

1536 3072 4,0 5,5 7,8 9,9 13,9 15,4

2048 4096 4,2 5,8 8,2 10,4 14,6 16,2

2304 4608 4,0 5,5 7,8 9,9 13,9 15,4

• These values are valid for all hardware and firmware revisions. Also note that these values are only
valid when using the correct, properly twisted cable.
• A Signal to Noise ratio of 23dB matches a Noise Margin of 0dB. A Noise Margin of minimum 2dB is
considered a minimum for an Error Ratio that matches at least 10E-7 (= a Signal to Noise ratio of
25dB). In performance tests with noise, usually a noise margin of 6dB is taken (= a Signal to Noise
ratio of 29dB). Tests show that a Signal to Noise ratio of 27dB gives no errors and that at a Signal to
Noise ratio of 25dB errors are rare.
976 Telindus 1423 SHDSL Router Chapter 19
User manual Technical specifications

19.2 Basic Rate ISDN interface specifications

• Connector: RJ45 (DTE)

• Impedance: 100 ohm or high impedance (DIP switch selectable)
• Cable to be used: 4*2*CAT5E shielded twisted pair
• ISDN type: Basic Rate
• WAN encapsulation: in case of a …
- dial-up connection: PPP
- leased line connection: PPP, Frame Relay, HDLC
• Basic Rate ISDN interface compliance: ITU-T I.420. This includes the following recommendations:
- I.412: ISDN user-network interfaces - Interface structures and access capabilities
- I.430: Basic user-network interface - Layer 1 specification
- I.440 (= Q.920): ISDN user-network interface data link layer – General aspects
- ETS 300 125 (≅ Q.921): ISDN user-network interface – Data link layer specification
- I.450 (= Q.930): ISDN user-network interface layer 3 – General aspects
- ETS 300 102 (≅ Q.931): ISDN user-network interface layer 3 specification for basic call control
- I.452 (= Q.932): Digital Subscriber Signalling System No. 1 – Generic procedures for the control
of ISDN supplementary services
Note that the supplementary services in I.452 are not supported.
• ISDN callback compliance: PPP LCP callback extension as defined in RFC 1570 (support of options
0, 1 and 3).
The following table shows the connector layout of the ISDN BRI interface connector:

Pin Signal DTE Figure

1 not connected -

2 not connected -

3 transmit A (+) output

4 receive A (+) input

5 receive B (-) input

6 transmit B (-) output

7 not connected -

8 not connected -
Telindus 1423 SHDSL Router Chapter 19 977
User manual Technical specifications

19.3 LAN interface specifications

• Connector: RJ45 (EIA/TIA 568B)

• Cable to be used: 4*2*CAT5E unshielded twisted pair
• Applicable standards: IEEE 802.3 (10Mbps Ethernet), IEEE 802.3u (100Mbps Ethernet)
• Speed: 10 / 100 Mbps auto-sense
• VLAN support (up to 12 VLANs)

The following table shows the connector layout of the RJ45 Ethernet LAN interface connector:

Pin Signal I/O Figure

1 transmit (+) output

2 transmit (-) output

3 receive (+) input

4 not used -

5 not used -

6 receive (-) input

7 not used -

8 not used -

19.4 4 port Ethernet switch specifications

• Number of ports: 4
• Connectors: RJ45 (EIA/TIA 568B)
• Cable to be used: 4*2*CAT5E unshielded twisted pair
• Applicable standards: IEEE 802.3 (10Mbps Ethernet), IEEE 802.3u (100Mbps Ethernet)
• Speed: 10 / 100 Mbps auto-sense
• VLAN support:
- maximum 16 VLANs
- VLAN tagging per port
- tagged, untagged or trunking VLAN operation
978 Telindus 1423 SHDSL Router Chapter 19
User manual Technical specifications

19.5 Control connector specifications

• Connector: female DB9 labelled CTRL

• Applicable standards: ITU-T V.24, V.28, EIA/TIA 574
• Data:
- asynchronous
- 9600 bps
- 8 data bits
- no parity
- 1 stop bit
- no flow control

The control connector has the following pin layout:

Pin Signal DCE Figure

1 not used - -

2 Receive Data RxD output

3 Transmit Data TxD input

4 not used - -

5 GND GND -

6 not used - -

7 not used - -

8 not used - -

9 not used - -
Telindus 1423 SHDSL Router Chapter 19 979
User manual Technical specifications

19.6 IP address assignment and auto-provisioning

• BOOTP/DHCP server (RFC 2131, RFC 2132) with static or dynamic address assignment
• DHCP server major features:
- IP address ranges are configurable per interface
- If no gateway is configured in the DHCP server, the router gives its own address
- The DHCP server collects the DNS names of all DHCP clients and acts as a local DNS server for
these names
• DHCP relay agent (RFC 2131, RFC 2132)
• DNS proxy
• Static IP address assignment
• Possible assignment of secondary IP address on the LAN interface
• Numbered or unnumbered mode on WAN interfaces
• Automatic IP address assignment through:
- BootP client (RFC 951)
- DHCP client (RFC 2131, RFC 2132)
- IPCP
• Automatic IP gateway assignment through Inverse ARP (RFC 2390, in Frame-Relay and ATM)
• Automatic default route assignment on remotely learned IP address in PPP
• Automatic configuration file upload through DHCP client
• DHCP client requests are transmitted if an interface is in routing mode and has no IP address yet
• DHCP client requests can be blocked from being transmitted on the LAN interface and bridge groups
980 Telindus 1423 SHDSL Router Chapter 19
User manual Technical specifications

19.7 ATM encapsulation specifications

• ATM cell format ITU-T I.311, I.321, I.361, I.432

• ATM forum UNI 3.1/4.0 PVCs
• ATM forum ILMI 3.1/4.0
• OAM F4/F5 LB and CC support (ITU-T I.610)
• Inverse ARP for automatic gateway configuration
• ATM Forum Traffic Management 4.0 service type UBR, VBR and CBR
• PCR, SCR and MBS configurable per ATM PVC
• Support of up to 31 ATM PVCs
• ATM VPI range 0 - 255
• ATM VCI range 32 - 10000
• Supported higher layer protocols:
- Classical IP (RFC 1577)
- Ethernet (RFC 2684)
- PPPoA (RFC 2364)
- PPPoE (RFC 2516)
• Multi-protocol encapsulation:
- LLC
- VC
Telindus 1423 SHDSL Router Chapter 19 981
User manual Technical specifications

19.8 Frame Relay encapsulation specifications

• Encapsulation compliant with RFC 1490, RFC 2427

• LMI (revision 1 LMI, ANSI T1.617 D, ITU-T Q.933 Annex A and FRF 1&2)
• CIR configurable per DLCI
• EIR configurable per DLCI
• Inverse ARP for automatic gateway configuration
• Support of up to 40 Frame Relay PVCs (DLCIs)
• Frame Relay DLCI range 16 - 1022
• Multi-link Frame Relay (FRF.16)
• Frame Relay fragmentation (FRF.12)

19.9 PPP encapsulation specifications

• Encapsulation compliant with RFC 1661, RFC 1662

• LCP
• IPCP (RFC 1332)
• BCP (RFC 2878)
• CCP (RFC 1962) with Predictor compression algorithm (RFC 1978)
• PAP authentication (RFC 1334), unidirectional or bi-directional authentication
• CHAP authentication with MD5 hashing (RFC 1994), unidirectional or bi-directional authentication
• MS-CHAP1 (RFC 2433) and MS-CHAP2 (RFC 2759) CHAP authentication protocol extension
• MLPPP (RFC 1990)
• MLPPP bundle name exchange
• PPP fragmentation (RFC 1990), enabled to fixed size of 200 bytes or disabled
• MCPPP (RFC 2686)

19.10 Other WAN encapsulation specifications

• HDLC encapsulation in bridging mode (not interoperable with Cisco HDLC encapsulation)
• Error test encapsulation for end-to-end error tests over TDM networks between Telindus devices
• Leased line operation on ISDN BRI interfaces (aka Standard FestVerbindung (SFV))
982 Telindus 1423 SHDSL Router Chapter 19
User manual Technical specifications

19.11 IP routing specifications

The Telindus 1423 SHDSL Router complies to the router requirements as stated in RFC 1812 and sup-
ports the routing of standard IP packets (RFC 791) between the different interfaces of the Telindus 1423
SHDSL Router according to the routing protocols listed below.

Static routing

• Routing is based on destination IP address

• Routing is based on static routing entries in the routing table
• Alternate routing is possible through the use of different preferences for different routes to the same
destination

Policy based routing

• Routing is based on additional higher layer information

• Traffic is routed to a certain interface or gateway based on one or more of the following parameters:
- Source IP address range
- Destination IP address range
- Type Of Service (TOS) value range (8 bits in the IP header, also called DSCP bits)
- IP protocol (examples are any (0), ICMP (1), IGMP (2), TCP (6), UDP (17))
- Source port range for UDP / TCP packets
- Destination port range for UDP / TCP packets

RIP

• RIP1 compliant with RFC 1058

• RIP2 compliant with RFC 2453
• Split horizon and selective router updates per interface
• Broadcasting of selective RIP updates limited to information on specific network subnets
• RIP2 authentication with MD5 hashing or clear text
• Triggered RIP for ISDN interfaces

OSPF

• Compliant with RFC 2328 (OSPF version 2)

• Import of statically configured routes
• Route summarisation and route suppression through range definitions on areas
• Encryption through simple password or MD5 encryption chains

ICMP

Support of ICMP messages (RFC 792):

• TTL exceeded
• Destination unreachable
Telindus 1423 SHDSL Router Chapter 19 983
User manual Technical specifications

Multicasting and broadcasting

The Telindus 1423 SHDSL Router supports the handling of broadcasts and multicasts and includes the
following related functionalities:
• IGMPv2 (Internet Group Management protocol, RFC 2236), as the standard for IP multicasting
• IGMP proxy function
• Forwarding of directed broadcasts can be enabled or disabled per interface
• Helper address can be configured for broadcasts

Filtering

• Filtering of outgoing traffic on all interfaces based on extended access lists

• Filtering of incoming traffic on all interfaces based on extended access lists
• Filtering of incoming traffic on the IP protocol stack based on an extended access list
• IP extended access lists filter on the following parameters:
- Source IP address range
- Destination IP address range
- Type Of Service (TOS) value range (8 bits in the IP header, also called DSCP bits)
- IP protocol (examples are any (0), ICMP (1), IGMP (2), TCP (6), UDP (17))
- Source port range for UDP / TCP packets
- Destination port range for UDP / TCP packets

IP MTU

• The IP MTU can be configured on the WAN and LAN interfaces (between 500 and 1650 bytes)

VRRP

• Support of VRRP (RFC 2338)

984 Telindus 1423 SHDSL Router Chapter 19
User manual Technical specifications

19.12 Bridging specifications

• Bridging can be enabled or disabled per interface

• Bridging can be combined with routing on the same interface

Bridging protocols

• Self-learning bridging can be enabled or disabled

• Cache of at least 10,000 MAC addresses
• Support of Spanning Tree protocol (IEEE 802.1D)

Bridge groups

• Multiple bridge groups possible

• IP address assignment per bridge group (for management purposes)
• Secondary IP addresses can be configured per bridge group
• MAC address configurable per bridge group
• Routing between different bridge groups possible

VLANs

• Support of VLANs (IEEE 802.1Q)

• Up to 255 VLANs per LAN interface
• Support of VLAN priority tagging (IEEE 802.1P)
• Multiple VLANs within a bridge group towards the IP router possible
• IP TOS to 802.1P COS mapping and COS to TOS mapping are available on the LAN interface to
maintain priority information when changing from IP to VLAN or vice versa
• IP TOS to 802.1P COS mapping and COS to TOS mapping are available on the data sent between
a bridge group and the IP router to maintain priority information when changing from IP to VLAN or
vice versa
• MIB2 performance counters are available per VLAN

VLAN switching

• Bridge group can be configured as VLAN switch

• Q in Q as defined in IEEE 802.1ad possible
• No practical limit on the number of VLANs in VLAN switching mode
• VLAN switching mode can be combined with bridging mode for packets on the same interface

Filtering

• Filtering of outgoing bridged traffic on all interfaces based on access lists

• Bridge access lists filter on source MAC address
• Limit broadcasts in a bridge group per interface
• Proxy ARP cache
Telindus 1423 SHDSL Router Chapter 19 985
User manual Technical specifications

19.13 Network address translation specifications

• Compliant with RFC 3022

• NAT mode for one-to-one private to public IP address translation
• PAT mode for many-to-one private to public IP address translation
• NAT/PAT configurable on any interface (the interface with the public address(es))
• Up to 5 NAT/PAT interfaces
• Static and dynamic assignment of NAT official addresses
• List of UDP/TCP port numbers that should not be translated
• List of incoming UDP/TCP port numbers destined for a server
• Easy NAT: CPE learns official IP address via PPP
• Application Layer Gateway (ALG) support including:
- General: FTP, ICMP (Echo, Echo Response, Destination Unreachable, Time Exceed & Source
Quench), SQLNet
- Microsoft Games
- Video / Streaming applications: RTSP, QuickTime, Real Player (Real Audio / Real Video), H.323
(ASN1 PER encoding and decoding included), NetMeeting, Intel Video Phone, CuseeMe 5.0, SIP
Audio
- Communication: Internet Chat, IRC, MIRC, AOL Instant Messenger, AOL enhanced chat,
ICQ2000b, Net2Phone, Microsoft Messenger
- Security Related: PPTP, IPSec ESP (IPSec client from internal network), IKE, L2TP
986 Telindus 1423 SHDSL Router Chapter 19
User manual Technical specifications

19.14 Tunnelling and VPN specifications

L2TP tunnelling

• Compliant with RFC 2661

• Up to 10 L2TP tunnels
• Available on LAN and WAN interfaces
• Static and dynamic tunnels
• Tunnel authentication
• Available for IP and bridged PDUs
• One L2TP tunnel between each pair of IP addresses
• One PPP session per L2TP tunnel
• L2TP tunnels can be set up from an interface running NAT/PAT
• L2TP backup tunnels
• RIP snapshot routing on L2TP tunnels

IPSEC security

• Compliant with RFC 2401 up to RFC 2406

• L2TP transport mode (RFC 3193)
• Up to 10 IPSEC tunnels (independently of the number of L2TP tunnels)
• ESP (RFC 2406)
• DES (56 bits; RFC 2405), 3DES (3 * 56 bits; RFC 2451) and NULL (RFC 2410) encryption
• HMAC based on MD5 (RFC 2403) and SHA-1 (RFC 2404) for integrity and authentication
• Manual SAs
• IPSec Key management protocol framework compliant with:
- RFC 2408: Internet Security Association and Key Management Protocol
- RFC 2407: IP Security Domain of Interpretation for ISAKMP
- RFC 2409: Internet Key Exchange (IKE)
Telindus 1423 SHDSL Router Chapter 19 987
User manual Technical specifications

19.15 Priority and traffic policy specifications

This section gives the specifications of the priority and traffic policies that are available on the Telindus
1423 SHDSL Router. The following gives an overview of this section:
• 19.15.1 - Priority policy on page 988
• 19.15.2 - IP traffic policy on page 988
• 19.15.3 - Bridge traffic policy on page 988
988 Telindus 1423 SHDSL Router Chapter 19
User manual Technical specifications

19.15.1 Priority policy

• 7 forwarding queues per interface:

- 5 standard, configurable queues
- 1 low delay queue
- 1 system queue
• Quotum and weight configurable per standard queue
• Supported algorithms to empty the standard queues:
- FIFO
- Round robin
- Absolute priority
- Weighted fair queueing
- Low delay weighted fair queueing
• CIR configurable per standard queue

19.15.2 IP traffic policy

Supported IP traffic policies:

Traffic shaping

• Traffic is forwarded to a certain priority queue based on the following parameters:

- Source IP address range
- Destination IP address range
- Type Of Service (TOS) value range (8 bits in the IP header, also called DSCP bits)
- IP protocol (examples are any (0), ICMP (1), IGMP (2), TCP (6), UDP (17))
- Source port range for UDP / TCP packets
- Destination port range for UDP / TCP packets
• TOS value can be changed during traffic shaping
• Configurable maximum queue length
• Performance information on classified traffic

TosDiffServ

• Traffic is forwarded to a certain priority queue based on DiffServ (RFCs 2474, 2475) regarding class
and drop precedence

TosMapped

• Traffic is forwarded to a certain priority queue based on a user-defined range of the TOS field
• Configurable maximum queue length

19.15.3 Bridge traffic policy

• Traffic is forwarded to a certain priority queue based on the 802.1P tag of VLAN tagged Ethernet traf-
fic
Telindus 1423 SHDSL Router Chapter 19 989
User manual Technical specifications

19.16 Routing and bridging performance specifications

• Routing performance:1
- without IPSEC, without HWA: 60.000 pps
- without IPSEC, with HWA: 85.000 pps
- with IPSEC, with HWA: TBD
• Bridging performance:
- without HWA: 75.000 pps
- with HWA: 110.000 pps

19.17 Firewall specifications

• Firewall with 3 zones (Internet, Corporate, DMZ) and IP protocol stack (Self)
• Outbound and inbound policies based on …
- Source and destination IP address range
- Application (IP protocol and port range)
• PAT can be applied per outbound / inbound policy
• Outbound and inbound policies for the IP protocol stack (Self)
• Protection again attacks: SYN flooding, Source Routing, WinNuke, FTP Bounce, IP Unaligned
Timestamp, MIME Flood, Sequence Number Prediction, Sequence Number Out Of Range, URL Fil-
tering, ICMP Error Messages
• Firewall logging with different priorities

1. In case you enable encryption in IPSEC, then the routing performance decreases.
990 Telindus 1423 SHDSL Router Chapter 19
User manual Technical specifications

19.18 Access security specifications

• Password protected
• Several access levels possible:
- Read access
- Write access
- Security access
- File system access
• Radius client (RFC 2865)
• Management access can be enabled or disabled per interface
• Overall management access can be prohibited (Telnet, HTTP, SNMP, FTP, TFP)

19.19 Maintenance and management specifications

• Local console (Command Line Interface or ATWIN) via serial control port
• TELNET (Command Line Interface or ATWIN) (RFC 854)
• HTTP web interface1 (RFC 2616)
• Easy Configurator (customisable JAVA based web interface)
• TMA (Telindus Maintenance Application) via serial control port or IP connection (UDP port 1728)
• TMA CLI2
• TMA Element Management2
• TMA for HP OpenView2
• TML (Telindus Memory Loader) for configuration and software download via serial control port
• FTP configuration and software download (RFC 414)
• TFTP configuration and software download (RFC 1350)
• PING (RFC 792)
• SNMP (RFC 1157)
• SNMP MIB2 (RFC 1213), private MIB
• SNMP traps (RFC 1215)
• SYSLOG event logging (RFC 3164)
• SNTP (RFC 2030)
• IP loopback address

1. HTTP interfaces are available on both port 80 and port 8080. This allows connecting to the
HTTP interfaces in case a NAT service is defined on port 80.
2. Not included.
Telindus 1423 SHDSL Router Chapter 19 991
User manual Technical specifications

19.20 Memory specifications

• Flash memory: 8 Mb
• RAM: 16 Mb

19.21 Power requirements

• Power adapter to be used: Vout = 12 Vdc, Iout = 1000 mA

• Maximum power consumption:

Pmax Input power

Version 12 Vdc 230 Vac1 48 Vdc2

basic3 4.5 W 9W 6.25 W

full4 7.5 W 15 W 10.25 W

1. Using the Friwo AC/DC adapter, 230Vac → 12Vdc/1A, approx. 50% efficiency, sales code
199744.
2. Using the PST30 DC/DC adapter, 48Vdc → 9-12Vdc/1A, approx. 73% efficiency, sales code
191706.
3. Telindus 1423 SHDSL: 1 SHDSL line interface, 1 Ethernet interface
4. Telindus 1423 SHDSL 2ETH-4P ISDN-BRI HWA: 1 SHDSL line interface, 1 Ethernet interface,
4 port Ethernet switch, 2 ISDN line interfaces, HWA chip

19.22 Dimensions

• Height: 45 mm
• Width: 220 mm
• Depth: 130 mm
• Weight: 500 g
992 Telindus 1423 SHDSL Router Chapter 19
User manual Technical specifications

19.23 Safety compliance

• EN60950-1
• Class 1 equipment for Table Tops with 115/230 Vac internal power supply.
• Class 3 equipment for …
- Table Tops with 115/230 Vac external power supply adapter
- Table Tops with -48 Vdc internal power supply
- Card Versions.

19.24 Over-voltage and over-current protection compliance

The over-voltage and over-current protection complies with ITU-T K.44 and ETSI ETS 300 386-2 recom-
mendations.

19.25 EMC compliance

• EN55022 B Emissions
• EN55024 Immunity
• EN61000-3-2 Harmonics
• EN61000-3-3 Voltage fluctuations and flicker
• EN61000-4-2 ESD
• EN61000-4-3 Radiated immunity
• EN61000-4-4 EFT/burst
• EN61000-4-5 Surge
• EN61000-4-6 Conducted immunity
• EN61000-4-8 Power magnetic field immunity
• EN61000-4-11 Voltage dips & drops
• ENV50204 Radiated immunity against digital radio telephone

19.26 Environmental compliance

• Storage conditions: ETSI ETS 300 019-1-1 Class 1.1. In addition, the storage temperature has to be
between -25 to +70°C
• Transport conditions: ETSI ETS 300 019-1-2 Class 2.3
• Stationary use conditions: ETSI ETS 300 019-1-3 Class 3.2. In addition, a relative humidity between
0 to 95% non-condensing and an ambient operational temperature between -10 to 50°C is supported.
• Maximum altitude: 3000m
• International protection (IP) class of protection against solid and liquids: IP40
Telindus 1423 SHDSL Router 993
Annex

Annex
994 Telindus 1423 SHDSL Router
Annex
Telindus 1423 SHDSL Router Annex A: 995
Annex common TCP and UDP numbers

Annex A: common TCP and UDP numbers

The following table shows the port numbers for a number of common protocols using TCP and UDP as
transport protocol. As far as possible, the same port numbers are used for TCP as for UDP. A complete
list can be found on http://www.iana.org/assignments/port-numbers.

Port No Protocol UDP/TCP Description

20 ftp-data TCP File Transfer (Default Data)

21 ftp TCP File Transfer (Control)

23 telnet TCP Telnet

25 smtp TCP Simple Mail Transfer Protocol

37 time UDP/TCP Time Server

42 nameserver UDP Host Name Server

53 domain UDP/TCP Domain Name Server

65 tacacs-ds UDP/TCP TACACS-Database Service

67 bootps UDP Bootstrap Protocol Server

68 bootpc UDP Bootstrap Protocol Client

69 tftp UDP Trivial File Transfer

80 www-http TCP World Wide Web HTTP

119 nntp TCP Network News Transfer Protocol

137 netbios-ns UDP NETBIOS Name Service

138 netbios-dgm UDP NETBIOS Datagram Service

139 netbios-ssn UDP NETBIOS Session Service

161 snmp UDP SNMP

162 snmptrap UDP SNMPTRAP

1728 telindus UDP Telindus Protocol used by TMA

996 Telindus 1423 SHDSL Router Annex A:
Annex common TCP and UDP numbers
Telindus 1423 SHDSL Router Annex B: 997
Annex product information

Annex B: product information

The following table displays the product information of the Telindus 1423 SHDSL Router:

Sales code Product name Description

175590 PWR-PLUG (EUR VERSION)230VAC Wallplug power module European type, 230Vac -> 9Vdc
>9VDC for Desktop units delivered without power adapter. (xxx
NPWR).

175592 PWR-PLUG (UK VERSION) 230VAC->9VDC Wallplug power module UK type, 230Vac -> 9Vdc for
Desktop units delivered without power adapter. (xxx
NPWR).

191706 PWR-PLUG +/-48/24VDC FOR 7,5/9VDC Wallplug power module with input range: 18 to 72Vdc and
CPE DEVICES output: 7,5 / 9Vdc for Desktop units delivered without
power adapter. (xxx NPWR). Fully isolated input. Suitable
for + & - DC voltages.
998 Telindus 1423 SHDSL Router Annex B:
Annex product information
Telindus 1423 SHDSL Router Index 999
Annex

Index what is 220

why use 220
addressing, relative and absolute 671
Symbols
AF PHB, what is 240
<Struct>, what is 44
alarm attributes 915
<Table>, what is 44
configuration 920
Numerics general 921
introduction 919
3DES chip overview 916
identifying the 3DES version 354
standard versus 3DES version 354 alarms
status 354 AUX interface 933
B-channel 932
4 port Ethernet switch BRI 931
introducing 317 bundle 934
specifications 977 end 929
what is 317 general 922
LAN interface 924
A
line 926
absolute and relative addressing 671 line pair 927
MLPPP 934
access list
basic configuration 296 repeater 929
router 935
overview 297
WAN interface 925
access restriction
on bridge interface 298 application mode, what is 966
on IP interface 297 application software
on protocol stack 299 downloading
overview 297 using FTP 970
using TFTP 968
access security
using TMA 967
specifications 990
using TML 969
action, what is 45 what is 966
activating the configuration 88 ARP cache
adding an object to the containment tree 50 how works the 453
how 52 proxy ARP 454
in (TMA) CLI 52 time-out 454
in ATWIN 53 what is 453
in the Web Interface 53 ATM
in TMA 52 basic configuration 115
referring to the added object 54 bridged/routed Ethernet/IP over ATM (RFC
when 51 2684), configuring 136
which objects 51 CBR, configuring 133
why 51 Classical IP (IPoA), configuring 137
additional features configuration attributes 469
basic configuration 289 introducing 116
IP addresses
address translation automatically obtaining 127
basic configuration 219 configuring 128
introducing 220 performance attributes 850
NAT, adding multiple NAT objects 230 PPPoA, configuring 138
NAT, easy NAT 234 PPPoE, configuring 139
NAT, enabling on an interface 228 PVCs, configuring 125
NAT, how works 232 specifications 980
PAT and NAT, combining 234 status attributes 706
PAT, enabling on an interface 222 UBR, configuring 130
PAT, how works 224 VBR-nrt, configuring 131
PAT, limitations and work-around 227
1000 Telindus 1423 SHDSL Router Index
Annex

VBR-rt, configuring 132 resetAllCounters 842

VPI and VCI, configuring 129 resetCounters 842
what is 116 retrain 863
saveCertificates 829
ATM Adaptation Layers (AAL), what are 117
Set Date 692
ATM layers, what are 117 Set Time 692
ATM PVC startPing 883
bandwidth assignment 134 startTest 727, 861
configuring 125 startTracert 884
what is 116 stopPing 883
stopTest 727, 861
ATM service categories stopTracert 885
traffic parameters 118 unBlacklist 775
what are 118
attribute - alarm
attack alarmInfo 921
FTP Bounce, what is 381 alarmLevel 920
ICMP Error Message, what is 382 alarmMask 920
IP Option, what is 382 totalAlarmLevel 921
IP Spoofing, what is 382
IP Unaligned Timestamp, what is 381 attribute - configuration
MIME, what is 381 24hMaxCallTime 522
Ping Of Death, what is 382 accessList 672
Sequence Number Out Of Range, what is accessPolicy 673
382 adapter 454
Sequence Number Prediction, what is 382 addresses 585
source routing, what is 381 addrPools 576
SYN Flooding, what is 381 advertiseInterval 627
WinNuke, what is 381 alarmFilter 674
alarmLevel
attacks bChannel object 515
types, which are the different 380 BRI interface object 518
attribute bri object 513
overview 55 end object 509
what is 44 LAN interface object 465
line object 507
attribute - action
line pair object 507
Activate Configuration 449
PPP bundle object 556
clearArpCache 701, 814
repeater object 509
clearBridgeCache 814
router object 582
clearCounters 861
top object 448
clearIsdnCall 743
WAN interface object 467
clearSAs 784
alarmMask
clearTracert 885
bChannel object 515
Cold Boot 450
BRI interface object 518
Delete File 823
bri object 513
generateSelfCertificateRequest 824
end object 509
getCrlScep 829
LAN interface object 465
getSelfCertificateScep 827
line object 507
getTrustedCertificateScep 826
line pair object 507
injectError 861
PPP bundle object 556
Load Default Configuration 449
repeater object 509
Load Preconfiguration 449
router object 582
Load Saved Configuration 450
top object 448
loadSelfCertificate 825
WAN interface object 467
loadTrustedCertificate 823
algorithm 543
loopbackActivation 736, 743
alternativeRoutes 561
maximumSpeedSearch 731
areaId 615
Rename File 823
arp 453, 654
reset 888
atm 477
Telindus 1423 SHDSL Router Index 1001
Annex

attacks 647 keyChains 611

atwinGraphics 675 l2tpTunnels 588
authenPeriod 491, 526 linkAlarmThresholds 505
authentication 491, 526 linkMonitoring 490, 526
bandwidth 546 lmi 483
bcastStormProtection 464 localAccess 657
blockSize 496 log 649
bootFromFlash 446 loginControl 676
bridgeCache 655 lowdelayQuotum 545
bridgeTimeOut 656 macAddress 658, 664
bridging 452, 488, 494, 554 management 506
callback 528 mapping 548
callInterval 521 maxChannelsUsed 524
callTimeOut 521 maxFifoQLen 467, 517, 518, 530
channel 498 maxSpeed 502
cms2Address 671 maxSpeed2P 503
compression 489, 526 members 554
connection 526 method 532
consoleNoTrafficTimeOut 674 mib2Traps 666
countingPolicy 545 minChannelsFree 524
criticals 626 minSpeed 502
ctrlPortProtocol 677 minSpeed2P 503
defaultRoute 559 mode 452, 488, 503, 554
delayOptimisation 486, 488 modeLearnedDlci 486
dhcpCheckAddress 572 mru 486, 488, 494
dhcpDynamic 570 multiclassInterfaces 555
dhcpStatic 568 multiLink 527
dialAllowed 513 name 452, 467, 654
dialPktBufSize 521 networks 616
dialTimeTable 522 numExpectedRepeaters 506
dlciTable 480 outboundPolicies 629
dmzHost 586 outboundSelfPolicies 639
dns 575 patAddress 584
dropLevels 537, 541 phase1 602
dualPairMode 503 phase2 606
encapsulation 467, 517 ports 461
eocHandling 506 portTranslations 584
espAuthenticationAlgorithm 600 pppSecretTable 564
espAuthenticationKey 600 preemptMode 627
espEncryptionAlgorithm 598 priorityPolicy 453, 467, 517, 530
espEncryptionKey 599 programmablePattern 496
fastIdleTimeOut 521 pvcTable 470
filter 623 queueConfigurations 545
fragmentation 486, 555 radius 573
ftp 673 ranges 621
gateway 586 refBandwidth 611
helperProtocols 565 region 498
idleTimeOut 521 retrain 500
importMetrics 612, 613 ripHoldDownTime 562
inboundPolicies 634 ripUpdateInterval 561
inboundSelfPolicies 643 ripv2SecretTable 563
inspection 629 routerId 611
interfaces 626 routingProtocol 561
ip 452, 479, 488, 530, 554, 654 routingTable 560
ipAddress (loopback) 677 security 447
ipAddresses 625 sendAdminUnreachable 567
ipNetMask (loopback) 677 sendPortUnreachable 567
ipsecL2tpTunnels 593 sendTtlExceeded 566
isdnInterfaces 521 servicesAvailable 585
1002 Telindus 1423 SHDSL Router Index
Annex

sessionName 492 espSequenceNrReplay 892

sessionSecret 492 freeBlockCount 912
snmp 673 freeDataBuffers 912
spanningTree 656 freeMemory 913
spi 600 h24Attack 898
startupMargin 502 h24DialupStats 869
stub 615 h24General 897
switchMode 461 h24Line 863
sysContact 446 h24LineParameters 864
sysLocation 446 h24Performance 846, 865
sysLog 668 h2DialupStats 869
sysName 446 h2Line 863
sysSecret 564 h2LineParameters 864
tcpSockets 586 h2Performance 846, 865
tcpSocketTimeOut 586 icmpAllocs 888
tei 512 icmpSocketsUsed 887
telephoneNrs 513 ifDownCount 860
telnet 673 ifDropLevelExceeded 846
testType 496 ifInDiscards 844
tftp 673 ifInErrors 844
timedStatsAvailability 674 ifInNUcastPkts 844
timeServer 670 ifInOctets 844
timeZone 670 ifInUcastPkts 844
timingMode 499 ifInUnknownProtos 844
tos2QueueMapping 539 ifOutDiscards 845
trafficShaping 534 ifOutErrors 845
trapDestinations 666 ifOutNUcastPkts 845
udpSockets 586 ifOutOctets 845
udpSocketTimeOut 586 ifOutPQLen 846
virtualLinks 619 ifOutQLen 845
vlan 455, 659 ifOutUcastPkts 845
vlanPriorityMap 541 ifUpTime 860
vlanSwitching 661 inPackets 892
vp 476 ipStackEvents 910
vrId 625 l2tpTunnels 890
largestFreeBlockSize 912
attribute - performance
line 863
addressesAvailable 887
lineParameters 864
allocFails 887
lmi 858
bridgeAccessList 907
mapping 874
bridgeCache 904
bridgeDiscards 904 mibCounters 847
bridgeFloods 904 multiclassinterfaces 877
cliSessionCount 909 multiVlans 904
cllmInFrames 858 outPackets 892
cms2SessionCount 909 performance 865
currUsedProcPower 912 phase2Negotiations 894
d7Attack 899 phase2Sessions 894
d7DialupStats 869 pingResults 882
d7General 897 pvcTable 851
d7Line 863 radiusAcct 881
d7LineParameters 864 radiusAuth 881
d7Performance 865 routingTable 880
rxAllOneBlocks 860
discards 887, 901
rxAllZeroBlocks 860
dlciTable 856
rxBitErrors 860
duration 860
rxBlockErrors 860
espAuthenticationFailure 892
rxBlocks 860
espDecryptionFailure 892
rxPatternSlip 860
espDroppedFrames 892
rxShiftCount 860
Telindus 1423 SHDSL Router Index 1003
Annex

rxSyncLoss 860 dhcpBinding 772

socketsFree 887 dhcpBlackList 773
status 860 dhcpStatistics 772, 773
taskInfo 913 dialMapEntry 745
tcpAllocs 888 dlciTable 712
tcpSessionCount 910 dns 774
tcpSocketsUsed 887 dnsServers 774
tftpSessionCount 910 dsrItu107 750
totalDataBuffers 912 dtrItu108 750
totalMemory 913 duration 727
tracertResults 882 eocAlarmThresholds 730, 735
trafficShaping 901 eocSoftVersion 734
txBlocks 861 eocState 735
txInjectErrors 861 externalRoutes 789
udpAllocs 888 fileList 821
udpSocketsUsed 887 flash1Version 690
unknownCells 854 flash2Version 690
usedProcPower 912 flashVersions 691
vlan 847 freeSpace 821
vlanSwitching 905 hisAuthenticationStatus 723
vp 854 hisCompressionRatio 722
hosts 794
attribute - status
ifDescr 694, 703, 729, 739, 745, 747, 750,
abrs 796
759, 809, 819
accessLog 817
ifLastChange 694, 703, 739, 745, 747, 750
activeFlash 691
ifMtu 694, 703, 739, 745, 747, 750, 809, 819
actualBitRate 732
ifOperStatus 694, 703, 729, 732, 739, 745,
adapter 699
747, 750, 759, 809, 819
addresses 777
ifSpeed 694, 703, 729, 732, 747, 750, 759
addrPools 775
ifType 694, 703, 729, 739, 745, 747, 750,
alarmLog 816
759, 809, 819
arpCache 696, 810
igmpTable 770
asbrLsas 801
inBandwidth 763
asExtLsas 790
interfaces 792, 804
atmSync 707
ip 695, 712, 717, 760, 809
bacpHisOptions 763
ipAddress 819
bacpMyOptions 763
ipAdEntBcastAddr 700
bacpState 763
ipAdEntReasmMaxSize 700
bChannelUsage 742
ipcpHisOptions 720, 761
bcpHisOptions 721, 762
ipcpMyOptions 720, 761
bcpMyOptions 721, 762
bcpState 718, 762 ipcpState 718, 760
blockSize 727 ipsecL2tpTunnels 780
bootVersion 691 l1Status 740
bridgeCache 811 l2tpTunnels 779
bridging 697, 717, 725, 762, 812 lapdLinks 741
callDirection 745 lcpHisOptions 719
ccpHisOptions 722 lcpMyOptions 719
ccpMyOptions 722 lcpState 718
clearLog 807 lineAttenuation 732, 735
cllmLastCongestionCause 715 lmi 714
cms2Address 816 localPhoneNr 745
configurationSaving 692 log 807
macAddress 695, 804, 809
corruptBlocks 821
mapping 755
criticals 804
mask 819
ctsItu106 750
maxSpeedResult 729, 730
date 692
maxSpeedSearch 729
dcdItu109 751
members 759
deviceId 692
messages 691
1004 Telindus 1423 SHDSL Router Index
Annex

multiclassInterfaces 764 in case of Ethernet 944

myAuthenticationStatus 723 set-up 943
myCompressionRatio 722 on the WAN interface 947
neighbors 794 example 951
networkLsas 799 in case of ATM 949
nssaLsas 802 in case of Frame-Relay 950
numDiscoveredRepeaters 730 setup 948
outBandwidth 763 protocols, introducing 940
phase1 784 specifications 979
phase2 784
AUX interface
ports 700
alarms 933
profileUsers 753
performance attributes 872
programmablePattern 727
status attributes 749
pvcTable 707
radius 774 B
receiveSample 727
region 729 BAP
remotePhoneNr 745 what is 159
reverseSessions 806 basic configuration 57
riItu125 751 access list 296
routerLsas 797 additional features 289
routes 788 address translation 219
routingTable 767 ATM 115
rtsItu105 750 bridging 263
rxdItu104 750 CIR and EIR 152
selfCertificates 822 DHCP 290
sessions 806 encapsulation 113
shdslVersion 734 error test 183
signalNoise 732, 735 firewall 376
sNet 807 Frame Relay 140
spanningTree 812 HDLC 181, 182
startSysUpTime 727 IP address on the LAN interface 71
status 727, 732, 821 IP addresses 59
summLsas 800 IPSEC 334
sysDescr 690 L2TP tunnel 324
sysObjectID 690 line 73
sysServices 690 major features of the device 90
sysUpTime 690 OSPF 210
taskInfo 831 passwords 84
tdreVersion 691 policies, traffic and priority
testStatus 742 on the bridge 285
testType 742 policy based routing 196
time 692 PPP 155
timeServer 816 profiles and dial maps 93
timeSinceLastRetrain 732 QoS 365
trustedCertificates 822 RADIUS 355
txdItu103 750 RIP 201
type 727, 787 routing 185
vendorId 734 static routing 188
vendorModel 734 traffic and priority policy
vendorSerial 734 on the router 237
vendorSoftVersion 734 VLAN 308
vlan 699 VLANs on the 4 port Ethernet switch 316
vp 710 VRRP 255
attribute string, reading an viii Basic Rate ISDN interface
auto-install 939 configuration attributes 510
on the LAN interface 942 configuration attributes, general 511
example 945 performance attributes, general 868
Telindus 1423 SHDSL Router Index 1005
Annex

specifications 976 bridged/routed Ethernet/IP over ATM (RFC

status attributes, general 738 2684)
configuring 136
BC
what is 142 bridging
basic configuration 263
B-channel
alarms 932 bridge group, adding 277
configuration attributes 514 bridge group, configuring 276
performance attributes 870 bridging attributes, introducing 275
status attributes 744 configuring 274
configuring on an interface 280
BCP, what is 156 enabling on an interface 279
BE explaining the bridging structure 281
what is 142 introducing 264
versus routing 186
BE PHB, what is 240 what is 265
BECN bridging and routing in a network, a configuration
what is 143 example 431
bit string, what is 44 bridging structure
boot mode, what is 966 explanation 281
where to find 280
boot software, what is 966
broadcasting
BootP
specifications 983
what is 940
bundle
BRI
alarms 934
alarms 931
configuration attributes 552
performance attributes 867
performance attributes 875
status attributes 737
status attributes 757
bridge
configuration attributes 652 C
general configuration attributes 653 callback
performance attributes 902 authentication callback, what is 109
specifications 984 E.164 number, what is 110
status attributes 808 introducing 109
bridge access list what is 109
configuration attributes 663 CBR
performance attributes 906 configuring 133
bridge cache what is 120
time-out 656 CCP, what is 156
what is 655
CHAP
bridge filtering authentication in both directions 171
specifications 984 authentication in one direction 170
bridge group configuring 169
adding 277 how works 170
bridge priority, setting 276 use sysName/sysSecret or sessionName/
bridging protocol, selecting 276 sessionSecret? 172
configuration attributes 653 what is 157
configuring 276 child object, what is 44
IP address, configuring 276
multiple bridge groups, what are 275 CIR
performance attributes 903 basic configuration 152
specifications 984 what is 142
what is 275 Classical IP (IPoA), configuring 137
bridge port CLP, what is? 124
state transition diagram 269
states 269 common TCP and UDP numbers 995
1006 Telindus 1423 SHDSL Router Index
Annex

compatibility with other SHDSL devices 75 IP 531

VRRP 624
complex value, what is 44
WAN interface 466
configuration
configuration examples 401
activating the 88
loading the default configuration file
using the action 88 creating 954
using the DIP switch 88 creating a binary file using TMA 956
loading the preconfiguration 89 creating an ASCII CLI file
using Telnet 960
configuration action
executing 86 using TFTP 959
using TMA 957
what is 87
downloading 961
configuration alarm attributes 920 using (T)FTP 963
configuration attributes 435 using Telnet 964
ATM 469 using TMA 962
Basic Rate ISDN interface 510 formats 955
Basic Rate ISDN interface, general 511 restoring 961
B-channel 514 configuration type
bridge 652 active 87
bridge access list 663 default 87
bridge group 653 explaining the 87
bundle 552 non-active 87
dial maps 547 what is 87
encapsulation 468
connecting the device 18
encapsulation profile 525
an example 22
end 508
error test 495 connecting the different parts of the device 20
firewall 628
connecting with TMA
forwarding profile 529 over an IP network 40
Frame Relay 478 through the control connector 38
general 445
HDLC 493 connection precautions 17
IKE SA 601 containment tree
ISDN dial profile 520 adding an object 50
ISDN leased line 516 of the device 46
L2TP tunnel 587 terminology 44
LAN interface 451 what is 44
line 497
line pair 497 control connector specifications 978
management 667 conventions in this manual
manual SA 597 graphical vii
MLPPP 552 typographical vi
NAT 583
copyright notice ii
OSPF 609
OSPF area 614 COS, what is 241
OSPF, general 610 creating passwords in the security table 85
overview 436
PPP 487 CS PHB, what is 240
PPP bundle 553
D
priority policy 542
profiles 519 DE
repeater 508 what is 143
router 557
default queue
router, general 558
configuring 252
routing filter 622
versus traffic policy profile 252
SNMP 665
what is 252
traffic policy
bridging 540 default route
Telindus 1423 SHDSL Router Index 1007
Annex

configuring 190 what is 586

what is 189
DNS
DES and 3DES, what is 337 what is 575, 940
DHCP DNS proxy
basic configuration 290 what is 575
combining static and dynamic tables 291
document
DHCP server reaction on a BootP request conventions
291 graphical vii
dynamic IP addresses, assigning 293
typographical vi
introducing 291
copyright notice ii
relay agent
documentation set v
configuring the Telindus device as 295
environmental information iv
what is 291
intended audience ix
releasing IP addresses, DHCP versus BootP
organisation v
291 properties ii
static IP addresses, assigning 292
statements iii
what is 291, 940
TDRE version described in this ix
dial map your feedback ix
basic configuration 93
documentation set v
example of creating a dial map 104
how to create 103 downloading a configuration file 961
how to create a route that points to a 105 using (T)FTP 963
how works 98 using Telnet 964
what is 97 using TMA 962
dial maps downloading application software
configuration attributes 547 in boot mode 971
performance attributes 873 using FTP 970
status attributes 754 using TFTP 968
using TMA 967
dial policy using TML 969
what is 67
downloading files to the file system 972
Diff-Serv
PHB, what is 239 downloading software 965
DiffServ DSCP, what is 239
AF PHB, what is 240
BE PHB, what is 240 E
CS PHB, what is 240 easy NAT
DSCP, what is 239 example 235
EF PHB, what is 240 what are the conditions 234
IP Precedence, what is 239 what does 234
TOS byte, what is 239 what is 234
what is 239
EF PHB, what is 240
dimensions of the device 991
EFCI, what is 124
DIP switch table, reading a viii
EIR
DIP switches 29 basic configuration 152
DIP switch bank DS1 31 what is 142
DIP switch bank DS2 and DS3 31
element, what is 45
opening and closing the housing 33
overview 31 EMC compliance 992
position on the motherboard 30 encapsulation
directed broadcast, what is 68 basic configuration 113
configuration attributes 468
DLCI
performance attributes 849
what is 141
selecting an 114
DMZ
encapsulation profile
1008 Telindus 1423 SHDSL Router Index
Annex

configuration attributes 525 LAN extension over a Frame Relay network

424
end
LAN extension over a PDH/SDH network 422
alarms 929
LAN extension over ATM with ISDN back-up,
configuration attributes 508
step-by-step 402
performance attributes 866
using PAT with a minimum of official IP ad-
status attributes 733
dresses 428
environmental compliance 992
executing configuration actions 86
environmental information iv
explaining profiles and dial maps 94
EOC message exchange
extended access list
discovering devices on the SHDSL line 79
introducing 300
enabling 76
remarks 307
proprietary
setting up 301
controlling 77
tuning 303
retrieved standard EOC information 80
what is 300
standard
controlling 78 F
standard versus proprietary 77
FECN
error test what is 143
basic configuration 183
configuration attributes 495 feedback ix
performance attributes 859 file system
status attributes 726 downloading files to 972
example status attributes 820
bridge group, adding multiple 278 firewall
default queue, configuring 253 activating 383
default route, configuring 190 basic configuration 376
extended access list, configuring 305 configuration attributes 628
L2TP tunnel, configuring 329 introducing 377
multiclass PPP, configuring 179 performance attributes 896
NAT, configuring 233 policies, SNet and self in- and outbound 379
PAT, configuring 223 policy, defining
policy based routing, configuring 199 determining which policies have to be de-
priority policy on the router, configuring 250 fined 398
priority policy, applying on an interface 249 inbound self 392
priority policy, creating 248 inbound SNet 388
RIP, configuring 204 outbound self 390
static route (WAN IP address not present), outbound SNet 386
configuring 193 protocol stack, allowing access to 395
static route (WAN IP address present), con- rules of thumb when configuring 394
figuring 192 SNet, adding an interface to 384
traffic policy on the router, configuring 250 SNet, what is 378
traffic policy, applying on an interface of the specifications 989
bridge 288 stateful inspection, what is 377
traffic policy, applying on an interface of the status attributes 805
router 246 types 377
traffic policy, creating on the router 245 types of attacks 380
VLAN switching, configuring 315 VFS, what is 377
VRRP master/backup with owner, configuring
259 forwarding profile
VRRP master/backup without owner, config- configuration attributes 529
uring 261 Frame Relay
examples 401 basic configuration 140
combining bridging and routing in a network configuration attributes 478
431 DLCI global IP addresses 149
connecting a LAN to the Internet using NAT DLCI specific IP addresses 150
and PAT 426 DLCIs, configuring 145
Telindus 1423 SHDSL Router Index 1009
Annex

fragmentation, enabling 154 IKE DH group, what is 339

introduction 141 introducing 338
IP addresses IPSEC DH group, what is 339
automatically obtaining 147 NAT-T, what is 341
configuring 148 negotiation 338
LMI, configuring 151 PFS, what is 339
performance attributes 855 preshared key authentication, what is 339
specifications 981 security certificate
status attributes 711 how to obtain 340
what is 141 terminology 341
security certificate authentication, what is 340
Frame Relay DLCI
what is 338
configuring 145
IKE SA
Frame Relay fragmentation
configuration attributes 601
enabling 154
end-to-end fragmentation, what is 144 performance attributes 893
interface fragmentation, what is 143 status attributes 783

FTP Bounce attack, what is 381 index name, what is 44

index, what is 44
G
installing and connecting the device 11
general
alarm attributes 921 instance name, what is 44
alarms 922 instance value, what is 44
configuration attributes 445
interface
performance attributes 841
what is 58
status attributes 689
introducing
group, what is 45
4 port Ethernet switch 317
address translation 220
H
alarm attributes 919
HDLC ATM 116
basic configuration 181, 182 bridging 264
configuration attributes 493 DHCP 291
introducing 182 extended access list 300
status attributes 724 firewall 377
HMAC MD5 and SHA-1, what is 337 Frame Relay 141
HDLC 182
housing, opening and closing 33 IKE 338
HWA chip 354 IPSEC 335
L2TP tunnel 325
I maintenance and management tools 8
ICMP management terminology 42
specifications 982 OSPF 211
policies, traffic and priority 238
ICMP Error Message attack, what is 382 policy based routing 197
ICMP message PPP 156
communication prohibited 567 QoS 366
port unreachable 567 RADIUS 356
TTL exceeded 566 RIP 202
router applications 5
ICMP redirect, what is 68 routing 186
IEEE 802.1P, what is 241 static routing 189
the device 4
IGMP
VLAN 309
topology 770
VRRP 256
what is 770
introduction 3
IKE
authentication 339 IP address pool
encryption 338 what is 64
1010 Telindus 1423 SHDSL Router Index
Annex

IP addresses how to configure a dial-up connection on a

automatically obtaining 60 BRI interface 100
in ATM 127 how to configure a leased line connection on
in Frame Relay 147 a BRI interface 106
in PPP 160 how to configure callback 108
basic configuration 59 setting up 93
configuring
ISDN dial profile
in ATM 128
configuration attributes 520
in Frame Relay 148
in PPP 162 ISDN leased line
on the LAN interface 71 configuration attributes 516
explaining the IP structure 63 performance attributes 871
imposing on the remote in PPP 164 setting up 93
private range 220 status attributes 746
specifications 979
where to find the IP parameters 61 L

IP filtering L2TP status

specifications 983 authentication states 782
call states 781
IP MTU control states 781
specifications 983 delivery states 782
IP Option attack, what is 382 L2TP tunnel
IP Precedence, what is 239 basic configuration 324
configuration attributes 587
IP security encapsulation 326
performance attributes 891
how works 330
IP Spoofing attack, what is 382 introducing 325
performance attributes 889
IP structure
setting up 327
explanation 63
setting up a main and back-up tunnel 331
where to find 61
specifications 986
IP Unaligned Timestamp attack, what is 381 status attributes 778
IPCP, what is 156 terminology 325
what is 325
IPSEC
AH, what is 336 LAC, what is 325
authentication 337 LAN extension over a Frame Relay network, a
basic configuration 334 configuration example 424
compatibility 335
LAN extension over a PDH/SDH network, a con-
encryption 337
figuration example 422
ESP, what is 336
HWA chip 354 LAN extension over ATM with ISDN back-up, a
introducing 335 step-by-step configuration example 402
manual SA, what is 337
LAN interface
modes 335 alarms 924
NAT-T, what is 341
configuration attributes 451
protocols (ESP and AH) 335
performance attributes 843
SA, what is 337
specifications 977
setting up an IPSEC secured L2TP tunnel
status attributes 693
using a manual SA 342
using an IKE certificate SA 346 LAN to Internet connection using NAT and PAT,
using an IKE preshared SA 344 a configuration example 426
specifications 986 LCP, what is 156
SPI, what is 337
transport mode, what is 335 LED indicators 24
tunnel mode, what is 335 introduction 25
what is 335 LAN LED 27
line back-up LED 26
ISDN connection line data LED 27
Telindus 1423 SHDSL Router Index 1011
Annex

line link LED 26 management terminology, introducing 42

power LED 26
manual SA
states 25
configuration attributes 597
line performance attributes 891
alarms 926
MBS, what is 118
auto speed 75
basic configuration 73 memory
compatibility with other SHDSL devices 75 specifications 991
configuration attributes 497 MIME attack, what is 381
essential configuration attributes 74
fall-back speed 75 MLFR
performance attributes what is 144
performance attributes MLPPP
line pair 862 alarms 934
power back-off, what is 75 configuration attributes 552
retrain criteria 500 setting up 173
selecting a fixed speed 75 on a BRI interface in dial-up mode 180
selecting a speed (range) 75 on a BRI interface in leased line mode 174
selecting a speed range 75 motherboard, position of the DIP switches 30
specifications 974
connector lay-out 974 MPoA
maximum covered distance 975 what is 121
status attributes 728 MRU
line pair what is 486, 488, 494
alarms 927 MS-CHAP
configuration attributes 497 version 1, what is 157
performance attributes 862 version 2, what is 158
status attributes 728
MS-CHAP, what is 157
LIP
MTU
what is 144
what is 66
LMI
multicasting
configuring 151
specifications 983
what is 141
multiclass PPP
LNS, what is 325
setting up 177
loading the default configuration what is 159
using the action 88
multi-protocol over ATM
using the DIP switch 88
encapsulation mechanisms, which are 122
loading the preconfiguration 89 what is 121

M N
maintaining the device 35 NAT
with TMA 36 adding multiple NAT objects 230
maintenance and management combining with PAT 234
connection possibilities 10 configuration attributes 583
specifications 990 easy NAT 234
enabling on an interface 228
maintenance and management tools how works 232
introducing 8 performance attributes 886
major features of the device, basic configuration specifications 985
of the 90 status attributes 776
what is 220
management
when use 221
configuration attributes 667
performance attributes 908 NAT on the LAN interface, a remark 229
status attributes 815 NAT-T, what is 341
1012 Telindus 1423 SHDSL Router Index
Annex

O what is 157
OAM AIS, what is 853 parent object, what is 44
OAM LoopBack (LB) cells, what are 124 parts of the device 20
OAM RDI, what is 853 passwords
basic configuration 84
object, what is 44
creating in the security table 85
operating system entering in the different management tools 85
performance attributes 911 remarks on 448
status attributes 830
PAT
organisation of this manual v combining with NAT 234
OSPF enabling on an interface 222
activating 216 how works 224
authentication, enabling 217 limitations and work-around 227
basic configuration 210 specifications 985
configuration attributes 609 what is 220
configuration attributes, general 610 when use 221
introducing 211 PAT with a minimum of official IP addresses, a
specifications 982 configuration example 428
status attributes 785
PCR, what is 118
status attributes, general 786
what is 211 performance attributes 833
adjacency 214 ATM 850
area 0 212 AUX interface 872
areas 212 Basic Rate ISDN interface, general 868
authentication 215 B-channel 870
backbone area 212 BRI 867
border routers 212 bridge 902
cost 214 bridge access list 906
link states 211 bridge group 903
neighbours 214 bundle 875
NSSA 213 dial maps 873
stub areas 213 encapsulation 849
virtual links 214 end 866
error test 859
OSPF area
configuration attributes 614 firewall 896
Frame Relay 855
status attributes 791
general 841
other WAN encapsulations IKE SA 893
specifications 981 IP security 891
overview ISDN leased line 871
alarm attributes 916 L2TP tunnel 889
configuration attributes 436 LAN interface 843
performance attributes 834 line 862
status attributes 680 management 908
Telindus 1423 SHDSL Router family 7 manual SA 891
NAT 886
over-voltage and over-current protection compli- operating system 911
ance 992 overview 834
PPP bundle 876
P
repeater 866
PAP router 878
authentication in both directions 168 router, general 879
authentication in one direction 167 traffic policy
configuring 166 IP 900
how works 167 WAN interface 848
use sysName/sysSecret or sessionName/
Ping Of Death attack, what is 382
sessionSecret? 172
Telindus 1423 SHDSL Router Index 1013
Annex

policies on the router PPPoE over ATM

basic configuration 237 what is 123
policies, traffic and priority priority policy
configuring on the bridge 286 applying on an interface 249
configuring on the router 243 configuration attributes 542
introducing 238 creating 247
on routed and on bridged data 242 specifications 988
on the bridge what is 238
basic configuration 285
priority queuing, what is 238
specifications 987
product information 997
policy based routing
basic configuration 196 profile
introducing 197 basic configuration 93
setting up 198 custom, what is 96
specifications 982 default, what is 96
what is 197 example of creating a custom profile 102
example of creating a default profile 102
power requirements 991
how to create 101
PPP how to link the different profiles together 96
basic configuration 155 remark 101
CHAP, configuring 169 what is 95
CHAP, how works 170 which are there 95
configuration attributes 487
profiles
fragmentation, enabling 176 configuration attributes 519
handshake 156
status attributes 752
introducing 156
IP addresses proxy ARP, what is 454
automatically obtaining 160
configuring 162 Q
imposing on the remote 164 QoS
link monitoring, configuring 165 ATM IMA interface 374
MLPPP, setting up 173 ATM interface 374
on a BRI interface in dial-up mode 180 basic configuration 365
on a BRI interface in leased line mode 174 Ethernet interface 368
multiclass PPP, setting up 177 Frame Relay fragmentation options 373
PAP, configuring 166 Frame Relay interface with fragmentation
PAP, how works 167 371
specifications 981 Frame Relay interface without fragmentation
status attributes 716 371
what is 156 introducing 366
PPP bundle IP 367
configuration attributes 553 multilink Frame Relay interface with fragmen-
performance attributes 876 tation 373
status attributes 758 multilink Frame Relay interface without frag-
mentation 372
PPP fragmentation multilink PPP interface with fragmentation
enabling 176 370
what is 159 PPP interface with fragmentation 369
PPP link monitoring PPP interface without fragmentation 369
configuring 165 VLAN 368
what is 156 VPN tunnel 375
what is 366
PPPoA
configuring 138 R
what is 123
RADIUS
PPPoE accounting 357
configuring 139 accounting, enabling 361
what is 123 authentication 357
1014 Telindus 1423 SHDSL Router
Annex
authorisation 357
basic configuration 355
device access authentication, enabling 358
introducing 356
IP settings
client (calling) 364
NAS (called) 364
network access authentication, enabling 360
supported attribute types 362
what is 356
reading a
DIP switch table viii
reading an
attribute string viii
rear view of the device 19
referring to an added object
example 54
how to 54
what is 54
relative and absolute addressing 671
relay agent
the Telindus Router as 941
remarks on
accessing a proxied device via its IP address
453
bridging traffic policy on the LAN interface
288
channel attribute 498
CIR 152
compression attribute 489
DHCP requests and access lists 292, 293
dhcpStatistics attribute 772
dialTimeTable attribute 523
dualPairMode attribute 504
error test, RAM limitations 183, 727
extended access list 307
extended access list on the protocol stack
302, 673
filter on port numbers 304
firewall, TMA access when firewall is active
384
HDLC encapsulation 182
helperProtocols attribute 565
host routes to local interface IP address 769
ifOperStatus of the WAN interface 704, 748
IP address on the LAN interface in case of
bridging 61, 187, 279, 280, 452, 654
ipIntervalPool attribute 580
ipListPool attribute 577
L2TP tunnels, auto element 590
L2TP tunnels, type element 590
l2tpTunnels configuration attribute 328
loopbackActivation action 736, 743
maximumSpeedSearch action 731
messages attribute 691
Index
NAT in the ip structure versus NAT in the fire-
wall 70, 633, 638
natAddresses attribute 229
passwords 448
PPP fragmentation 176, 177
profiles 101
rerouting principle 195
resetNat action 888
rip2Authentication attribute 207
ripv2SecretTable attribute 563
routing update filter 623
selecting a speed range on the 2 pair version
75
telnet attribute 673
timingMode attribute 499
trafficShaping table 534
tunnels, main and back-up 332
VLAN ID 0 311, 457
VLANs on the 4 port Ethernet switch 319
vlanSwitching attribute 314
repeater
alarms 929
configuration attributes 508
performance attributes 866
status attributes 733
rerouting principle, what is 195
restoring a configuration file 961
RIP
authentication, enabling on an interface 209
basic configuration 201
enabling on an interface 203
explaining the RIP structure 205
how works 202
introducing 202
specifications 982
support 202
what is 202
RIP authentication
enabling on an interface 209
what is 202
RIP hold-down timer, what is 562
RIP snapshot routing
what is 208
RIP structure, explanation 205
router
alarms 935
configuration attributes 557
general configuration attributes 558
general performance attributes 879
general status attributes 766
introduction 186
performance attributes 878
status attributes 765
router applications, introducing 5
Telindus 1423 SHDSL Router Index 1015
Annex

routing bridge port states 269

basic activities 186 bridge priority, what is 272
basic configuration 185 path cost, what is 272
determining the optimal path 186 port priority, what is 272
enabling on an interface 187 priority and cost 272
specifications 982 root bridge 267
static versus dynamic 189 how selected 267
transporting packets 186 what is 267
versus bridging 186 topology 268
what is 186
specifications
routing and bridging performance specifications 4 port Ethernet switch 977
989 access security 990
ATM encapsulation 980
routing filter
configuration attributes 622 auto-install 979
Basic Rate ISDN interface 976
routing table bridge group 984
configuring 191 bridging 984
rules of thumb when configuring 194 broadcasting 983
what is 189 control connector 978
dimensions 991
S EMC compliance 992
safety environmental compliance 992
compliance 992 firewall 989
instructions 12 Frame Relay encapsulation 981
requirements ii ICMP 982
IP filtering 983
sales codes 997
IP MTU 983
SCR, what is 118 IPaddresses 979
selecting a site 14 IPSEC 986
L2TP tunnel 986
selecting an encapsulation 114 LAN interface 977
self-learning bridge, what is 266 line 974
connector lay-out 974
Sequence Number Out Of Range attack, what is
maximum covered distance 975
382
maintenance and management 990
Sequence Number Prediction attack, what is 382 memory 991
multicasting 983
setting up an ISDN connection 93
NAT 985
setting up an ISDN leased line connection 93 OSPF 982
SNet other WAN encapsulations 981
what is 378 over-voltage and over-current protection
compliance 992
SNMP PAT 985
configuration attributes 665 policies, traffic and priority 987
SNTP, what is 670 policy based routing 982
power requirements 991
software
PPP encapsulation 981
downloading 965
priority policy 988
what is boot and application 966
RIP 982
source routing attack, what is 381 routing 982
Spanning Tree routing and bridging performance 989
behaviour 271 safety compliance 992
bridge failure 271 static routing 982
bridging loops 271 traffic policy on the bridge 988
network extension 271 traffic policy on the router 988
BPDU 270 tunnelling 986
propagation of 270 VLAN 984
what is 270 VLAN switching 984
1016 Telindus 1423 SHDSL Router Index
Annex

VPN 986 TC
VRRP 983 what is 142
stateful inspection firewall, what is 377 TDRE
version ix
statements iii
what is ix
static routing
basic configuration 188 technical specifications 973
default route, configuring 190 Telindus 1423 SHDSL Router
introducing 189 family overview 7
routing table, configuring 191 what is 4
specifications 982
TFTP
status attributes 679 what is 941
ATM 706
Time To Live (TTL), what is 566
AUX interface 749
Basic Rate ISDN interface, general 738 TMA
B-channel 744 connecting over an IP network 40
BRI 737 connecting through the control connector 38
bridge 808 how to connect 37
bundle 757 maintaining the device with 36
dial maps 754 what is 37
end 733 TMA sub-system picture 937
error test 726 how to display 937
file system 820 structure 937
firewall 805
Frame Relay 711 TOS
general 689 TOS field, what is 241
HDLC 724 traffic policy
IKE SA 783 applying on an interface of the bridge 288
ISDN leased line 746 applying on an interface of the router 246
L2TP tunnel 778 configuration attributes of the bridge 540
LAN interface 693 configuration attributes of the router 531
line 728 creating on the bridge 287
line pair 728 creating on the router 244
management 815 default queue, configuring 252
NAT 776 performance attributes of the router 900
operating system 830 specifications of the bridge 988
OSPF 785 specifications of the router 988
OSPF area 791 what is 238
OSPF, general 786
traffic policy profile
overview 680
versus default queue 252
PPP 716
PPP bundle 758 Transparent Spanning Tree bridge, what is 266
profiles 752 troubleshooting
repeater 733 the device 91
router 765
router, general 766 tunnelling
VRRP 803 specifications 986
WAN interface 702
U
straps
UBR
overview 32
configuring 130
structured value, what is 44 what is 118
SYN Flooding attack, what is 381 unique digits, what are 550
syslog, what is 668 unpacking 13

T UTC, what is 670

target margin, what is 502

Telindus 1423 SHDSL Router Index 1017
Annex

V status attributes 803

virtual router, what is 256
value, what is 44
VRRP router, what is 256
VBR-nrt what is 256
configuring 131
what is 119 W
VBR-rt wall mounting 15
configuring 132
WAN interface
what is 119
alarms 925
VCI configuration attributes 466
configuring 129 performance attributes 848
what is 116 status attributes 702
Virtual Firewall System, what is 377 warning
EMC 17
VLAN
basic configuration 308 ESD 17
important safety instructions 12
introducing 309
safety 12
local or global tag significance 460
selecting a site 14
setting up on the bridge group 312
setting up on the LAN interface 310 WinNuke attack, what is 381
specifications 984
what is 309
VLAN switching
configuring 313
specifications 984
stripping the VLAN tag 661
VLAN tag, what is 309
VLANs on the 4 port Ethernet switch
basic configuration 316
example 1 320
example 2 321
example 3 322
example 4 322
example 5 323
example 6 323
introducing 317
setting up 319
vlan attribute versus ports attribute 317
VLAN switching restrictions 318
VPI
configuring 129
what is 116
VPN
specifications 986
VRRP
backup virtual router, what is 256
basic configuration 255
configuration attributes 624
introducing 256
IP address owner, what is 256
master virtual router
how is it elected 257
what is 256
primary IP address, what is 256
setting up 258
specifications 983
1018 Telindus 1423 SHDSL Router Index
Annex