Telindus 1421 SHDSL Router

Telindus 1421 SHDSL Router
User and reference manual
Version: 2.3 - 201601
Telindus Technical Publications – Geldenaaksebaan 335 - B-3001 Leuven - Belgium – Tel. +32 16 382011
ii Telindus 1421 SHDSL Router Copyright, safety and statements
Document properties
Subject Telindus 1421 SHDSL Router
Manual type User and reference manual
Version 2.3
Code 201601
Modification date 26 December 2005 ©Telindus
Copyright notice
The information and descriptions contained in this publication are the property of Telindus. Such infor-
mation and descriptions must not be copied or reproduced by any means, or disseminated or distributed
without the express prior written permission of Telindus.
This publication could include technical inaccuracies or typographical errors, for which Telindus never
can or shall be held liable. Changes are made periodically to the information herein; these changes will
be incorporated in new editions of this publication. Telindus may make improvements and/or changes in
the product(s) described in this publication at any time, without prior notice.
Safety requirements
Carefully read the safety instructions, installation precautions and connection precautions as stated in
chapter 2 - Installing and connecting the Telindus 1421 SHDSL Router on page 9.
Telindus 1421 SHDSL Router Copyright, safety and statements iii
Statements
www.telindusproducts.com → Telindus Access Solutions → Products → Choose a product → Down-

loads → Certificates
Hereby, Telindus declares that this Telindus 1421 SHDSL Router complies with the essential require-
ments and other relevant provisions of Directive 1999/5/EC.
Hierbij verklaart Telindus dat deze Telindus 1421 SHDSL Router overeenstemt met de essentiële vere-
isten en andere relevante bepalingen van Richtlijn 1999/5/EC.
Par la présente, Telindus déclare que ce Telindus 1421 SHDSL Router est en conformité avec les exi-
gences essentielles et autres articles applicables de la Directive 1999/5/EC.
Hiermit, Telindus erklärt daß dieser Telindus 1421 SHDSL Router in Fügsamkeit ist mit den wesentli-
chen Anforderungen und anderen relevanten Bereitstellungen von Direktive 1999/5/EC.
Mediante la presente, Telindus declara que el Telindus 1421 SHDSL Router cumple con los requisitos
esenciales y las demás prescripciones relevantes de la Directiva 1999/5/CE.
A Telindus declara que o Telindus 1421 SHDSL Router cumpre os principais requisitos e outras dis-
posições da Directiva 1999/5/EC.
Col presente, Telindus dichiara che questo Telindus 1421 SHDSL Router è in acquiescenza coi requisiti
essenziali e stipulazioni attinenti ed altre di Direttivo 1999/5/EC.
Με το παρόν η Telindus δηλώνει ότι το Telindus 1421 SHDSL Router είναι συμμορφούμενο με τις
βασικές απαιτήσεις και με τις υπόλοιπες σχετικές διατάξες της οδηγίας 1999/5/EC.
iv Telindus 1421 SHDSL Router Copyright, safety and statements
Environmental information
The crossed-out wheeled bin means that within the European Union the product must be taken to separate
collection at the product end of life. This applies to the device but also to any accessories marked with this
symbol. Do not dispose of these products as unsorted municipal waste.
If you need more information on the collection, reuse and recycling systems, please contact your local waste
administration. You can also contact us for more information on the environmental specifications of our products.
De doorgestreepte container wil zeggen dat binnen de Europese gemeenschap het product voor gescheiden afvalverzameling
moet worden aangeboden aan het einde van de levensduur van het product. Dit geldt voor het toestel, maar ook voor alle
toebehoren dia van dit symbool voorzien zijn. Bied deze producten niet aan bij het gewone huisvuil.
Indien u meer informatie wenst over de systemen voor inzameling, hergebruik en recyclage, gelieve dan uw lokale afvaldiensten
te contacteren. U kan ook ons contacteren wanneer u informatie wenst over de milieu aspecten van onze producten.
Le symbole de la poubelle sur roues barrée d’une croix signifie que ce produit doit faire l’objet d’une collecte sélective en fin de
vie au sein de l’Union Européenne. Cette mesure s’applique non seulement à vorte appareil mais également à tout autre
accessoire marqué de ce symbole. Ne jetez pas ces produits dans les ordures ménagères non sujettes au tri sélectif.
Si vous souhaitez plus d'information concernant les systèmes de collecte, de réutilisation et de recyclage, veuillez contactez votre
service de gestion de déchets local. Vous pouvez également nous contacter pour obtenir plus d’information au sujet des
spécifications environnementales de nos produits.
Das Symbol der durchgestrichenen Abfalltonne auf Rädern bedeutet dass das Produkt in der Europäischen Union einer
getrennten Mülsammlung zugeführt werden muss. Dies gilt sowohl für das Produkt selbst, als auch für alle mit diesem Symbol
gekennzeichneten Zubehörteile. Diese Produkte dürfen nicht über den unsortierten Hausmüll entsorgt werden.
Wenn Sie mehr Informationen brauchen über die Sammlung und Recycling Systemen, bitte konsultieren Sie Ihre örtliche Abfälle
Verwaltung. Für mehr Informationen über die Umweltaspekten unserer Produkte, wenden Sie sich an unserer Kundendienst.
Telindus 1421 SHDSL Router Preface v
Documentation set
The documentation set of the Telindus 1421 SHDSL Router currently consists of the following:
Document Description
Telindus 1421 SHDSL Router This is the manual you are reading now.
manual (this manual) It shows you how to install and connect the Telindus 1421 SHDSL
Router and gives you a basic configuration. It also contains a com-
plete description of all the configuration, status, performance and
alarm parameters for look-up purposes.
maintenance and manage- The Telindus 1421 SHDSL Router can be maintained and managed
ment application manuals by a variety of maintenance and management tools. Refer to 1.3 -
Maintenance and management tools on page 6 for an introduction on
these tools and for a reference to the manual of these tools.
cable documents A wide variety of cables exist to connect the Telindus 1421 SHDSL
Router. The Data cables document (PDF) and the Management
cables document (PDF) describe these cables.
All these documents, together with the free maintenance tool TMA and the firmware of the Telindus
devices, can be found on the Telindus Access Products distribution CD that is delivered with all Telindus
products.
Organisation of this manual
This manual contains the following main parts:
Part This part …
User manual shows you how to install and connect the Telindus 1421 SHDSL Router. It also
gives a basic configuration of the Telindus 1421 SHDSL Router.
Reference manual gives more detailed information on the Telindus 1421 SHDSL Router, such as
software download procedures, technical specifications, etc. It also contains a
complete description of all the configuration, status, performance and alarm
parameters for look-up purposes.
Annex gives additional information, such as product sales codes.
Refer to the Table of contents on page x for a detailed overview of this manual.
vi Telindus 1421 SHDSL Router Preface
Typographical conventions
The following typographical conventions are used in this manual:
The format … indicates …
Normal normal text.
Italic • new or emphasised words

• application windows, buttons and fields. E.g. In the Filename field enter …
Computer text you have to enter at the DOS or CLI prompt, computer output and code
examples.
E.g. NOK,1,1,Invalid command.
Computer Bold text you have to enter at the DOS or CLI prompt when it is part of a mix of com-
puter input and output.
E.g.
/o1003:"Edit Configuration"
>get sysName
sysName = "Orchid 1003 LAN"
/o1003:"Edit Configuration"
>
Narrow containment tree objects and attributes of a device when they are mentioned in
the normal text. I.e. when they are not a part of computer input or output.
E.g. Use the sysName attribute in order to …
<Narrow> containment tree objects or attributes or part of them that are variable. I.e.
depending on the product version, used interface, etc. the names of these
objects or attributes are slightly different.
E.g. topObject/<modularIf>/someAttribute means that the name of the object
<modularIf> depends on which modular interface you use. For example, v35 in
case of a V.35 interface, g703 in case of a G.703 interface, etc.
Blue references to other parts in the manual.

E.g. “Refer to xx - Title for more information”.
Blue underline • a hyperlink to a web site. E.g. www.telindus.com

• a reference to another manual. E.g. “Refer to the TMA manual (PDF) for
more information”. The abbreviation between brackets is an indication of the
file format (PDF = Portable Document Format / CHM = Compiled HTML
Help).
Telindus 1421 SHDSL Router Preface vii
Graphical conventions
The following icons are used in this manual:
Icon Name This icon indicates …
Remark remarks or useful tips.
Caution text to be read carefully in order to avoid damage to the device.
Warning text to be read carefully in order to avoid injury.
DIP switch a DIP switch or strap table.
Basic attribute a basic attribute in the containment tree of the Telindus 1421 SHDSL
Router.
Advanced attribute an advanced attribute in the containment tree of the Telindus 1421
SHDSL Router.
Structured attribute a structured attribute within another attribute in the containment tree
of the Telindus 1421 SHDSL Router.
Action an action in the containment tree of the Telindus 1421 SHDSL

Router.
viii Telindus 1421 SHDSL Router Preface
Reading a DIP switch table
At several places in this manual DIP switch tables are shown. To enable you to read such a table in a
correct manner it is explained below.
A DIP switch table has the following layout:
The following table explains the DIP switch configuration table layout:
Number This position displays …
1 the DIP switch icon.
2 the DIP switch name.
3 the DIP switch position on the DIP switch bank.

The abbreviations mean the following:
DS1 no. 1: DIP switch bank number 1, switch position number 1
4 the possible settings of the DIP switch: on and off. The default setting is printed in bold.
5 the function associated with the corresponding DIP switch setting.
Reading an attribute string
At several places in this manual attribute strings are shown. To enable you to read such a string in a
correct manner it is explained below.
An attribute string has the following layout:
The following table explains the attribute string layout:
Number This position displays …
1 the attribute icon. It indicates that the string which follows is an attribute string. Refer to
Graphical conventions on page vii for more information.
2 the attribute name and its position in the containment tree.
3 the default value of a configuration attribute.

Telindus 1421 SHDSL Router Preface ix
TDRE version
The Telindus Dynamic Routing Engine (TDRE) is a feature-rich operating system that guarantees a com-
mon feature set across the different Telindus product lines and a uniform support by maintenance and
management tools.
This manual describes the features, containment tree and attributes of the TDRE version 11.5.
Audience
This manual is intended for computer-literate people, who have a working knowledge of computing and
networking principles.
Your feedback
Your satisfaction about this purchase is an extremely important priority to all of us at Telindus. Accord-
ingly, all electronic, functional and cosmetic aspects of this new unit have been carefully and thoroughly
tested and inspected. If any fault is found with this unit or should you have any other quality-related com-
ment concerning this delivery, please submit the Quality Comment Form on our web page at
www.telindusproducts.com/quality.
x Telindus 1421 SHDSL Router Table of contents
Table of contents
User manual............................................................................................ 1
1 Introducing the Telindus 1421 SHDSL Router ..................................................3
1.1 What is the Telindus 1421 SHDSL Router? ............................................................... 4
1.2 Telindus 1421 SHDSL Router applications ................................................................ 5
1.3 Maintenance and management tools ......................................................................... 6
1.4 Maintenance and management tools connection possibilities ................................... 8
2 Installing and connecting the Telindus 1421 SHDSL Router...........................9

2.1 Safety instructions .................................................................................................... 10
2.2 Unpacking ................................................................................................................ 11
2.3 Selecting a site ......................................................................................................... 12
2.4 Mounting the Telindus 1421 SHDSL Router to a wall .............................................. 13
2.5 Connection precautions............................................................................................ 15
2.6 Connecting the Telindus 1421 SHDSL Router......................................................... 16
2.7 The front panel LED indicators................................................................................. 20
3 DIP switches of the Telindus 1421 SHDSL Router .........................................25

3.1 The Telindus 1421 SHDSL Router motherboard ..................................................... 26
3.2 DIP switches of the Telindus 1421 SHDSL Router .................................................. 27
3.3 Opening and closing the housing ............................................................................. 28
4 Maintaining the Telindus 1421 SHDSL Router ................................................29

4.1 Maintaining the Telindus 1421 SHDSL Router with TMA......................................... 30
4.2 Introducing the management terminology ................................................................ 36
4.3 The objects in the Telindus 1421 SHDSL Router containment tree......................... 40
4.4 Adding an object to the containment tree................................................................. 42
4.5 Telindus 1421 SHDSL Router attribute overview..................................................... 47
5 Basic configuration ...........................................................................................49

5.1 What is an interface?................................................................................................ 50
5.2 Configuring IP addresses ......................................................................................... 51
5.3 Configuring the SHDSL line ..................................................................................... 62
5.4 Enabling EOC message exchange .......................................................................... 66
5.5 Configuring passwords............................................................................................. 74
5.6 Executing configuration actions................................................................................ 76
5.7 Configuring the major features of the Telindus 1421 SHDSL Router....................... 80
5.8 Troubleshooting the Telindus 1421 SHDSL Router ................................................. 81
6 Configuring the encapsulation protocols........................................................83

6.1 Selecting an encapsulation protocol......................................................................... 84
6.2 Configuring ATM encapsulation ............................................................................... 85
6.3 Configuring Frame Relay encapsulation ................................................................ 107
6.4 Configuring PPP encapsulation.............................................................................. 122
6.5 Configuring HDLC encapsulation ........................................................................... 145
6.6 Configuring an error test......................................................................................... 147
Telindus 1421 SHDSL Router Table of contents xi
7 Configuring routing .........................................................................................149

7.1 Introducing routing.................................................................................................. 150
7.2 Enabling routing on an interface............................................................................. 151
7.3 Configuring static routes......................................................................................... 152
7.4 Configuring policy based routing ............................................................................ 160
7.5 Configuring RIP ...................................................................................................... 165
7.6 Configuring OSPF .................................................................................................. 173
7.7 Configuring address translation.............................................................................. 182
7.8 Configuring traffic and priority policy on the router................................................. 200
7.9 Configuring VRRP .................................................................................................. 218
8 Configuring bridging .......................................................................................225

8.1 Introducing bridging................................................................................................ 226
8.2 Configuring bridging ............................................................................................... 236
8.3 Configuring traffic and priority policy on the bridge ................................................ 247
9 Configuring the additional features ...............................................................251

9.1 Configuring DHCP.................................................................................................. 252
9.2 Configuring the access restrictions ........................................................................ 258
9.3 Configuring VLANs................................................................................................. 270
9.4 Configuring L2TP tunnels....................................................................................... 280
9.5 Configuring IP security ........................................................................................... 290
9.6 Configuring RADIUS .............................................................................................. 298
9.7 Configuring QoS..................................................................................................... 308
10 Configuration examples ..................................................................................319

10.1 Step-by-step example: LAN extension over ATM .................................................. 320
10.2 LAN extension over a PDH/SDH network .............................................................. 330
10.3 LAN extension over a Frame Relay network.......................................................... 332
10.4 Connecting a LAN to the Internet using NAT and PAT .......................................... 334
10.5 Using PAT with a minimum of official IP addresses ............................................... 336
10.6 Combining bridging and routing in a network ......................................................... 339
Reference manual .............................................................................. 341

11 Configuration attributes ..................................................................................343
11.1 Configuration attribute overview............................................................................. 344
11.2 General configuration attributes ............................................................................. 351
11.3 LAN interface configuration attributes .................................................................... 357
11.4 WAN interface configuration attributes................................................................... 366
11.5 Encapsulation configuration attributes ................................................................... 369
11.6 SHDSL line configuration attributes ....................................................................... 397
11.7 End and repeater configuration attributes .............................................................. 408
11.8 Bundle configuration attributes............................................................................... 410
11.9 Router configuration attributes ............................................................................... 415
11.10Bridge configuration attributes................................................................................ 482
11.11SNMP configuration attributes................................................................................ 499
11.12Management configuration attributes ..................................................................... 501
xii Telindus 1421 SHDSL Router Table of contents
12 Status attributes ..............................................................................................513

12.1 Status attribute overview ........................................................................................ 514
12.2 General status attributes ........................................................................................ 520
12.3 LAN interface status attributes ............................................................................... 524
12.4 WAN interface status attributes.............................................................................. 532
12.5 Encapsulation status attributes .............................................................................. 535
12.6 SHDSL line status attributes .................................................................................. 558
12.7 End and repeater status attributes ......................................................................... 563
12.8 Bundle status attributes.......................................................................................... 567
12.9 Router status attributes .......................................................................................... 574
12.10Bridge status attributes........................................................................................... 612
12.11Management status attributes ................................................................................ 619
12.12File system status attributes................................................................................... 624
12.13Operating system status attributes......................................................................... 627
13 Performance attributes ...................................................................................629

13.1 Performance attributes overview............................................................................ 630
13.2 General performance attributes.............................................................................. 636
13.3 LAN interface performance attributes..................................................................... 638
13.4 WAN interface performance attributes ................................................................... 643
13.5 Encapsulation performance attributes.................................................................... 644
13.6 SHDSL line performance attributes........................................................................ 657
13.7 End and repeater performance attributes............................................................... 661
13.8 Bundle performance attributes ............................................................................... 662
13.9 Router performance attributes................................................................................ 665
13.10Bridge performance attributes ................................................................................ 682
13.11Management performance attributes ..................................................................... 688
13.12Operating system performance attributes .............................................................. 691
14 Alarm attributes ...............................................................................................695

14.1 Alarm attributes overview ....................................................................................... 696
14.2 Introducing the alarm attributes.............................................................................. 698
14.3 General alarms....................................................................................................... 701
14.4 LAN interface alarms.............................................................................................. 703
14.5 WAN interface alarms ............................................................................................ 704
14.6 SHDSL line alarms ................................................................................................. 705
14.7 SHDSL line pair alarms .......................................................................................... 706
14.8 End and repeater alarms........................................................................................ 708
14.9 Bundle alarms ........................................................................................................ 710
14.10Router alarms......................................................................................................... 711
Telindus 1421 SHDSL Router Table of contents xiii
15 TMA sub-system picture .................................................................................713
16 Auto installing the Telindus 1421 SHDSL Router .........................................715

16.1 Introducing the auto-install protocols...................................................................... 716
16.2 Auto-install on the LAN interface............................................................................ 718
16.3 Auto-install on the WAN interface .......................................................................... 723
16.4 Creating a configuration file.................................................................................... 730
16.5 Restoring a configuration file.................................................................................. 737
17 Downloading software ....................................................................................741

17.1 What is boot, loader and application software?...................................................... 742
17.2 Downloading application software using TMA........................................................ 744
17.3 Downloading application software using TFTP ...................................................... 745
17.4 Downloading application or loader software using TML......................................... 746
17.5 Downloading application software using FTP ........................................................ 747
17.6 Downloading application or loader software in loader mode.................................. 748
17.7 Downloading files to the file system ....................................................................... 749
18 Technical specifications .................................................................................751

18.1 SHDSL line specifications ...................................................................................... 752
18.2 LAN interface specifications ................................................................................... 754
18.3 Control connector specifications ............................................................................ 755
18.4 IP address assignment and auto-provisioning ....................................................... 756
18.5 ATM encapsulation specifications .......................................................................... 757
18.6 Frame Relay encapsulation specifications ............................................................. 758
18.7 PPP encapsulation specifications .......................................................................... 758
18.8 Other WAN encapsulation specifications ............................................................... 758
18.9 IP routing specifications ......................................................................................... 759
18.10Bridging specifications............................................................................................ 761
18.11Network address translation specifications ............................................................ 762
18.12Tunnelling and VPN specifications......................................................................... 763
18.13Priority and traffic policy specifications................................................................... 764
18.14Routing and bridging performance specifications .................................................. 766
18.15Access security specifications................................................................................ 767
18.16Maintenance and management specifications ....................................................... 767
18.17Memory specifications............................................................................................ 768
18.18Power requirements ............................................................................................... 768
18.19Dimensions............................................................................................................. 768
18.20Safety compliance .................................................................................................. 769
18.21Over-voltage and over-current protection compliance ........................................... 769
18.22EMC compliance .................................................................................................... 769
18.23Environmental compliance ..................................................................................... 769
Annex .................................................................................................. 771

Annex A:common TCP and UDP numbers ..........................................................773
Annex B:product information ...............................................................................775

xiv Telindus 1421 SHDSL Router Table of contents
Index .................................................................................................... 777

Telindus 1421 SHDSL Router 1
User manual
User manual
2 Telindus 1421 SHDSL Router
User manual
Telindus 1421 SHDSL Router Chapter 1 3
User manual Introducing the Telindus 1421 SHDSL Router
1 Introducing the Telindus 1421 SHDSL Router

This chapter gives an introduction to the Telindus 1421 SHDSL Router. The following gives an overview
of this chapter:
• 1.1 - What is the Telindus 1421 SHDSL Router? on page 4
• 1.2 - Telindus 1421 SHDSL Router applications on page 5
• 1.3 - Maintenance and management tools on page 6
• 1.4 - Maintenance and management tools connection possibilities on page 8
4 Telindus 1421 SHDSL Router Chapter 1
1.1 What is the Telindus 1421 SHDSL Router?
The Telindus 1421 SHDSL Router is a professional state-of-the-art base-band modem with integrated
IP router and bridge offering symmetric full-duplex transmission up to 2.3 Mbps over a single two-wire
unconditioned unshielded twisted-pair cable.
The Telindus 1421 SHDSL Router can be used as CPE in combination with ATM, Frame Relay or PPP
based DSLAMs and IMAPs, or in a point to point set-up. While asymmetric ADSL connections are typi-
cally used for residential access, the Telindus 1421 SHDSL Router is the ideal access device for con-
necting business users, offering managed symmetric transmission services at the highest speeds.
The line speed can be automatically adapted to optimise the throughput as a function of the character-
istics of the local loop. To achieve even higher speeds (up to 4.6Mbps) or a longer reach, a 2 line pairs
version is also available.
The Telindus 1421 SHDSL Router supports differentiated services based on VPNs (Virtual Private Net-
works). Therefore it integrates features like L2TP (Layer 2 Tunnelling Protocol), IPSEC, 802.1Q (VLAN
tagging) and QoS (Quality of Service) based on Diffserv.
You can also perform DES and 3DES encryption. A specific model supporting a hardware accelerator
for DES and 3DES encryption is also available. On the Telindus 1421 SHDSL Router LE models how-
ever, only DES encryption can be used. On the Telindus 1421 SHDSL Router NE models, the use of
encryption is not possible.
The Telindus 1421 SHDSL Router is designed for integration into demanding network environments and
can be controlled by a complete set of network maintenance and management tools. It supports auto-
install features over the WAN network. This makes it ideally suited for plug-and-play installation at cus-
tomer premises while the configuration is prepared at a central site.
1.2 Telindus 1421 SHDSL Router applications
Below some examples of Telindus 1421 SHDSL Router applications are shown.
Point-to-point LAN interconnection
LAN extension over a network
LAN to Internet connection

1.3 Maintenance and management tools
The Telindus 1421 SHDSL Router is manageable in many different ways. This section gives a quick
overview of the various maintenance and management tools.
Maintenance or Description and reference

management
tool
TMA TMA (Telindus Maintenance Application) is a free Windows software package with
a comprehensive graphical user interface that enables you to control the Telindus
products completely. I.e. to access their configuration attributes and look at status,
performance and alarm information.
Refer to 4 - Maintaining the Telindus 1421 SHDSL Router on page 29 and the TMA
manual (PDF) for more information.
TMA Element TMA Element Management is a management application designed to monitor

Management large numbers of Telindus devices. It combines the easy to use graphical interface
of the stand-alone version of TMA with an event-logging application called the Ele-
ment Viewer.
Refer to the TMA Element Management manual (PDF/CHM) for more information.
TMA for HP TMA for HP OpenView is the management application that runs on the widely
OpenView spread network management platform HP OpenView. It combines the easy to use
graphical interface of the stand-alone version of TMA with the advantages and fea-
tures of HP OpenView.
Refer to the TMA for HP OpenView manual (PDF) for more information.
TMA CLI TMA CLI (TMA Command Line Interface) enables you to use its commands in
scripts in order to automate management actions. This is particularly useful in
large networks. TMA CLI is a complementary product to TMA, TMA Element Man-
agement and TMA for HP OpenView.
Refer to the TMA CLI manual (PDF) for more information.
ATWIN ATWIN is a menu-driven user interface. You can read and change all attributes as
with TMA, but in a more basic, textual representation using a VT100 terminal.
Refer to the Maintenance tools manual (PDF) for more information.
CLI CLI is also a Command Line Interface, although not so extensive as TMA CLI.
Experienced users who are familiar with the syntax can access the Telindus
devices more quickly than with TMA or ATWIN.
Web Interface The Web Interface is an ATWIN alike menu-driven user interface. You can read
and change all attributes as with TMA, but in a more basic representation using a
web browser.
Note that the HTTP interfaces are not only available on port 80, but also on
port 8080. This allows connecting to the HTTP interfaces in case a NAT
service is defined on port 80.
Maintenance or Description and reference

management
tool
SNMP You can manage the Telindus 1421 SHDSL Router through SNMP using any
SNMP browser. The Telindus 1421 SHDSL Router supports MIB2 and a private
MIB, including traps.
The private MIB comes with your copy of TMA. After installation of the TMA data
files, the private MIB file is available in directory C:\Program Files\TMA\snmp1 with
the name <filename>.mib2.
Refer to 11.11 - SNMP configuration attributes on page 499 and the documenta-
tion of your SNMP browser for more information.
Easy Configura- The Easy Configurator allows you to add HTML pages on top of the standard Web
tor Interface by adding a set of specific files on the file system of the Telindus 1421
SHDSL Router. These files can be made either by Telindus or by the customer
itself.
The goal is to offer a simple, custom made web interface which allows only to
change or show those parameters that are relevant for a certain application or cus-
tomer.
Note that the HTTP interfaces are not only available on port 80, but also on
port 8080. This allows connecting to the HTTP interfaces in case a NAT
service is defined on port 80.
1. The first part of the directory path may be different if you did not choose the default path during
the installation of the TMA data files.
2. The filename is product dependent. To determine which MIB file corresponds with which prod-
uct, refer to the models.nms file (located in C:\Program Files\TMA\model1).
1.4 Maintenance and management tools connection possibilities
The following table gives an overview of all the maintenance and management tools and how you can
connect them with the Telindus 1421 SHDSL Router:
Maintenance or manage- Tool - Telindus 1421 SHDSL Tool - management concentra-

ment tool Router connection tor connection1
Serial2 IP3 Serial2 IP3
CLI X4 X5 X4 X5
ATWIN X4 X5 X4 X5
TMA X X X X
TMA CLI X X X X
TMA Element Management X X
TMA for HP OpenView X X
SNMP6 X X
Web Interface7 X X
1. Examples of management concentrators are the Orchid 1003 LAN, the Telindus 1030 Router
series, the Telindus 2300 SHDSL series, etc. Refer to their corresponding manuals for more
information on how to set these devices up as management proxy.
2. A serial connection is a connection between the COM port of your PC and the control connec-
tor of the Telindus 1421 SHDSL Router using a male-female DB9 cable.
3. An IP connection is a connection between your PC and the Telindus 1421 SHDSL Router over
an IP network.
4. Using a VT100 terminal (emulation program).
5. Using Telnet.
6. Using an SNMP browser.
7. Using a web browser.
User manual Installing and connecting the Telindus 1421 SHDSL Router
2 Installing and connecting the Telindus 1421 SHDSL

Router
First this chapter gives some important safety instructions. Then it explains how to install and connect
the Telindus 1421 SHDSL Router.
You are advised to read this chapter from the beginning to the end, without skipping any part. By doing
so, your Telindus 1421 SHDSL Router will be completely installed and ready for configuration when you
reach the end of this chapter.
The following gives an overview of this chapter:

• 2.1 - Safety instructions on page 10
• 2.2 - Unpacking on page 11
• 2.3 - Selecting a site on page 12
• 2.4 - Mounting the Telindus 1421 SHDSL Router to a wall on page 13
• 2.5 - Connection precautions on page 15
• 2.6 - Connecting the Telindus 1421 SHDSL Router on page 16
• 2.7 - The front panel LED indicators on page 20
2.1 Safety instructions
IMPORTANT SAFETY INSTRUCTIONS
Disconnect the power supply before installing, adjusting or servicing the unit.
WICHTIGE SICHERHEITSINSTRUKTIONEN
Vor sämtlichen Arbeiten am Gerät (Installation, Einstellungen, Reparaturen etc.) sollten Sie den
Netzstecker aus der Steckdose ziehen.
SAFETY WARNING
To avoid damage to the unit, please observe all procedures described in this chapter.
SICHERHEITSBESTIMMUNGEN
Um eine Beschädigung des Gerätes zu verhindern, beachten Sie bitte unbedingt die Sicherheitsbestim-
mungen die in diesem Abschnitt beschrieben werden.
Ensure that the unit and its connected equipment all use the same power and ground, to reduce noise
interference and possible safety hazards caused by differences in ground or earth potentials.
2.2 Unpacking
Checking the shipping carton
Rough handling during shipping causes most early failures. Before installation, check the shipping car-
ton for signs of damage:
• If the shipping carton is damaged, please place a claim with the carrier company immediately.
• If the shipping carton is undamaged, do not dispose of it in case you need to store the unit or ship it
in the future.
Package contents
The box should contain the following items:

• Telindus 1421 SHDSL Router
• TMA CD-ROM (including this User and Reference manual in PDF format)
Optionally (depending which sales item you ordered):

• external power supply with power cord
2.3 Selecting a site
WARNING
Always place the unit on its feet without blocking the air vents.
Do not stack multiple units directly onto each other, as stacking can cause heat build-up that could dam-
age the equipment.
ACHTUNG
Stellen Sie das Gerät niemals seitlich, sondern nur auf den Füßen auf und achten Sie darauf, daß die
Lüftungsschlitze an der Seitenverkleidung frei bleiben.
Stapeln Sie nicht mehrere Geräte direkt übereinander, dies kann zu einem Hitzestau führen.
Install the unit in an area free of extreme temperatures, humidity, shock and vibration. Position it so that
you can easily see and access the front panel and its control indicators. Leave enough clearance at the
back for cables and wires. Position the unit within the correct distances for the different accesses and
within 2m of a power outlet.
2.4 Mounting the Telindus 1421 SHDSL Router to a wall
The Telindus 1421 SHDSL Router can be mounted to the wall. In order to do so, proceed as follows:
Step Action
1 Drill two holes in the wall, according to the following specifications:

• hole diameter: 4 mm
• distance between the holes:
- in case of the PBOX05 housing: 120 mm
- in case of the PBOX06 housing: 60 mm
• hole depth: at least 25 mm
2 Insert two wall plugs in the holes. The plugs should have the following dimensions:
• diameter: 4 mm
• length: 20 mm
3 Screw two square hooks (steel zinc plated and white epox) in the plugs. The square
hooks should have the following dimensions:
4 Slide the Telindus 1421 SHDSL Router over the hooks until it touches the wall, as shown
in the figure below.
5 Slide the Telindus 1421 SHDSL Router down until it is firmly attached, as shown in the
figure below.
2.5 Connection precautions
ESD WARNING
The circuit boards are sensitive to electrostatic discharges (ESD) and should be handled with care. It is
advisable to ensure an optimal electrical contact between yourself, the working area and a safety ground
before touching any circuit board. Take special care not to touch any component or connector on the
circuit board.
EMC WARNING
The Telindus access products are fully EMC compliant. To ensure compliance with EMC directive 89/
336/EEC, shielded cables or ferrite beads have to be used.
NOTE
This unit may be powered by an IT power system.
The connectors of the Telindus 1421 SHDSL Router should only be connected to the following circuit
types:
Connector name Connector label Connector type Circuit type
LAN connector LAN RJ45 SELV
SHDSL line connector LINE RJ12 TNV-1
control connector CTRL subD-9 SELV
• SELV (Safety Extra Low Voltage): local connection (e.g. PC to Telindus 1421 SHDSL Router) or
leased line inside the building.
• TNV-1 (Telecom Network Voltage): leased line outside the building.
• TNV-2: PSTN from PABX inside the building.
• TNV-3: PSTN from operator PABX outside the building.
2.6 Connecting the Telindus 1421 SHDSL Router
This section explains how to connect the Telindus 1421 SHDSL Router. The following gives an overview
of this section:
• 2.6.1 - Rear view of the Telindus 1421 SHDSL Router on page 17
• 2.6.2 - The different parts of the Telindus 1421 SHDSL Router on page 18
• 2.6.3 - Connecting the Telindus 1421 SHDSL Router - an example on page 19
2.6.1 Rear view of the Telindus 1421 SHDSL Router
The following figure shows the back panel of the Telindus 1421 SHDSL Router 1P (1 pair):
The following figure shows the back panel of the Telindus 1421 SHDSL Router 2P (2 pair):
2.6.2 The different parts of the Telindus 1421 SHDSL Router
The following table gives an overview of the parts located at the back of the Telindus 1421 SHDSL
Router and reveals their function:
Label Function
7.5 / 9 This is the power input. Insert the plug of the external power supply in this socket.
VDC
Important remark
In case of a …
• Telindus 1421 SHDSL Router 1 pair version, the input voltage is 7.5 Vdc.
• Telindus 1421 SHDSL Router 2 pair version, the input voltage is 9 Vdc.
Refer to 18.18 - Power requirements on page 768 for the power specifications of the Tel-
indus 1421 SHDSL Router.
LAN This RJ45 connector is the connection towards the LAN.

Connect one side of an RJ45 to RJ45 cable (not included) to the LAN connector of the
Telindus 1421 SHDSL Router and the other side to a network outlet. If you want to con-
nect the Telindus 1421 SHDSL Router to …
• a regular Ethernet network outlet, then use a crossed RJ45 cable.
• an Ethernet hub, then use a straight RJ45 cable.
Refer to 18.2 - LAN interface specifications on page 754 for the specifications of this con-
nector.
CTRL This female 9-pins subD connector is the control connector.

You can connect this connector to a COM port of your PC with a straight male-female
DB9 cable (not included). This enables you to manage the Telindus 1421 SHDSL Router
locally, using TMA, CLI, ATWIN etc.
You can also connect this connector to a management concentrator, also for manage-
ment purposes.
Refer to 18.3 - Control connector specifications on page 755 for the specifications of this
connector.
LINE This RJ12 connector is the connection towards the SHDSL line.
Connect one side of an RJ12 to RJ12 cable (not included) to the LINE connector of the
Telindus 1421 SHDSL Router and the other side to an SHDSL outlet.
For optimum performance, the used line pairs have to be properly twisted pairs.
Refer to 18.1 - SHDSL line specifications on page 752 for the specifications of this con-
nector.
2.6.3 Connecting the Telindus 1421 SHDSL Router - an example
The following figure shows a typical Telindus 1421 SHDSL Router set-up:
In this set-up …
• the LINE connector is connected to an SHDSL line outlet using an RJ12 - RJ12 cable. In this way the
Telindus 1421 SHDSL Router is connected to the WAN. You can, for example, connect the Telindus
1421 SHDSL Router to a remote network over a leased line. Refer to 1.2 - Telindus 1421 SHDSL
Router applications on page 5 for some typical applications.
• the CTRL connector is connected to the COM port of a computer using a straight male - female DB9
cable. In this way you can, for example, manage the Telindus 1421 SHDSL Router locally using TMA
(CLI), CLI, ATWIN, etc.
• the LAN connector is connected to an Ethernet hub using a straight RJ45 - RJ45 cable. In this way
the Telindus 1421 SHDSL Router is connected to your local network (LAN).
• the external power supply is connected to the power input.
For optimum performance, the used line pairs have to be properly twisted pairs.
2.7 The front panel LED indicators
This section gives an overview of the front panel LEDs and what they indicate. The following gives an
overview of this section:
• 2.7.1 - Introducing the front panel LEDs on page 21
• 2.7.2 - The power LED (PWR, green) on page 22
• 2.7.3 - The line link LED (LINE LNK1 / LNK2, green) on page 22
• 2.7.4 - The line data LED (LINE ACT, green) on page 22
• 2.7.5 - The LAN LED (LAN ACT, green) on page 22f
2.7.1 Introducing the front panel LEDs
When all the connections are made and the Telindus 1421 SHDSL Router is powered, the LEDs on the
front panel reflect the actual status of the device.
The following figure shows the front panel LED indicators of the Telindus 1421 SHDSL Router:
LED states
One front panel LED can reflect different status modes by the way it lights up. The front panel LEDs can
light up as follows:
LED state LED duty cycle Description
continuously off 0% The LED never lights up.
continuously on 100 % The LED lights up continuously.
blinking 50 % The LED is as much lit as it is out.
flashing 20 % The LED only lights up during 20% of the time.
mostly off - The LED occasionally lights up, without a fixed duty cycle.
mostly on - The LED occasionally goes out, without a fixed duty cycle.
monitoring - The LED lights up irregularly. For instance, it lights up on

detection of a certain signal. I.e. it monitors this signal.
2.7.2 The power LED (PWR, green)
The power LED indicates the following:
LED status Description
continuously off No DC input power is available.
blinking The self test, performed during the boot sequence, failed. In this condition, the
ACT LEDs are continuously on.
continuously on The Telindus 1421 SHDSL Router is powered and the boot sequence has been
completed successfully.
In case the Telindus 1421 SHDSL Router remains in boot mode, also the ACT
LEDs are continuously on to indicate this special state. Refer to 17.1 - What is
boot, loader and application software? on page 742 for more information on boot
mode.
2.7.3 The line link LED (LINE LNK1 / LNK2, green)
This LED reflects the status of the line:
continuously off No response on the handshake. E.g. nothing is connected to the line.
blinking The handshake is in progress.
continuously on The handshake was successful. Layer 1 is up.
The LINE LNK2 LED is only present on a Telindus 1421 SHDSL Router 2 pair version.
2.7.4 The line data LED (LINE ACT, green)
This LED reflects the status of the user data on the line:
continuously off Layer 2 is down.
monitoring Layer 2 is up and user data is present (both transmit and receive data).
continuously on Layer 2 is up, but no user data is present.
2.7.5 The LAN LED (LAN ACT, green)
This LED reflects the status of the link and monitors the user data on the LAN interface:
continuously off Nothing is connected to the LAN interface.
monitoring The Ethernet link is up and there is network activity on the LAN.
continuously on The Ethernet link is up, but there is no network activity on the LAN.
User manual DIP switches of the Telindus 1421 SHDSL Router
3 DIP switches of the Telindus 1421 SHDSL Router

This chapter locates the DIP switches on the Telindus 1421 SHDSL Router motherboard. It gives an
overview of their function and it explains how to change their settings.
• 3.1 - The Telindus 1421 SHDSL Router motherboard on page 26
• 3.2 - DIP switches of the Telindus 1421 SHDSL Router on page 27
• 3.3 - Opening and closing the housing on page 28
Default settings are printed in bold.

3.1 The Telindus 1421 SHDSL Router motherboard
The figure below shows the position of the DIP switches on the Telindus 1421 SHDSL Router mother-
board:
3.2 DIP switches of the Telindus 1421 SHDSL Router
Refer to 3.3 - Opening and closing the housing on page 28 to find out how to open the housing in order
to change the DIP switch settings.
The following table gives an overview of the DIP switches on DIP switch bank DS1:
DIP switch name DS1 no. Setting Function
loader mode 1 on Normal operation.
off Start up in loader mode.

Refer to 17.6 - Downloading application
or loader software in loader mode on
page 748.
load default 2 on Normal operation.

configuration
off Load default configuration.
Refer to 5.6.4 - Loading the default con-
figuration using a DIP switch on
page 78.
3.3 Opening and closing the housing
When you want to change the DIP switch settings of the Telindus 1421 SHDSL Router, you have to open
and close the housing of the Telindus 1421 SHDSL Router. This section explains how to do so.
Opening the housing
To open the housing of the Telindus 1421 SHDSL Router, proceed as follows:
Step Action
1 Disconnect the external power supply.
2 Unscrew the two screws located at the back of the

housing.
3 Remove the cover as follows:

1. Carefully lift the back of the cover a
few centimetres.
2. Gently pull the cover backwards
from under the nose of the housing.
Closing the housing
To close the housing of the Telindus 1421 SHDSL Router, proceed as follows:
Step Action
1 Replace the cover as follows:

1. Gently push the cover under the
nose of the housing.
2. Lower the back of the cover.
3. Push the back of the cover down,
clicking cover and bottom together.
2 Fasten the two screws located at the back of the

housing.
3 Reconnect the external power supply.

User manual Maintaining the Telindus 1421 SHDSL Router
4 Maintaining the Telindus 1421 SHDSL Router

Once you installed the Telindus 1421 SHDSL Router, you can proceed with the configuration of the Tel-
indus 1421 SHDSL Router. You can do this using any of the maintenance or management tools intro-
duced in 1.3 - Maintenance and management tools on page 6.
This chapter briefly highlights one of those tools: the Telindus Maintenance Application (TMA). It intro-
duces TMA and describes how to start a session on the Telindus 1421 SHDSL Router. It also introduces
the terminology concerning the management of a Telindus device. Furthermore, it explains why and how
to add an object to the containment tree.
• 4.1 - Maintaining the Telindus 1421 SHDSL Router with TMA on page 30
• 4.2 - Introducing the management terminology on page 36
• 4.3 - The objects in the Telindus 1421 SHDSL Router containment tree on page 40
• 4.4 - Adding an object to the containment tree on page 42
• 4.5 - Telindus 1421 SHDSL Router attribute overview on page 47
4.1 Maintaining the Telindus 1421 SHDSL Router with TMA
First, this section introduces TMA. Then it describes how to start a session on the Telindus 1421 SHDSL
Router. The following gives an overview of this section:
• 4.1.1 - What is TMA? on page 31
• 4.1.2 - How to connect TMA? on page 31
• 4.1.3 - Connecting with TMA through the control connector on page 32
• 4.1.4 - Connecting with TMA over an IP network on page 34
4.1.1 What is TMA?
TMA is the acronym for Telindus Maintenance Application. TMA is a free Windows software package
that enables you to maintain the Telindus 1421 SHDSL Router, i.e. to access its configuration attributes
and look at status, performance and alarm information using a user friendly graphical user interface.
TMA is an excellent tool for complete control of the Telindus access devices. When using TMA in com-
bination with a network management system such as HP OpenView, complete networks can be man-
aged from one central site.
Consult the TMA manual (PDF) to find out how to install TMA and to get acquainted with the user inter-
face.
You will need a new version of the model file distribution if changes have been made to the attributes of
the Telindus 1421 SHDSL Router. The most recent model files and TMA engine can always be down-
loaded from the Telindus web site at www.telindusproducts.com/TMA.
4.1.2 How to connect TMA?
There are two ways to establish a connection between the computer running TMA and the Telindus 1421
SHDSL Router:
• through a serial connection, i.e. through the control connector of the Telindus 1421 SHDSL Router.
Refer to 4.1.3 - Connecting with TMA through the control connector on page 32.
• through an IP connection, i.e. through the LAN connector of the Telindus 1421 SHDSL Router. Refer
to 4.1.4 - Connecting with TMA over an IP network on page 34.
4.1.3 Connecting with TMA through the control connector
To established a connection between TMA and the Telindus 1421 SHDSL Router through the control
connector, proceed as follows:
Step Action
1 Connect a serial port of your com-

puter (e.g. COM1) through a
straight DB9 male - female cable
with the control connector of the
Telindus 1421 SHDSL Router.
2 Start TMA.
3 In the TMA window, either …

• select from the menu bar: Connect →
Device…
• or press the short-cut key: Ctrl+N
• or click on the Connect to device button:
The Connect… (to a device) window is displayed

as in the following figure:
4 In the Connect… (to a device) window, specify the following:

• Select the option Serial and specify the COM port of your computer to which the Tel-
indus 1421 SHDSL Router is connected.
• If previously a password has been configured in the Telindus 1421 SHDSL Router
then also fill in the password field.
5 Click on the Next > button.

⇒The second Connect… window is displayed.
Step Action
6 In the Connect… (select a device) window, pro-

ceed as follows to connect to the …
• local Telindus 1421 SHDSL Router: select On
device.
• remote Telindus 1421 SHDSL Router:
- Select After device.
- Enter 1 in the NMS address field.
- Select Relative.
- If previously a password has been config-
ured in the remote Telindus 1421 SHDSL
Router then also fill in the password field.
You can only connect to a remote Telin-

dus 1421 SHDSL Router if the data link is up.
7 Click on the Finish button.
8 After a couple of seconds, the attributes of the Telindus 1421 SHDSL Router appear in
the TMA window.
4.1.4 Connecting with TMA over an IP network
To established a connection between TMA and the Telindus 1421 SHDSL Router over an IP network,
proceed as follows:
Step Action
1 Connect the IP network

to …
• the network port of
your PC,
• the LAN connector of
the Telindus 1421
SHDSL Router.
2 Start TMA.
3 In the TMA window, either …

• select from the menu bar: Connect →
Device…
• or press the short-cut key: Ctrl+N
• or press on the Connect to device button:
The Connect… (to a device) window is being dis-

played as in the following figure:
4 In the Connect… (to a device) window, specify the following:

• Select the option IP address and enter the IP address of the Telindus 1421 SHDSL
Router.
• If a password has previously been configured in the Telindus 1421 SHDSL Router
then also fill in the password field.
Before you are able to establish a connection over an IP network, you have to con-
figure an IP address and a default gateway in the Telindus 1421 SHDSL Router.
You can do this by first connecting TMA to the Telindus 1421 SHDSL Router through the
control connector, and then configuring an IP address and a default gateway. Refer to
the 5.2 - Configuring IP addresses on page 51.
5 Click on the Next > button.

⇒The second Connect… window is displayed.
Step Action
6 In the Connect… (select a device) window, pro-

ceed as follows to connect to the …
• local Telindus 1421 SHDSL Router: select On
device.
• remote Telindus 1421 SHDSL Router:
- Select After device.
- Enter 1 in the NMS address field.
- Select Relative.
- If previously a password has been config-
ured in the remote Telindus 1421 SHDSL
Router then also fill in the password field.
You can only connect to a remote Telin-

dus 1421 SHDSL Router if the data link is up.
7 Click on the Finish button.
8 After a couple of seconds, the attributes of the Telindus 1421 SHDSL Router appear in
the TMA window.
4.2 Introducing the management terminology
This section briefly introduces the terminology concerning the management of a Telindus device. It
explains terms such as containment tree, group, object, attribute, value and action.
The following gives an overview of this section:
• 4.2.1 - Graphical representation of the containment tree on page 37
• 4.2.2 - Containment tree terminology on page 38
4.2.1 Graphical representation of the containment tree
The most comprehensible graphical representation of the containment tree is given in TMA. The follow-
ing figure depicts the TMA window displaying a containment tree:
Refer to 4.2.2 - Containment tree terminology on page 38 for an explanation of the terms associated with
the containment tree.
4.2.2 Containment tree terminology
Refer to 4.2.1 - Graphical representation of the containment tree on page 37 for a figure of a containment
tree.
The following table explains the terminology associated with the containment tree:
Term Description
containment tree The containment tree represents the hierarchical structure of the Telindus 1421
SHDSL Router. It is composed of a number of objects that are ordered in a tree.
This tree resembles a Windows directory structure:
• it is also a levelled structure, with nodes which can be expanded or reduced.
• the containment tree objects can be compared with file folders.
• the objects contain attributes like file folders contain files.
object An object represents a physical interface, an application or a combination of both.

Each object has its own set of attributes.
parent and child Some objects are not present in the containment tree by default. If you want to use
object the features associated with such an object, then you have to add the object first.
You always add an object under another object. The object you add is called the
child object. The object under which you add this child object is called the parent
object.
Objects which you can add are also often referred to as user-instantiatable objects.
index name Of some objects more than one object is present in the containment tree. The dif-
ferent objects are distinguished from one another by adding an index. E.g. linePair[1]
and linePair[2], where 1 and 2 are the indexes. Also child objects are given an index
(by the user when adding the object).
An index name is also often referred to as index, instance value or instance name.
attribute An attribute is a parameter related to a certain object. It has a certain value.
value An attribute has a certain value which is …

• changeable in case of a configuration attribute (provided you have write
access).
• read only in case of a status, performance and alarm attribute.
structured value Some attribute values contain underlying values: a structured value. These values
are displayed in the structured value window. If an attribute contains structured val-
ues, then a bit string, <Table> or <Struct> is displayed after the attribute:
• a bit string is a series of bits. The value of each of these bits can be 0 or 1, on
or off, enabled or disabled.
• a table contains columns and rows. Each column contains an attribute (which,
on its turn, can have a structured value). Each row is an entry in the table.
• a structure contains columns but only one row. A structure could be compared
to an attribute which contains several “sub-attributes”.
A structured value is also often referred to as bit string, table, structure or complex
value.
Term Description
element An element is an attribute within a structured value. In other words, they could be
considered as “sub-attributes”.
group Groups assemble a set of attributes related by functionality. There are four groups
in TMA, which correspond with the four tabs in the attribute window:
• configuration,
• status,
• performance,
• alarms.
action A group in combination with an object may have actions assigned to them. These
actions are displayed in the action window.
4.3 The objects in the Telindus 1421 SHDSL Router containment

tree
The following table lists the different objects of the Telindus 1421 SHDSL Router containment tree. It
also specifies whether the objects are present by default, whether you have to add them yourself or
whether they are added automatically.
> telindus1421Router
>> lanInterface
>> wanInterface
>>> atm
>>> frameRelay
>>> ppp
>>> hdlc
>>> line
>>>> linePair[ ]1
>>> repeater[ ]2
>>> end2
>> bundle
>>>> pppBundle[ ]3
>> router
>>> tunnels
>>> defaultNat
>>> nat[ ]3
>>> manualSA[ ]3
>>> ikeSA[ ]3
1. In case of a Telindus 1421 SHDSL Router 2 pair version, two linePair[ ] objects are present.
2. Not present by default. Only appears when setting the eocHandling attribute. Refer to 5.4.3 -
Controlling the standard EOC message exchange on page 68.
>>> routingFilter[ ]3
>>> priorityPolicy[ ]3
>>> trafficPolicy[ ]3
>>> ospf
>>>> area3
>> bridge
>>> bridgeGroup
>>> vpnBridgeGroup[ ]3
>>> accessList[ ]3
>>> trafficPolicy[ ]3
>> snmp
>> management
>>> loopBack
>> fileSystem
>> operatingSystem
3. Not present by default, has to be added. The index name is user defined. Refer to 4.4 - Adding
an object to the containment tree on page 42.
4.4 Adding an object to the containment tree
This section explains why and how you can add an object to the containment tree. It then explains why
and how to refer to this object.
• 4.4.1 - Why add an object to the containment tree? on page 43
• 4.4.2 - How to add an object to the containment tree? on page 44
• 4.4.3 - Referring to an added object on page 46
4.4.1 Why add an object to the containment tree?
Why can you add an object to the containment tree?
Some objects are not present in the containment tree by default but you can add them yourself because
…
• in this way the containment tree remains clear and surveyable,
• you possibly do not need the functions associated with such an object,
• you possibly need several of these objects so you can add as many objects as you like.
When do you have to add an object to the containment tree?
If you want to use the features associated with such an object, then you have to add the object first.
Which objects can be added to the containment tree?
Section 4.3 - The objects in the Telindus 1421 SHDSL Router containment tree on page 40 gives you
an overview of all the objects in the containment tree. It also tells you which objects have to be added
before you can use them.
4.4.2 How to add an object to the containment tree?
The section shows you, for each maintenance tool, how to add an object to the containment tree. The
following section, 4.4.3 - Referring to an added object on page 46, shows you how you can “refer” to this
added object somewhere else in the containment tree.
Adding an object in TMA
Step Action
1 Right click on the parent object (e.g. router).

⇒A pop-up menu appears.
2 In the pop-up menu, select Add Child… and select the child object you want to add (e.g.
routingFilter).
⇒A pop-up window appears.
3 In the pop-up window, type the index name (i.e. the instance value) for the child object
(e.g. my_filter) and click on OK.
⇒The new child object is created (e.g. routingFilter[my_filter]).
Adding an object in (TMA) CLI
Step Action
1 Enter the parent object (e.g. select router).
2 Type the following command: set {select childObjectName[instanceValue]{}}

where instanceValue is a string of your choice.
(e.g. set {select routingFilter[my_filter]{}})
⇒The new child object is created.
Adding an object in ATWIN
Step Action
1 Enter the parent object (e.g. go to the router object and press the enter key).
⇒The ATWIN window shows the sub-objects and attributes of the parent object.
2 Go to the line displaying the string <CREATE INSTANCE> and the name of the object you
want to add (e.g. routingFilter <CREATE INSTANCE>) and press the enter key.
⇒A new window appears, displaying the string Give the instanceValue.
3 Press the enter key and type the index name (i.e. the instance value) for the child object
(e.g. my_filter) and press the enter key again.
⇒The new child object is created (e.g. >.routingFilter [name:my_filter]).
Adding an object in the Web Interface
Step Action
1 Enter the parent object (e.g. select the router object and double-click it or click on Open).
⇒The Web Interface window shows the sub-objects and attributes of the parent
object.
2 Select the line displaying the string <CREATE INSTANCE> and the name of the object you
want to add (e.g. routingFilter <CREATE INSTANCE>) and double-click it or click on
Open.
⇒A new window appears, displaying the string Give the instanceValue.
3 Type the index name (i.e. the instance value) for the child object (e.g. my_filter) and click
on exit.
⇒The new child object is created (e.g. >.routingFilter [name:my_filter]).
4.4.3 Referring to an added object
What is referring to an added object?
If at a certain place in the containment tree you want to apply the function associated with an object you
added, then you have to refer to this object.
How to refer to an added object?
Some attributes allow you to enter the index name (i.e. the instance value you assigned to the object) of
an added object. By doing so, the function associated with this object is applied there.
Example
Suppose you create a routingFilter object with the index name my_filter. The containment tree then looks as
follows:
Now, you want to use this filter on the LAN interface. In that case, in the ip/rip structure in the lanInterface
object, enter the index name of the routingFilter object under the element “filter”. This looks as follows:
4.5 Telindus 1421 SHDSL Router attribute overview
The reference part of this manual explains all the attributes of the Telindus 1421 SHDSL Router. One
chapter describes one group of attributes:
• chapter 11 - Configuration attributes on page 343,
• chapter 12 - Status attributes on page 513,
• chapter 13 - Performance attributes on page 629,
• chapter 14 - Alarm attributes on page 695.
User manual Basic configuration
5 Basic configuration
This chapter shows you how to configure the very basics of the Telindus 1421 SHDSL Router. This will
allow you to access the Telindus 1421 SHDSL Router over an IP connection with, for example, TMA. It
also explains how to configure passwords on the Telindus 1421 SHDSL Router. Furthermore, there is a
section on configuration actions, i.e. how to activate a configuration, how to load the default configura-
tion, etc. Another section redirects you to the explanation of the major features of the Telindus 1421
SHDSL Router. The last section briefly explains what to check should you experience trouble when
installing, configuring or operating the Telindus 1421 SHDSL Router.
• 5.1 - What is an interface? on page 50
• 5.2 - Configuring IP addresses on page 51
• 5.3 - Configuring the SHDSL line on page 62
• 5.4 - Enabling EOC message exchange on page 66
• 5.5 - Configuring passwords on page 74
• 5.6 - Executing configuration actions on page 76
• 5.7 - Configuring the major features of the Telindus 1421 SHDSL Router on page 80
• 5.8 - Troubleshooting the Telindus 1421 SHDSL Router on page 81
Refer to the Reference manual on page 341 for a complete overview of all the attributes of the Telindus
1421 SHDSL Router.
5.1 What is an interface?
The term interface, as it is used in this manual, can be divided into two groups:
Interface type Description
physical A physical interface is an interface to which you can physically connect a cable. So
a physical interface has a physical connector. It also has some configuration
attributes that control the behaviour of the interface.
For example:
• The control interface (CTRL). It has a female 9-pins subD connector to which
you can connect a male 9-pins subD connector for maintenance purposes. It
has configuration attributes such as ctrlPortProtocol, cms2Address, etc.
• The LAN interface (LAN). It has a female RJ45 connector to which you can con-
nect a male RJ45 connector to connect to an Ethernet network. It has configu-
ration attributes such as ip, vlan, etc.
Other examples are the station clock interface, the alarm interfaces, the xDSL line
interfaces, etc.
logical A logical interface is an interface to which you can not physically connect a cable.
So a logical interface has no physical connector. However, it is part of the physical
interface, but on a higher level. One physical interface can “contain” several logical
interfaces. A logical interface also has some configuration attributes that control
the behaviour of the interface.
For example:
• An ATM PVC on an xDSL line. The xDSL line is the physical interface (it has a
physical connector) whereas the ATM PVC is the logical interface (it is located
on a higher level, i.e. layer 2 protocol level). You can have several ATM PVCs
on one xDSL line.
• a VLAN on the LAN interface. The LAN interface is the physical interface and
the VLAN is the logical interface.
Other examples are L2TP tunnels, links in a multi-link bundle, bridge groups, etc.
5.2 Configuring IP addresses
The first thing you have to configure are the IP addresses of the Telindus 1421 SHDSL Router. First this
section lists which mechanisms there are to obtain an IP address automatically. Then it shows you, for
each interface, where you can find the IP related parameters. Finally this section explains these IP
related parameters.
• 5.2.1 - Automatically obtaining an IP address on page 52
• 5.2.2 - Where to find the IP parameters? on page 53
• 5.2.3 - Explaining the ip structure on page 54
• 5.2.4 - Configuring an IP address on the LAN interface on page 60
5.2.1 Automatically obtaining an IP address
Obtaining an IP address on the LAN interface
The Telindus 1421 SHDSL Router supports several protocols to automatically obtain an IP address on
its LAN interface. Refer to 16 - Auto installing the Telindus 1421 SHDSL Router on page 715 for more
information on auto-install.
Obtaining an IP address on the WAN interface
In case of …
• ATM, refer to …
- 6.2.3 - Automatically obtaining IP addresses in ATM on page 95.
- 16.3.2 - Auto-install in case of ATM on page 725.
• Frame Relay, refer to …
- 6.3.3 - Automatically obtaining IP addresses in Frame Relay on page 114.
- 16.3.3 - Auto-install in case of Frame-Relay on page 726.
• PPP(oA), refer to 6.4.2 - Automatically obtaining IP addresses in PPP on page 127.
An IP address that is obtained using a dynamic procedure is not displayed in the configuration window,
but can be found in the status window.
5.2.2 Where to find the IP parameters?
The following table shows where you can find the IP parameters of the different IP interfaces:
Interface Location of the IP parameters
LAN interface In the ip structure of the lanInterface object: telindus1421Router/lanInterface/ip.
Important remark
If you set the configuration attribute telindus1421Router/lanInterface/mode to bridg-

ing, then the settings of the configuration attribute telindus1421Router/lanInterface/ip are
ignored. As a result, if you want to manage the Telindus 1421 SHDSL Router via
IP, you have to configure an IP address in the bridgeGroup object instead:
telindus1421Router/bridge/bridgeGroup/ip.
VLAN on the In the ip structure of the vlan table which is located in the lanInterface object:
LAN interface telindus1421Router/lanInterface/vlan/ip.
ATM PVC In the ip structure of the pvcTable which is located in the atm object: telindus1421Router/
wanInterface/atm/pvcTable/ip.
PPP link In the ip structure of the ppp object: telindus1421Router/wanInterface/ppp/ip.
Frame Relay You can find the ip structure on two levels:

PVC
• in the frameRelay object: telindus1421Router/wanInterface/frameRelay/ip.
• in the dlciTable attribute: telindus1421Router/wanInterface/frameRelay/dlciTable/ip.
Section 6.3.4 - Configuring IP addresses in Frame Relay on page 115 explains
why you can configure the IP parameters on two different levels.
L2TP tunnel In the ip structure of the l2tpTunnels table which is located in the tunnels object:
telindus1421Router/router/tunnels/l2tpTunnels/ip.
IPSEC L2TP In the ip structure of the ipsecL2tpTunnels table which is located in the tunnels object:
tunnel telindus1421Router/router/tunnels/ipsecL2tpTunnels/ip.
bridge group In the ip structure of the bridgeGroup object: telindus1421Router/bridge/bridgeGroup/ip.
management In the ipAddress attribute of the loopback object: telindus1421Router/management/loopback/

loopback ipAddress.
Refer to 5.2.3 - Explaining the ip structure on page 54 for a detailed description of the ip structure.
5.2.3 Explaining the ip structure
Because the ip structure occurs in several objects, it is described here once and referenced where nec-
essary. Refer to 5.2.2 - Where to find the IP parameters? on page 53 for the location of the ip structure.
This section lists all the elements that can be present in the ip structure. However, depending on the inter-
face, it is possible that not all of these elements are present.
The ip structure contains the following elements:
Element Description
address Use this element to assign an IP address to the inter- Default:0.0.0.0

face. The address should belong to the subnet the Range: up to 255.255.255.255
interface is connected to.
If you do not explicitly configure a local IP address using the address element,
then it can be learned. Refer to 5.2.1 - Automatically obtaining an IP address
on page 52.
An IP address that is obtained using a dynamic procedure is not displayed in the
configuration window, but can be found in the status window.
netMask Use this element to assign an IP subnet mask to the Default:255.255.255.0

interface. The subnet mask defines the number of IP Range: up to 255.255.255.255
devices that may be present on the corresponding IP
segment.
dhcpClient Use this element to enable or disable the sending of Default:enabled

DHCP client requests on the interface. Range: enabled / disabled
secondaryIp Use this element to create additional virtual networks Default:<empty>

on the same Ethernet interface. Range: table, see below
The secondaryIp table contains the elements address and netMask. See above for an
explanation of these elements.
remote Use this element to assign an IP address to the Default:0.0.0.0

remote end of a connection (e.g. the remote end of an Range: up to 255.255.255.255
L2TP tunnel, a PPP link, etc.).
If you do not explicitly configure a remote IP address using the remote ele-
ment, then it can be learned. Refer to 5.2.1 - Automatically obtaining an IP
address on page 52.
An IP address that is obtained using a dynamic procedure is not displayed in the
configuration window, but can be found in the status window.
Element Description
acceptLocAddr In case of a PPP link, it is possible to learn the local IP Default:enabled

address from the remote side. Use the acceptLocAddr Range: enabled / disabled
element to determine whether to accept or reject the
learned IP address.
The acceptLocAddr element has the following values:
• enabled. If the remote side is able to give an IP address, then the local IP
address is learned from the remote side. Even if you explicitly configure a local
IP address (e.g. using the address element). In other words, if the acceptLocAddr
element is set to enabled, then the local IP address that has been configured is
overruled by the one that has been learned.
• disabled. The local IP address can not be learned from the remote side.
Also see 6.4.2 - Automatically obtaining IP addresses in PPP on page 127.
An IP address that is obtained using a dynamic procedure is not displayed

in the configuration window, but can be found in the status window.
acceptRemAddr In case of a PPP link, it is possible to learn the remote Default:enabled

IP address from the remote side. Use the acceptRem- Range: enabled / disabled
Addr element to determine whether to accept or reject
the learned IP address.
The acceptRemAddr element has the following values:
• enabled. If the remote side is able to give an IP address, then the remote IP
address is learned from the remote side. Even if you explicitly configure a
remote IP address (e.g. using the remote element). In other words, if the accep-
tRemAddr element is set to enabled, then the remote IP address that has been
configured is overruled by the one that has been learned.
• disabled. The remote IP address can not be learned from the remote side.
Also see 6.4.2 - Automatically obtaining IP addresses in PPP on page 127.
An IP address that is obtained using a dynamic procedure is not displayed

in the configuration window, but can be found in the status window.
unnumbered In case you do not explicitly configure a local IP Default:<empty>

address for a PPP(oA) link using the address element, Range: 0 … 24 characters
then you can use the unnumbered element to "borrow"
the IP address of another interface for which an IP address is already configured,
thereby conserving network and address space.
Do this by entering the interface name as unnumbered element
value.
Element Description
gatewayPreference In case you do not explicitly configure a local or Default:80

remote IP address for a PPP(oA) link using the address Range: 0 … 90
and remote element, then these addresses can be
learned from the remote side. What is more, this route is automatically installed as
default route to the remote. In that case you can use the gatewayPreference element
to set the preference of this default route. Refer to the element preference on page 418
for more information.
Note that if you set the gatewayPreference element to 0, then the route is not installed.
mtu Use this element to set the Maximum Transmission Default:1500

Unit of the interface. Range: 500 … 1650
What is MTU?
The Maximum Transmission Unit (MTU) is the largest size packet or frame, spec-
ified in octets (eight-bit bytes), that can be sent in a packet- or frame-based net-
work (e.g. the Internet).
In case of the Internet, it is the Transmission Control Protocol (TCP) that uses the
MTU to determine the maximum size of each packet in any transmission. An MTU
that is too large may result in retransmissions if the packet encounters a router that
cannot handle that large a packet. An MTU that is too small results in relatively
more header overhead and more acknowledgements that have to be sent and
handled.
The Ethernet standard MTU is 1500. The Internet de facto standard MTU is 576,
but ISPs often suggest using 1500. For protocols other than TCP, different MTU
sizes may apply.
IP packets with a size larger than the MTU and with the DF (Don’t Fragment)
bit set are dropped and an ICMP destination unreachable (type 3, code 4)
message is sent.
rip Use this element to configure the RIP related param- Default:-
eters of the interface. Range: structure, see below
Refer to 7.5.3 - Explaining the rip structure on page 169 for a detailed description
of the rip structure.
Element Description
trafficPolicy Use this element to apply a traffic policy on the routed Default:<empty>
data on the interface. Range: 0 … 24 characters
Do this by entering the index name of the traffic policy you want to use. You can
create the traffic policy itself by adding a trafficPolicy object and by configuring the
attributes in this object.
Example
If you created a trafficPolicy object with index name my_traffic_policy

(i.e. trafficPolicy[my_traffic_policy]) and you want to apply this traffic
policy here, then enter the index name as value for the trafficPol-
icy element.
Refer to …
• 7.8 - Configuring traffic and priority policy on the router on page 200 for more
information on policies.
• 9.2 - Configuring the access restrictions on page 258 for more information on
outbound access lists.
accessPolicy Use this element to apply an access policy on the Default:<empty>

routed data on the interface. Range: 0 … 24 characters
Whereas by using the trafficPolicy element you can apply an outbound access list on
the interface, you can apply an inbound access list on the interface by using the
accessPolicy element.
create the traffic policy itself by adding a trafficPolicy object and by configuring the
attributes in this object.
Example

icy element.
Refer to 9.2 - Configuring the access restrictions on page 258 for more information
on inbound access lists.
mgmtAccess Use this element to enable or disable management Default:enabled

access through this interface. Range: enabled / disabled
If you set the mgmtAccess attribute to disabled, then you can not access the protocol
stack through this interface.
Element Description
directedBroadcasts Use this element to enable (forward) or disable (dis- Default:enabled

card) directed broadcasts. Range: enabled / disabled
What is a directed broadcast?
A directed broadcast is an IP packet destined for a complete (sub-)network. For

example, a packet destined for all devices on subnetwork 192.168.48.0 with sub-
net mask 255.255.255.0 has destination address 192.168.48.255. I.e. all ones in
the subnet area of the IP address.
icmpRedirects Use this element to enable or disable the transmission Default:enabled

of ICMP messages. Range: enabled / disabled
What is an ICMP redirect?
If icmpRedirects is enabled and if the Telindus 1421 SHDSL Router receives an IP

packet on the interface for which …
• the next hop gateway is on the same interface,
• the next hop address is in the same subnet as the source,
… then it sends an ICMP message to the originator of the packet to inform him that
a better (shorter) route exists.
igmp Use this element to configure the multicasting IGMP Default:disabled

protocol. Range: enumerated, see below
The igmp element has the following values:
• disabled. IGMP is disabled on this interface.
• proxy.
- IGMP join and leave messages are transmitted on this interface according
to the multicast member list.
- Multicast frames are always forwarded on this interface.
• router.
- IGMP join and leave messages are interpreted on this interface and the mul-
ticast member list is adapted accordingly.
- Multicast frames are forwarded on this interface if they are present in the
multicast member list.
Refer to What is IGMP? and IGMP topology on page 579 for more information on
IGMP.
Element Description
helpers Use this element to enable broadcast forwarding. Default:<empty>

Limited IP broadcasts (address 255.255.255.255) Range: table, see below
and (sub-)network broadcasts for a directly connected network are normally not
forwarded by the Telindus 1421 SHDSL Router. However, client / server applica-
tions often use these broadcasts during start-up to discover the server on the net-
work. If the server is on a remote LAN, then the detection may fail.
Therefore, if you configure a helper IP address, the received broadcasts address
is replaced by this helper IP address and the packets are re-routed using the des-
tination address. Multiple helper IP addresses can be configured.
The Telindus 1421 SHDSL Router only substitutes addresses for the proto-
cols which are selected in the helperProtocols attribute. Refer to
telindus1421Router/router/helperProtocols on page 423.
nat Use this element to enable Network Address Transla- Default:<empty>

tion on the interface. Range: 0 … 24 characters
Do this by entering the name of the NAT object you want to apply:
• If you want to apply the NAT settings as defined in the router/defaultNat
object, then enter the string “default“ as value for the nat element.
• If you want to apply the NAT settings as defined in a NAT object you
added yourself (e.g. router/nat[myNat]), then enter the index name of the
NAT object (in this case “myNat”) as value for the nat element.
Refer to …
• 7.7 - Configuring address translation on page 182 for more information on NAT.
• 11.9.2 - NAT configuration attributes on page 434 for a detailed description of
the NAT configuration attributes.
Important remark
If you want to enable NAT on an interface but you also want that the inter-
face is inspected by the firewall, then enable NAT in the policies of the firewall and
not in the ip structure of the interface.
5.2.4 Configuring an IP address on the LAN interface
When configuring an IP address on the LAN interface, there are two different scenarios:
• The LAN interface mode is bridging (the configuration attribute telindus1421Router/lanInterface/mode is set
to bridging). This is the default setting.
• The LAN interface mode is routing (the configuration attribute telindus1421Router/lanInterface/mode is set
to routing).
LAN interface mode = bridging
In this case the settings of the configuration attribute telindus1421Router/lanInterface/ip are ignored. If you
want to manage the Telindus 1421 SHDSL Router via IP, then you have to configure an IP address in
the bridgeGroup object instead: telindus1421Router/bridge/bridgeGroup/ip.
Suppose you want to assign IP address 10.0.8.210 with subnet mask 255.255.252.0 to the LAN inter-
face, then configure the appropriate attributes as follows:
LAN interface mode = routing
In this case the settings of the configuration attribute telindus1421Router/lanInterface/ip are used.
Suppose you want to assign IP address 10.0.8.210 with subnet mask 255.255.252.0 to the LAN inter-
face, then configure the appropriate attributes as follows:
5.3 Configuring the SHDSL line
When you want to establish a line connection successfully, you have to configure some line attributes.
This section shows you which line attributes are essential. It also gives more information on how to select
a line speed (range). Then it explains the concept power back-off. Finally it explains how to configure the
Embedded Operations Channel (EOC) handling.
• 5.3.1 - Essential SHDSL line configuration attributes on page 63
• 5.3.2 - Selecting an SHDSL line speed (range) on page 64
• 5.3.3 - Power back-off on page 64
• 5.3.4 - Using a repeater on the SHDSL line on page 65
• 5.3.5 - Compatibility with other SHDSL devices on page 65
5.3.1 Essential SHDSL line configuration attributes
To establish a line connection successfully, it is essential to set the following configuration attributes cor-
rect:
Attribute Purpose of the attribute
telindus1421Router/wanInterface/line/channel on page 398 For synchronisation purposes, one unit has to be

defined as central and its remote counterpart as
remote.
The channel attribute also influences the clocking
of the Telindus 1421 SHDSL Router.
telindus1421Router/wanInterface/line/region on page 398 For correct operation, select the correct SHDSL
standard. Normally, the auto setting should suf-
fice.
telindus1421Router/wanInterface/line/timingMode on For compatibility with other SHDSL devices,

page 399 select the correct timing mode.
The timingMode attribute also influences the clock-
ing of the Telindus 1421 SHDSL Router.
In case of a Telindus 1421 SHDSL Router 1pair For a successful and qualitative line connection,
version, use: select an appropriate speed (range).
• telindus1421Router/wanInterface/line/minSpeed on Refer to 5.3.2 - Selecting an SHDSL line speed
page 402 (range) on page 64 for more information on the
• telindus1421Router/wanInterface/line/maxSpeed on speed (range).
page 402
In case of a Telindus 1421 SHDSL Router 2 pair
version, use:
• telindus1421Router/wanInterface/line/minSpeed2P on
page 403
• telindus1421Router/wanInterface/line/maxSpeed2P on
page 403
Refer to 11.6 - SHDSL line configuration attributes on page 397 for a complete overview of the line con-
figuration attributes.
5.3.2 Selecting an SHDSL line speed (range)
Selecting a speed range
The Telindus 1421 SHDSL Router features auto speed negotiation according to ITU-T G.994.1. During
this negotiation the Telindus 1421 SHDSL Router selects a speed within the range from the minimum
speed up to the maximum speed as set with the minSpeed(2P) and maxSpeed(2P) attributes.
Important remark
In case of a Telindus 1421 SHDSL Router 2 pair version, define a speed range either on the central or
on the remote Telindus 1421 SHDSL Router, but not on both. Else the 2 line pairs could train at a differ-
ent speed which is not allowed.
Selecting a fixed speed
If you set the minSpeed(2P) and maxSpeed(2P) attribute to the same value, then the Telindus 1421 SHDSL
Router operates at a fixed speed.
Fall-back speed
When you define a speed range, the Telindus 1421 SHDSL Router will always try to operate at the max-
imum speed. If the remote does not allow that speed or the signal quality deteriorates, then the Telindus
1421 SHDSL Router tries to select the second speed down the range. If also this speed fails, the Telin-
dus 1421 SHDSL Router again lowers its speed. It does this until it reaches the minimum speed.
5.3.3 Power back-off
The Telindus 1421 SHDSL Router features power back-off. Power back-off is a part of the ITU-T G.991.2
SHDSL recommendation. It reduces the maximum transmit power level if the line conditions are suffi-
ciently good to operate at a lower transmit level.
Power back-off is performed by default (no configuration attribute). During the ITU-T G.994.1 hand-
shake, the two sides of the line mutually agree on the transmit level. The transmit level is lowered
between 0 and 6 dB in steps of 1dB.
5.3.4 Using a repeater on the SHDSL line
Using a Crocus SHDSL Repeater you can increase the distance between the central and remote SHDSL
device.
The current Crocus SHDSL Repeater can only operate in plesiochronous mode on the SHDSL line.
Refer to telindus1421Router/wanInterface/line/timingMode on page 399.
5.3.5 Compatibility with other SHDSL devices
The Telindus 1421 SHDSL Router can be used in combination with other (Telindus) SHDSL devices.
The document “Interoperability for Telindus SHDSL products” (PDF) gives an overview of the interoper-
ability.
5.4 Enabling EOC message exchange
This section introduces EOC message exchange and shows you how to enable this feature.
• 5.4.1 - Standard versus proprietary EOC message exchange on page 67
• 5.4.2 - Controlling the proprietary EOC message exchange on page 67
• 5.4.3 - Controlling the standard EOC message exchange on page 68
• 5.4.4 - none or passiveWhich standard EOC information is retrieved? on page 70
5.4.1 Standard versus proprietary EOC message exchange
On the Telindus SHDSL devices you can distinguish two types of EOC message exchange:
• standard EOC message exchange. These are the messages as defined in the SHDSL standard
G.991.2. They are sent through the Embedded Operations Channel (EOC).
• proprietary EOC message exchange. This is the proprietary O10 management protocol. This is also
sent through the Embedded Operations Channel (EOC).
5.4.2 Controlling the proprietary EOC message exchange
The proprietary EOC message exchange can be controlled by the configuration attribute
telindus1421Router/wanInterface/line/management on page 406. The management attribute has the following values:
Value Description
transparent No management data is forwarded over the SHDSL line. The data is passed trans-
parently over the line.
o10Management This forwards the proprietary Telindus O10 protocol over the SHDSL line. This
allows you to manage the remote SHDSL device (and possibly other Telindus
devices connected to the SHDSL device).
pathManagement This forwards path management information over the SHDSL line. This allows you
to manage complete paths instead of managing individual devices (i.e. elements).
For more information on path management, refer to the TMA Path Management
manual (PDF).
o10-PathManage- This forwards both the proprietary Telindus O10 protocol as the path management
ment information over the SHDSL line.
5.4.3 Controlling the standard EOC message exchange
The standard EOC message exchange can be controlled by the configuration attribute telindus1421Router/
wanInterface/line/eocHandling on page 406. The eocHandling attribute has the following values:
Value Description
passive The Telindus 1421 SHDSL Router does not send any standard EOC messages.
However, the Telindus 1421 SHDSL Router does respond on standard EOC mes-
sages it receives.
Also, after getting into data state, no proprietary EOC messages will be sent for the
first 2 minutes, unless the Telindus 1421 SHDSL Router received a Telindus spe-
cific frame from the other side (e.g. O10 data, or a test or configuration frame).
This is the preferred value when connecting the Telindus 1421 SHDSL
Router to the Telindus 2300 Series.
none Except for discovery probes, the Telindus 1421 SHDSL Router does not send
standard EOC messages. However, the Telindus 1421 SHDSL Router does
respond on standard EOC messages it receives.
discovery The Telindus 1421 SHDSL Router “scans” the SHDSL line. For every device it dis-
covers, it adds an object to the containment tree. Refer to Discovering devices on
inventory
the SHDSL line.
info
Then the Telindus 1421 SHDSL Router retrieves information from these devices
and displays it in the corresponding objects. Exactly which information is retrieved
depends on the setting of the eocHandling attribute. Refer to 5.4.4 - none or passive-
Which standard EOC information is retrieved? on page 70.
alarmConfiguration Also in this case the Telindus 1421 SHDSL Router “scans” the SHDSL line, adds
the objects to the containment tree and retrieves information from the devices.
Refer to Discovering devices on the SHDSL line and 5.4.4 - none or passiveWhich
standard EOC information is retrieved? on page 70.
Additionally, the central1 SHDSL device forces the remote2 SHDSL device to use
the link alarm thresholds lineAttenuationOn and signalNoiseOn as configured on the
central device. In other words, the settings of the lineAttenuationOn and signalNoiseOn
on the central device overrule those of the remote device.
1. The central device is the device on which the channel attribute is set to central.
2. The remote device is the device on which the channel attribute is set to remote.
Discovering devices on the SHDSL line
When you change the eocHandling attribute from none or passive to any other value, the Telindus 1421
SHDSL Router starts “scanning” the SHDSL line in order to determine which devices are present
between itself and its remote counterpart.
When the scan is finished, some new objects are added to the containment tree1 on the same level as
the line object:
• If one or more repeaters are present on the SHDSL line, a repeater[ ] object is added for every repeater.
• For the remote counterpart, an end object is added.
For example, suppose you have a link with a Crocus SHDSL as central
device, a Telindus 1421 SHDSL Router as remote device and one Crocus
SHDSL Repeater in between. Suppose you set the eocHandling attribute to
discovery. In that case one repeater[ ] object and an end object is added to the
containment tree as can be seen in the figure.
1. It can take up to 5 minutes before the new objects appear in the containment tree.
5.4.4 none or passiveWhich standard EOC information is retrieved?
As said in 5.4.3 - Controlling the standard EOC message exchange on page 68, exactly which standard
EOC information is retrieved from the remote SHDSL device(s) depends on the setting of the eocHandling
attribute.
This section gives an overview in which case which information is retrieved:
• Standard EOC status information on page 71
• Standard EOC performance information on page 72
• Standard EOC alarm information on page 73
Standard EOC status information Does the attribute or element display relevant information in case eocHandling is set to … ?
Object Attribute none discovery inventory info alarmConfiguration

telindus1421Router/ (Element)
User manual
line eocAlarmThresholds No. The value is • On the central1: yes. The values are those as set in the linkA- Yes. The values are
(lineAttenuation, signal- always 0.0. larmThresholds attribute. those as set in the linkA-
Noise) • On the remote2: no. The value is always 0.0. larmThresholds attribute
on the central device.3
numDiscoveredRepeaters Yes.
repeater[ ] vendorId No repeater[ ] or Yes.

or (countryCode, provider- end object is cre-
Code, vendorSpecific) ated.
end
vendorModel No. Yes.
vendorSerial No. Yes.
vendorSoftVersion No. Yes.
eocSoftVersion Yes.
shdslVersion Yes.
eocState Yes.
eocAlarmThresholds No. The value is always 0.0. Yes. The values are Yes. The values are
(lineAttenuation, signal- those as set in the linkA- those as set in the linkA-
Noise) larmThresholds attribute larmThresholds attribute
on the remote device. on the central device.
repeater[ ]/linePair[ ] lineAttenuation No repeater[ ] or No. The value is always 0.0. Yes. The values are the actual line attenuation
or end object is cre- and signal noise as measured on the remote
signalNoise
ated. device.
end/linePair[ ]
Basic configuration
Chapter 5 71
3. Refer to 5.4.3 - Controlling the standard EOC message exchange on page 68 for more information on the alarmConfiguration value.
Standard EOC performance information Does the attribute or element display relevant information in case eocHandling is set to … ?

telindus1421Router/
User manual
repeater[ ]/linePair[ ] lineParameters No repeater[ ] or No. The value is always 0.0. Yes. The values are the same as those on the
or end object is cre- remote device.
performance
ated.
end/linePair[ ] Note that in this case the sysUpTime is not the
h2LineParameters
elapsed time since the last cold boot, but the
h2Performance elapsed time since the creation of the repeater[ ] or

h24LineParameters end object.
h24Performance
d7LineParameters
d7Performance
Basic configuration
Chapter 5
Standard EOC alarm information Does the attribute or element display relevant information in case eocHandling is set to … ?

telindus1421Router/
User manual
line/linePair[ ] lineAttenuation The thresholds as configured in the linkAlarmThresholds attribute on the local device The thresholds as con-
are used to generate the alarms. figured in the linkAlarm-
signalNoise
Thresholds attribute on
the central1 device are
used to generate the

alarms2.
repeater[ ]/linePair[ ] lineAttenuation No repeater[ ] or No alarms are generated. The thresholds as con- The thresholds as con-
or end object is cre- figured in the linkAlarm- figured in the linkAlarm-
signalNoise
ated. Thresholds attribute on Thresholds attribute on
end/linePair[ ]
the local device are the central device are
used to generate the used to generate the
alarms. alarms.
errSecExceeded The thresholds as con-

figured in the linkAlarm-
sevErrSecExceeded
Thresholds attribute on
the local device are
used to generate the
alarms.
2. Refer to 5.4.3 - Controlling the standard EOC message exchange on page 68 for more information on the alarmConfiguration value.
Basic configuration
Chapter 5 73
5.5 Configuring passwords
This section shows you how to create a (list of) password(s) with associated access level in the security
table. It also explains how to correct the security table in case of error or in case you forgot your pass-
word. Furthermore, this section shows you how to enter the passwords in the different maintenance
tools.
• 5.5.1 - Creating passwords in the security table on page 75
• 5.5.2 - Entering passwords in the different management tools on page 75
5.5.1 Creating passwords in the security table
In order to avoid unauthorised access to the Telindus 1421 SHDSL Router and the network you can cre-
ate a list of passwords with associated access levels in the security table. Do this using the security
attribute. Refer to telindus1421Router/security on page 353.
5.5.2 Entering passwords in the different management tools
Now that you created a (list of) password(s) in the Telindus 1421 SHDSL Router, you have to enter these
passwords every time you want to access the Telindus 1421 SHDSL Router with one of the maintenance
or management tools.
The following table explains how to enter passwords in the different maintenance or management tools:
Maintenance or man- How to enter the password?

agement tool
TMA Enter the password in the Connect… window.
TMA CLI, TMA for HP Use the application TmaUserConf.exe to create a TMA user and assign a
OpenView and TMA password to this user. The password should correspond with a password
Element Management configured in the device.
Refer to the manual of TMA CLI manual (PDF), TMA for HP OpenView man-
ual (PDF) or TMA Element Management manual (PDF/CHM) for more infor-
mation.
CLI You are prompted to enter the password when the session starts.
ATWIN You are prompted to enter the password when the CLI session starts. Then
you can start an ATWIN session.
Web Interface You are prompted to enter the password when the session starts.
SNMP Define the password as community string. If no passwords are defined, then
you can use any string as community string.
TML Enter the password after the destination filename. Separate password and
filename by a ‘?’.
Example: tml –fsourcefile@destinationfile?pwd
(T)FTP Enter the password after the destination filename. Separate password and
filename by a ‘?’.
Example: put sourcefile destinationfile?pwd
5.6 Executing configuration actions
This section shows you how to execute actions on the configuration. The following gives an overview of
this section:
• 5.6.1 - What are the different configuration types? on page 77
• 5.6.2 - Activating the configuration on page 78
• 5.6.3 - Loading the default configuration on page 78
• 5.6.4 - Loading the default configuration using a DIP switch on page 78
• 5.6.5 - Loading the preconfiguration on page 79
5.6.1 What are the different configuration types?
This section explains the different configuration types that are present in the Telindus 1421 SHDSL
Router.
Which are the configuration types?
Three types of configuration are present in the Telindus 1421 SHDSL Router:
• the non-active configuration
• the active configuration
• the default configuration.
• the preconfiguration.
Explaining the configuration types
When you configure the Telindus 1421 SHDSL Router, the following happens:
Phase Action Result
1 Connect the computer running the mainte- The non-active configuration is displayed
nance tool to the Telindus 1421 SHDSL on the screen.
Router.
2 Modify the non-active configuration. The modifications have no immediate influ-

ence on the active configuration currently
used by the Telindus 1421 SHDSL Router.
3 Complete the modifications on the non- The non-active configuration has to be acti-
active configuration. vated.
4 In case of … The non-active configuration becomes the

active configuration.
• TMA, click on the TMA button Send all
attributes to device: .
• any other maintenance tool than the

graphical user interface based TMA
(e.g. ATWIN, CLI, Web Interface, Easy-
Connect terminal, TMA CLI), then exe-
cute the Activate Configuration action.
Which are the configuration actions?
You can execute the following actions on the configuration:

• telindus1421Router/Activate Configuration on page 355
• telindus1421Router/Load Default Configuration on page 355
• telindus1421Router/Load Preconfiguration on page 355
• telindus1421Router/Load Saved Configuration on page 356
5.6.2 Activating the configuration
As explained in section 5.6.1 - What are the different configuration types? on page 77, when you finished
configuring the Telindus 1421 SHDSL Router you have to activate the configuration changes you made.
In case of …
• TMA, click on the TMA button Send all attributes to device: .
• any other maintenance tool than the graphical user interface based TMA (e.g. ATWIN, CLI, Web
Interface, EasyConnect terminal, TMA CLI), then execute the Activate Configuration action.
5.6.3 Loading the default configuration
If you install the Telindus 1421 SHDSL Router for the first time, all configuration attributes have their
default values (except if a preconfiguration is present, refer to 5.6.5 - Loading the preconfiguration on
page 79). If the Telindus 1421 SHDSL Router has already been configured but you want to start from
scratch, then you can revert to the default configuration.
You can load the default configuration using the Load Default Configuration …
• action. Refer to telindus1421Router/Load Default Configuration on page 355.
• DIP switch. Refer to 5.6.4 - Loading the default configuration using a DIP switch on page 78.
5.6.4 Loading the default configuration using a DIP switch
The following procedure shows how to load the default configuration using the Load Default Configura-
tion DIP switch on the Telindus 1421 SHDSL Router PCB:
Step Action
1 Disconnect the power supply and open the housing as described in 3.3 - Opening and
closing the housing on page 28.
2 Set the Load default configuration DIP switch to off.

Refer to 3.1 - The Telindus 1421 SHDSL Router motherboard on page 26 to locate this
DIP switch bank.
3 Replace the cover without fastening the screws and reconnect the power supply.
⇒The Telindus 1421 SHDSL Router reboots and loads the default configuration.
4 Activate the loaded default configuration:
1. Open a TMA session on the Telindus 1421 SHDSL Router. Refer to 4.1 - Maintaining
the Telindus 1421 SHDSL Router with TMA on page 30.
2. Execute the Activate Configuration action.
5 Again, disconnect the power supply and open the housing.
6 Reset the Load default configuration DIP switch to on.
7 Properly replace the cover as described in 3.3 - Opening and closing the housing on
page 28 and reconnect the power supply.
Always reboot the Telindus 1421 SHDSL Router after changing the DIP switches.
5.6.5 Loading the preconfiguration
In some cases, the Telindus 1421 SHDSL Router is preconfigured when it leaves the factory. In that case
a file named “precfg.cms” is present on the file system1. This means that not all attributes have their
default values, but some will have a preconfigured value. Now, if the Telindus 1421 SHDSL Router has
already been configured a couple of times, then you have the possibility to revert to the preconfiguration.
You can load the preconfiguration using the Load Preconfiguration action. Refer to telindus1421Router/Load
Preconfiguration on page 355.
Note that if no preconfiguration is present (i.e. the precfg.cms file is not present on the file system), then
this action does nothing.
1. If this file is not present, then no preconfiguration is present. If you want, you could create your
own preconfiguration by placing a custom made “precfg.cms” configuration file on the file sys-
tem.
5.7 Configuring the major features of the Telindus 1421 SHDSL

Router
The following list shows you where you can find an introduction to and a basic configuration of the most
important features of the Telindus 1421 SHDSL Router:
• 6 - Configuring the encapsulation protocols on page 83
• 7 - Configuring routing on page 149
• 8 - Configuring bridging on page 225
• 9 - Configuring the additional features on page 251 (e.g. configuring DHCP, access lists, VLANs,
L2TP tunnels, etc.)
5.8 Troubleshooting the Telindus 1421 SHDSL Router
If you experience trouble when installing, configuring or operating the Telindus 1421 SHDSL Router,
then check the following:
Check Description
power Is the Telindus 1421 SHDSL Router powered properly?
connections Are all the necessary cables connected to the Telindus 1421 SHDSL Router? Are
they connected to the correct connectors of the Telindus 1421 SHDSL Router? Are
they connected properly? Did you use the correct cables (straight, crossed, …)?
Refer to 2.6 - Connecting the Telindus 1421 SHDSL Router on page 16.
other devices Are the devices that are connected to the Telindus 1421 SHDSL Router working
properly (are they powered, are they operational, …)?
LEDs What indicate the LEDs of the Telindus 1421 SHDSL Router? Do they indicate a
fault condition?
Refer to 2.7 - The front panel LED indicators on page 20.
messages What messages are displayed in the messages table? This table displays informa-
tive and error messages.
Refer to telindus1421Router/messages on page 522.
status What indicate the status attributes of the Telindus 1421 SHDSL Router? What is
the status of the different interfaces (up, down, testing, …)?
Refer to 12 - Status attributes on page 513.
performance What indicate the performance attributes of the Telindus 1421 SHDSL Router?
What is the performance of the different interfaces (does the data pass the inter-
face, is the interface up or down, when did it go up or down, …)?
Refer to 13 - Performance attributes on page 629.
alarms What indicate the alarm attributes of the Telindus 1421 SHDSL Router? What is
the alarm status of the different interfaces (link down, errors, …)?
Refer to 14 - Alarm attributes on page 695.
User manual Configuring the encapsulation protocols
6 Configuring the encapsulation protocols

This chapter introduces the encapsulation protocols that can be used on the Telindus 1421 SHDSL
Router and lists the attributes you can use to configure the encapsulation protocols.
• 6.1 - Selecting an encapsulation protocol on page 84
• 6.2 - Configuring ATM encapsulation on page 85
• 6.3 - Configuring Frame Relay encapsulation on page 107
• 6.4 - Configuring PPP encapsulation on page 122
• 6.5 - Configuring HDLC encapsulation on page 145
• 6.6 - Configuring an error test on page 147
Refer to the Reference manual on page 341 for a complete overview of the attributes of the Telindus
1421 SHDSL Router.
6.1 Selecting an encapsulation protocol
On the SHDSL line, you can choose between several encapsulation protocols. So first select the encap-
sulation protocol you want to use. Do this using the encapsulation attribute. Refer to telindus1421Router/wan-
Interface/encapsulation on page 367.
Once you selected an encapsulation protocol you can configure it as described in this chapter.
6.2 Configuring ATM encapsulation
This section introduces the ATM encapsulation protocol and gives a short description of the attributes
you can use to configure this encapsulation protocol.
• 6.2.1 - Introducing ATM on page 86
• 6.2.2 - Configuring ATM PVCs on page 93
• 6.2.3 - Automatically obtaining IP addresses in ATM on page 95
• 6.2.4 - Configuring IP addresses in ATM on page 96
• 6.2.5 - Configuring the VPI and VCI on page 97
• 6.2.6 - Configuring UBR on page 98
• 6.2.7 - ATM PVC bandwidth redistribution on page 99
• 6.2.8 - Configuring bridged/routed Ethernet/IP over ATM (RFC 2684) on page 102
• 6.2.9 - Configuring Classical IP (IPoA) on page 103
• 6.2.10 - Configuring PPP over ATM (PPPoA) on page 104
• 6.2.11 - Configuring PPP over Ethernet (PPPoE) on page 105
• 6.2.12 - Configuring ATM over a G703 interface on page 106
6.2.1 Introducing ATM
What is ATM?
ATM is a cell-switching and multiplexing technology that combines the benefits of circuit switching (guar-
anteed capacity and constant transmission delay) with those of packet switching (flexibility and efficiency
for intermittent traffic). It provides scalable bandwidth. Because of its asynchronous nature, ATM is more
efficient than synchronous technologies, such as time-division multiplexing (TDM).
With TDM, each user is assigned a time slot, and no other station can send in that time slot. If a station
has much data to send, it can send only when its time slot comes up, even if all other time slots are
empty. However, if a station has nothing to transmit when its time slot comes up, the time slot is sent
empty and is wasted. Because ATM is asynchronous, time slots are available on demand with informa-
tion identifying the source of the transmission contained in the header of each ATM cell.
What is VPI and VCI?
ATM networks are fundamentally connection-oriented, which means that a virtual channel must be set
up across the ATM network prior to any data transfer. (A virtual channel is roughly equivalent to a Per-
manent Virtual Circuit or PVC.)
Two types of ATM connections exist:
• virtual paths, which are identified by Virtual Path Identifiers (VPIs).
• virtual channels, which are identified by the combination of a VPI and a Virtual Channel Identifier
(VCI).
A virtual path is a bundle of virtual channels, all of which are switched transparently across the ATM net-
work based on the common VPI. All VPIs and VCIs, however, have only local significance across a par-
ticular link and are remapped, as appropriate, at each switch.
A transmission path is the physical media that transports virtual channels and virtual paths. The following
figure illustrates how VCs concatenate to create VPs, which, in turn, traverse the media or transmission
path.
What are the ATM layers?
The ATM reference model is composed of the following ATM layers:
Layer Description
physical layer Analogous to the physical layer of the OSI reference model, the ATM physical
layer manages the medium-dependent transmission.
ATM layer Combined with the ATM adaptation layer, the ATM layer is roughly analogous to
the data link layer of the OSI reference model. The ATM layer is responsible for
the simultaneous sharing of virtual circuits over a physical link (cell multiplexing)
and passing cells through the ATM network (cell relay). To do this, it uses the VPI
and VCI information in the header of each ATM cell.
ATM Adaptation Combined with the ATM layer, the AAL is roughly analogous to the data link layer
Layer (AAL) of the OSI model. The AAL is responsible for isolating higher-layer protocols from
the details of the ATM processes. The adaptation layer prepares user data for con-
version into cells and segments the data into 48-byte cell payloads.
At present, the four types of AAL recommended by the ITU-T are AAL1, AAL2,
AAL3/4, and AAL5:
• AAL1 is used for connection-oriented, delay-sensitive services requiring con-
stant bit rates, such as uncompressed video and other isochronous traffic.
• AAL2 is used for connection-oriented services that support a variable bit rate,
such as some isochronous video and voice traffic.
• AAL3/4 (merged from two initially distinct adaptation layers) supports both con-
nectionless and connection-oriented links but is used primarily for the transmis-
sion of SMDS packets over ATM networks.
• AAL5 supports connection-oriented VBR services and is used predominantly
for the transfer of classical IP over ATM and LANE traffic. AAL5 uses SEAL and
is the least complex of the current AAL recommendations. It offers low band-
width overhead and simpler processing requirements in exchange for reduced
bandwidth capacity and error-recovery capability.
higher layers Finally, the higher layers residing above the AAL accept user data, arrange it into
packets, and hand it to the AAL.
What are ATM service categories?
The Traffic Management Specification Version 4.0 defines five ATM service categories that describe the
traffic transmitted by users onto a network and the Quality of Service (QoS) that a network needs to pro-
vide for that traffic. The five service categories are:
• Constant Bit Rate (CBR)
• Variable Bit Rate real-time (VBR-rt)
• Variable Bit Rate non-real-time (VBR-nrt)
• Available Bit Rate (ABR)
• Unspecified Bit Rate (UBR)
The Telindus 1421 SHDSL Router supports UBR.
Which are the ATM service category traffic parameters?
The traffic parameters with which you can configure the ATM service categories are:
Traffic parame- Description

ter
PCR The Peak Cell Rate (PCR) is the maximum rate at which you expect to transmit
data. Obviously, the maximum possible PCR is the physical speed of the cus-
tomer's access circuit into the ATM service provider.
SCR The Sustainable Cell Rate (SCR) is the sustained rate at which you expect to
transmit data. Consider the SCR to be the true bandwidth of a PVC and not the
long-term average traffic rate.
MBS The Maximum Burst Size (MBS) is the amount of time or the duration at which the
router sends at PCR (in other words, it declares how many cells can be transmitted
at PCR). Calculate this time in seconds using the following formula:
T = (burst cells x 424 bits per cell) / (PCR - SCR)
MBS will accommodate temporary bursts or short spikes in the traffic pattern. For
example, an MBS of 100 cells allows a burst of three MTU-size Ethernet frames.
It is important that you factor longer duration bursts into the SCR.
The following figure shows the PCR, SCR and MBS relationship:
What is UBR?
The Unspecified Bit Rate (UBR) service category is a "best effort" service intended for non-critical appli-
cations, which do not require tightly constrained delay and delay variation, nor a specified quality of serv-
ice. UBR sources are expected to transmit non-continuous bursts of cells. UBR service supports a high
degree of statistical multiplexing among sources.
UBR service does not specify traffic related service guarantees. Specifically, UBR does not include the
notion of a per-connection negotiated bandwidth. There may not be any numerical commitments made
as to the cell loss ratio experienced by a UBR connection, or as to the cell transfer delay experienced by
cells on the connection.
The only traffic parameter you have to configure in case of UBR is the PCR. The PCR only provides an
indication of a physical bandwidth limitation within a PVC.
Examples of applications which can be seen as appropriate targets for the UBR service category are:
data transfer, messaging, etc.
What is multi-protocol over ATM (MPoA)?
As its name implies, multi-protocol encapsulation over ATM provides mechanisms for carrying traffic
other than just IP. Several different protocols can be used on top of ATM:
• Bridged/routed Ethernet/IP over ATM (formerly RFC 1483, now RFC 2684). This protocol makes the
router appear as a LAN device to the operating system.
• IP over ATM (IPoA, RFC 1577, similar to RFC 2684). Also in this case the protocol makes the router
appear as a LAN device to the operating system.
• Point to Point Protocol Over ATM ( PPPoA, RFC 2364). PPP provides session setup, user authenti-
cation (login), and encapsulation for upper layer protocols such as IP. The use of PPP makes the
router appear as a dial device to the operating system.
• Point to Point Protocol Over Ethernet (PPPoE, RFC 2516). This protocol makes the router appear as
a LAN device to the operating system. It allows multiple devices on an Ethernet to share a common
connection to the remote network (e.g. the Internet).
Which are the multi-protocol over ATM encapsulation mechanisms?
As said before, you can encapsulate several protocols in ATM. The mechanisms to do this are:
MPoA encapsulation Description

mechanism
Logical Link Control In this method, multiple protocol types can be carried across a single con-
(LLC) encapsulation nection with the type of encapsulated packet identified by a standard LLC/
SNAP header.
Virtual Connection Mul- In this method, only a single protocol is carried across an ATM connection,
tiplexing with the type of protocol implicitly identified at connection setup.
LLC encapsulation is provided to support routed and bridged protocols. In this encapsulation format,
PDUs from multiple protocols can be carried over the same virtual connection. The type of protocol is
indicated in the packet's SNAP header. By contrast, the virtual connection multiplexing method allows
for transport of just one protocol per virtual connection.
The following table gives an overview of which multi-protocol mechanism can be used for which higher
layer protocol encapsulation.
higherLayerProtocol multiProtocolMech
rfc2684 llcEncapsulation +
vcMultiplexing
ppp llcEncapsulation +
vcMultiplexing
pppOverEthernet llcEncapsulation
What is PPPoA (RFC 2364)?
PPP over ATM adaptation layer 5 (AAL5) uses AAL5 as the framed protocol. It relies on RFC 2684, oper-
ating in either Logical Link Control Encapsulation or Virtual Connection Multiplexing mode. A Customer
Premises Equipment (CPE) device encapsulates the PPP session based on this RFC for transport
across the xDSL loop and the Digital Subscriber Line Access Multiplexer (DSLAM).
What is PPPoE over ATM (RFC 2516)?
PPP over Ethernet (PPPoE) over ATM actually combines three protocols: Ethernet, PPP and ATM. The
Ethernet is encapsulated in PPP which, on its turn, is encapsulated in ATM:
• The Ethernet protocol provides the ability to connect a network of hosts over a simple bridging access
device to a remote access concentrator.
• The PPP protocol provides the ability that each host utilises its own PPP stack and that the user is
presented with a familiar user interface. Access control, billing and type of service can be done on a
per-user basis, rather than on a per-site basis.
• The ATM protocol provides service-provider digital subscriber line (DSL) support.
What is PPPoE (RFC 2516)?
PPP over Ethernet (PPPoE) provides the ability to connect a network of hosts over a simple bridging
access device to a remote access concentrator. With this model, each host utilises its own PPP stack
and the user is presented with a familiar user interface. Access control, billing and type of service can
be done on a per-user basis, rather than on a per-site basis.
PPPoE has two distinct stages:
• a discovery stage.
• a PPP session stage.
When a host wants to initiate a PPPoE session, it must first perform discovery to identify the Ethernet
MAC address of the peer and establish a PPPoE session ID. While PPP defines a peer-to-peer relation-
ship, discovery is inherently a client-server relationship. In the discovery process, a host (the client) dis-
covers an access concentrator (the server). Based on the network topology, there may be more than
one access concentrator that the host can communicate with. The discovery stage allows the host to
discover all access concentrators and then select one. When discovery completes successfully, both the
host and the selected access concentrator have the information they will use to build their point-to-point
connection over Ethernet.
The discovery stage remains stateless until a PPP session is established. Once a PPP session is estab-
lished, both the host and the access concentrator must allocate the resources for a PPP virtual interface.
What are OAM LoopBack (LB) cells?
The ATM protocol features OAM LoopBack (LB) cells. These are used to verify whether a Virtual Chan-
nel/Path is truly up or down. This can be done on two levels:
• on Virtual Path (VP) level by using OAM F4 LB cells. The relevant configuration attributes can be
found in the vp table.
• on Virtual Channel (VC) level by using OAM F5 LB cells. The relevant configuration attributes can be
found in the pvcTable.
The Telindus 1421 SHDSL Router always responds to OAM LB cells received from the peer ATM device
(both segment and end-to-end cells). However, when OAM LB is activated, the Telindus 1421 SHDSL
Router only sends end-to-end OAM LB request cells.
What is CLP?
The Cell Loss Priority (CLP) indicates whether the cell should be discarded if it encounters extreme con-
gestion as it moves through the network. If the CLP bit equals 1, the cell should be discarded in prefer-
ence to cells with the CLP bit equal to 0.
What is EFCI?
The Explicit Forward Congestion Indication (EFCI) indicates whether a cell containing user data experi-
enced congestion as it moved through the network.
6.2.2 Configuring ATM PVCs
Refer to 6.2.1 - Introducing ATM on page 86 for an introduction.

In an ATM network you can set-up PVCs. A PVC allows direct connectivity between sites. In this way, a
PVC is similar to a leased line. A PVC guarantees availability of a connection and does not require call
setup procedures between the ATM switches.
To configure an ATM PVC, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the atm object, select the
pvcTable attribute and add one or more entries to this table.
Use this attribute to set up ATM PVCs. Add a row to the pvcTable for each ATM PVC you
want to create.
2 Configure the elements of the ATM PVC you just created. These elements are:
• name. Use this element to assign an administrative name to the ATM PVC.
• adminStatus. Use this element to activate (up) or deactivate (down) the ATM PVC.
• mode. Use this element to determine whether, for the corresponding ATM PVC, the
packets are treated by the routing process, the bridging process or both.
• priorityPolicy. Use this element to apply a priority policy on the ATM PVC. Refer to 7.8.7
- Applying a priority policy on an interface on page 212 for more information.
• ip. Use this element to configure the IP related parameters of the ATM PVC. Refer to
5.2.3 - Explaining the ip structure on page 54 for more information.
• bridging. Use this element to configure the bridging related parameters of the ATM PVC
in case the PVC is in bridging mode (i.e. in case the mode element is set to bridging).
Refer to 8.2.6 - Explaining the bridging structure on page 243 for more information.
• atm. Use this element to configure the ATM specific parameters of the ATM PVC.
Refer to telindus1421Router/wanInterface/atm/pvcTable/atm on page 373 for more information.
• ppp. Use this element to configure the PPP related parameters of the ATM PVC in
case you want to run PPP over ATM. Refer to 11.5.3 - PPP configuration attributes on
page 387 for a detailed description of the elements in the ppp structure.
Refer to telindus1421Router/wanInterface/atm/pvcTable on page 371 for a detailed description of

the pvcTable.
Example - configuring ATM PVCs_
The following figure gives an example of a local Ethernet segment connected to three different networks
through three different PVCs:
The following screenshot shows (part of) the pvcTable of the set-up depicted in the figure above:
6.2.3 Automatically obtaining IP addresses in ATM
Obtaining a local IP address
In case of ATM, the Telindus 1421 SHDSL Router can perform an auto-install (refer to 16 - Auto installing
the Telindus 1421 SHDSL Router on page 715). This includes obtaining a local IP address of the ATM
PVC. However, even if no auto-install is performed the Telindus 1421 SHDSL Router runs the following
sequence to obtain a local IP address of the ATM PVC:
Obtaining a remote IP address
If the ATM network supports the InARP (Inverse Address Resolution Protocol) protocol, then the Telin-
dus 1421 SHDSL Router can learn the remote IP address of an ATM PVC.
6.2.4 Configuring IP addresses in ATM
To configure IP addresses on an ATM PVC, proceed as follows:
Step Action
1 In the pvcTable, select the ip structure.
2 In the ip structure, configure the following elements:

• address. Use this element to assign an IP address to the local end of the ATM PVC.
• netMask. Use this element to assign an IP subnet mask to the local end of the ATM
PVC.
• remote. Use this element to assign an IP address to the remote end of the ATM PVC.
• unnumbered. In case you do not explicitly configure a local IP address for an ATM PVC,
then you can use this element to "borrow" the IP address of another interface for
which an IP address is already configured.
Refer to …
• 5.2.3 - Explaining the ip structure on page 54 for a complete description of the ip structure.
• Example - configuring ATM PVCs_ on page 94 for an example.
6.2.5 Configuring the VPI and VCI
Refer to 6.2.1 - Introducing ATM on page 86 for an introduction on VPI and VCI.
To configure the VPI and VCI of an ATM PVC, proceed as follows:
Step Action
1 In the pvcTable, select the atm structure.
2 In the atm structure, configure the following elements:

• vpi. Use this element to set the Virtual Path Identifier (VPI) of the
ATM PVC.
• vci. Use this element to set the Virtual Channel Identifier (VCI) of
the ATM PVC.
Refer to …
• telindus1421Router/wanInterface/atm/pvcTable/atm on page 373 for a complete description of the atm structure.
• Example - configuring ATM PVCs_ on page 94 for an example.
6.2.6 Configuring UBR
Refer to 6.2.1 - Introducing ATM on page 86 for an introduction on UBR and related traffic parameters.
To configure UBR on an ATM PVC, proceed as follows:
Step Action
2 In the atm structure, configure the UBR related traffic parameters.

The only parameter you have to configure in case of UBR is the
Peak Cell Rate (PCR). The PCR only provides an indication of a
physical bandwidth limitation within a PVC.
Refer to telindus1421Router/wanInterface/atm/pvcTable/atm on page 373 for a complete description of the atm

structure.
Over-dimensioning the PCR
In case you over-dimension the PCR, the Telindus 1421 SHDSL Router can (proportionally) redistribute
the bandwidth over the different PVCs. Refer to 6.2.7 - ATM PVC bandwidth redistribution on page 99.
When you do exceed the total bandwidth of the physical connection, then the Telindus 1421 SHDSL
Router first buffers the data. However, when the buffers of the Telindus 1421 SHDSL Router are com-
pletely filled up, it has to discard the “excess” data.
Important remark
Per definition, the PCR is the specified amount of unguaranteed bandwidth. However, you could set a
guaranteed bandwidth using the PCR. To do so …
• do not over-dimension the PCR (i.e. do not let the sum of the PCRs of the PVCs exceed the band-
width of the physical connection).
• do not set the PCR to auto.
6.2.7 ATM PVC bandwidth redistribution
In ATM, the bandwidth assigned to each PVC is recalculated at regular intervals. This means that
depending on the traffic on the PVCs, the Telindus 1421 SHDSL Router can (proportionally) divide the
bandwidth over the different PVCs. As a result, over-dimensioning the PCR on ATM is not as fatal as
over-dimensioning the CIR on Frame Relay. The following examples will clarify this.
Examples
Suppose you have a 2

Mbps physical connection
towards the ATM service
provider and you define 4
PVCs:
The following tables show
some possible scenarios.
PCR = auto scenarios
Scenario:
Configured PCR Amount of data sent Assigned bandwidth
PVC 1 auto 2048 kbps 512 kbps
⇒Because all PCRs are set to auto, each PVC tries to get a maximum bandwidth. Hence, the total
available bandwidth (2 Mbps) is divided equally over the four PVCs.
Scenario:
⇒Because all PCRs are set to auto, each PVC tries to get a maximum bandwidth. Hence, the total
available bandwidth (2 Mbps) is divided equally over the four PVCs. So in this scenario, PVC 4 is
the only one that gets all of its data on the ATM network.
Scenario:
PVC 2 auto 0 0
PVC 3 auto 0 0
PVC 4 auto 0 0
⇒Because PVC 1 is the only one sending data and because its PCR is set to auto, it gets the total
available bandwidth (2 Mbps) and is able to send its data at 2048 kbps.
PCR = fixed scenarios
Scenario:
PVC 1 1024 kbps 2048 kbps 1024 kbps
⇒Because the sum of the PCRs equals the total available bandwidth (2 Mbps), all the PVCs get the
bandwidth that is specified in their PCRs.
Scenario:
⇒In this case the PCRs of the PVCs are over-dimensioned (i.e. the sum of the PCRs exceeds the
bandwidth of the physical connection towards the ATM network). What is more, the total amount
of data that the PVCs try to send also exceeds the total amount of available bandwidth.
As a result, the total available bandwidth (2 Mbps) is divided proportionally over the PVCs:
2048 kbps is the total available bandwidth and 512 kbps is the lowest speed. So PVC 1 gets 4/8th
(1024 kbps) of the total available bandwidth, PVC 2 gets 2/8th (512 kbps), PVC 3 and 4 each get
1/8th (256 kbps).
Scenario:

⇒In this case the PCRs of the PVCs are over-dimensioned (i.e. the sum of the PCRs exceeds the
bandwidth of the physical connection towards the ATM network). What is more, the total amount
of data that the PVCs try to send also exceeds the total amount of available bandwidth. However,
one PVC (PVC 4) does not use the bandwidth as specified in its PCR.
As a result, the total available bandwidth (2 Mbps) is divided proportionally over the PVCs. The
“spare” bandwidth that PVC 4 does not use is also proportionally divided over the three PVCs
which can use this extra bandwidth (PVC 1, 2 and 3).
6.2.8 Configuring bridged/routed Ethernet/IP over ATM (RFC 2684)
Refer to 6.2.1 - Introducing ATM on page 86 for an introduction on bridged/routed Ethernet/IP over ATM.
To configure bridged/routed Ethernet/IP (multi-protocol) over ATM on an ATM PVC, proceed as follows:
Step Action
2 In the atm structure, set the higherLayerProtocol element to rfc2684.

By selecting this value you indicate that different types of protocol
data units (PDUs) may be present in the traffic on this interface.
3 Also in the atm structure, set the multiProtocolMech element to the

desired encapsulation mechanism.
By selecting one of these two values you indicate how the different
types of protocol data units (PDUs) have to be encapsulated in
ATM AAL type 5.
In case of …
• llcEncapuslation, all the different PDU types are carried over a single PVC. In this case,
the different PDU types can be distinguished from one another by the information in
the Logical Link Control (LLC) header.
• vcMultiplexing, each PDU type is carried over a separate PVC. So in this case, you have
to set up as many PVCs as there are PDU types in your traffic. What is more, the
remote application has to know which PVC carries which PDU type.

structure.
6.2.9 Configuring Classical IP (IPoA)
Refer to 6.2.1 - Introducing ATM on page 86 for an introduction on IP over ATM.

Classical IP (RFC 1577) is one of the first commonly used encapsulations of IP over ATM. The encap-
sulation method is the same as described in RFC 2684 (formerly RFC 1483). The IP traffic is encapsu-
lated without Ethernet header. Inverse ARP is in use for the resolution of IP addresses to PVC channels.
To configure Classical IP on an ATM PVC, proceed as follows:
Step Action
1 In the pvcTable, set the mode element to routing.
3 In the atm structure, set the higherLayerProtocol element to rfc2684.

desired encapsulation mechanism: llcEncapuslation or vcMultiplexing.

structure.
Note that Inverse ARP is always in use. Therefore there is no dedicated attribute to enable or disable
InARP.
6.2.10 Configuring PPP over ATM (PPPoA)
Refer to 6.2.1 - Introducing ATM on page 86 for an introduction on PPP over ATM.
To configure PPP over ATM on an ATM PVC, proceed as follows:
Step Action
2 In the atm structure, set the higherLayerProtocol element to ppp.

desired encapsulation mechanism: llcEncapuslation or vcMultiplexing.
4 In the pvcTable, select the ppp structure.
5 In the ppp structure, configure the PPP elements (link monitoring, authentication, etc.).
Refer to …
• 6.4 - Configuring PPP encapsulation on page 122 for more information on configuring
PPP.
• 11.5.3 - PPP configuration attributes on page 387 for a detailed description of the ele-
ments in the ppp structure.
6.2.11 Configuring PPP over Ethernet (PPPoE)
Refer to 6.2.1 - Introducing ATM on page 86 for an introduction on PPP over Ethernet.
To configure PPP over Ethernet on an ATM PVC, proceed as follows:
Step Action
2 In the atm structure, set the higherLayerProtocol element to pppOver-

Ethernet.
3 Also in the atm structure, set the multiProtocolMech element to llcEnca-

puslation.
4 In the pvcTable, select the ppp structure.
5 In the ppp structure, configure the PPP elements (link monitoring, authentication, etc.).
Refer to …
• 6.4 - Configuring PPP encapsulation on page 122 for more information on configuring
PPP.
• 11.5.3 - PPP configuration attributes on page 387 for a detailed description of the ele-
ments in the ppp structure.
6.2.12 Configuring ATM over a G703 interface
The Crocus Router 10M Interface in combination with any other device does not support ATM over a
G703 interface. Only the Telindus 1421 SHDSL Router and the Telindus 1031/1032 Routers can work
as specified in the G.804 standard. This because the Crocus Router 10M Interface is not aware that the
ATM cells are byte aligned with the G704 framing.
ATM over G703 in case of a Telindus 1421 SHDSL Router:
On the router, configure the following:

• set the telindus1421Router/wanInterface/line/timingMode attribute to plesiochronous.
On the Crocus SHDSL, configure the following:
• set the line/timingMode attribute to plesiochronous.
• use the g703/timeSlots attribute to select time slots 1 up to 15 and 17 up to 31.
6.3 Configuring Frame Relay encapsulation
This section introduces the Frame Relay encapsulation protocol and gives a short description of the
attributes you can use to configure this encapsulation protocol.
• 6.3.1 - Introducing Frame Relay on page 108
• 6.3.2 - Configuring Frame Relay DLCIs on page 112
• 6.3.3 - Automatically obtaining IP addresses in Frame Relay on page 114
• 6.3.4 - Configuring IP addresses in Frame Relay on page 115
• 6.3.5 - Configuring LMI on page 118
• 6.3.6 - Configuring CIR and EIR on page 119
• 6.3.7 - Enabling Frame Relay fragmentation on page 121
6.3.1 Introducing Frame Relay
What is Frame Relay?
Frame Relay is a networking protocol that works at the bottom two levels of the OSI reference model:
the physical and data link layers. It is an example of packet-switching technology, which enables end
stations to dynamically share network resources.
Frame Relay devices fall into the following two general categories:
• Data Terminal Equipment (DTEs), which include terminals, personal computers, routers, and
bridges.
• Data Circuit Equipment (DCEs), which transmit the data through the network and are often carrier-
owned devices.
What is a DLCI?
Frame Relay networks transfer data using one of the following connection types:
• Switched Virtual Circuits (SVCs), which are temporary connections that are created for each data
transfer and then are terminated when the data transfer is complete (not a widely used connection).
• Permanent Virtual Circuits (PVCs), which are permanent connections.
The Telindus 1421 SHDSL Router makes use of Permanent Virtual Circuits. The Data Link Connection
Identifier (DLCI) is a value assigned to each virtual circuit and DTE device connection point in the Frame
Relay WAN. Two different connections can be assigned the same value within the same Frame Relay
WAN, one on each side of the virtual connection.
What is LMI?
A set of Frame Relay enhancements exists, called the Local Management Interface (LMI). The LMI
enhancements offer a number of features (referred to as extensions) for managing complex networks,
including:
• global addressing,
• virtual circuit status messages,
• multicasting.
LMI provides a status mechanism which gives an on-going status report on the DLCIs. These status
reports are exchanged between the Frame Relay access device (or Frame Relay DTE or user) and
Frame Relay node (or Frame Relay DCE or network).
At regular intervals (typically every 1 minute), the Frame Relay user (e.g. a router) sends Full Status
Enquiry messages to the Frame Relay network (e.g. a Frame Relay switch). On its turn, the Frame Relay
network sends a Full Status Response to the Frame Relay user. In this response the Frame Relay net-
work reports which DLCIs are configured at its side and which of these DLCIs are up or down. Until the
first Full Status Enquiry exchange has occurred, the Frame Relay user does not know which DLCIs are
active and so no data transfer can take place.
At smaller intervals (typically every 10 seconds), the Frame Relay user sends Status Enquiry messages
to the Frame Relay network. On its turn, the Frame Relay network sends a Status Response to the
Frame Relay user. In this response the Frame Relay network only reports which DLCIs are up or down.
There are various LMI versions: LMI rev.1, ANSI T1.617 Annex D, Q.933 Annex A, etc. To ensure inter-
operability when your network consists of equipment from different vendors, the same version of LMI
protocol must be at each end of the Frame Relay link.
What is CIR and BC?
• CIR = BC / TC
• The Committed Information Rate (CIR) is the specified amount of guaranteed bandwidth (measured
in bits per second) on a Frame Relay service. Typically, when purchasing a Frame Relay service the
customer can specify the CIR level he wishes. The Frame Relay network provider guarantees that
traffic not exceeding this level will be delivered.
• The Committed Burst (BC) is the maximum amount of data (in bits) that the network agrees to trans-
fer, under normal conditions, during a time interval TC.
What is EIR and BE?
• EIR = BE / TC
• The Excess Information Rate (EIR) is the specified amount of unguaranteed bandwidth (measured
in bits per second) on a Frame Relay service. It is the traffic in excess of the CIR. This traffic may also
be delivered, but this is not guaranteed.
• The Excess Burst (BE) is the maximum amount of uncommitted data (in bits) in excess of BC that a
Frame Relay network can attempt to deliver during a time interval TC. Generally, BE data is delivered
with a lower probability than BC, and the network treats it as discard eligible.
What is TC?
The measurement interval (TC) is the time over which rates and burst sizes are measured. In general,
the duration of TC is proportional to the burstiness of traffic.
The following figure shows the relationship between BC, BE and TC:
What is DE?
When the CIR is exceeded, all subsequent frames get marked Discard Eligible by setting the Discard
Eligible (DE) bit in the Frame Relay header. This is performed at the local Frame Relay switch. If con-
gestion occurs at a node in the Frame Relay network, packets marked DE are the first to be dropped.
Upon detecting congestion, a Frame Relay switch will send a Backward Explicit Congestion Notifier
(BECN) message back to the source. If the source (e.g. the router) has sufficient intelligence to process
this message, it may throttle back to the CIR.
What is BECN?
Backward Explicit Congestion Notification (BECN) is a bit set by a Frame Relay network in frames trav-
elling in the opposite direction of frames encountering a congested path. DTEs receiving frames with the
BECN bit set can request that higher-level protocols take flow control action as appropriate.
What is FECN?
Forward Explicit Congestion Notification (FECN) is a bit set by a Frame Relay network to inform DTEs
receiving the frame that congestion was experienced in the path from source to destination. DTEs receiv-
ing frames with the FECN bit set can request that higher-level protocols take flow-control action as
appropriate.
What is interface Frame Relay fragmentation?
Interface fragmentation is used in order to allow real-time and data frames to share the same (physical)
interface. The fragmentation is strictly local to the interface and provides the proper delay and delay var-
iation based upon the logical speed of the interface (the logical speed of an interface may be slower than
the physical clocking rate if a channelised physical interface is used). Since fragmentation is local to the
interface, the network can take advantage of the higher internal trunk speeds by transporting the com-
plete frames, which is more efficient than transporting a larger number of smaller fragments.
Interface fragmentation is also useful when there is a speed mismatch between the two DTEs at the ends
of a VC. It also allows the network to proxy for a DTE that does not implement end-to-end fragmentation.
Refer to What is end-to-end Frame Relay fragmentation? on page 111.
Interface fragmentation is not transparent to the Frame Relay network. I.e. the Frame Relay switches in
the network have to “understand” Frame Relay fragmentation.
Interface fragmentation is provisioned on an interface-by-interface basis. When Interface fragmentation

is used on an interface, then all frames on all DLCIs (including DLCI 0) are preceded by the fragmenta-
tion header.
Refer to FRF.12 for more information on Frame Relay fragmentation.

What is end-to-end Frame Relay fragmentation?
End-to-end Frame Relay fragmentation is used on DLCIs only. It is most useful when peer Frame Relay
DTEs wish to exchange both real-time and non-real-time traffic using slower interface(s), but either one
or both (physical) interfaces does not support interface Frame Relay fragmentation. Refer to What is
interface Frame Relay fragmentation? on page 110.
End-to-end Frame Relay fragmentation is transparent to the Frame Relay network. I.e. the Frame Relay
switches in the network do not have to “know” about the fragmentation.
Because DLCI 0 is never carried end-to-end, it is never fragmented using end-to-end Frame Relay frag-
mentation.
Refer to FRF.12 for more information on Frame Relay fragmentation.
What is MLFR?
Multilink Frame Relay (MLFR) provides physical interface emulation for Frame Relay devices. The emu-
lated physical interface consists of one or more physical links, called "bundle links", aggregated together
into a single "bundle" of bandwidth. This service provides a frame-based inverse multiplexing function,
sometimes referred to as an "IMUX".
The bundle provides the same order-preserving service as a physical layer for frames sent on a data link
connection. In addition, the bundle provides support for all Frame Relay services based on UNI and NNI
standards.
Refer to FRF.16 for more information on multilink Frame Relay.
What is LIP?
The Link Integrity Protocol (LIP) features a set of control messages to insure the integrity of a Frame
Relay bundle. These messages are:
LIP message Description
Add Link The Add Link message notifies the peer endpoint that the local endpoint supports
frame processing. The message includes information required to verify bundle
membership and detect loopbacks. Both ends of a bundle link generate this mes-
sage when a bundle link endpoint is ready to become operational.
Add Link The Add Link Acknowledge message notifies the peer endpoint that the local end-
Acknowledge point has received a valid Add Link message.
Add Link Reject The Add Link Reject message notifies the peer endpoint that the local endpoint
has received an invalid Add Link message.
Hello The Hello message notifies the peer endpoint that the local endpoint remains in
the state up. Both ends of a bundle link generate this message on a periodic basis.
Hello Acknowl- The Hello Acknowledge message notifies the peer that the local endpoint has
edge received a valid Hello message.
Remove Link The Remove Link message notifies the peer that the local end layer management
function is removing the bundle link from bundle operation.
Remove Link The Remove Link Acknowledge message notifies the peer that the local end has
Acknowledge received a Remove Link message.
6.3.2 Configuring Frame Relay DLCIs
Refer to 6.3.1 - Introducing Frame Relay on page 108 for an introduction.

If the Frame Relay network supports LMI, then the Telindus 1421 SHDSL Router can learn its active and
inactive DLCIs. If the Frame Relay network also supports the InARP (Inverse Address Resolution Pro-
tocol) protocol, the Telindus 1421 SHDSL Router can learn the IP address of the corresponding router
for each DLCI.
If neither LMI nor InARP is supported by the Frame Relay network you can configure the DLCIs yourself
using the dlciTable.
To configure a Frame Relay DLCI, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the frameRelay object, select
the dlciTable attribute and add one or more entries to this table.
Use this attribute to set up Frame Relay DLCIs. Add a row to the dlciTable for each Frame
Relay DLCI you want to create.
2 Configure the elements of the Frame Relay DLCI you just created. These elements are:
• name. Use this element to assign an administrative name to the Frame Relay DLCI.
• adminStatus. Use this element to activate (up) or deactivate (down) the Frame Relay
DLCI.
• mode. Use this element to determine whether, for the corresponding Frame Relay
DLCI, the packets are treated by the routing process, the bridging process or both.
• priorityPolicy. Use this element to apply a priority policy on the Frame Relay DLCI. Refer
to 7.8.7 - Applying a priority policy on an interface on page 212 for more information.
• ip. Use this element to configure the IP related parameters of the Frame Relay DLCI.
Refer to 5.2.3 - Explaining the ip structure on page 54 for more information.
• bridging. Use this element to configure the bridging related parameters of the Frame
Relay DLCI in case the DLCI is in bridging mode (i.e. in case the mode element is set
to bridging). Refer to 8.2.6 - Explaining the bridging structure on page 243 for more infor-
mation.
• frameRelay. Use this element to configure the Frame Relay specific parameters of the
Frame Relay DLCI. Refer to telindus1421Router/wanInterface/frameRelay/dlciTable/frameRelay
on page 381 for more information.
Refer to telindus1421Router/wanInterface/frameRelay/dlciTable on page 380 for a detailed descrip-

tion of the dlciTable.
Example - configuring Frame Relay DLCIs
The following figure gives an example of a local Ethernet segment connected to three different networks
through three different DLCIs:
The following screenshot shows (part of) the dlciTable of the set-up depicted in the figure above:
6.3.3 Automatically obtaining IP addresses in Frame Relay
In case of Frame Relay, the Telindus 1421 SHDSL Router can perform an auto-install (refer to 16.3.3 -
Auto-install in case of Frame-Relay on page 726). This includes obtaining a local IP address of the
Frame Relay DLCI. However, even if no auto-install is performed the Telindus 1421 SHDSL Router runs
the following sequence to obtain a local IP address of the Frame Relay DLCI:
If the Frame Relay network supports the InARP (Inverse Address Resolution Protocol) protocol, then the
Telindus 1421 SHDSL Router can learn the remote IP address of an Frame Relay DLCI.
6.3.4 Configuring IP addresses in Frame Relay
When you use Frame Relay encapsulation on the WAN interface, you can configure the IP related
parameters on two levels:
Using the ip structure in the … Use this structure to configure the IP related parameters of …
frameRelay object. all the DLCIs for which …

• in the dlciTable no IP address is defined for that specific DLCI,
• and the mode element is set to routing or routingAndBridgning.
In other words, use this attribute to globally configure the IP param-

eters of the DLCIs. Refer to Example - DLCI global IP.
dlciTable attribute. one specific DLCI. Refer to Example - DLCI specific IP.
Refer to 5.2.3 - Explaining the ip structure on page 54 for a detailed description of the ip structure.
Example - DLCI global IP
Suppose you have the following set-up:
If you consider Router A, then for this router …

• two DLCIs are configured in the frameRelay/dlciT-
able, being DLCI 16 and DLCI 17,
• no IP addresses are specifically configured for
these DLCIs,
• in the frameRelay/ip attribute a global IP address
is configured for the DLCIs, being 10.0.0.3.
The characteristics of a set-up with a global IP address for the DLCIs are:
• Broadcasts are copied and sent over all DLCIs (that use the global IP address). E.g. pinging
10.0.0.255 results in a reply from 10.0.0.1, 10.0.0.2 and 10.0.0.3.
• Pinging 10.0.0.3 results in a reply when LMI is up.
• Routes learned over one DLCI are not passed to other DLCIs. E.g. a route learned over DLCI 16 is
not passed to DLCI 17. This means that split horizon is applicable.
• RIP only functions if the network is fully meshed. I.e. if every router is directly connected to its neigh-
bour with a DLCI (as in the example above).
Example - DLCI specific IP
Suppose you have the following set-up:
If you consider Router A, then for this router …

• two DLCIs are configured in the frameRelay/dlciTable, being DLCI 16 and DLCI 17,
• an IP address is specifically configured per DLCI in the frameRelay/dlciTable/ip attribute,
• no global IP address is configured for the DLCIs.
The characteristics of a set-up with a specific IP address for each DLCI are:
• Each DLCI is an IP interface.
• Pinging 10.1.0.1 results in a reply when the DLCI is up.
• Routes learned over one DLCI are passed to other DLCIs. E.g. a route learned over DLCI 16 is
passed to DLCI 17. This means that split horizon is not applicable.
6.3.5 Configuring LMI
Refer to 6.3.1 - Introducing Frame Relay on page 108 for an introduction on LMI.
To configure LMI, proceed as follows:
Step Action
1 In the frameRelay object, select the lmi

structure.
2 The most important elements in the lmi structure are:

• mode. Use this element to set the Frame Relay mode (user, network, auto or nni).
• type. Use this element to set the LMI variant. There are several standards for the LMI
protocol with small variations between them. Therefore you should configure the Tel-
indus 1421 SHDSL Router according to the standard that is used by your service pro-
vider.
Refer to telindus1421Router/wanInterface/frameRelay/lmi on page 383 for a complete description of

the lmi structure.
6.3.6 Configuring CIR and EIR
Refer to 6.3.1 - Introducing Frame Relay on page 108 for an introduction on CIR and EIR.
As said before, CIR is the data rate which the user expects to pass into the Frame Relay network with
few problems. Note that the CIR is unrelated to the actual bit rate of the physical connection. A user could
have a physical connection operating at 2 Mbps, but a CIR across this physical connection of only 64
kbps. This would mean that the user’s average data rate would be 64 kbps, but data bursts up to 2 Mbps
would be possible (EIR).
To configure the CIR and EIR of a Frame Relay DLCI, proceed as follows:
Step Action
1 In the dlciTable, select the frameRelay

structure.
2 In the frameRelay structure, configure the following ele-

ments:
• cir. Use this element to set the Committed Informa-
tion Rate for the DLCI.
The cir is expressed in bps. Enter a multiple of 64000
bps as cir value (e.g. 2048000). The maximum value is the physical connection towards
the Frame Relay network. If the cir value is set to 0 (default), it means the complete
bandwidth may be used (no flow control).
• eir. Use this element to set the Excess Information Rate for the DLCI.
The eir is expressed in bps. Enter a multiple of 64000 bps as eir value (e.g. 2048000).
The maximum value is the physical connection towards the Frame Relay network. If
the eir value is set to 0 (default), it means no excess burst is allowed.
The bursts of data that are allowed are the CIR value + EIR value. I.e. If you want a
CIR of 1 Mbps and you want to allow bursts up to 1.5 Mbps, then set the CIR to
1024000 bps and the EIR to 512000 bps.
Important remarks
• Be careful not to over-dimension the CIR. I.e. do not let the sum of the CIRs of the DLCIs exceed the
bandwidth of the physical connection.
• When you do exceed the total bandwidth of the physical connection, then the Telindus 1421 SHDSL
Router first buffers the data. However, when the buffers of the Telindus 1421 SHDSL Router are com-
pletely filled up, it has to discard the “excess” data.
• To obtain an optimal QoS for links that contain both voice and data DLCIs, it is advisable to use CIR
for the voice DLCIs and EIR for the data DLCIs. This decreases the amount of data packets that are
queued in a single burst, thereby reducing the transmission delay for voice packets.
Examples
Suppose you have a 2

Mbps physical connection
towards the Frame Relay
service provider and you
define 2 DLCIs:
• Suppose you assign to both DLCIs a CIR of 1 Mbps and an EIR of 0.
⇒In that case you have per DLCI a guaranteed bandwidth of 1 Mbps and no bursts are allowed.
• Suppose you assign to both DLCIs a CIR of 512 kbps and an EIR of 512 kbps.
⇒In that case you have per DLCI a guaranteed bandwidth of 512 kbps and you allow bursts up to 1
Mbps. This means that if on both DLCIs a burst up to 1 Mbps occurs at the same time, the speed
of the physical connection (2 Mbps) is still not exceeded (so no data is discarded). If however
somewhere else on the network a congestion occurs, it is possible that some of the “excess” data
is discarded (refer to What is DE? on page 110).
• Suppose you assign to both DLCIs a CIR of 1 Mbps and an EIR of 1 Mbps.
⇒In that case you have per DLCI a guaranteed bandwidth of 1 Mbps and you allow bursts up to 2
Mbps. Obviously, this means that if on both DLCIs a burst up to 2 Mbps occurs at the same time,
the speed of the physical connection (2 Mbps) is exceeded and some data is discarded. In that
case the principle of first come, first served is applied. I.e. the DLCI on which the burst occurred
first its data is passed on to the Frame Relay network. If however somewhere else on the network
a congestion occurs, it is still possible that some of the “excess” data is discarded.
• Suppose you assign to both DLCIs a CIR of 2 Mbps and an EIR of 0.
⇒In that case you over-dimensioned your CIR. You can not guarantee 2 Mbps of bandwidth for both
DLCIs, due to the bandwidth limit of 2 Mbps on the physical connection. Also in this case the prin-
ciple of first come, first served is applied. I.e. the DLCI which sends data first gets its data onto the
Frame Relay network.
6.3.7 Enabling Frame Relay fragmentation
Refer to 6.3.1 - Introducing Frame Relay on page 108 for an introduction on Frame Relay fragmentation.
There are different cases of fragmentation. How to enable fragmentation in each of these cases is shown
in the following table:
Case How to enable fragmentation?
1 Interface fragmentation on one interface
To enable Frame Relay fragmen-

tation on interface level and this
for one particular interface, pro-
ceed as follows:
1. Select the frameRelay object.
2. Select the fragmentation struc-
ture.
3. Set the interfaceFormat element to enabled.
2 End-to-end fragmentation on one interface
To enable Frame Relay frag-

mentation on end-to-end level
and this for one particular DLCI
on one particular interface, pro-
ceed as follows:
1. Select the frameRelay object.
2. Select the dlciTable.
3. Select the frameRelay struc-
ture.
4. Select the fragmentation struc-
ture.
5. Set the endToEndFormat element to enabled.
6.4 Configuring PPP encapsulation
This section introduces the PPP encapsulation protocol and gives a short description of the attributes
• 6.4.1 - Introducing PPP on page 123
• 6.4.2 - Automatically obtaining IP addresses in PPP on page 127
• 6.4.3 - Configuring IP addresses in PPP on page 129
• 6.4.4 - Imposing IP addresses on the remote in PPP on page 130
• 6.4.5 - Configuring link monitoring on page 131
• 6.4.6 - Configuring PAP on page 132
• 6.4.7 - How does PAP work? on page 133
• 6.4.8 - Configuring CHAP on page 135
• 6.4.9 - How does CHAP work? on page 136
• 6.4.10 - Use which name and secret attributes for PPP authentication? on page 138
• 6.4.11 - Setting up multilink PPP on page 139
• 6.4.12 - Enabling PPP fragmentation on page 141
• 6.4.13 - Setting up multiclass PPP on page 142
6.4.1 Introducing PPP
What is PPP?
The Point-to-Point Protocol (PPP) originally emerged as an encapsulation protocol for transporting IP
traffic over point-to-point links. PPP also established a standard for assigning and managing IP
addresses, asynchronous and bit-oriented synchronous encapsulation, network protocol multiplexing,
link configuration, link quality testing, error detection, and option negotiation for added networking capa-
bilities.
Also refer to What is PPPoA (RFC 2364)? on page 91.
What is LCP, IPCP, BCP and CCP?
PPP provides a method for transmitting datagrams over serial point-to-point links, which include the fol-
lowing components:
• A method for encapsulating datagrams over serial links.
• An extensible Link Control Protocol (LCP) which provides a method of establishing, configuring,
maintaining, and terminating the point-to-point connection.
• A family of Network Control Protocols (NCPs) for establishing and configuring different network layer
protocols such as the IP Control Protocol (IPCP) and the Bridge Control Protocol (BCP).
• A Compression Control Protocol (CCP) for configuring, enabling and disabling data compression
algorithms on both ends of the point-to-point link.
The PPP handshake
PPP makes a handshake in two phases:
Phase Description
1 The Link Control Protocol (LCP) builds the link layer.
2 The Network Control Protocol (NCP, i.e. IPCP or BCP) builds the network layer.
What is PPP link monitoring?
PPP features link monitoring in order to whether the PPP link is truly up or down. If link monitoring is
enabled, then echo request packets are sent over the link at regular intervals. If on consecutive requests
no reply is given, then the PPP link is declared down. Data traffic is stopped until the PPP handshake
succeeds again.
What is PAP?
The Password Authentication Protocol (PAP) is the most basic form of authentication (complies with RF
1334). It basically works the same way as a normal login procedure. The peer (the authenticating sys-
tem) authenticates itself by sending a username and password to the authenticator. The authenticator
compares this username and password to its secrets database. If the password matches, the peer is
authenticated and the session can be set up. PAP authentication can be performed in one direction or
in both directions.
The disadvantage of PAP is that it is vulnerable to eavesdroppers who may try to obtain the password
by listening in on the serial line, and to repeated trial and error attacks.
What is CHAP?
The Challenge Handshake Authentication Protocol (CHAP) is more secure than PAP.
With CHAP, the server (the authenticator) sends a randomly generated “challenge” string to the client
(the authenticating system). The client hashes the challenge string, its username and password using
the MD5 algorithm. This result is returned to the server. The server now performs the same computation
and compares this username and password to its secrets database. If the passwords match, the client
is authenticated and the session can be set up. CHAP authentication can be performed in one direction
or in both directions.
Another feature of CHAP is that it does not only requires the client to authenticate itself at start-up time,
but to do so at regular intervals. This to make sure the client has not been replaced by an intruder (for
instance by just switching lines).
What is MS-CHAP?
The Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is the Microsoft version of
CHAP and is an extension to RFC 1994. Like the standard version of CHAP, MS-CHAP is used for PPP
authentication. In this case, authentication occurs between a PC using Microsoft Windows and a router
or access server acting as a network access server (NAS).
The differences between the standard CHAP and MS-CHAP are:
• MS-CHAP is enabled by negotiating CHAP Algorithm 0x80 in LCP option 3, Authentication Protocol.
• The MS-CHAP Response packet is in a format designed to be compatible with Microsoft Windows.
This format does not require the authenticator to store a clear or reversibly encrypted password.
• MS-CHAP provides an authenticator-controlled authentication retry mechanism.
• MS-CHAP provides an authenticator-controlled change password mechanism.
• MS-CHAP defines a set a "reason for failure" codes returned in the Failure packet message field.
What is MS-CHAP v2?
MS-CHAP version 2 provides stronger security for remote access connections and also solves some
issues of MS-CHAP version 1:
MS-CHAP version 1 issue MS-CHAP version 2 solution
LAN Manager encoding of the response used for MS-CHAP v2 no longer allows LAN Manager
backward compatibility with older Microsoft encoded responses.
remote access clients is cryptographically weak.
LAN Manager encoding of password changes is MS-CHAP v2 no longer allows LAN Manager
cryptographically weak. encoded password changes.
Only one-way authentication is possible. The MS-CHAP v2 provides two-way authentication,

remote access client cannot verify that it is dialling also known as mutual authentication. The remote
in to its organisation's remote access server or a access client receives verification that the remote
masquerading remote access server. access server that it is dialling in to has access to
the user's password.
With 40-bit encryption, the cryptographic key is With MS-CHAP v2, the cryptographic key is
based on the user's password. Each time the user always based on the user's password and an arbi-
connects with the same password, the same cryp- trary challenge string. Each time the user con-
tographic key is generated. nects with the same password, a different
cryptographic key is used.
A single cryptographic key is used for data sent in With MS-CHAP v2, separate cryptographic keys
both directions on the connection. are generated for transmitted and received data.
What is MLPPP?
Multilink PPP (MLPPP) is a method of splitting, recombining, and sequencing datagrams across multiple
logical data links.
For all its strengths, PPP has one inherent limitation when it comes to network deployment: it is designed
to handle only one physical link at a time. MLPPP does away with this restriction. MLPPP is a higher-
level data link protocol that sits between PPP and the network protocol layer. It accommodates one or
more PPP links, with each PPP link representing either a separate physical WAN connection or a chan-
nel in a multi-channel switched service. MLPPP its ability to combine multiple lower-speed links into a
single, higher-speed data path is often referred to as WAN-independent or packet-based inverse multi-
plexing.
MLPPP negotiates configuration options the same way as conventional PPP. However, during the nego-
tiation process, one router or access device indicates to the other communicating device that it is willing
to combine multiple connections and treat them as a single physical pipe. It does this by sending along
a multilink option message as part of its initial LCP option negotiation.
Once a multilink session is successfully opened, MLPPP at the sending side receives network protocol
data units (PDUs) from higher-layer protocols or applications. It then fragments those PDUs into smaller
packets, adds an MLPPP header to each fragment and sends them over the available PPP links. On the
receiving end, the MLPPP software takes the fragmented packets from the different links, puts them in
their correct order based on their MLPPP headers and reconverts them to their original network-layer
PDUs.
What is PPP fragmentation?
In case of MLPPP you can enable packet fragmentation. When packet fragmentation is not enabled,
packets are sent whole across the channels. When packet fragmentation is enabled, larger packets are
divided into smaller fragments and distributed over all the channels in use. Sending the packets in this
way reduces transit times. The receiver collects the fragments, reassembles them, and delivers them in
the original intended order.
What is multiclass PPP?
Multiclass PPP recovers some unused bits in the PPP multilink header to allow separate streams within
a single PPP session. This allows for Frame Relay like features within this PPP session. It also facilitates
QoS over a single PPP link. However, the number of sessions possible is small compared to Frame
Relay.
6.4.2 Automatically obtaining IP addresses in PPP
In case of PPP, the Telindus 1421 SHDSL Router can learn the local IP address of a PPP link.
In case of PPP, the Telindus 1421 SHDSL Router can learn the remote IP address of a PPP link.
6.4.3 Configuring IP addresses in PPP
To configure IP addresses on a PPP(oA) link, proceed as follows:
Step Action
1 In case you set up a …

• PPP link on the WAN interface, then you have to configure the IP related parameters
using the ip structure in the wanInterface/ppp object.
• PPPoA link on the WAN interface, then you actually configure the IP addresses on
ATM PVC level. So in that case, you have to configure the IP related parameters the
ip structure of the pvcTable.
PPP link on WAN
In the ppp object, select the ip structure.
PPPoA link on WAN
In the atm object, select the pvcTable and then select

the ip structure.
2 In the ip structure, configure the following elements:

• address. Use this element to assign an IP address to the local end of the PPP(oA) link.
• netMask. Use this element to assign an IP subnet mask to the local end of the PPP(oA)
link.
• remote. Use this element to assign an IP address to the remote end of the PPP(oA)
link.
• unnumbered. In case you do not explicitly configure a local IP address for an PPP(oA)
link, then you can use this element to "borrow" the IP address of another interface for
which an IP address is already configured.
• acceptLocAddr. Use this element to determine whether to accept or reject the local IP
address being imposed by the remote side.
• acceptRemAddr. Use this element to determine whether to accept or reject the remote
IP address being imposed by the remote side.
Refer to 5.2.3 - Explaining the ip structure on page 54 for a complete description of the ip
structure.
6.4.4 Imposing IP addresses on the remote in PPP
As can be seen in 6.4.2 - Automatically obtaining IP addresses in PPP on page 127, in case of PPP the
Telindus 1421 SHDSL Router can learn IP addresses from the remote side. What is more, in case of
PPP the Telindus 1421 SHDSL Router itself can impose IP addresses on the remote.
To impose IP addresses on the remote, proceed as follows:
Step Action
1 On the Telindus 1421 SHDSL Router, configure a local and remote IP address on the
PPP link.
Refer to 6.4.3 - Configuring IP addresses in PPP on page 129.
2 On the remote device (e.g. a Telindus 1031 Router), configure nor a local nor a remote
address on the PPP link.
⇒Once the PPP handshake reaches the IPCP stage, the Telindus 1031 Router will
declare to the Telindus 1421 SHDSL Router that it has no IP addresses on its PPP
link. The Telindus 1421 SHDSL Router on its turn will impose the local and remote
IP address of the PPP link on the Telindus 1031 Router.
⇒What is more, the Telindus 1031 Router adds a route towards the Telindus 1421
SHDSL Router. Also see the explanation of the element gatewayPreference on
page 56.
Note that the IP configuration attributes acceptLocAddr and acceptRemAddr on the Tel-
indus 1031 Router have to be set to enabled. Else the Telindus 1031 Router will
not accept the IP addresses imposed by the Telindus 1421 SHDSL Router.
Example - imposing IP addresses on the remote in PPP

6.4.5 Configuring link monitoring
Refer to 6.4.1 - Introducing PPP on page 123 for an introduction on link monitoring.
To configure link monitoring on a PPP(oA) link, proceed as follows:
Step Action
1 PPP link on WAN
In the ppp object, select the linkMonitoring structure.
PPPoA link on WAN
In the atm object, select the pvcTable and then

select the linkMonitoring structure.
2 The linkMonitoring structure contains the following elements:

• operation. Use this element to enable or disable link monitoring.
• interval. Use this element to set the time interval between two consecutive echo
requests.
• replyTimeOut. Use this element to set the time the Telindus 1421 SHDSL Router waits
for a reply on the echo request.
• failsPermitted. Use this element to set the number of echo requests that may fail before
the Telindus 1421 SHDSL Router declares the PPP link down.
Refer to telindus1421Router/wanInterface/ppp/linkMonitoring on page 390 for a complete descrip-

tion of the linkMonitoring structure.
6.4.6 Configuring PAP
Refer to 6.4.1 - Introducing PPP on page 123 for an introduction on PAP.

To configure PAP on a PPP(oA) link, proceed as follows:
Step Action
1 On the authenticating router, configure the PPP attributes authentication and authenPeriod.
• authentication. Use this attribute to set the PPP authentication to PAP.
• authenPeriod. Use this attribute to determine the interval at which the PPP link is
authenticated once it has been set up.
Refer to 11.5.3 - PPP configuration attributes on page 387 for a detailed description of
the ppp attributes.
2 On the peer router, configure the following attributes:

• sysName. Use this attribute to set the name of the peer. This is used in the authentica-
tion process. Alternatively, you can use the sessionName attribute. Refer to 6.4.10 - Use
which name and secret attributes for PPP authentication? on page 138 for more infor-
mation on what to use.
• sysSecret. Use this attribute to set the secret of the peer. This is used in the authenti-
cation process. Alternatively, you can use the sessionSecret attribute. Refer to 6.4.10 -
Use which name and secret attributes for PPP authentication? on page 138 for more
information on what to use.
3 Again on the authenticating router, go to the router object and configure the pppSecretTable.
In this table, enter the name and secret you configured on the peer in step 2. These are
used in the authentication process.
How exactly all these configuration attributes are used in the authentication process is explained in the
6.4.7 - How does PAP work? on page 133.
6.4.7 How does PAP work?
Refer to 6.4.1 - Introducing PPP on page 123 for an introduction on PAP.
PAP authentication in one direction
The router authenticates after building its LCP layer and prior to building the IPCP layer. If the authenti-
cation succeeds, then the PPP link is built further until data can be sent. Else PPP starts its handshake
again.
Consider the following example: router A (the Telindus 1421 SHDSL Router) is the authenticator and
router B is the peer. Router A is configured for PAP authentication and router B is not. The authentication
process goes as follows:
Phase Description
1 Router B wants to establish a PPP link with router A (the Telindus 1421 SHDSL Router).
2 Router A asks router B to authenticate himself.
3 Router B sends its name1 and its secret2 to router A.
4 Router A looks up the name of router B in its pppSecretTable to find a corresponding secret.
If the secret found in the pppSecretTable matches the secret received from router B, then
the authentication succeeded and a PPP link is established. Else the authentication failed
and no PPP link is established.
1. Depending on how router B is configured, this can be its sysName or sessionName.

2. Depending on how router B is configured, this can be its sysSecret or sessionSecret.
The following figure shows the PAP authentication process:

PAP authentication in both directions
If PAP authentication is enabled on both routers, then they both request and respond to the authentica-
tion. If the remote router is a router from another vendor, then read the documentation in order to find
out how to configure the PAP name and secret values.
6.4.8 Configuring CHAP
Refer to 6.4.1 - Introducing PPP on page 123 for an introduction on CHAP.

To configure CHAP on a PPP(oA) link, proceed as follows:
Step Action
1 On the authenticating router, configure the PPP attributes authentication and authenPeriod.
• authentication. Use this element to set the PPP authentication to CHAP (or MS-CHAP
or MS-CHAP v2).
• authenPeriod. Use this attribute to determine the interval at which the PPP link is
authenticated once it has been set up.
Refer to 11.5.3 - PPP configuration attributes on page 387 for a detailed description of
the ppp attributes.
2 On the peer router, configure the following attributes:

• sysName. Use this attribute to set the name of the peer. This is used in the authentica-
tion process. Alternatively, you can use the sessionName attribute. Refer to 6.4.10 - Use
which name and secret attributes for PPP authentication? on page 138 for more infor-
mation on what to use.
• sysSecret. Use this attribute to set the secret of the peer. This is used in the authenti-
cation process. Alternatively, you can use the sessionSecret attribute. Refer to 6.4.10 -
Use which name and secret attributes for PPP authentication? on page 138 for more
information on what to use.
3 Again on the authenticating router, go to the router object and configure the pppSecretTable.
In this table, enter the name and secret you configured on the peer in step 2. These are
used in the authentication process.
How exactly all these configuration attributes are used in the authentication process is explained in the
6.4.9 - How does CHAP work? on page 136.
6.4.9 How does CHAP work?
Refer to 6.4.1 - Introducing PPP on page 123 for an introduction on CHAP.
CHAP authentication in one direction
The router authenticates after building its LCP layer and prior to building the IPCP layer. If the authenti-
cation succeeds, then the PPP link is built further until data can be sent. Else PPP starts its handshake
again.
Consider the following example: router A (the Telindus 1421 SHDSL Router) is the authenticator and
router B is the peer. Router A is configured for CHAP authentication and router B is not. The authenti-
cation process goes as follows:
Phase Description
1 Router B wants to establish a PPP link with router A (the Telindus 1421 SHDSL Router).
2 Router A asks router B to authenticate himself. So router A sends a challenge packet

containing a random value to router B.
The challenge packet also contains the sysName of router A. If the peer (router B)
is also a Telindus Router, then it does nothing with it. Other vendors, however, may
use this sysName to determine which secret to use in the authentication process.
Check the vendor’s documentation.
3 Router B feeds the random value and its secret1 into the MD5 hash generator, resulting
in a hash value.
4 Router B sends a response packet containing the hash value and its name2.
5 Router A looks up the name of router B in its pppSecretTable to find a corresponding secret.
This secret found in the pppSecretTable and the random value router A sent in step 2 is fed
into the MD5 hash generator, resulting in a hash value. If this hash value equals the hash
value received from router B, then the authentication succeeded and a PPP link is estab-
lished. Else the authentication failed and no PPP link is established.
1. Depending on how router B is configured, this can be its sysSecret or sessionSecret.

2. Depending on how router B is configured, this can be its sysName or sessionName.
The following figure shows the authentication process:
CHAP authentication in both directions
If CHAP authentication is enabled on both routers, then they both request and respond to the authenti-
cation. If the remote router is a router from another vendor, then read the documentation in order to find
out how to configure the CHAP name and secret values.
6.4.10 Use which name and secret attributes for PPP authentication?
Older firmware versions only used the sysName and the router/sysSecret attributes in their PPP authentica-
tion process. Newer firmware versions, however, have two new attributes for PPP authentication pur-
poses being: ppp/sessionName and ppp/sessionSecret. This enhancement allows you to define different
names and secrets for each PPP link (whereas before all PPP links used the same sysName and sysSecret
attribute).
So suppose you have several ATM PVCs on which you all run PPPoA, you can use a different name
and secret for each PPPoA link by configuring per PVC the sessionName and sessionSecret in the ppp struc-
ture of the atm/pvcTable attribute.
Refer to …
• telindus1421Router/sysName on page 352
• telindus1421Router/router/sysSecret on page 422
• telindus1421Router/wanInterface/ppp/sessionName on page 392
• telindus1421Router/wanInterface/ppp/sessionSecret on page 392
Important remarks
• If on a PPP link authentication is enabled and the sessionName/sessionSecret attributes are not filled in,
then the sysName/sysSecret attributes are used in the PPP authentication process for that link.
• If on a PPP link authentication is enabled and the sessionName/sessionSecret attributes are filled in, then
the sysName/sysSecret attributes are ignored and are not used in the PPP authentication process for
that link.
• If you have several PPP links and you use a different name and secret for each link (using the ses-
sionName/sessionSecret attributes), then do not forget to add all these names and secrets in the
pppSecretTable of the authenticator.
• The sysName/sysSecret attributes do not serve as “back-up” for the sessionName/sessionSecret attributes.
This means that if for some reason authentication using the sessionName/sessionSecret attributes fails
(e.g. because the secrets do not match), then the authenticator does not restart the authentication
process using the sysName/sysSecret attributes instead.
• If you have several PPP links, it is allowed to use a specific name and secret on some of them (using
the sessionName/sessionSecret attributes) and use a general name and secret for the rest (using the
sysName/sysSecret attributes). In that case, make sure that for the latter the sessionName/sessionSecret
attributes are not configured (i.e. their value fields are empty).
6.4.11 Setting up multilink PPP
MLPPP means running a PPP bundle over several physical interfaces. In case you only have one phys-
ical interface towards the WAN, setting up MLPPP seems a bit awkward. However, if you want to enable
PPP fragmentation or set up multiclass PPP links, then you have to set up a PPP bundle even if it means
setting up a bundle on just one physical interface. This because PPP fragmentation and multiclass PPP
are part of the MLPPP feature set.
Note that you can also set up MLPPP for a PPPoA link.
Setting up MLPPP on the SHDSL line
To set up MLPPP on a PPP link, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go

to the wanInterface object and set the encapsulation attribute
to ppp.
2 In the Telindus 1421 SHDSL Router contain-

ment tree, go to the wanInterface/ppp object and
set …
• the mode attribute to multiLink.
• the operation element in the linkMonitoring struc-
ture to enabled. This allows that when a mem-
ber (i.e. a PPP link) of the PPP bundle goes
down, the PPP bundle falls back to a lower
speed and vice versa.
3 Create a PPP bundle.

In the Telindus 1421 SHDSL Router containment tree,
go to the bundle object and add a pppBundle[ ] object underneath (refer to 4.4 - Adding an
object to the containment tree on page 42).
E.g. pppBundle[myPppBundle]
Step Action
4 Configure the attributes of the pppBundle[ ] object you just added. The most important
attributes are:
• members. Use this attribute to make the WAN interface a member of
the PPP bundle. Do this by adding one entry to the members table
and by typing “wan” as value of the interface element.
• ip. Use this attribute to configure the IP related parameters of the
PPP bundle.
• mode. Use this attribute to determine whether the packets are treated by the routing
process, the bridging process or both.
Refer to 11.8.1 - PPP bundle configuration attributes on page 411 for more information
on the configuration attributes of the PPP bundle.
Setting up MLPPP on a PPPoA link
To set up MLPPP on a PPPoA link, proceed as follows:
Step Action
1 Set up a PPPoA link. Refer to 6.2.10 - Configuring PPP over ATM (PPPoA) on page 104.
Note that it is important to set the operation element in the linkMonitoring structure to
enabled. This allows that when a member (i.e. a PPP link) of the PPP bundle goes
down, the PPP bundle falls back to a lower speed and vice versa.
2 Create a PPP bundle.

In the Telindus 1421 SHDSL Router containment tree,
go to the bundle object and add a pppBundle[ ] object underneath (refer to 4.4 - Adding an
object to the containment tree on page 42).
E.g. pppBundle[myPppBundle]
3 Configure the attributes of the pppBundle[ ] object you just added. The most important
attributes are:
• members. Use this attribute to make an ATM PVC (running PPPoA)
a member of the PPP bundle. Do this by adding an entry to the mem-
bers table and by typing the name of the ATM PVC as value of the
interface element.
• ip. Use this attribute to configure the IP related parameters of the PPP bundle.
• mode. Use this attribute to determine whether the packets are treated by the routing
Refer to 11.8.1 - PPP bundle configuration attributes on page 411 for more information
on the configuration attributes of the PPP bundle.
6.4.12 Enabling PPP fragmentation
Setting up multilink PPP (MLPPP) allows you to enable PPP fragmentation. Refer to 6.4.1 - Introducing
PPP on page 123 for an introduction on PPP fragmentation.
Important remark
Note that PPP fragmentation is actually a part of the MLPPP feature set. So in case you want to enable
PPP fragmentation, you actually have to set up a PPP bundle. Even if you want to enable PPP fragmen-
tation on just one interface!
To enable PPP fragmentation, proceed as follows:
Step Action
1 Set up MLPPP as described in 6.4.11 - Setting up multilink PPP on page 139.

Note that if you want to enable PPP fragmentation on just one interface, you have to cre-
ate a PPP bundle with just one member.
2 In the pppBundle[ ] object you created in step 1, set the fragmentation attribute to enabled.
6.4.13 Setting up multiclass PPP
Setting up multilink PPP (MLPPP) allows you to set up multiclass PPP. Refer to 6.4.1 - Introducing PPP
on page 123 for an introduction on multiclass PPP.
Important remark
Note that multiclass PPP is actually a part of the MLPPP feature set. So in case you want to set up mul-
ticlass PPP, you actually have to set up a PPP bundle. Even if you want to enable multiclass PPP on
just one interface!
To set up multiclass PPP, proceed as follows:
Step Action
1 Set up MLPPP as described in 6.4.11 - Setting up multilink PPP on page 139.

Note that if you want to set up multiclass PPP on just one interface, you have to create a
PPP bundle with just one member.
2 In the pppBundle[ ] object you created in step 1, select the multiclassInterfaces attribute and
add one or more entries to this table.
Use this attribute to set up multiclass PPP links. Add a row to the multiclassInterfaces table
for each multiclass PPP link you want to create.
Step Action
3 Configure the elements of the multiclass PPP link you just created. These elements are:
• name. Use this element to assign an administrative name to the multiclass PPP link.
• adminStatus. Use this element to activate (up) or deactivate (down) the multiclass PPP
link.
• mode. Use this element to determine whether, for the corresponding multiclass PPP
link, the packets are treated by the routing process, the bridging process or the switch-
ing process.
• ip. Use this element to configure the IP related parameters of the multiclass PPP link.
Refer to 5.2.3 - Explaining the ip structure on page 54 for more information.
• bridging. Use this element to configure the bridging related parameters of the multiclass
PPP link in case the link is in bridging mode (i.e. in case the mode element is set to
bridging). Refer to 8.2.6 - Explaining the bridging structure on page 243 for more infor-
mation.
• multiclass. Use this element to configure the multiclass specific parameters of the mul-
ticlass PPP link. The multiclass element contains the following sub-elements:
- multiclass. Use this element to set a multiclass identifier for the multiclass PPP link.
- defaultQueue. Use this element to select a default queue. This allows you to easily
set up a traffic policy without having to create and apply traffic policy profiles. How-
ever, you still have to create and apply a priority policy profile to empty the queues.
Refer to 7.8.9 - The default queue attribute versus a traffic policy profile on
page 215 for more information.
Refer to telindus1421Router/bundle/pppBundle[ ]/multiclassInterfaces on page 413 for a detailed

description of the multiclassInterfaces table.
Example - configuring multiclass PPP
Suppose you want to set up 2 multiclass PPP links on the WAN. In that case you have to create a PPP
bundle with only one member, being the WAN interface, and configure the relevant attributes in this bun-
dle. This is shown in the following figure:
6.5 Configuring HDLC encapsulation
This section introduces the HDLC encapsulation protocol and gives a short description of the attributes
• 6.5.1 - Introducing HDLC on page 146
• 6.5.2 - Configuring HDLC on page 146
6.5.1 Introducing HDLC
High-level Data Link Control (HDLC) encapsulation means that the Ethernet frames are put in an HDLC
frame without any additional encapsulation (such as Frame Relay or PPP). This means that there is no
protocol which monitors the status of the link, but it also means that there is no encapsulation overhead.
Because the Ethernet frames are directly encapsulated, only bridging is possible.
Important remark
The HDLC encapsulation on the Telindus 1421 SHDSL Router is compatible with the HDLC encapsula-
tion on the Crocus Bridge interface. It is however not compatible with the Cisco HDLC encapsulation.
6.5.2 Configuring HDLC
In case of HDLC encapsulation, the only thing that is configurable are some bridging parameters. Refer
to telindus1421Router/wanInterface/hdlc/bridging on page 394.
6.6 Configuring an error test
The Telindus 1421 SHDSL Router features an internal layer 2 error test pattern generator / detector. This
section explains how to set up an error test.
To set up an error test, proceed as follows:
Step Action
1 Set the encapsulation attribute to errorTest.
2 Go to the errorTest object, select the Configuration tab and configure the following attributes:
• testType. Use this attribute to select a test pattern. If you set the testType attribute to pro-
grammablePattern, then you can generate your own test pattern by typing a test pattern
in the programmablePattern attribute (see below).
• blockSize. Use this attribute to set the size of the test blocks.
• programmablePattern. Use this attribute to generate your own test pattern. Do this by typ-
ing a test pattern in the programmablePattern attribute and by setting the testType attribute
to programmablePattern.
3 Now select the Performance tab and execute the startTest action.
⇒The error test is started. You can monitor the results in the Status group and Perform-
ance group.
You can also inject errors by executing the injectError action.
4 To stop the error test, execute the stopTest action. You can then clear all the counters by
executing the clearCounter action.
Due to RAM limitations, it is possible that not all test patterns are supported. In that case the string ram-
Limit is displayed as value of the status attribute telindus1421Router/wanInterface/errorTest/status.
User manual Configuring routing
7 Configuring routing
This chapter introduces routing on the Telindus 1421 SHDSL Router and lists the attributes you can use
to configure routing. It also introduces the most important features of the router besides routing and lists
the attributes you can use to configure these features.
• 7.1 - Introducing routing on page 150
• 7.2 - Enabling routing on an interface on page 151
• 7.3 - Configuring static routes on page 152
• 7.4 - Configuring policy based routing on page 160
• 7.5 - Configuring RIP on page 165
• 7.6 - Configuring OSPF on page 173
• 7.7 - Configuring address translation on page 182
• 7.8 - Configuring traffic and priority policy on the router on page 200
• 7.9 - Configuring VRRP on page 218
1421 SHDSL Router.
7.1 Introducing routing
What is routing?
Routing is the act of moving information across an internetwork from a source to a destination.
Routing versus bridging
Routing is often contrasted with bridging. At first sight, bridging might seem to do the same as routing.
The primary difference between the two is that bridging occurs at layer 2 (the link layer) of the OSI ref-
erence model, whereas routing occurs at Layer 3 (the network layer). In other words, bridging occurs at
a lower level and is therefore more of a hardware function whereas routing occurs at a higher level where
the software component is more important. And because routing occurs at a higher level, it can perform
more complex analysis to determine the optimal path for the packet.
Basic routing activities
Routing involves two basic activities:

• determining optimal routing paths,
• transporting information groups (typically called packets).
Determining the optimal routing path
In order to determine a routing path, routers initialise and maintain routing tables. These routing tables
contain a variety of information. For example:
• Destination/next hop associations tell a router that a particular destination can be reached optimally
by sending the packet to a particular router representing the "next hop" on the way to the final desti-
nation. When a router receives an incoming packet, it checks the destination address and attempts
to associate this address with a next hop.
• Desirability of a path. Routers use metrics to evaluate what path will be the best for a packet to travel.
Routers communicate with one another and maintain their routing tables through the transmission of a
variety of messages. The routing update message is one such message that generally consists of all or
a portion of a routing table. By analysing routing updates from all other routers, a router can build a
detailed picture of network topology.
Transporting packets
In most cases, a host determines that it must send a packet to another host. Having acquired a router's
address by some means, the source host sends a packet addressed specifically to a router's physical
(i.e. Media Access Control or MAC) address, this time with the protocol (i.e. network) address of the des-
tination host.
As it examines the packet's destination protocol address, the router determines that it either knows or
does not know how to forward the packet to the next hop. If the router does not know how to forward the
packet, it typically drops the packet. If the router knows how to forward the packet, however, it changes
the destination physical address to that of the next hop and transmits the packet.
The next hop may be the ultimate destination host. If not, the next hop is usually another router, which
executes the same switching decision process. As the packet moves through the internetwork, its phys-
ical address changes, but its protocol address remains constant.
7.2 Enabling routing on an interface
Refer to 7.1 - Introducing routing on page 150 for an introduction.

Per IP interface you can determine whether you perform routing, bridging or both. The following table
shows, for each IP interface, how to enable routing on this interface:
Interface How to enable routing?
LAN interface Set the mode attribute to routing or routingAndBridging. The mode attribute can be found
in the lanInterface object: telindus1421Router/lanInterface/mode.
Important remark

VLAN on the Set the mode element to routing or routingAndBridging. The mode element can be found
LAN interface in the vlan table which is located in the lanInterface object: telindus1421Router/lanInter-
face/vlan/mode.
ATM PVC Set the mode element to routing or routingAndBridging. The mode element can be found
in the pvcTable table which is located in the atm object: telindus1421Router/wanInterface/
atm/pvcTable/mode.
PPP link Set the mode element to routing or routingAndBridging. The mode element can be found
in the ppp object: telindus1421Router/wanInterface/ppp/mode.
Frame Relay Set the mode element to routing or routingAndBridging. The mode element can be found
PVC in the dlciTable table which is located in the frameRelay object: telindus1421Router/wan-
Interface/frameRelay/dlciTable/mode.
L2TP tunnel Set the mode element to routing or routingAndBridging. The mode element can be found
in the l2tpTunnels table which is located in the tunnels object: telindus1421Router/router/
tunnels/l2tpTunnels/mode.
IPSEC L2TP Set the mode element to routing or routingAndBridging. The mode element can be found
tunnel in the ipsecL2tpTunnels table which is located in the tunnels object: telindus1421Router/
router/tunnels/ipsecL2tpTunnels/mode.
7.3 Configuring static routes
This section introduces static routing and gives a short description of the attributes you can use to con-
figure static routing.
• 7.3.1 - Introducing static routing on page 153
• 7.3.2 - Configuring a default route on page 154
• 7.3.3 - Configuring the routing table on page 155
• 7.3.4 - Configuring the routing table - rules of thumb on page 158
• 7.3.5 - The rerouting principle on page 159
7.3.1 Introducing static routing
Static versus dynamic routing
The following table states the differences between static and dynamic routing:
Routing algo- Description

rithm
static Static routing algorithms are hardly algorithms at all, but are table mappings estab-
lished by the network administrator before the beginning of routing. These map-
pings do not change unless the network administrator alters them. Static routing
algorithms work well in environments where network traffic is relatively predictable
and where network design is relatively simple.
dynamic Because static routing systems cannot react to network changes, they generally
are considered unsuitable for today's large, constantly changing networks. Most of
the dominant routing algorithms today are dynamic routing algorithms, which
adjust to changing network circumstances by analysing incoming routing update
messages. If the message indicates that a network change has occurred, the rout-
ing software recalculates routes and sends out new routing update messages.
These messages permeate the network, stimulating routers to rerun their algo-
rithms and change their routing tables accordingly.
Also refer to …
• 7.5.1 - Introducing RIP on page 166.
• 7.6.1 - Introducing OSPF on page 174.
static and Dynamic routing algorithms can be supplemented with static routes where appro-
dynamic priate. A router of last resort (a router to which all unroutable packets are sent), for
example, can be designated to act as a repository for all unroutable packets,
ensuring that all messages are at least handled in some way.
What is a default route?
A default route is a route (also called gateway) that is used to direct packets addressed to networks not
explicitly listed in the routing table. A default route is also typically used when only one specific remote
network has to be reached.
What is a routing table?
The routing table is composed of a set of routes that are known to the router. It includes a list of known
addresses, as well as information to get a packet one router closer to its final destination. Routing tables
can be static (with routes manually entered by the network administrator) or dynamic (where routers
communicate to exchange connection and route information using e.g. RIP).
7.3.2 Configuring a default route
Refer to 7.3.1 - Introducing static routing on page 153 for an introduction on the default route.
To configure a default route, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router

containment tree, go to the router
object and select the defaultRoute attribute.
2 Configure the elements in the defaultRoute structure. The most important elements are:
• gateway. Use this element to specify the IP address of the next router that will route all
packets for which no specific (static or dynamic) route exists in the routing table.
• interface. Use this element to specify the interface through which the gateway can be
reached. Do this by typing the name of the interface as you assigned it using the con-
figuration attribute name (e.g. telindus1421Router/lanInterface/name). Note that this interface
can also be a DLCI, PVC, tunnel, etc.
Refer to telindus1421Router/router/defaultRoute on page 417 for more information on.
Example - configuring a default route
Suppose network 1 is connected over a network of an operator to network 2. Network 1 only needs to
reach network 2. So for the router in network 1 it suffices to configure a default route towards network 2.
Configure the defaultRoute attribute of Router A as follows:

7.3.3 Configuring the routing table
Refer to 7.3.1 - Introducing static routing on page 153 for an introduction on the routing table.
To configure the routing table, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router

containment tree, go to the router object
and select the routingTable attribute.
2 Configure the elements in the routingTable:

• network. Use this element to specify the IP address of the destination network.
• mask. Use this element to specify the network mask of the destination network.
• gateway. Use this element to specify the IP address of the next router on the path to
the destination network.
• interface. Use this element to specify the interface through which the destination net-
work can be reached. Do this by typing the name of the interface as you assigned it
using the configuration attribute name (e.g. telindus1421Router/lanInterface/name). Note that
the “interface” can also be a DLCI, PVC, tunnel, etc.
• preference. Use this element to set the level of importance of the route.
• metric. Use this element to set with how much the metric parameter of a route has to
be incremented.
Refer to telindus1421Router/router/routingTable on page 418 for more information.

Example - configuring a static route (WAN IP address is present)
Suppose network 1 is connected over a network of an operator to network 2. The two routers have an
IP address on their WAN interface.
To make network 192.168.48.0 reachable from network 192.168.47.0 and vice versa, you have to define
one static route in Router A and one static route in Router B. So configure the routingTable attribute of
Router A and B as follows:
Example - configuring a static route (WAN IP address is not present)
Suppose network 1 is connected over a network of an operator to network 2. The two routers do not have
an IP address on their WAN interface, only on their LAN interface.
To make network 192.168.48.0 reachable from network 192.168.47.0 and vice versa, you have to define
one static route in Router A and one static route in Router B. So configure the routingTable attribute of
Router A and B as follows:
7.3.4 Configuring the routing table - rules of thumb
The following table lists some rules when configuring the routingTable:
Rule Description
1 As a rule of thumb, one can say that the interface name has priority over the gateway.
2 In case you enter a correct (i.e. existing) interface name and in case it refers to a …
• point-to-point (PTP) interface, the route is always added to the routing table, no matter
which gateway (GW) is specified.
• multi-point (MP) interface, then …
- the route is only added to the routing table when a local gateway is specified.
- the route is not added to the routing table when no gateway is specified.
- a reroute occurs when no local gateway is specified.
3 In case you enter an incorrect interface name, the route is not added to the routing table.
4 In case you enter no interface name then …

• the route is added to the routing table when a local gateway is specified.
• the route is not added to the routing table when no gateway is specified.
• the route is not added to the routing table when the gateway lies within the configured
network route. For example: network = 10.0.0.0; mask = 255.255.255.0; gateway =
10.0.0.1.
• a reroute occurs when no local gateway is specified.
The following table summarises the above:
Interface name Gateway Result
correct none (0.0.0.0) • PTP: route added

• MP: route not added
correct local route added (always)
correct not local • PTP: route added1

• MP: rerouted
incorrect - route not added
no name local for an interface routed added
no name not local for an interface rerouted to gateway

Exception:
• GW = none (0.0.0.0) • route not added
• GW lies in configured net- • route not added
work route
1. In the routingTable status, the configured gateway will appear but for the routing itself the gate-
way is ignored.
7.3.5 The rerouting principle
What is the rerouting principle?
If the gateway of a route does not belong to the subnet of an interface, then the Telindus 1421 SHDSL
Router adds a special route. Then a second route look-up occurs, this time using the gateway field of
the route. This can be used as a back-up functionality as shown below.
Example
Suppose you have

the following set-up:
In the routing table,

the following routes
are defined:
• network
172.31.75.0 is
reachable via
172.31.77.10
• 172.31.77.10 is
reachable via
PVC A
(172.31.77.2)
• 172.31.77.10 is
also reachable
via PVC B
(172.31.77.6)
Now in order to reach network 172.31.75.0, PVC A is used. However, when PVC A goes down, the Tel-
indus 1421 SHDSL Router automatically uses PVC B in order to reach network 172.31.75.0. I.e. it auto-
matically “reroutes” and this without the need of a routing protocol.
Important remarks
• This only works for the entries of the routing table, not for the default gateway.
• This type of route is always up.
• In the status information, the interface element of such a route displays internal.
7.4 Configuring policy based routing
This section introduces the policy based routing and gives a short description of the attributes you can
use to configure policy based routing.
• 7.4.1 - Introducing policy based routing on page 161
• 7.4.2 - Setting up policy based routing on page 162
7.4.1 Introducing policy based routing
What is policy based routing?
Normal routing is based on the destination IP address. Policy based routing offers the possibility to
define different routing entries based on additional information. Traffic is routed to a certain interface or
gateway based on e.g. the source IP address, the IP protocol, etc.
7.4.2 Setting up policy based routing
Refer to 7.4.1 - Introducing policy based routing on page 161 for an introduction.
To configure policy based routing, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to

the router object and add a trafficPolicy[ ] object underneath
(refer to 4.4 - Adding an object to the containment tree on
page 42).
2 Select a traffic policy method. Do this using the

method attribute in the traffic policy object you added
in step 1.
In case of policy based routing, you can only use
trafficShaping or tosMapped, not tosDiffServ.
3 Configure the policy criteria for the traffic policy method you selected in step 2.
If you choose then use the following attribute in the traffic policy object to
the method … configure the policy criteria:
trafficShaping, trafficShaping.
So using the elements in this table you can route traffic based on
IP source and destination address, TOS values, IP protocol, etc.
tosMapped, tos2QueueMapping.
So using the elements in this table you can route traffic based on
TOS values.
For more information on these attributes, refer to …

• telindus1421Router/router/trafficPolicy[ ]/trafficShaping on page 467.
• telindus1421Router/router/trafficPolicy[ ]/tos2QueueMapping on page 472.
4 Now you have to determine to which interface and gateway the traffic is routed. Do this
using the interface and gateway elements that you find in the traffic policy tables you config-
ured in step 3.
Example - configuring policy based routing
Suppose you have two networks which are interconnected over an ATM network. Network 1 carries a
mix of data and voice traffic. The traffic on this network is differentiated by setting the Type Of Service
(TOS) values in the IP packet headers (data = 0, voice = 10). When the traffic is routed from network 1
to network 2 you want that the data traffic and the voice traffic each go over a separate PVC.
Sketched in broad outlines, this is how you configure the above:
Step Action
1 Set up two ATM PVCs.

For example:
• Configure one ATM PVC that will carry the data traffic, e.g. pvcTable/name = dataPvc.
• Configure another ATM PVC that will carry the voice traffic, e.g. pvcTable/name =
voicePvc.
Since this is not the main subject of this example, refer for more information on creating
ATM PVCs to 6.2.2 - Configuring ATM PVCs on page 93.
2 Create and configure an IP traffic policy for policy based routing purposes.
For example:
• Create a trafficPolicy[myIpPol] object.
• Set the method attribute to tosMapped.
• In the tos2QueueMapping table, create two entries and define the startTos, endTos, interface
and gateway elements of each entry in such a way that the data traffic and the voice
traffic each go over a separate PVC.
The following figure shows how to configure policy based routing:

7.5 Configuring RIP
This section introduces the Routing Information Protocol (RIP) and gives a short description of the
attributes you can use to configure RIP.
• 7.5.1 - Introducing RIP on page 166
• 7.5.2 - Enabling RIP on an interface on page 167
• 7.5.3 - Explaining the rip structure on page 169
• 7.5.4 - Enabling RIP authentication on an interface on page 172
7.5.1 Introducing RIP
What is RIP?
The Routing Information Protocol (RIP) is a protocol that routers use to exchange dynamic routing infor-
mation. RIP can be enabled or disabled per interface.
There are two main RIP modes:
RIP mode Description
passive Received RIP updates are parsed, but no RIP updates are transmitted.
active RIP updates are transmitted and received.
How does RIP work?
When RIP is enabled, the Telindus 1421 SHDSL Router advertises every 30 seconds its routing infor-
mation to adjacent routers. It also receives the routing information from the adjacent routers. With this
information it adapts its routing table dynamically. If after 180 seconds no information about a certain
route has been received, then this route is declared down. If after an additional 120 seconds (i.e. 300
seconds in total) still no information about the route has been received, then this route is deleted from
the routing table.
RIP support
The Telindus 1421 SHDSL Router supports RIP protocol version 1, 1-compatible and 2. RIP version 1
is a very common routing protocol. Version 2 includes extra features like variable subnet masks and
authentication. Check which RIP version is used by the other routers in the network.
Currently, the RIPv2 routing protocol requires the use of an IP address on the WAN interface.
RIP authentication
For security reasons the RIP updates that are exchanged between routers can be authenticated. RIP
authentication can be enabled or disabled per interface.
7.5.2 Enabling RIP on an interface
Refer to …
• 7.3.1 - Introducing static routing on page 153 for a comparison between static and dynamic (e.g.
using RIP) routing.
• 7.5.1 - Introducing RIP on page 166 for an introduction on RIP.
To enable dynamic routing using RIP on an IP interface, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the router object and set the
routingProtocol attribute to rip.
This activates the general RIP process on the Telindus 1421 SHDSL Router. Now you
can activate or deactivate RIP per IP interface. Note that by default RIP is activated on
all IP interfaces.
2 Each IP interfaces has an ip structure. Within this ip structure you find a rip structure. Use
the following elements in the rip structure to activate or deactivate RIP per IP interface:
• mode. Use this element to set the transmission and/or reception of RIP updates on the
interface. By default the Telindus 1421 SHDSL Router transmits and receives RIP
updates on all interfaces.
• txVersion. Use this element to set the version of the RIP updates that are transmitted
on the interface.
• rxVersion. Use this element to set which version of received RIP updates is accepted
on the interface.
For example, the following shows the location of the rip structure on the LAN interface:
Refer to …
• 5.2.2 - Where to find the IP parameters? on page 53 for the location of the ip structure
on the different IP interfaces. The rip structure is located within the ip structure.
• 7.5.3 - Explaining the rip structure on page 169 for a detailed explanation of the rip
structure.
Example - configuring RIP
Suppose you want to activate RIP on the LAN interface. What is more, you want that the LAN interface
does not transmit RIP updates but only parses received RIP updates (passive RIP). Furthermore, you
only want to accept RIP version 1 updates on the LAN interface.
The following figure shows how to configure this:
Note that since in this example the mode element is set to passive, the txVersion element is ignored.
7.5.3 Explaining the rip structure
Because the rip structure occurs in several objects, it is described here once and referenced where nec-
essary. The rip structure is located within the ip structure. Refer to 5.2.2 - Where to find the IP parame-
ters? on page 53 for the location of the ip structure.
The rip structure contains the following elements:
Element Description
metric Use this element to determine with how much the Tel- Default:1
indus 1421 SHDSL Router increments the metric Range: 1 … 15
parameter of a route.
Routing information includes a metric parameter. Every time a router is passed,
this parameter is incremented. Also the Telindus 1421 SHDSL Router increments
the metric parameter (default by 1) before it writes the route in the routing table.
Hence, the metric parameter indicates for each route how many routers have to be
passed before reaching the network. When several routes to a single network exist
and they all have the same preference, then the route with the smallest metric
parameter is chosen.
However, using the metric element, you can increment the metric parameter by
more than 1 (up to a maximum of 15). You could do this, for instance, to indicate
that a certain interface is less desirable to route through. As a result, the Telindus
1421 SHDSL Router adds this value to the metric parameter of every route learnt
through that interface.
The metric parameter is also used to represent the directly connected subnets on
the LAN and WAN interfaces.
mode Use this element to set the transmission and/or recep- Default:active
tion of RIP updates on the interface. By default the Range: enumerated, see below
Telindus 1421 SHDSL Router transmits and receives
RIP updates on all interfaces.
The mode element has the following values:
• active. RIP updates are transmitted and received on this interface.
• passive. RIP updates are not transmitted on this interface, but received updates
are parsed.
• disabled. RIP updates are nor transmitted nor received on this interface.
txVersion Use this element to set the version of the RIP updates Default:rip2
that are transmitted on the interface. Range: enumerated, see below
The txVersion element has the following values:
• rip1. The transmitted RIP updates are RIP version 1 updates.
• rip2. The transmitted RIP updates are RIP version 2 updates.
• rip1-compatible. The contents of the RIP update packet is a RIP version 2 packet,
but it is encapsulated as a RIP version 1 packet. This allows some older imple-
mentations of RIP 1 to be interoperable with RIP 2.
Element Description
rxVersion Use this element to set which version of received RIP Default:rip2only
updates is accepted on the interface. Range: enumerated, see below
The rxVersion element has the following values:
• rip1only. Only RIP version 1 received RIP updates are accepted.
• rip2only. Only RIP version 2 received RIP updates are accepted.
• rip1&2. Both RIP version 1 and 2 received RIP updates are accepted.
If you want to accept RIP1-compatible updates on the interface, then set the
rxVersion attribute to rip1&2.
splitHorizon Use this element to enable or disable split horizon Default:poisonedReverse

operation. Range: enumerated, see below
The splitHorizon element has the following values:
• disabled. Split horizon is disabled.
• enabled. Split horizon is enabled.
Split horizon operation prevents that routing information exits the interface
through which the information was received in the first place. This optimises
communications among multiple routers, particularly when links are broken. It
also prevents routing loops.
• poisonedReverse. Poisoned reverse split horizon is used.
Whereas “simple” split horizon simply omits the routes learned from one neigh-
bour in updates sent to that neighbour, poisoned reverse split horizon includes
such routes in updates but sets their metrics to infinity.
Element Description
authentication Use this element to enable or disable RIP authentica- Default:disabled

tion. Range: enumerated, see below
Refer to 7.5.4 - Enabling RIP authentication on an interface on page 172 for more
information on RIP authentication.
The authentication element has the following values:
• disabled. No authentication is used.
• text. The authentication secret is exchanged in clear text.
• md5. Instead of sending the authentication secret together with the RIP
updates, it is hashed together with the routing information into a unique value.
This authentication is the most secure. This because it provides also protection
against tampering with the contents of a packet: both an incorrect password
and modified routing information result in different hash values.
Remarks
•If authentication is enabled (either text or md5), then only updates using that
authentication are processed. All other updates on that interface are discarded.
• If you use md5 and if for a certain interface multiple secrets are present in the
ripv2SecretTable, then the first entry in the ripv2SecretTable is used to transmit RIP
updates. Authentication of the received RIP updates is done by looking for the
first secret with a matching key.
• If you use text and if for a certain interface multiple secrets are present in the
ripv2SecretTable, then only the first entry in the ripv2SecretTable is used to transmit
and receive RIP updates.
filter Use this element to apply a filter on the RIP updates Default:<empty>
on the interface. Range: 0 … 24 characters
Do this by entering the index name of the filter you want to use. You can create the
filter itself by adding a routingFilter object and by configuring the attributes in this
object.
Example
If you created a routingFilter object with index name my_filter (i.e.

routingFilter[my_filter]) and you want to apply this filter here, then enter the
index name as value for the filter element.
Refer to …
• 11.9.6 - Routing filter configuration attributes on page 463 for more information
on RIP filtering.
• 4.4 - Adding an object to the containment tree on page 42 for more information
on adding objects.
7.5.4 Enabling RIP authentication on an interface
Refer to 7.5.1 - Introducing RIP on page 166 for an introduction on RIP authentication.
To enable RIP authentication on a certain interface, proceed as follows:
Step Action
1 In the rip structure, set the authentication element to …

• text. RIP authentication is enabled and the authentication secret is
sent along with the RIP updates in clear text.
• md5. RIP authentication is enabled and the authentication secret is
hashed together with the routing information into a unique value.
Refer to 7.5.3 - Explaining the rip structure on page 169.
2 In the Telindus 1421 SHDSL Router containment tree, go to the router object, select the
ripv2SecretTable attribute and add one or more entries to this table.
3 Configure the elements of an entry in the ripv2SecretTable attribute:

• keyId. Use this element to set a unique identifier for each secret.
• secret. Use this element to define the secret. This secret is sent with the RIP updates
on the specified interface. It is also used to authenticate incoming RIP updates.
• interface. Use this element to specify on which interface the secret is used. Do this by
typing the name of the interface as you assigned it using the configuration attribute
name (e.g. telindus1421Router/lanInterface/name). Note that the “interface” can also be a
DLCI, PVC, tunnel, etc. Entering the string “all” (default) means the secret is used on
all the interfaces.
Refer to telindus1421Router/router/ripv2SecretTable on page 421 for more information.

7.6 Configuring OSPF
This section introduces the OSPF protocol. The following gives an overview of this section:
• 7.6.1 - Introducing OSPF on page 174
• 7.6.2 - Activating OSPF on page 179
• 7.6.3 - Enabling OSPF authentication on page 180
7.6.1 Introducing OSPF
What is OSPF?
The Open Shortest Path First (OSPF) protocol is an Interior Gateway Protocol used to distribute routing
information within a single Autonomous System.
On the Internet, an autonomous system (AS) is either a single network or a group of networks that is
controlled by a common network administrator (or group of administrators) on behalf of a single admin-
istrative entity (such as a university, a business enterprise, or a business division). An autonomous sys-
tem is also sometimes referred to as a routing domain.
Using OSPF, a host that obtains a change to a routing table or detects a change in the network imme-
diately multicasts the information to all other hosts in the network so that all will have the same routing
table information. Unlike the RIP in which the entire routing table is sent, the host using OSPF sends
only the part that has changed. With RIP, the routing table is sent to a neighbour host every 30 seconds.
OSPF multicasts the updated information only when a change has taken place.
What are the OSPF link states?
Rather than simply counting the number of hops, OSPF bases its path descriptions on "link states" that
take into account additional network information. That is why OSPF is called a link-state protocol. A link
can be seen as an interface on the router. The state of the link is a description of that interface and of its
relationship to its neighbouring routers. A description of the interface would include, for example, the IP
address of the interface, the mask, the type of network it is connected to, the routers connected to that
network and so on.
Each router in the Autonomous System originates one or more link state advertisements (LSAs). The
collection of LSAs forms the link-state database. Each separate type of LSA has a separate function.
There 4 distinct types of LSAs:
Link State Packets Description
Router-LSAs • Describes the state and cost of the router ‘s links (interfaces) to the area,
i.e. intra-area.
• Each router will generate a Router-LSA for all of its interfaces.
Network-LSAs Network-LSAs are generated by a Designated Router (DR) on a segment.

This information is an indication of all routers connected to a particular multi-
access segment such as Ethernet, Token Ring and FDDI (DRs will be dis-
cussed further down).
Summary-LSAs • Summary-LSA ‘s provide a way of condensing an area's routing informa-

tion.
• Summary-LSA ‘s describe networks in the Autonomous System, but out-
side of an area, i.e. inter-area. Summary links are generated by an Area
Border Router (ABR, ABRs will be discussed further down).
• By generating summary links, the network reachability information is
shared between areas. Normally, all information is injected into the back-
bone (area 0) and in turn the backbone will pass it on to other areas.
ABRs also have the task of propagating the reachability of the ASBR.
This is how routers know how to get to external routes in other Autono-
mous Systems.
Link State Packets Description
AS-external-LSAs • AS-external-LSAs provide a way of transparently advertising externally-

derived routing information throughout the Autonomous System
• AS-external-LSAs are an indication of networks outside of the AS. These
networks are injected into OSPF via redistribution. External links are
generated by an ASBR (ASBRs will be discussed further down). The
ASBR has the task of injecting these routes into an autonomous system.
What is the backbone area or area 0?
OSPF has special restrictions when multiple areas are involved. If more than one area is configured, one
of these areas has be to be area 0. This is called the backbone. When designing networks it is good
practice to start with area 0 and then expand into other areas later on.
The backbone has to be at the centre of all other areas, i.e. all areas have to be physically connected to
the backbone. The reasoning behind this is that OSPF expects all areas to inject routing information into
the backbone and in turn the backbone will disseminate that information into other areas.
What are areas and border routers?
OSPF uses flooding to exchange link-state updates between routers. Any change in routing information
is flooded to all routers in the network. Areas are introduced to put a boundary on the explosion of link-
state updates. All routers within an area have the exact link-state database.
A router that has all of its interfaces within the same area is called an internal router (IR).
Routers that belong to multiple areas, and connect these areas to the backbone area are called area
border routers (ABR). ABRs must therefore maintain information describing the backbone areas and
other attached areas.
Routers that act as gateways (redistribution) between OSPF and other routing protocols (e.g. RIP) are
called autonomous system boundary routers (ASBR).
In order to minimize the amount of information exchange on a particular segment, OSPF elects one
router to be a designated router (DR), and one router to be a backup designated router (BDR), on each
multi-access segment. The BDR is elected as a backup mechanism in case the DR goes down (the DR
and BDR are elected based upon their OSPF priority). The idea behind this is that routers have a central
point of contact for information exchange. Instead of each router exchanging updates with every other
router on the segment, every router exchanges information with the DR and BDR. The DR and BDR
relay the information to everybody else.
What are stub areas?
OSPF allows certain areas to be configured as stub areas. External networks, such as those redistrib-
uted from other protocols into OSPF, are not allowed to be flooded into a stub area. Routing from these
areas to the outside world is based on a default route. Configuring a stub area reduces the topological
database size inside an area and reduces the memory requirements of routers inside that area.
An area can be called a stub when there is a single exit point from that area or if routing to outside of the
area does not go via an optimal path. The latter description is just an indication that a stub area that has
multiple exit points, will have one or more area border routers injecting a default into that area.
All OSPF routers inside a stub area have to be configured as stub routers. This is because whenever an
area is configured as stub, all interfaces that belong to that area will start exchanging Hello packets with
a flag that indicates that the interface is stub. All routers that have a common segment have to agree on
that flag. If they don't, then they will not become neighbours and routing will not take effect.
What are NSSAs?
Not-so-stubby areas are a type of stub area in which external routes can be flooded.
OSPF areas flood all external routes across area borders. In the presence of large number of external
routes, this may be a problem, as external routes cannot be summarized at the ABRs. Stub areas are
designed to alleviate the problem by preventing external routes from being injected into the stub area,
and instead a default route is injected. Stub areas are incapable of carrying external routes (Type 5
LSAs), and hence are incapable of supporting ASBRs.
NSSAs allow for supporting ASBRs within the NSSA, while maintaining the same behaviour as stub
areas of not injecting external (Type 5) routes coming from the backbone. Thus NSSA routers benefit
from the significant reduction of external routes coming from the backbone, while having the capability
to carry a limited number of externals that originate in the NSSA.
To provide the ability of carrying external routes originated in the NSSA, a new LSA type was defined,
Type 7 LSA. It has the structure and semantics of a Type 5 (External) LSA, with a two differences:
• Type 7 LSAs can be originated and propagated within the NSSA, they do not cross area borders like
Type 5 LSAs do.
• Type 5 LSAs are not supported in NSSA; they can be neither originated nor propagated in NSSA.
In order to allow limited exchange of external information across an NSSA border, NSSA border routers
will translate selected Type-7 LSAs received from the NSSA into Type-5 LSAs. These Type-5 LSAs will
be flooded to all Type-5 capable areas. NSSA border routers may be configured with address ranges so
that multiple Type-7 LSAs may be aggregated into a single Type-5 LSA. The NSSA border routers that
perform translation are configurable. In the absence of a configured translator one is elected.
What are neighbours and adjacency?
Routers that share a common segment become neighbours on that segment. Neighbours are discov-
ered via the Hello protocol. Hello packets are sent periodically out of each interface using IP multicast.
Routers become neighbours as soon as they see themselves listed in the neighbour’s Hello packet. This
way, a two way communication is guaranteed.
Adjacency is the next step after the neighbouring process. Adjacent routers are routers that go beyond
the simple Hello exchange and proceed into the database exchange process. In order to minimize the
amount of information exchange on a particular segment, OSPF elects one router to be a designated
router (DR), and one router to be a backup designated router (BDR), on each multi-access segment
(refer to What are areas and border routers? on page 175).
What is OSPF cost?
The cost of an interface in OSPF is an indication of the overhead required to send packets across a cer-
tain interface. The cost of an interface is inversely proportional to the bandwidth of that interface. A
higher bandwidth indicates a lower cost. There is more overhead (higher cost) and time delays involved
in crossing a 56k serial line than crossing a 10M ethernet line.
The cost of an interface can either be calculated automatically, or the user can overrule the calculated
cost by using his own configuration so that some paths are given preference.
The formula used to calculate the cost is:
cost = reference bandwidth (in bps) / interface bandwidth (in bps)
The reference bandwidth can be set by the user.
Virtual links
Virtual links are used for two purposes:

• Linking an area that does not have a physical connection to the backbone.
• Patching the backbone in case discontinuity of area 0 occurs.
As mentioned earlier, area 0 has to be at the centre of all other areas. In some rare case where it is
impossible to have an area physically connected to the backbone, a virtual link is used. The virtual link
will provide the disconnected area a logical path to the backbone. The virtual link has to be established
between two ABRs that have a common area, with one ABR connected to the backbone.
OSPF authentication
It is possible to authenticate the OSPF packets so that routers can participate in routing domains based
on predefined passwords. By default, a router uses a Null authentication which means that routing
exchanges over a network are not authenticated. Two other authentication methods exist: Simple Pass-
word authentication and Message Digest authentication (MD-5):
Authentication Description
Null authentication No authentication is used.
Simple Password This allows a password (key) to be configured per interface. Interfaces of dif-
authentication ferent routers that want to exchange OSPF information will have to be con-
figured with the same key.
Message Digest This is a cryptographic authentication. A key (password) and key-id are con-
authentication (MD-5) figured on each router. The router uses an algorithm based on the OSPF
packet, the key, and the key-id to generate a "message digest" that gets
appended to the packet. Unlike the simple authentication, the key is not
exchanged over the wire.
OSPF authentication can be enabled or disabled per interface.

7.6.2 Activating OSPF
Refer to 7.6.1 - Introducing OSPF on page 174 for an introduction on OSPF.

OSPF does not need to be activated as such. By modifying the configuration attributes under the router/
ospf and router/ospf/Area[ ] objects, OSPF can be applied within an autonomous system. Refer to 11.9.5 -
OSPF configuration attributes on page 450.
The router/ospf/Area[ ] object is not present in the containment tree by default. If you want to use the feature
associated with this object, then add the object first. Refer to 4.4 - Adding an object to the containment
tree on page 42.
7.6.3 Enabling OSPF authentication
Refer to 7.6.1 - Introducing OSPF on page 174 for an introduction on OSPF authentication.
There are two authentication methods:
• simple password authentication. Refer to Enabling simple password authentication on page 180.
• MD-5 authentication. Refer to Enabling MD-5 authentication on page 181.
Enabling simple password authentication
To enable simple password authentication, proceed as follows:
Step Action
1 In the containment tree, go to the router/ospf/Area[ ] object, and select the networks configu-
ration attribute. In the authentication structure, set the authentication type element to text.
2 In the authentication text element, type the password.

Enabling MD-5 authentication
To enable MD-5 authentication, proceed as follows:
Step Action
1 In the containment tree, go to the router/ospf object and select the keyChains configuration
attribute. In the keyChains table, add a new chain.
2 In the chain table, set the elements correctly. Refer to telindus1421Router/router/ospf/keyChains/

chain on page 453.
3 In the containment tree, go to the router/ospf/Area[ ] object, and select the networks configu-
ration attribute. In the authentication structure, set the authentication type element to md5.
4 In the authentication keyChain element, type the name of the key chain that will be used.
In the screenshots above, the authentication structure is explained as being part of the networks table. Note
that the authentication structure is also present in the virtualLinks table.
7.7 Configuring address translation
This section explains Network Address Translation (NAT) and Port Address Translation (PAT). Firstly, it
gives an introduction. Secondly, a table is presented that will help you to determine which translation
method meets your requirements. Then this section teaches you how to configure NAT and PAT.
• 7.7.1 - Introducing address translation on page 183
• 7.7.2 - When use NAT and/or PAT on page 184
• 7.7.3 - Enabling PAT on an interface on page 185
• 7.7.4 - How does PAT work? on page 187
• 7.7.5 - PAT limitations and work-arounds on page 190
• 7.7.6 - Enabling NAT on an interface on page 191
• 7.7.7 - Adding multiple NAT objects on page 193
• 7.7.8 - How does NAT work? on page 195
• 7.7.9 - Combining PAT and NAT on page 197
• 7.7.10 - Easy NAT on PPP on page 197
7.7.1 Introducing address translation
What is address translation?
Address translation is used to translate private IP addresses into official IP addresses. This is also known
as IP masquerading.
Why use address translation?
Each device connected to the Internet must have an official (i.e. unique) IP address. The success of the
Internet has caused a lack of these official IP addresses. As a result, your Internet Service Provider (ISP)
may offer you only one or a small number of official IP addresses.
If the number of IP devices on your local network is larger than the number of official IP addresses, you
can assign test or private IP addresses to your local network. In that case, you have to configure your
access router to translate IP addresses using NAT or PAT.
Even when there are sufficient official IP addresses available, you may still choose to use NAT e.g. for
preserving previously assigned test addresses to all the devices on your local network.
What is NAT?
Network Address Translation (NAT) is an Internet standard that enables a local area network (LAN) to
use one set of IP addresses for internal traffic (private IP addresses) and a second set of addresses for
external traffic (official IP addresses). The access router (located where the LAN meets the Internet)
makes all necessary IP address translations. This is a dynamic process.
NAT serves three main purposes:
• Provides a type of firewall by hiding internal IP addresses.
• Enables a company to use more internal IP addresses. Since these are used internally only, there is
no possibility of conflict with IP addresses used by other companies and organizations.
• Allows a company to combine multiple ISDN connections into a single Internet connection.
The number of simultaneous users with Internet access is limited to the number of official IP addresses.
What is PAT?
Port Address Translation (PAT) is a type of Network Address Translation. During PAT, each computer
on LAN is translated to the same IP address, but with a different port number assignment.
Only outgoing TCP sessions are supported.
Private IP address range
The international authority IANA assigns the official (also called global) IP addresses. It has also defined
3 ranges of IP addresses for private use. This means that you can use these addresses without regis-
tration on your internal network, as long as you are not connected to the Internet.
Private IP address range Remarks
10.0.0.0 - 10.255.255.255 1 class A network
172.16.0.0 - 172.31.255.255 16 class B networks
192.168.0.0 - 192.168.255.255 256 class C networks
You can define (sub-)networks in these ranges for your private IP addresses.
7.7.2 When use NAT and/or PAT
Refer to 7.7.1 - Introducing address translation on page 183 for an introduction on NAT and PAT authen-
tication.
Check in the next table whether you need NAT and/or PAT:
No. of official IP No. of devices on local Use NAT of PAT? Refer to …

addresses network
1 more than 1 Use PAT. 7.7.3 - Enabling PAT on

an interface on page 185
k (> 1) more than k Use NAT in combination 7.7.9 - Combining PAT

with PAT. and NAT on page 197
at least k k (≥ 1) 1. No translation 1. Skip this section.

needed. 2. 7.7.6 - Enabling NAT
2. If you want translation, on an interface on
use NAT. page 191
7.7.3 Enabling PAT on an interface
Refer to 7.7.1 - Introducing address translation on page 183 for an introduction on PAT.
To enable PAT on a certain interface, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the router/defaultNat object. In
this object, configure the patAddress attribute.
Use this attribute to enter the official IP address that has to be used for the Port Address
Translation. Entering an address different from the default value 0.0.0.0 automatically ena-
bles the general PAT process. Now you can activate or deactivate PAT per IP interface.
Note that by default PAT is deactivated on all IP interfaces.
2 In the router/defaultNat object, configure the gateway attribute.
Use this attribute to define the gateway address of routes on which PAT should be
applied. If you do not configure the gateway attribute, then PAT is applied on all routes
through this interface.
3 Each IP interfaces has an ip structure. Use the following element in the ip structure to acti-
vate or deactivate PAT per IP interface:
• nat. Use this element to enable address translation on the interface with the official IP
addresses. Do this by entering the string “default“ as nat element value. By doing so,
the settings are applied as defined in the router/defaultNat object.
For example, the following shows the location of the ip structure on the LAN interface:
Refer to 5.2.2 - Where to find the IP parameters? on page 53 for the location of the ip
structure on the different IP interfaces.
Example - configuring PAT
Suppose your network is connected over a network of an operator to an Internet Service Provider (ISP).
You received only one single official IP address from you ISP, being 195.7.12.22.
The following shows how to enable PAT:

• In the router/defaultNat object, set the patAddress attribute to 195.7.12.22. In that case, the PAT address
is the same as the IP address that is used on the WAN interface.
• In the router/defaultNat object, set the gateway attribute to 195.7.12.254. If, however, you already defined
the router/defaultRoute attribute to be 195.7.12.254, then you can leave the gateway attribute empty. This
because if the gateway attribute is empty, then the defaultRoute attribute is taken as only gateway
addresses.
• In the ip structure of the WAN interface, type the string “default” as value of the nat element.
7.7.4 How does PAT work?
Again consider the network topology as depicted in 7.7.3 - Enabling PAT on an interface on page 185.
The following two paragraphs explain how the Telindus 1421 SHDSL Router treats the outgoing and
incoming traffic when PAT is applied:
• Outgoing traffic (to the Internet) on page 187.
• Incoming traffic (from the Internet) on page 189.
Outgoing traffic (to the Internet)
The Telindus 1421 SHDSL Router replaces the source address by its PAT address in all the traffic com-
ing from the local network and destined for the Internet. Depending on the IP transport protocol and the
number of simultaneous users accessing the Internet, the Telindus 1421 SHDSL Router takes different
actions:
Protocol
TCP Description This is a connection-oriented protocol: two devices communicating with the
TCP protocol build a session before exchanging user data. When they have
finished exchanging user data, the session is closed.
Examples of such applications are Telnet, HTTP and FTP. The TCP header
contains a port field indicating the higher-layer protocol.
Action When a session is started, a specific port number is assigned to this ses-
sion. All traffic from this session is assigned this specific port number.
The specific port number is freed within 5 minutes after the TCP session is
closed (i.e. after TCP Reset or TCP Finish is seen). If the session has not
been properly closed, the port number is freed 24 hours after the last ses-
sion traffic. This time is configurable (refer to telindus1421Router/router/default-
Nat/tcpSocketTimeOut on page 437).
UDP Description This is a connection-less protocol: user data can be sent without first build-
ing a session.
Examples of such applications are SNMP and TFTP. Although TFTP is ses-
sion-oriented, it builds the session at a higher level and uses UDP for its
simplicity as transport protocol. The UDP header contains a port field indi-
cating the higher-layer protocol.
Action The source port number is replaced by a specific port number. All traffic
from this source IP address / port number pair is assigned this specific port
number.
If there is no traffic for 5 to 10 minutes, the specific port number is freed. If
the session has not been properly closed, the port number is freed 3 min-
utes after the last session traffic. This time is configurable (refer to
telindus1421Router/router/defaultNat/udpSocketTimeOut on page 437).
Protocol
ICMP Description This is a connection-less protocol: user data can be sent without first build-
ing a session.
An example of such an application is ping. These protocols do not have port
numbers.
Action Each ICMP packet is forwarded towards the Internet. Each ICMP packet is
considered as a new session.
If there is no traffic for 5 to 10 minutes, the session is closed.
The fact that it is possible to open a total of 2048 simultaneous sessions
and that each ICMP packet is considered as a new session, implies that for
instance a continuous series of ping requests at a rate of one per second
will allocate between 300 and 600 sessions.
Incoming traffic (from the Internet)
Suppose the WAN IP network depicted in 7.7.3 - Enabling PAT on an interface on page 185 works in
numbered mode1. The incoming traffic from the Internet may be destined either for the local network, or
for the router itself. The router treats incoming traffic on the PAT address as follows:
Note that the Telindus 1421 SHDSL Router only answers to ICMP requests on the public address of its
WAN interface if the LAN interface is up. I.e. when the TCP/UDP sessions can really “cross” the Telindus
1421 SHDSL Router.
1. Numbered mode means that each WAN interface has an IP address. In that case, you need
the single official IP address for your WAN interface.
7.7.5 PAT limitations and work-arounds
PAT limitations
Port Address Translation has some limitations:

• Some TCP or UDP applications do not support port translation.
• Only outgoing sessions are supported. This implies that you can not access servers on your local net-
work over the Internet.
• Limited ICMP support.
PAT limitations work-arounds
Use the following attributes to partly overcome the PAT limitations:
Attribute Description
portTranslations You can find this attribute in the router/defaultNat object. Use this attribute to define
specific port number ranges that should not be translated when using PAT.
Refer to telindus1421Router/router/defaultNat/portTranslations on page 435.
Example - configuring the portTranslations table
TMA is an example of an
application that does not
support port translation. If
you want to make TMA con-
nections from your local net-
work to the outside world, you have to list TMA port number 1728 in this table.
However, keep in mind that even then it is still not possible to have two simultane-
ous TMA sessions to the same outside world address.
If you do not want that UDP packets with port numbers in the range 2000 up to
3000 are sent to the outside world, then you also have to include those in the table.
servicesAvailable You can find this attribute in the router/defaultNat object. Use this attribute to define
specific port number ranges for incoming Internet traffic that should not be trans-
lated when using PAT. Instead it is sent to the corresponding private IP address.
Refer to telindus1421Router/router/defaultNat/servicesAvailable on page 436.
Example - configuring the servicesAvailable table
In this example, a web

server with address
192.168.47.250 on the
local network is accessi-
ble from the Internet
although it has no official IP address.
7.7.6 Enabling NAT on an interface
Refer to 7.7.1 - Introducing address translation on page 183 for an introduction on NAT.
Despite the work-arounds offered by the previous two PAT configuration attributes to overcome the lim-
itations of PAT (refer to 7.7.5 - PAT limitations and work-arounds on page 190), there are situations
where PAT is inadequate. For example, it is not possible to have several web servers on your local net-
work. It is also impossible to run an application with fixed source port numbers on several local devices
that are connected simultaneously to a single Internet device. This can only be solved by using several
official IP addresses: Network Address Translation.
To enable NAT on a certain interface, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the router/defaultNat object or
add your own NAT object under the router object, e.g. router/nat[myNat] (refer to 4.4 - Adding
an object to the containment tree on page 42).
2 In the NAT object (default or user instantiated), select the addresses attribute and add one
or more entries to this table.
Use this attribute to enter all the official IP addresses that have to be used for Network
Address Translation. Entering an address in the addresses table automatically enables the
general NAT process. Now you can activate or deactivate NAT per IP interface. Note that
by default NAT is deactivated on all IP interfaces.
3 Configure the elements of the addresses table:

• officialAddress. Use this element to set the official IP address. These addresses are
used in the reverse order as they appear in the list.
• privateAddress. Use this element to set the private IP address, i.e. to permanently assign
an official IP address to a private address.
If you do not specify a private IP address, then NAT is applied dynamically. I.e. the
official IP address is used for any private source IP address.
4 In the NAT object (default or user instantiated), configure the gateway attribute.
Use this attribute to define the gateway address of routes on which NAT should be
applied. If you do not configure the gateway attribute, then NAT is applied on all routes
through this interface.
Step Action
5 Each IP interfaces has an ip structure. Use the following element in the ip structure to acti-
vate or deactivate NAT per IP interface:
• nat. Use this element to enable address translation on the interface with the official IP
addresses. Do this by entering the name of the NAT object you want to apply:
- If you want to apply the NAT settings as defined in the router/defaultNat
object, then enter the string “default“ as value for the nat element.
- If you want to apply the NAT settings as defined in a NAT object you
added yourself (e.g. router/nat[myNat]), then enter the index name of the
NAT object (in this case “myNat”) as value for the nat element.
For example, the following shows the location of the ip structure on the LAN interface:
Refer to 5.2.2 - Where to find the IP parameters? on page 53 for the location of the ip
structure on the different IP interfaces.
Important remark - using NAT on the LAN interface
Consider the following configuration:

• telindus1421Router/lanInterface/ip/address = 195.7.12.22
• telindus1421Router/router/defaultNat/addresses = { officialAddress = 195.7.12.22; privateAddress = <opt> }
• telindus1421Router/wanInterface/ppp/ip/address = 2.2.2.2
The above means that NAT is used on the LAN interface and the router uses the address 195.7.12.22
as official IP address.
The problem that arises here is that the router can no longer be managed via the LAN interface using
the management tool (TMA, Telnet, etc.). This because the NAT route has priority over the LAN route
and, because it is a NAT address, the router does not accept incoming traffic on the address
195.7.12.22.
The solution is to add the WAN IP address to the addresses table as private address:
telindus1421Router/router/addresses = { officialAddress = 195.7.12.22; privateAddress = 2.2.2.2 }. In that case, the
management tool “service” runs on the WAN IP address. This means however, that the WAN has to be
up.
7.7.7 Adding multiple NAT objects
It is possible to add multiple NAT objects (up to 5). This means that up to 5 interfaces can make use of
a dedicated NAT object.
Two or more interfaces pointing to one and the same NAT object is an invalid configuration of which the
result is unpredictable.
Example
Suppose on a Telindus 1421 SHDSL Router you …

• want to have 2 NAT objects: the default NAT object (router/defaultNat) and a user instantiated NAT
object (e.g. router/nat[myNat]).
• want to apply the default NAT object on the LAN interface and the user instantiated NAT object on
the WAN interface (and the WAN interface uses, for example, PPP).
Proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the

router/defaultNat object and configure the attributes in this object to
your needs.
Refer to 11.9.2 - NAT configuration attributes on page 434.
2 In the Telindus 1421 SHDSL Router containment tree, go to the

router object an add a nat object underneath. E.g. router/nat[myNat].
Refer to 4.4 - Adding an object to the containment tree on page 42.
3 Configure the attributes in the router/nat[myNat] object to your needs.

Refer to 11.9.2 - NAT configuration attributes on page 434.
4 In the Telindus 1421 SHDSL Router containment tree, go to the lanInterface object and
select the ip structure. In the nat element of the ip structure enter the string “default”.
⇒The NAT settings as defined in the router/defaultNat object are applied on the LAN
interface.
Step Action
5 In the Telindus 1421 SHDSL Router containment tree, go to the wanInterface/ppp object and
select the ip structure. In the nat element of the ip structure enter the string “myNat”.
⇒The NAT settings as defined in the router/nat[myNat] object are applied on the WAN
interface.
7.7.8 How does NAT work?
Dynamically assigning official IP address
If a local station sends data to the Internet for the first time, NAT looks for an unused official IP address.
It assigns this official IP address to the local station. The amount of local stations that can have simulta-
neous Internet access equals the amount of NAT addresses you defined. If all sessions between a local
station and the Internet have been closed by the application (in case of TCP) or because of time-outs,
then the previously assigned official IP address is freed for another local station.
Statically assigning official IP address
Optionally, the NAT address entry may contain a corresponding private IP address. This allows to per-
manently assign an official IP address to a local station. This is useful for stations or servers that should
have Internet access at all times. Another example of permanently assigned official IP addresses is a
network where only a limited number of users has Internet access.
Incoming traffic on an official IP address
NAT only converts IP addresses and thus allows traffic in both directions. However, incoming traffic on
one of the official IP addresses can only be forwarded to the local network if a corresponding private IP
address has been configured.
Example - configuring NAT
Suppose your network is connected over a network of an operator to an Internet Service Provider (ISP).
You received 4 official IP address from you ISP, being 195.7.12.21 up to 195.7.12.24. You want to assign
one of these official addresses permanently to a web server which has private address 192.168.47.250.
All other official addresses have to be assigned dynamically.
The following shows how to enable NAT:

• In the router/defaultNat object, configure the addresses attribute as follows:
• In the router/defaultNat object, set the gateway attribute to 195.7.12.254. If, however, you already defined
the router/defaultRoute attribute to be 195.7.12.254, then you can leave the gateway attribute empty. This
because if the gateway attribute is empty, then the defaultRoute attribute is taken as only gateway
addresses.
• In the ip structure of the WAN interface, type the string “default” as value of the nat element.
7.7.9 Combining PAT and NAT
It is possible to use a combination of PAT and NAT. In that case the router first assigns NAT addresses
until they are all used. Then it uses PAT addresses for further translations.
Make sure the PAT address does not appear in the NAT address table.
7.7.10 Easy NAT on PPP
What is easy NAT on PPP?
Easy NAT on PPP means that in a typical client / ISP setup NAT will automatically be enabled without
the need to specifically configure NAT.
A typical client / ISP setup would be, for example, a Telindus 1421 SHDSL Router on the client side and
a Telindus 2400 on the ISP side connected over an SHDSL line.
What are the conditions for easy NAT on PPP?
The conditions for easy NAT on PPP are:

• A PPP (or PPPoA) connection between ISP and client.
• PPP interface on ISP router:
- The mode is routing.
- A local IP address may be configured, or it may be coming from the LAN (unnumbered).
- A remote IP address is imposed on the client router.
- NAT is disabled.
• PPP interface on client router:
- The mode is routing.
- No local nor remote IP address is configured.
- NAT is enabled (a reference is made to the defaultNat object).
• The defaultNat object on the client router:
- No PAT address is configured.
- No NAT address(es) is (are) configured.
What does easy NAT on PPP?
Once the conditions as stated above are met, the following happens:
• The client router learns the local and remote IP address of the PPP link from the ISP router.
• The client router adds a route towards the ISP router.
• The client router enables NAT on the PPP interface.
Example - easy NAT
Suppose you have the following setup:
Once the PPP link is up and running, you will see that …
• the client router learns the local and remote IP address of the PPP link from the ISP router. You can
check this by looking at the IP status of the PPP link:
• The client router adds a route towards the ISP router. You can check this by looking at the routing
table status:
• The client router enables NAT on the PPP interface. You can check this by looking at the NAT per-
formance. When a connection to the ISP is active, you will see that socketsFree attribute decreases
while the used sockets (xxxSocketsUsed) and allocation (xxxAllocs) attributes increase.
7.8 Configuring traffic and priority policy on the router
This section introduces traffic and priority policy and gives a short description of the attributes you can
use to configure these features on the router. It also shows you the difference with the traffic policy on
the bridge.
• 7.8.1 - Introducing traffic and priority policy on page 201
• 7.8.2 - Traffic and priority policy on routed and on bridged data on page 205
• 7.8.3 - How to configure a traffic and priority policy on the router? on page 206
• 7.8.4 - Creating a traffic policy on the router on page 207
• 7.8.5 - Applying a traffic policy on an interface of the router on page 209
• 7.8.6 - Creating a priority policy on page 210
• 7.8.7 - Applying a priority policy on an interface on page 212
• 7.8.8 - Configuring a traffic and priority policy on the router - an example on page 213
• 7.8.9 - The default queue attribute versus a traffic policy profile on page 215
7.8.1 Introducing traffic and priority policy
What is traffic and priority policy?
Because of the bursty nature of voice / video / data traffic, sometimes the amount of traffic exceeds the
speed of a link. At this point, the Telindus 1421 SHDSL Router has to decide what to do with this “excess”
of traffic:
• Buffer the traffic in a single queue and let the first packet in be the first packet out?
• Or put packets into different queues and service certain queues more often (also known as priority
queuing)?
These questions are dealt with by the traffic and priority policy mechanisms:
• The traffic policy determines, on traffic overload conditions, how and which queues are filled with the
“excess” data.
• The priority policy determines how and which queues are emptied.
What is a priority queuing?
Using the traffic and priority policy features you can perform priority queuing. This allows you to define
how traffic is prioritised in the network. E.g. to ensure that voice, video or other streaming media is serv-
iced before (or after) other traffic types, to ensure that web response traffic is routed before normal web
browsing traffic, etc.
Per interface (both physical and logical), there are 7 queues:
Queue Queue type Description
1-5 user configurable queue The user can decide which data goes into which queue.
6 low delay queue The user can decide which data goes into this queue. This
queue usually is addressed more often then the user con-
figurable queues.
7 system queue This queue is filled with mission critical data (e.g.link moni-
toring messages etc.) and has priority over all other queues.
What is DiffServ?
Differentiated Services (DiffServ) differentiates between multiple traffic flows. So, packets are marked,
and routers and switches can then make decisions based on those markings (e.g., dropping or forward-
ing decisions). You can mark packets either with IP Precedence or Differentiated Service Code Point
(DSCP) markings.
What is the TOS byte?
The Type Of Service (TOS) byte is an eight bit field inside an IPv4 header. Using these bits you can mark
packets either with IP Precedence or Differentiated Service Code Point (DSCP) markings. The TOS byte
is structured as follows:
0 1 2 3 4 5 6 7
precedence field TOS field unused
DSCP field unused
What is IP Precedence?
IP Precedence uses the precedence bits (3 leftmost bits) of the TOS byte (see RFC 791). So IP Prece-
dence markings can range from 0 to 7. However, values 6 and 7 should not be used since they are
reserved for network use. IP precedence is being phased out in favour of DSCP, but is supported by
many applications and routers.
What is DSCP?
Differentiated Services Code Point (DSCP) uses the DSCP bits (6 leftmost bits) of the TOS byte (see
RFC 2474). This offers a bigger granularity over IP Precedence, since 6 bits yield 64 possible values (0
to 63)1. The problem with so many values is that the value you choose to represent a certain level of
priority can be treated differently by a router under someone else’s administration.
To maintain relative levels of priority among devices, the Internet Engineering Task Force (IETF)
selected a subset of those 64 values for use. These values are called per-hop behaviours (PHBs),
because they indicate how packets should be treated by each router hop along the path from the source
to the destination.
The four categories of PHBs are:
• Best Effort (BE)
• Expedited Forwarding (EF)
• Assured Forwarding (AF)
• Class Selector (CS)
1. This also means that DSCP is not compatible with IP Precedence.

What is BE PHB?
Best Effort Per-Hop Behaviour (BE PHB) means that all DSCP bits are 0 (i.e. a DSCP value of 0).
Best Effort does not truly provide QoS, because there is no reordering of packets. Best Effort uses the
first-in first-out (FIFO) queuing strategy, where packets are emptied from a queue in the same order in
which they entered it.
What is EF PHB?
Expedited Forwarding Per-Hop Behaviour (EF PHB, see RFC 3246) has a DSCP value of 46. Latency-
sensitive traffic, such as voice, typically has an EF PHB.
What is AF PHB?
Assured Forwarding Per-Hop Behaviour (AF PHB, see RFC 2597) is the broadest category of PHBs.
These are shown in the following table:
AF PHB Low drop preference Medium drop preference High drop preference
class 1 AF11 (10) AF12 (12) AF13 (14)

001010 001100 001110
class 2 AF21 (18) AF22 (20) AF23 (22)

010010 010100 010110
class 3 AF31 (26) AF32 (28) AF33 (30)

011010 011100 011110
class 4 AF41 (34) AF42 (36) AF43 (38)

100010 100100 100110
Note that the AF PHBs are grouped into four classes. Within each AF PHB class there are three distinct
values which indicate a packet’s drop preference. Higher values in an AF PHB class are more likely to
be discarded during periods of congestion. For example, an AF13 packet is more likely to be discarded
than an AF11 packet.
Note that since IP Precedence only examines the 3 leftmost bits, all AF PHB class 1 values would be
interpreted by an IP Precedence aware router as an IP Precedence value of 1, AF PHB class 2 values
as an IP Precedence value of 2, etc.
What is CS PHB?
Class Selector Per-Hop Behaviour (CS PHB, see RFC 2474) is used for backward compatibility with IP
Precedence. This because, just like IP Precedence, CS PHB only examines the 3 leftmost bits of the
TOS byte.
What is the TOS field?
The TOS field is a four bit field in the TOS byte (see RFC 1349). Refer to What is the TOS byte? on
page 202. The TOS field lets values from 0 to 15 be assigned to request special handling of traffic (for
example, minimize delay, maximize throughput). The TOS field is being phased out in favour of DSCP.
What is IEEE 802.1P or COS?
The IEEE 802.1P signalling technique (also often referred to as Class Of Service, COS) is an IEEE
endorsed specification for prioritising network traffic at the datalink/MAC sub-layer (layer 2).
802.1P is a spin-off of the 802.1Q (VLAN tagging) standard and they work in tandem. The 802.1Q stand-
ard specifies a tag that appends to a MAC frame. The VLAN tag carries VLAN information. The VLAN
tag has two parts: The VLAN ID (12-bit) and prioritisation (3-bit). The prioritisation field was never defined
in the VLAN standard. The 802.1P implementation defines this prioritisation field.
7.8.2 Traffic and priority policy on routed and on bridged data
Refer to 7.8.1 - Introducing traffic and priority policy on page 201 for an introduction.
Traffic policy on routed and on bridged data
The traffic policy (i.e. the policy to fill the queues) is not the same for routed data as the one for bridged
data. The following table clarifies this:
In case … is enabled, then …
only routing the routed data is queued using the traffic pol-
icy settings as configured in the trafficPolicy[ ]
object under the router object.
Refer to 7.8.4 - Creating a traffic policy on the
router on page 207.
only bridging the bridged data is queued using the traffic

policy settings as configured in the trafficPol-
icy[ ] object under the bridge object.
Refer to 8.3.2 - Configuring a traffic policy on the bridge on page 249.
routing and bridging • the routed data is queued using the traf-
fic policy settings as configured in the
trafficPolicy[ ] object under the router
object.
• the bridged data is queued using the
traffic policy settings as configured in
the trafficPolicy[ ] object under the bridge
object.
Priority policy on routed and on bridged data
The priority policy (i.e. the policy to empty the queues) is the same for
routed and bridged data. The queues are emptied using the priority pol-
icy settings as configured in the priorityPolicy[ ] object under the router
object.
Refer to 7.8.6 - Creating a priority policy on page 210.
7.8.3 How to configure a traffic and priority policy on the router?
To configure a traffic and priority policy for the routed data on a certain interface, proceed as follows:
Step Action
1 Create and configure a routing traffic policy.

Refer to 7.8.4 - Creating a traffic policy on the router on page 207.
2 Apply the routing traffic policy on the desired interface.

Refer to 7.8.5 - Applying a traffic policy on an interface of the router on page 209.
3 Create and configure a priority policy.

4 Apply the priority policy on the desired interface.

Refer to 7.8.7 - Applying a priority policy on an interface on page 212.
7.8.4 Creating a traffic policy on the router
Refer to 7.8.3 - How to configure a traffic and priority policy on the router? on page 206 for an overview
on how to configure a traffic and priority policy. To give you an idea of where you are in the process, the
following also gives a quick overview:
• → Create and configure a routing traffic policy. ← You are here.
• Apply the routing traffic policy on the desired interface.
• Create and configure a priority policy.
• Apply the priority policy on the desired interface.
To create and configure a traffic policy for the routed data on a certain interface, proceed as follows:
Step Action

the router object and add a trafficPolicy[ ] object underneath
(refer to 4.4 - Adding an object to the containment tree on
page 42).
2 In the traffic policy object you just added, go to the

method attribute. Use this attribute to choose a traffic
policy method. This traffic policy is then used to
determine, on traffic overload conditions, how and
which queues are filled with the “excess” data.
Refer to telindus1421Router/router/trafficPolicy[ ]/method on page 466 for more information.
3 Now, depending on which traffic policy method you selected, you have to configure the
actual policy criteria:
If you choose the then use the following attribute to configure the policy
method … criteria:
trafficShaping, • trafficShaping.
• dropLevels (only the dropLevel1 element).
tosDiffServ, dropLevels.
tosMapped, • tos2QueueMapping.
• dropLevels (only the dropLevel1 element).
For more information, refer to …

• telindus1421Router/router/trafficPolicy[ ]/trafficShaping on page 467.
• telindus1421Router/router/trafficPolicy[ ]/dropLevels on page 470.
• telindus1421Router/router/trafficPolicy[ ]/tos2QueueMapping on page 472.
Example - creating a traffic policy on the router
Suppose you create a traffic policy which uses the traffic shaping method to fill the queues, on traffic
overload conditions, with the “excess” data. Suppose you want to do this for the UDP protocol only.
7.8.5 Applying a traffic policy on an interface of the router
• Create and configure a routing traffic policy.
• → Apply the routing traffic policy on the desired interface. ← You are here.
To apply a traffic policy for the routed data on a certain interface, enter the index name of the earlier
created traffic policy object as value of the trafficPolicy element. The trafficPolicy element can be found in
the ip structure of the IP interface. Refer to 5.2.2 - Where to find the IP parameters? on page 53 for the
location of the ip structure on the different IP interfaces.
Example - applying a traffic policy on an interface of the router
Suppose you created and configured a traffic policy object with index name myTrafPol (i.e. trafficPol-
icy[myTrafPol]), and you want to apply this traffic policy on an L2TP tunnel you created earlier.
7.8.6 Creating a priority policy
Whereas configuring a traffic policy for routed data is different than for bridged data, configuring a priority
policy is the same for both. In other words, the mechanism to fill the queues is different for routed data
than it is for bridged data, but the mechanism to empty the queues is the same for both routed and
bridged data.
• Create and configure a traffic policy.
• Apply the traffic policy on the desired interface.
• → Create and configure a priority policy. ← You are here.
To create and configure a priority policy for a certain interface, proceed as follows:
Step Action

to the router object and add a priorityPolicy[ ] object under-
neath (refer to 4.4 - Adding an object to the containment
tree on page 42).
2 In the priority policy object you just

added, go to the algorithm attribute.
Use this attribute to determine how
and which queues are emptied.
Refer to telindus1421Router/router/priori-
tyPolicy[ ]/algorithm on page 474 for more information.
3 Configure the other attributes in the priority policy object. The most important are:
• queueConfigurations. Use this attribute to …
- set the number of bytes/packets that is dequeued from the user configurable
queue when the queue is addressed.
- set the relative importance of the user configurable queues.
Refer to telindus1421Router/router/priorityPolicy[ ]/queueConfigurations on page 476 for more
information.
• lowDelayQuotum. Use this attribute to set the number of bytes/packets that is dequeued
from the low delay queue when the queue is addressed.
Refer to telindus1421Router/router/priorityPolicy[ ]/lowdelayQuotum on page 476 for more infor-
mation.
• bandwidth. Use this attribute to set the Committed Information Rate (CIR) per queue.
Refer to telindus1421Router/router/priorityPolicy[ ]/bandwidth on page 477 for more information.
Example - creating a traffic policy on the router
Suppose you create a priority policy which uses the round-robin algorithm to empty the queues.
7.8.7 Applying a priority policy on an interface
• Create and configure a traffic policy.
• Apply the traffic policy on the desired interface.
• → Apply the priority policy on the desired interface. ← You are here.
To apply a priority policy on a certain interface, enter the index name of the earlier created priorityPolicy[ ]
object as value of the priorityPolicy attribute. The priorityPolicy attribute can be found in …
• telindus1421Router/lanInterface/priorityPolicy. So in this case you specify a priority policy for the LAN inter-
face.
• telindus1421Router/wanInterface/priorityPolicy. So in this case you specify a priority policy for the complete
WAN interface (i.e. also for all logical interfaces that are present on the WAN interface, such as ATM
PVCs, etc.).
• telindus1421Router/wanInterface/atm/pvcTable/priorityPolicy. So in this case you can specify a priority policy
for each ATM PVC.
• telindus1421Router/wanInterface/frameRelay/dlciTable/priorityPolicy. So in this case you can specify a priority
policy for each Frame Relay DLCI.
Example - applying a priority policy on an interface
Suppose you created and configured a priority policy object with index name myPrioPol (i.e. priorityPol-
icy[myPrioPol]), and you want to apply this priority policy on an ATM PVC profile you created earlier.
7.8.8 Configuring a traffic and priority policy on the router - an example
Suppose you have two networks which are interconnected over an ATM network. Network 1 carries a
mix of data and voice traffic. The traffic on this network is differentiated by setting the Type Of Service
(TOS) values in the IP packet headers (data = 0, voice = 10). If congestion occurs when routing the traffic
from network 1 to network 2, then you want that the voice traffic is queued in the low delay queue and
that the data traffic is queued in queue 1. The algorithm that you want to use to empty the queues is the
low delay weighted fair queueing mechanism.
Step Action
1 Create and configure an IP traffic policy and a priority policy.

For example:
• Create a trafficPolicy[myIpPol] object.
• Set the method attribute to tosMapped.
• In the tos2QueueMapping structure, create two entries and define the startTos, endTos and
interface elements of each entry. Also set the targetQueue for both types of traffic:
- the low delay queue for the voice.
- queue 1 for the data.
• Create a priorityPolicy[myPrioPol] object and set the algorithm attribute to lowDelayWeighted-
FairQueueing.
2 Set up the ATM PVC.

Since this is not the main subject of this example, refer for more information on setting
up an ATM PVC to 6.2.2 - Configuring ATM PVCs on page 93.
3 Create a route that “points” to the traffic policy you created earlier.
For example:
Create an entry in the routingTable attribute in which you specify that traffic destined for net-
work 192.168.48.0 has to be sent to the IP traffic policy you created earlier.
The following figure shows how to configure the traffic and priority policy you want to set up:
7.8.9 The default queue attribute versus a traffic policy profile
In case of a Frame Relay DLCIs and multiclass PPP links, it is possible to assign a default queue to the
link. This allows you to easily set up a traffic policy without having to create and apply a traffic policy
profile. As most setups that require QoS only split voice and data streams (often based on IP addresses
only), configuring such a setup becomes more straightforward.
To configure a default queue, proceed as follows:
Step Action
1 Create a …
• Frame Relay DLCI. Refer to 6.3.2 - Configuring Frame Relay DLCIs on page 112.
or
• multiclass PPP link. Refer to 6.4.13 - Setting up multiclass PPP on page 142.
2 In the dlciTable (Frame Relay) or the multiclassInterfaces table (PPP), set the defaultQueue ele-
ment to the desired queue (e.g. queue3).
⇒In case of an overload condition, this queue will be filled with the excess data.
3 Now you still have to create and apply a priority policy to empty the queue. Do this as
described in 7.8.6 - Creating a priority policy on page 210 and 7.8.7 - Applying a priority
policy on an interface on page 212.
The following figure shows where the defaultQueue attribute is located:

Example - configuring a default queue
Suppose you have a network connected to two other networks over a Frame Relay backbone. Network
1 carries a mix of data and voice traffic. You want that the data traffic is routed from network 1 to network
2 and that the voice traffic is routed from network 1 to network 3. If congestion should occur you want
that the data is queued in queue 1 and that the voice is queued in the low delay queue. The algorithm
that you want to use to empty the queues is the low delay weighted fair queueing mechanism.
Step Action
1 Set up two Frame Relay DLCIs.

For example:
• Configure one Frame Relay DLCI that carries the data traffic, e.g. dlciTable/name = dat-
aDlci.
• Configure another Frame Relay DLCI that carries the voice traffic, e.g. dlciTable/name =
voiceDlci.
Since this is not the main subject of this example, refer for more information on creating
Frame Relay DLCIs to 6.3.2 - Configuring Frame Relay DLCIs on page 112.
2 Set the correct default queue for the DLCIs you just created. I.e. queue 1 for the data
DLCI and queue 6 (i.e. low delay queue) for the voice DLCI.
3 Create and apply a priority policy. The priority policy uses the low delay weighted fair
queueing mechanism to empty the queues.
4 Create routes to the other networks.

The following figure shows how to configure the traffic and priority policy you want to set up:
7.9 Configuring VRRP
This section introduces the Virtual Router Redundancy Protocol (VRRP) and gives a short description
of the attributes you can use to configure VRRP.
• 7.9.1 - Introducing VRRP on page 219
• 7.9.2 - Setting up VRRP on page 221
7.9.1 Introducing VRRP
What is VRRP?
VRRP is designed to eliminate the single point of failure inherent in the static default routed environment.
VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of
the VRRP routers on a LAN. The VRRP router controlling the IP address(es) associated with a virtual
router is called the Master, and forwards packets sent to these IP addresses. The election process pro-
vides dynamic fail-over in the forwarding responsibility should the Master become unavailable. Any of
the virtual router's IP addresses on a LAN can then be used as the default first hop router by end-hosts.
The advantage gained from using VRRP is a higher availability default path without requiring configura-
tion of dynamic routing or router discovery protocols on every end-host.
What is a VRRP router?
A router running VRRP. It may participate in one or more virtual routers.
What is a virtual router?
An abstract object managed by VRRP that acts as a default router for hosts on a shared LAN. It consists
of a Virtual Router Identifier and a set of associated IP address(es) across a common LAN. A VRRP
router may backup one or more virtual routers.
What is a master virtual router?
The VRRP router that is assuming the responsibility of forwarding packets sent to the IP address(es)
associated with the virtual router, and answering ARP requests for these IP addresses. Note that if the
IP address owner is available, then it will always become the master.
What is a backup virtual router?
The set of VRRP routers available to assume forwarding responsibility for a virtual router should the cur-
rent master fail.
What is a VRRP IP address owner?
The VRRP router that has the virtual router's IP address(es) as real interface address(es). This is the
router that, when up, will respond to packets addressed to one of these IP addresses for ICMP pings,
TCP connections, etc.
What is a VRRP primary IP address?
An IP address selected from the set of real interface addresses. One possible selection algorithm is to
always select the first address. VRRP advertisements are always sent using the primary IP address as
the source of the IP packet.
How is a master virtual router elected?
In a VRRP set-up as shown below, there is one master virtual router and one (or more) backup virtual
router.
The following shows how the master is elected:

7.9.2 Setting up VRRP
Refer to 7.9.1 - Introducing VRRP on page 219 for an introduction on VRRP.

To set up VRRP, proceed as follows:
Step Action
1 Enable VRRP on the interface(s) of your choice. Do this by setting the vrrp element in the
ip structure of the interface to enabled.
For example, if you want to enable VRRP on the LAN interface, then proceed as follows:
1. In the containment tree of the Telindus 1421 SHDSL Router, select the configuration
structure telindus1421Router/lanInterface/ip.
2. In the ip structure, set the element vrrp to enabled.
2 In the containment tree of the Telindus 1421 SHDSL Router, go to

the router object an add a vrrp object underneath. E.g. router/
vrrp[myVrrp].
Refer to 4.4 - Adding an object to the containment tree on page 42.
3 Configure the virtual router. Do this by configuring the attributes of the vrrp object. The
most important attributes are:
• vrId. Use this attribute to set the identification of the virtual router. Specify a number
between 1 and 255. The VRID has to be set the same on all participating routers.
• ipAddresses. Use this attribute to configure one or more IP addresses on the virtual
router.
• interfaces. Use this attribute to add (IP) interfaces to the virtual router and assign a pri-
ority to them. This priority is used in the master virtual router election process.
• criticals. Use this attribute to specify which interfaces must be up before a router may
be elected as master virtual router.
Refer to 11.9.9 - VRRP configuration attributes on page 478 for more information.
Example: VRRP master/backup with owner
Suppose you have two routers configured for VRRP:
Configure this setup as follows:
In the setup above, once Router A is configured for VRRP, it looks at the IP address of the virtual router
and compares it with the IP addresses of its own interface that is configured for VRRP on that VRID.
Since Router A owns the virtual router’s IP address, it declares itself the master and sends out an adver-
tisement to all of the other VRRP routers. The IP address owner is always the master as long as it is
available.
The host shown in the setup above is configured with the virtual router's IP address as its default gate-
way. The master forwards packets destined to remote subnets and responds to ARP requests. Since in
this example, the master is also the owner of the virtual router’s IP address, it also responds to ICMP
ping requests and IP datagrams destined for the virtual router’s IP address. The backup does not forward
any traffic on behalf of the virtual router, nor does it respond to ARP requests.
If the master (in this case also the IP address owner) is not available, then the backup becomes the mas-
ter and takes over responsibility for packet forwarding and responding to ARP requests. However, since
this new master is not the IP address owner, it does not respond to ICMP ping requests and IP data-
grams destined to that address.
Each VRRP Router that is an IP address renter is configured with a priority between 1 and 254. Accord-
ing to the VRRP standard, an owner has a priority of 255.
It is not necessary for the virtual router IP address to be owned by one of the VRRP routers. In that case,
however, the election process to determine the master is different. The process involves comparing two
criteria:
• First, the VRRP router with the highest priority becomes the master.
• Second, if the priorities are the same, then the higher IP address wins and becomes the master.
Example: VRRP master/backup without owner
Suppose you have two routers configured for VRRP:
Configure this setup as follows:
In this case the VRRP configuration is identical, except for the priority. Router A has its priority set to
200, which when compared to Router B’s priority of 100, will ensure that Router A is the master. There
is no virtual router IP address owner in this configuration, since neither VRRP router has the virtual router
IP address configured on a real interface address. So, both VRRP routers are considered renters.
User manual Configuring bridging
8 Configuring bridging
This chapter introduces bridging on the Telindus 1421 SHDSL Router and lists the attributes you can
use to configure bridging.
• 8.1 - Introducing bridging on page 226
• 8.2 - Configuring bridging on page 236
• 8.3 - Configuring traffic and priority policy on the bridge on page 247
1421 SHDSL Router.
8.1 Introducing bridging
This section introduces the bridging concept. The following gives an overview of this section:
• 8.1.1 - What is bridging? on page 227
• 8.1.2 - The self-learning and Transparent Spanning Tree bridge on page 228
• 8.1.3 - The Spanning Tree root bridge on page 229
• 8.1.4 - The Spanning Tree topology on page 230
• 8.1.5 - The Spanning Tree bridge port states on page 231
• 8.1.6 - The Spanning Tree Bridge Protocol Data Unit on page 232
• 8.1.7 - The Spanning Tree behaviour on page 233
• 8.1.8 - The Spanning Tree priority and cost on page 234
8.1.1 What is bridging?
The Telindus 1421 SHDSL Router can be configured to act as a bridge. This enables you to split up your
LAN network into smaller parts or segments. This decreases the amount of data traffic on the separated
LAN segments and, consequently, increases the amount of available bandwidth.
Example
The following figure shows an example of bridging:
Data coming from network 1, will only be let through by the bridge if this data has a destination outside
network 1 or if it has a broadcast or multicast address. This means the bridge filters the data and
decreases the amount of data traffic on the separated LAN segments.
8.1.2 The self-learning and Transparent Spanning Tree bridge
The Telindus 1421 SHDSL Router features two bridging mechanisms:

• self-learning bridging,
• self-learning bridging in conjunction with the Transparent Spanning Tree (TST) algorithm, or briefly
Spanning Tree bridging.
Bridging principle Description
self-learning The bridge learns which data it has to forward to the other LAN segment and
which data it has to block. I.e. it builds its own bridging table.
In other words, you do not have to configure a bridging table with MAC
addresses of stations that are located on the separated LAN segments but that
have to be able to communicate with each other.
self-learning + TST This is based on the self-learning principle, but a protocol is used to implement
the TST algorithm.
Bridging loops
The primary goal of this algorithm is to avoid that bridging loops arise. A bridg-
ing loop occurs when two self-learning bridges are placed in parallel. This
results in data that keeps circling around as each bridge forwards the same
data.
The TST algorithm
Using the TST algorithm, bridges know of each others existence. By communi-
cating with each other, they establish one single path for reaching any particu-
lar network segment. If necessary, they may decide to disable some bridges in
the network in order to establish this single path.
This is a continuous process. So if a bridge fails, the remaining bridges will
reconfigure their bridging tables keeping each LAN segment reachable.
8.1.3 The Spanning Tree root bridge
What is the root bridge?
Spanning Tree defines a tree with a root bridge and a loop-free path from the root to all bridges in the
extended network. The root bridge is the logical centre of the Spanning Tree topology.
Redundant data paths are forced into a stand-by (blocked) state. If a network segment in the spanning
tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topol-
ogy and activates the stand-by path.
How is a root bridge selected?
All bridges in the network participating in Spanning Tree gather information about other bridges in the
network. They do this through an exchange of data messages called Bridge Protocol Data Units
(BPDUs).
This exchange of messages results in the following phases:
Phase Description
1 The selection of a root bridge.

The bridge with the highest bridge priority (i.e. the lowest numerical priority value) is
selected as the root bridge. If all bridges are configured with the default priority (32768),
the bridge with the lowest MAC address becomes the root bridge.
2 The selection of a designated bridge for every bridged LAN segment.
3 The removal of loops in the bridged network by blocking bridge ports connected to redun-
dant links.
8.1.4 The Spanning Tree topology
The cost factor is used to calculate the distance from each port of a bridge to the root bridge. On the
basis of this, each port on a bridge is assigned one of the following states:
State Description
root port The port that is closest to the root bridge. Only one port on each bridge is assigned
as the root port.
designated port The port that connects to bridges further away from the root bridge. The root bridge
only has designated ports.
blocking If a port is not assigned a root port or a designated port state, they are assigned a
blocking state. Frames (with the exception of Configuration BPDUs) are not
accepted or transmitted by the port when it is in the blocking state. The port can
be said to be in stand-by.
An elementary example of a Spanning Tree topology is given in the figure below:

8.1.5 The Spanning Tree bridge port states
Bridge port states
There are four possible states a bridge port can be in:
State A port in this state …
blocking • does no frame forwarding.

• does not incorporate station location into its address database (There is no
learning on a blocking port, so there is no MAC address database update.).
• receives BPDUs, but does not process or propagate them.
A bridge always enters the blocking state following bridge initialisation.
listening • does no frame forwarding.

• does not incorporate station location into its address database (There is no
learning on a listening port, so there is no MAC address database update.).
• receives and processes BPDUs, but does not propagate them.
learning • does no frame forwarding.

• incorporates station location into its MAC address database.
• receives, processes and propagates BPDUs.
forwarding • forwards frames.

• incorporates station location into its MAC address database.
• receives, processes and propagates BPDUs.
Bridge port state transition diagram
The following figure shows how a bridge port moves through

the different states when the bridge is powered:
When you enable Spanning Tree, every bridge in the network
goes through the transitory states of listening and learning at
power up. If properly configured, each port stabilises to the for-
warding or blocking state.
When the spanning-tree algorithm places a port in the forward-
ing state, the following process occurs:
1. The port is put into the listening state while it waits for pro-
tocol information that suggests it should go to the blocking
state.
2. The port waits for the expiration of the forward delay timer,
moves the port to the learning state, and resets the forward
delay timer.
3. In the learning state, the port continues to block frame for-
warding as it learns station location information for the for-
warding database.
4. The port waits for the expiration of the forward delay timer
and then moves the port to the forwarding state, where both learning and forwarding are enabled.
8.1.6 The Spanning Tree Bridge Protocol Data Unit
What is a BPDU?
To establish a stable path, each bridge sends Configuration Bridge Protocol Data Units (BPDUs) to its
neighbouring bridges. These Configuration BPDU messages contain information about the spanning
tree topology. The contents of these frames only changes when the bridged network topology changes
or has not been established.
Each Configuration BPDU contains the following minimal information:
• The unique bridge identifier of the bridge that the transmitting bridge believes to be the root bridge.
• The cost of the path to the root from the transmitting port.
• The unique port identifier of the transmitting port.
When a bridge transmits a BPDU frame, all bridges connected to the LAN on which the frame is trans-
mitted receive the BPDU. When a bridge receives a BPDU, it does not forward the frame. Instead, it uses
the information in the frame to:
• calculate a BPDU,
• initiate a BPDU transmission if the topology changes.
The propagation of Configuration BDPUs
When a bridged network is in a stable condition, switches continue to send Configuration BPDUs to its
neighbouring bridges at regular intervals. Configuration BPDUs are transmitted down the spanning tree
from designated ports to root ports. If a Configuration BPDU is not received by the root port of a bridge
within a predefined time interval (for example, because a bridge along the path has dropped out), the
port enters the listening state to re-determine a stable path.
8.1.7 The Spanning Tree behaviour
The following are some examples of how Spanning Tree behaves when certain events occur in your net-
work.
Bridging loops
Bridges connected in a LAN must

detect potential bridge loops. They
must then remove these loops by
blocking the appropriate ports to
other bridges.
This is illustrated in the following fig-
ure:
An alternate path has been estab-
lished by connecting Bridge B in par-
allel with Bridges A and C. This also
creates a potential bridge loop. How-
ever, by using the Spanning Tree
Algorithm, Bridge B breaks the loop and blocks its path to segment 3.
Bridge failure

also detect bridge failure. They must
then establish an alternative path.
Should the root bridge fail, also a
new root bridge must be selected.
A bridge failure is illustrated in the
following figure:
If Bridge A fails, the Spanning Tree
Algorithm must be capable of acti-
vating an alternative path, such as
Bridge B.
Network extension

also detect topology changes. They
must adapt to these changes.
A topology change is illustrated in
the following figure:
If the network is extended by adding
Bridge D, the Spanning Tree Algo-
rithm must be capable of adapting
automatically to the new topology.
This means that Bridge B stops loop-
ing by blocking the path to segment
3.
8.1.8 The Spanning Tree priority and cost
Consider the following Spanning Tree Topology:
What is bridge priority?
In the example above, Bridge A is selected as the root bridge. This because the bridge priority of all the
bridges is set to the default value (32768) and Bridge A has the lowest MAC address. However, due to
traffic patterns or link types, Bridge A might not be the ideal root bridge.
By increasing the bridge priority (lowering the numerical priority value) of the ideal bridge so that it
becomes the root bridge, you force a Spanning Tree recalculation to form a new spanning-tree topology
with the ideal bridge as the root.
What is port priority and path cost?
When the spanning-tree topology is calculated based on default parameters, the path between source
and destination stations in a bridged network might not be ideal. The goal is to make the fastest link the
root port.
For example, assume on Bridge B that …
• port 1, currently the root port, is an unshielded twisted-pair link,
• port 2 is a fibre-optic link.
Network traffic might be more efficient over the high-speed fibre-optic link. By changing the spanning-
tree port priority or path cost for port 2 to a higher priority (lower numerical value) than port 1, port 2
becomes the root port.
Example
By changing the priority and/or the pathCost, you can create a "preferred" path:
By setting the path costs of Bridge A and B to a lower value than the path cost of Bridge D, you can
create a preferred path through Bridge A and B. The path through Bridge D becomes the back-up path.
8.2 Configuring bridging
This section lists the attributes you can use to configure bridging. The following gives an overview of this
section:
• 8.2.1 - Introducing the bridging attributes on page 237
• 8.2.2 - Configuring the bridge group on page 238
• 8.2.3 - Adding a bridge group on page 239
• 8.2.4 - Enabling bridging on an interface on page 241
• 8.2.5 - Configuring bridging on an interface on page 242
• 8.2.6 - Explaining the bridging structure on page 243
8.2.1 Introducing the bridging attributes
What is a bridge group?
A bridge group comprises the main bridging process. So in the containment tree, the bridgeGroup object
contains the general bridging attributes.
What are multiple bridge groups?
The Telindus 1421 SHDSL Router offers the possibility to create multiple bridge groups. This means you
can group some interfaces in one bridge group while you group several other interfaces in another bridge
group. By doing so, it is as if you created several “simple” bridge devices within one device.
Bridging on the different interfaces
In addition to configuring the general bridging process using the configuration attributes of the bridge
group, you also have to configure bridging on each interface on which you want to use bridging.
8.2.2 Configuring the bridge group
Refer to …
• 8.1 - Introducing bridging on page 226 for an introduction on bridging.
• 8.2.1 - Introducing the bridging attributes on page 237 for an introduction on the bridging attributes.
This section lists the most important configuration attributes of the bridge group.
Configuring an IP address on the bridge group
As on other interfaces (LAN, PVCs, etc.), you can

configure an IP address on the bridge group. Do
this using the configuration attribute
telindus1421Router/bridge/bridgeGroup/ip on page 484.
What is more, if you enable bridging on the LAN interface (telindus1421Router/lanInterface/mode = bridging),
then the settings of the configuration attribute telindus1421Router/lanInterface/ip are ignored. So in this case,
if you want to manage the Telindus 1421 SHDSL Router via IP, then you have to configure an IP address
in the bridgeGroup object instead.
Selecting the bridging protocol
Refer to 8.1.2 - The self-learning and Transparent Spanning Tree bridge on page 228 for an introduction.
Use the protocol element in the spanningTree structure to select the bridging protocol. Refer to
telindus1421Router/bridge/bridgeGroup/spanningTree on page 486.
Setting the bridge priority
Refer to 8.1.8 - The Spanning Tree priority and cost on page 234 for more information on bridge priority.
Use the bridgePriority element in the spanningTree structure to set the bridge priority. Refer to
telindus1421Router/bridge/bridgeGroup/spanningTree on page 486.
8.2.3 Adding a bridge group
As said in 8.2.1 - Introducing the bridging attributes on page 237, you can add several bridge groups.
In order to add a bridge group, proceed as follows:
Step Action

to the bridge object and add a vpnBridgeGroup[ ] object
underneath (refer to 4.4 - Adding an object to the contain-
ment tree on page 42).
E.g. vpnBridgeGroup[my_bg]
2 In the vpnBridgeGroup[ ] object you just added, configure the attributes to your needs.
Example:
Suppose you configure an IP address on the bridge group, activate the spanning tree
protocol and set a bridge priority.
3 Now you can add interfaces to the bridge group you just created. Do this by entering the
name of the bridge group in the bridging/bridgeGroup element of the interfaces you want to
add.
Refer to 8.2.6 - Explaining the bridging structure on page 243 (more specifically to the
bridgeGroup element) for more information.
Example:
Suppose you want to add the LAN interface to the vpnBridgeGroup[my_bg] object you previ-
ously added, then type the string “my_bg” in the bridgeGroup element of the bridging structure
of the lanInterface object.
Example - multiple bridge groups
Suppose …
• you have 2 VLANs (VLAN 1 and VLAN 2).
• you have 5 PVCs (PVC 1 up to PVC 5).
• you want to assign VLAN 1 and PVC 1 and 2 to
the default bridge group.
• you want to assign VLAN 2 and PVC 3, 4 and 5
to a bridge group you added yourself.
So first, add a bridge group to the containment tree (e.g. vpnBridgeGroup[my_bg]. Then assign the different
interfaces to the different bridge groups by specifying bridge group names in the bridging/bridgeGroup ele-
ments of the different interfaces. Also set the different interfaces in bridging mode.
The configuration looks as follows:
8.2.4 Enabling bridging on an interface
Refer to …
Per IP interface you can determine whether you perform routing, bridging or both. The following table
shows, for each IP interface, how to enable bridging on this interface:
Interface How to enable bridging?
LAN interface Set the mode attribute to bridging or routingAndBridging. The mode attribute can be found
in the lanInterface object: telindus1421Router/lanInterface/mode.
Important remark

VLAN on the Set the mode element to bridging or routingAndBridging. The mode element can be found
LAN interface in the vlan table which is located in the lanInterface object: telindus1421Router/lanInter-
face/vlan/mode.
ATM PVC Set the mode element to bridging or routingAndBridging. The mode element can be found
in the pvcTable table which is located in the atm object: telindus1421Router/wanInterface/
atm/pvcTable/mode.
PPP link Set the mode element to bridging or routingAndBridging. The mode element can be found
in the ppp object: telindus1421Router/wanInterface/ppp/mode.
Frame Relay Set the mode element to bridging or routingAndBridging. The mode element can be found
PVC in the dlciTable table which is located in the frameRelay object: telindus1421Router/wan-
Interface/frameRelay/dlciTable/mode.
L2TP tunnel Set the mode element to bridging or routingAndBridging. The mode element can be found
in the l2tpTunnels table which is located in the tunnels object: telindus1421Router/router/
tunnels/l2tpTunnels/mode.
IPSEC L2TP Set the mode element to bridging or routingAndBridging. The mode element can be found
tunnel in the ipsecL2tpTunnels table which is located in the tunnels object: telindus1421Router/
router/tunnels/ipsecL2tpTunnels/mode.
8.2.5 Configuring bridging on an interface
Refer to …
Once the bridging process is enabled on the interface (refer to 8.2.4 - Enabling bridging on an interface
on page 241) you can configure the bridging parameters of this interface. Use the elements in the bridging
structure for this purpose. The following table shows you the location of the bridging structure for each
interface:
Interface Location of the bridging parameters
LAN interface In the bridging structure of the lanInterface object: telindus1421Router/lanInterface/bridging.
Important remark

VLAN on the In the bridging structure of the vlan table which is located in the lanInterface object:
LAN interface telindus1421Router/lanInterface/vlan/bridging.
ATM PVC In the bridging structure of the pvcTable which is located in the atm object:
telindus1421Router/wanInterface/atm/pvcTable/bridging.
PPP link In the bridging structure of the ppp object: telindus1421Router/wanInterface/ppp/bridging.
Frame Relay In the bridging structure of the dlciTable which is located in the frameRelay object:
PVC telindus1421Router/wanInterface/frameRelay/dlciTable/bridging.
L2TP tunnel In the bridging structure of the l2tpTunnels table which is located in the tunnels object:
telindus1421Router/router/tunnels/l2tpTunnels/bridging.
IPSEC L2TP In the bridging structure of the ipsecL2tpTunnels table which is located in the tunnels
tunnel object: telindus1421Router/router/tunnels/ipsecL2tpTunnels/bridging.
Refer to 8.2.6 - Explaining the bridging structure on page 243 for a detailed explanation of the bridging
structure.
8.2.6 Explaining the bridging structure
Because the bridging structure occurs in several objects, it is described here once and referenced where
necessary. Refer to 8.2.5 - Configuring bridging on an interface on page 242 for the location of the bridging
structure.
This section lists all the elements that can be present in the bridging structure. However, depending on
the interface, it is possible that not all of these elements are present.
The bridging structure contains the following elements:
Element Description
accessList Use this element set up an outbound access list on Default:<empty>

the interface. Range: 0 … 24 characters
Do this by entering the index name of the access list you want to use. You can cre-
ate the access list itself by adding an accessList object under the bridge object and
by configuring the attributes in this object.
Example
If you created a accessList object with index name my_access_list

(i.e. accessList[my_access_list]) and you want to apply this access list
here, then enter the index name as value for the accessList ele-
ment.
Refer to …
• 9.2.1 - The different access restrictions on the Telindus 1421 SHDSL Router on
page 259 for an introduction on access lists.
• 11.10.2 - Bridge access list configuration attributes on page 495 for more infor-
mation on bridge access lists.
Element Description
bridgeGroup Use this element to determine to which bridge group Default:bridge

the interface belongs. Range: 1 … 24 characters
You have the possibility to create multiple bridge groups (refer to 8.2.3 - Adding a
bridge group on page 239). Then, you can assign some interfaces to one bridge
group while you assign several other interfaces to another bridge group.
By default, the interface is assigned to the default bridge group (provided the con-
figuration attribute telindus1421Router/bridge/bridgeGroup/name of the default bridge
group still has its default value “bridge”). You can assign the interface to another
bridge group than the default bridge group by specifying the index name of the
bridge group in the bridgeGroup element.
Examples
• By default, both the bridgeGroup element and the configuration attribute

telindus1421Router/bridge/bridgeGroup/name of the default bridge group are set to
“bridge”. This means that by default the interface is assigned to the default
bridge group.
• Suppose you change the name of the default bridge group (by changing the
value of the configuration attribute telindus1421Router/bridge/bridgeGroup/name). If
you still want to assign the interface to the default bridge group, then you have
to enter the new name of the default bridge group in the bridgeGroup element of
the interface.
• Suppose you add a bridge group with index name my_bg and you want to assign
the interface to this bridge group, then enter the index name as value for the
bridgeGroup element.
Element Description
trafficPolicy
This element is not present in the telindus1421Router/lanInterface/bridging struc-
ture.
Use this element to apply a traffic policy on the Default:<empty>

bridged data on the interface. Range: 0 … 24 characters
create the traffic policy itself by adding a trafficPolicy object under the bridge object
and by configuring the attributes in this object.
Example

icy element.
Refer to 8.3 - Configuring traffic and priority policy on the bridge on page 247 for
more information on policies.
priority Use this element to set the port priority of the inter- Default:128
face. Range: 0 … 255
Each port of a bridge has a unique port identifier. The priority element is a part of
this port identifier and allows you to change the priority of the port. It is taken as
the more significant part in priority comparisons.
The other part of the unique port identifier has a fixed relationship to the physical
or logical port. This assures the uniqueness of the unique port identifier among the
ports of a single bridge.
Refer to 8.1.8 - The Spanning Tree priority and cost on page 234 for more infor-
mation on port priority.
pathCost Use this element to set the path cost of the interface. Default:100
The path cost is the value that is added to the total Range: 1 … 65535
cost of the path to the root bridge, provided that this particular port is a root port.
I.e. that the path to the root goes through this port.
The total cost of the path to the root bridge should not exceed 65500.
Refer to 8.1.8 - The Spanning Tree priority and cost on page 234 for more infor-
mation on port priority.
topologyChange- Use this element to enable or disable the communica- Default:enabled

Detection tion of Spanning Tree topology changes to the root Range: enabled / disabled
bridge.
Element Description
limitBroadcasts Use this element to limit broadcasts between inter- Default:disabled

faces for which the limitBroadcasts element is set to ena- Range: enabled / disabled
bled.
Example
Suppose you have the follow-

ing set-up:
• Four links towards four dif-
ferent users (clients).
• One uplink towards the
backbone.
• All links are configured for
bridging.
In this case you probably want
that broadcasts coming from
the uplink are distributed to the user links and that broadcasts coming from the
user links are forwarded to the uplink. However, you most likely do not want that
broadcasts coming from one user link are distributed over all the other user links.
Therefore, set the limitBroadcasts element to enabled on all interfaces that may not for-
ward each other’s broadcasts.
8.3 Configuring traffic and priority policy on the bridge
Refer to …
• 7.8.1 - Introducing traffic and priority policy on page 201 for an introduction on traffic and priority pol-
icy.
• 7.8.2 - Traffic and priority policy on routed and on bridged data on page 205 for the difference
between traffic and priority policy on the bridge and the router.
This section gives a short description of the attributes you can use to configure traffic and priority policy
on the bridge.
• 8.3.1 - How to configure a traffic and priority policy on the bridge? on page 248
• 8.3.2 - Configuring a traffic policy on the bridge on page 249
• 8.3.3 - Applying a traffic policy on a certain interface of the bridge on page 250
8.3.1 How to configure a traffic and priority policy on the bridge?
To configure a traffic and priority policy for the bridged data on a certain interface, proceed as follows:
Step Action
1 Create and configure a bridging traffic policy.

Refer to 8.3.2 - Configuring a traffic policy on the bridge on page 249.
2 Apply the bridging traffic policy on the desired interface.

Refer to 8.3.3 - Applying a traffic policy on a certain interface of the bridge on page 250.
3 Create and configure a priority policy.

4 Apply the priority policy on the desired interface.

Refer to 7.8.7 - Applying a priority policy on an interface on page 212.
8.3.2 Configuring a traffic policy on the bridge
Refer to 8.3.1 - How to configure a traffic and priority policy on the bridge? on page 248 for an overview
• → Create and configure a bridging traffic policy. ← You are here.
• Apply the bridging traffic policy on the desired interface.
To create and configure a traffic policy for the bridged data on a certain interface, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree,

go to the bridge object and add a trafficPolicy[ ] object
underneath (refer to 4.4 - Adding an object to the con-
tainment tree on page 42).
2 In the traffic policy object you just added, go to the vlanPriorityMap attribute. Use this
attribute to impose a traffic policy on the bridged VLAN frames received by the Telindus
1421 SHDSL Router.
Refer to telindus1421Router/bridge/trafficPolicy[ ]/vlanPriorityMap on page 498 for more information.
3 In the traffic policy object you just added, go to the dropLevels attribute. Use this attribute
to define for each user configurable queue, how many packets may be queued before
they are dropped.
Refer to telindus1421Router/bridge/trafficPolicy[ ]/dropLevels on page 498 for more information.
8.3.3 Applying a traffic policy on a certain interface of the bridge
Refer to 8.3.1 - How to configure a traffic and priority policy on the bridge? on page 248 for an overview
• Create and configure a bridging traffic policy.
• → Apply the bridging traffic policy on the desired interface. ← You are here.
To apply a traffic policy for the bridged data on a certain interface, enter the index name of the earlier
created traffic policy object as value of the trafficPolicy element. The trafficPolicy element can be found in
the bridging structure of the IP interface. Refer to 8.2.5 - Configuring bridging on an interface on page 242
for the location of the bridging structure on the different IP interfaces.
On the LAN interface, you can not apply a bridging traffic policy.
Example - applying a traffic policy on an interface of the bridge
Suppose you created and configured a traffic policy object with index name myTrafPol (i.e. trafficPol-
icy[myTrafPol]), and you want to apply this traffic policy on an L2TP tunnel you created earlier.
User manual Configuring the additional features
9 Configuring the additional features

This chapter introduces the most important additional features of the Telindus 1421 SHDSL Router
besides routing, bridging and switching and lists the attributes you can use to configure these features.
• 9.1 - Configuring DHCP on page 252
• 9.2 - Configuring the access restrictions on page 258
• 9.3 - Configuring VLANs on page 270
• 9.4 - Configuring L2TP tunnels on page 280
• 9.5 - Configuring IP security on page 290
• 9.6 - Configuring RADIUS on page 298
• 9.7 - Configuring QoS on page 308
1421 SHDSL Router.
9.1 Configuring DHCP
This section introduces the Dynamic Host Configuration Protocol (DHCP) and gives a short description
of the attributes you can use to configure DHCP.
• 9.1.1 - Introducing DHCP on page 253
• 9.1.2 - Assigning static IP addresses on page 254
• 9.1.3 - Assigning dynamic IP addresses on page 255
• 9.1.4 - Configuring the Telindus 1421 SHDSL Router as DHCP relay agent on page 257
9.1.1 Introducing DHCP
What is DHCP?
The DHCP protocol is a protocol for assigning IP addresses to devices on a network. DHCP can assign
dynamic or static IP addresses. With dynamic addressing, a device can have a different IP address every
time it connects to the network. What is more, the IP address can even change while the device is still
connected.
Dynamic addressing simplifies network administration because the software keeps track of IP addresses
rather than requiring an administrator to manage the task. This means that a new computer can be
added to a network without the hassle of manually assigning it a unique IP address.
What is a DHCP relay agent?
Being a broadcast message, a DHCP request can not pass a router by default. To help a DHCP request
pass the router, IP helper addresses have to be configured. This adds additional information to the
request packets allowing servers on distant networks to send back the answer.
Combining static and dynamic DHCP tables
If you combine static and dynamic DHCP server tables, then on an incoming DHCP request first the
static table is scanned for matches and then the dynamic DHCP table is considered.
How does the DHCP server react on a BootP request?
The DHCP server reacts on a BootP request as follows: the source MAC address of the incoming BootP
request packet is compared with the MAC addresses that have been entered in the dhcpStatic table. Then,
there are two possibilities:
• If the source MAC address corresponds with a MAC address in the dhcpStatic table, then the DHCP
server replies with a BootP reply packet. In this reply, the IP address that is linked with the MAC
address in question (as defined in the dhcpStatic table) is returned.
• If the source MAC address does not correspond with a MAC address in the dhcpStatic table, then the
DHCP server returns no response on that frame.
Releasing IP addresses - DHCP versus BootP
On DHCP level, it is regularly checked whether the device that has an IP address in lease is still con-
nected to the network. If it is not, the IP address is returned to the pool of free IP addresses.
On BootP level, however, such a check (or refresh) does not exist. What is more, a statistic IP address
lease is for an infinite time. Consequently, if the device that requested the IP address is no longer con-
nected to the network, this is not detected by the server. In that case, the statistical information will still
indicate that the IP address is leased although it is not.
9.1.2 Assigning static IP addresses
Refer to 9.1.1 - Introducing DHCP on page 253 for an introduction.

To assign static IP addresses to an IP device, proceed as follows:
Step Action
dhcpStatic attribute and add one or more entries to this table.
Use this attribute to assign a fixed IP address to an IP device and this for an infinite time.
Add a row to the dhcpStatic table for each IP address you want to assign.
2 Configure the elements of the dhcpStatic table. The most important are:
• ipAddress. Use this element to assign an IP address to a certain client. This client is
identified with its MAC address.
• mask. Use this element to set the client its subnet mask.
• gateway. Use this element to set the default gateway for the client its subnet. If the inter-
face element is left empty (default), then it is the gateway element that determines on
which interface the Telindus 1421 SHDSL Router will act as DHCP server. Namely
the interface through which the IP address as entered in the gateway element can be
reached.
• interface. Use this element to specify the name of the interface on which you want the
Telindus 1421 SHDSL Router to act as DHCP server.
• macAddress. Use this element to enter the client its MAC address.
Refer to telindus1421Router/router/dhcpStatic on page 426 for more information.
Important remark
If you apply an access list on an interface1 of the Telindus 1421 SHDSL Router through which DHCP
requests have to be received, then make sure that this access list explicitly allows the passing of DHCP
packets! This to make sure that the DHCP packets are not dropped should you accidently misconfigure
the access list.
1. The term “interface” also implies the Telindus 1421 SHDSL Router its own protocol stack. So
if an access list is applied on the protocol stack, then also in this case make sure that the DHCP
packets are allowed to pass.
9.1.3 Assigning dynamic IP addresses

To assign dynamic IP addresses to an IP device, proceed as follows:
Step Action
dhcpDynamic attribute and add one or more entries to this table.
Use this attribute to assign an IP address selected from an IP address range to an IP

device and this for a certain time. Add a row to the dhcpDynamic table for each IP address
range you want to create.
2 Configure the elements of the dhcpDynamic table. The most important are:
• ipStartAddress. Use this element to define the start address of the IP address range. It
is from this range that an IP address will be dynamically assigned to a client.
• ipEndAddress. Use this element to define the end address of the IP address range. It is
from this range that an IP address will be dynamically assigned to a client.
• mask. Use this element to set the client its subnet mask for the specified IP address
range.
• gateway. Use this element to set the default gateway for the client its subnet. If the inter-
face element is left empty (default), then it is the gateway element that determines on
which interface the Telindus 1421 SHDSL Router will act as DHCP server. Namely
the interface through which the IP address as entered in the gateway element can be
reached.
• interface. Use this element to specify the name of the interface on which you want the
Telindus 1421 SHDSL Router to act as DHCP server.
• leaseTime. Use this element to set the maximum time a client can lease an IP address
from the specified IP address range. If 00000d 00h 00m 00s (default) is specified, then
the lease time is infinite.
Refer to telindus1421Router/router/dhcpDynamic on page 428 for more information.
Important remark
If you apply an access list on an interface1 of the Telindus 1421 SHDSL Router through which DHCP
requests have to be received, then make sure that this access list explicitly allows the passing of DHCP
packets! This to make sure that the DHCP packets are not dropped should you accidently misconfigure
the access list.
1. The term “interface” also implies the Telindus 1421 SHDSL Router its own protocol stack. So
if an access list is applied on the protocol stack, then also in this case make sure that the DHCP
packets are allowed to pass.
9.1.4 Configuring the Telindus 1421 SHDSL Router as DHCP relay agent

To configure the Telindus 1421 SHDSL Router as DHCP relay agent, proceed as follows:
Step Action
1 Specify (a) helper IP address(es) using the helpers element in the ip structure. Refer to
5.2.3 - Explaining the ip structure on page 54 for more information.
2 Now specify the helper protocols.

By default, the helperProtocols table is empty. In this case the BootP/DHCP requests
(among others) are forwarded automatically. However, specifying at least one value in
the helperProtocols table clears the default helper list automatically. In that case you explic-
itly have to enter the BootP/DHCP protocol in the helperProtocols table.
Refer to telindus1421Router/router/helperProtocols on page 423 for more information.
9.2 Configuring the access restrictions
This section explains how to control the access to the Telindus 1421 SHDSL Router for both manage-
ment data and user data. First this section gives an overview of the different access restrictions that you
can apply on the Telindus 1421 SHDSL Router. Then it highlights the most complex access restriction:
the extended access lists. It introduces extended access lists and shows you how to set them up.
• 9.2.1 - The different access restrictions on the Telindus 1421 SHDSL Router on page 259
• 9.2.2 - Introducing extended access lists on page 262
• 9.2.3 - Setting up an extended access list on page 263
• 9.2.4 - Tuning an extended access list on page 265
• 9.2.5 - Remarks on extended access lists on page 269
9.2.1 The different access restrictions on the Telindus 1421 SHDSL Router
This section gives an overview of the different access restrictions that you can apply on the Telindus
1421 SHDSL Router.
IP interface
You can apply the following access restrictions on an IP interface
Access restrictions on user Quick configuration

data
Inbound extended access list 1. Add and configure a router/trafficPolicy[ ] object. E.g. trafficPolicy[myIn-
with “allow” and/or “deny” List].
rules. 2. Apply the traffic policy by typing the index name of the trafficPolicy[
] object as value of the accessPolicy element in the ip structure (e.g.
“myInList”).
Refer to 9.2.3 - Setting up an extended access list on page 263 for

detailed information.
Outbound extended access 1. Add and configure a router/trafficPolicy[ ] object. E.g. trafficPolicy[myOut-
list with “allow” rules. List].
2. Apply the traffic policy by typing the index name of the trafficPolicy[
] object as value of the trafficPolicy element in the ip structure (e.g.
“myOutList”).

Bridge interface
You can apply the following access restrictions on a bridge interface:
Access restrictions on user Quick configuration

data
Outbound simple access list 1. Add and configure a bridge/accessList[ ] object. E.g. accessList[myList].
with “deny” rules. 2. Apply the access list by typing the index name of the bridge/access-
List[ ] object as value of the accessList element in the bridging struc-
ture (e.g. “myList”).
Refer to telindus1421Router/bridge/accessList[ ]/macAddress on page 496 for

Prevent broadcasts and multi- Configure the limitBroadcasts element in the bridging structure.
casts from flooding to all inter-
Refer to limitBroadcasts on page 246 for detailed information.
faces
Protocol stack
You can apply the following access restrictions on the protocol stack
Access restrictions on Quick configuration

management data
Inbound simple access list Configure the accessList attribute in the management object.
with “allow” and/or “deny” Refer to telindus1421Router/management/accessList on page 506 for detailed
rules. information.
Inbound extended access list 1. Add and configure a router/trafficPolicy[ ] object. E.g. trafficPolicy[myM-
with “allow” and/or “deny” gtList].
rules. 2. Apply the traffic policy by typing the index name of the trafficPolicy[
] object as value of the accessPolicy attribute in the management
object (e.g. “myMgtList”).

Easy protocol restrictions Configure the telnet, ftp, tftp and snmp attributes in the management
without the need of an access object.
list (Telnet, FTP, TFTP, Refer to 11.12 - Management configuration attributes on page 501 for
SNMP: allow / deny).
Access restrictions per IP Configure the mgmtAccess element in the ip structure.

interface (allow / deny)
Refer to mgmtAccess on page 57 for detailed information.
Access restrictions per bridge Configure the localAccess attribute in the bridgeGroup object.
interface (on VLAN level:
Refer to telindus1421Router/bridge/bridgeGroup/localAccess on page 487 for
allow / deny) detailed information.
9.2.2 Introducing extended access lists
What is an extended access list?
Access lists control the access to or from an interface for a number of specified services or IP addresses.
The access list describes the condition to forward (permit) packets to an interface or to drop (deny) them.
When access lists are combined with NAT/PAT translation, then first the conditions of the access list are
applied before the NAT/PAT translation is done.
On the Telindus 1421 SHDSL Router, the extended access lists are implemented using the traffic policy
function and by defining traffic shaping rules.
9.2.3 Setting up an extended access list
This section explains how to set up an extended access list. 9.2.4 - Tuning an extended access list on
page 265, explains how to configure the access list. I.e. how to define the filter criteria.
In order to set up an extended access list, proceed as follows:
Step Action

to the router object and add a trafficPolicy[ ] object under-
neath (refer to 4.4 - Adding an object to the containment
tree on page 42).
2 In the traffic policy object you just created, make sure that the configuration attribute
method is set to trafficShaping (this is the default value).
3 Configure the configuration attribute telindus1421Router/router/trafficPolicy[ ]/trafficShaping to

match you filter criteria.
Refer to 9.2.4 - Tuning an extended access list on page 265.
4 Apply the traffic policy on the desired interface. See below.
Setting up an inbound extended access list on an IP interface
1. Go to the ip attribute of the interface on which you want to apply your extended access
list.
For example, suppose you want to apply an extended access list on the LAN inter-
face, then go to lanInterface object and then go to the ip attribute.
2. In the ip attribute, enter the index name of the traffic policy object you created in step
1 as value of the accessPolicy element.
In our example, enter the string myTrafPol as value of the accessPolicy element.
Step Action
5 Setting up an outbound extended access list on an IP interface
1. Go to the ip attribute of the interface on which you want to apply your extended access
list.
For example, suppose you want to apply an extended access list on the LAN inter-
face, then go to lanInterface object and then go to the ip attribute.
2. In the ip attribute, enter the index name of the traffic policy object you created in step
1 as value of the trafficPolicy element.
In our example, enter the string myTrafPol as value of the trafficPolicy element.
6 Setting up an inbound extended access list on the protocol stack
Go to the management object and enter the index name of the traffic policy object you cre-
ated in step 1 as value of the accessPolicy attribute.
Important remark
It is possible that the Telindus 1421 SHDSL Router has to answer to DHCP
requests or terminate L2TP and IPSec tunnels. In that case, if you set up an access list
on the protocol stack, then make sure that these protocols are allowed access to the pro-
tocol stack.
9.2.4 Tuning an extended access list
Whereas 9.2.3 - Setting up an extended access list on page 263 shows you how to set up an extended
access list, this section shows you how to tune the access list. I.e. how to define the filter criteria.
You have to define your filter criteria in the telindus1421Router/router/trafficPolicy[ ]/trafficShaping attribute. This
is a table, which is empty by default, but to which you can add several lines (entries).
The following shows a screenshot of the trafficShaping table containing one line:
As you can see from the elements in the trafficShaping table, you can filter on several criteria:
Filter criterion Description
IP addresses • 1 IP address: enter an IP address in the element sourceIpStartAddress and/or

destinationIpStartAddress.
• IP address range: enter an IP address range using the elements …
- sourceIpStartAddress and sourceIpEndAddress and/or
- destinationIpStartAddress and destinationIpEndAddress
So if you define 1 or more IP addresses in the trafficShaping table, then traffic from
(source) or to (destination) these IP addresses is allowed. All other traffic is dis-
carded.
IP protocol Specify an IP protocol using the ipProtocol element. Either select one of the common
IP protocols from the ipProtocol element its drop-down box, or directly type a specific
protocol number in the ipProtocol element field.
So if you define an IP protocol in the trafficShaping table, then traffic carrying this IP
protocol is allowed. All other traffic is discarded.
Filter criterion Description
port number • 1 port number: enter a port number in the element sourcePortStart and/or
destinationPortStart.
• port number range: enter a port number range using the elements …
- sourcePortStart and sourcePortEnd
- and/or
- destinationPortStart and destinationPortEnd
So if you define 1 or more port numbers in the trafficShaping table, then traffic carry-
ing these port numbers is allowed. All other traffic is discarded.
You can not filter on port numbers only. What is more, you can only filter on
port numbers when the IP protocol is set to TCP or UDP. So in other words,
if the IP protocol element is set to a value different from TCP or UDP, then
all the port elements are ignored.
Type Of Service • 1 TOS value: enter a TOS value in the element tosStartValue.
(TOS) value • TOS value range: enter a TOS value range using the elements tosStartValue and
tosEndValue.
So if you define 1 or more TOS values in the trafficShaping table, then traffic carrying
these TOS values is allowed. All other traffic is discarded.
Example - configuring an extended access list
This is an example of a network connected to the Internet and for which the following conditions are
required:
• only 5 stations may have access to the Internet.
• only the HTTP-port for web browsing is open for incoming packets from the Internet.
The following figure shows how to configure the extended access lists:
9.2.5 Remarks on extended access lists
• By default, the entries in the trafficShaping table are “allow” rules. I.e. only the traffic defined in the table
is permitted, all other traffic is discarded (independent whether the traffic shaping table is used as an
access list, for priority policing or policy based routing). However, you can inverse an entry making it
a “deny” rule by entering “discard” as value of the interface element.
• If more than one entry applies to the same packet, then the entry which has the narrowest filter range
(when looking at the filter criteria from left to right) is chosen. For example: two rows in the trafficShaping
table apply to the same packet, but row 1 wants to forward packets to queue 3 and row 2 wants to
forward packets to the low delay queue. In that case, first the IP source address is considered. The
row with the smallest range wins. If the ranges are exactly the same, then the IP destination address
is considered. And so on. Should the two rows be completely identical except for the queue, then one
of the rows is chosen at random.
• You do not necessarily have to fill in IP addresses in the trafficShaping table. It is perfectly valid to filter
on IP protocol, IP protocol/port combination or TOS values only. However, you can not filter on port
numbers only. What is more, you can only filter on port numbers when the IP protocol is set to TCP
or UDP. So in other words, if the IP protocol element is set to a value different from TCP or UDP, then
9.3 Configuring VLANs
This section introduces VLANs and gives a short description of the attributes you can use to configure
VLANs.
• 9.3.1 - Introducing VLANs on page 271
• 9.3.2 - Setting up a VLAN on a LAN interface on page 272
• 9.3.3 - Setting up a VLAN on the bridge group on page 274
• 9.3.4 - Configuring VLAN switching on page 277
9.3.1 Introducing VLANs
What is a VLAN?
A Virtual LAN (VLAN) is a group of devices on one or more LANs that are configured (using management
software) so that they can communicate as if they were attached to the same wire, when in fact they are
located on a number of different LAN segments. Because VLANs are based on logical instead of phys-
ical connections, they are extremely flexible.
What is a VLAN tag?
The VLAN tag header is inserted immediately following the destination MAC address and source MAC
address fields of the frame. The VLAN tag header can be divided into two components:
• TPID (Tag Protocol Identifier). The 802.1Q Ethernet-encoded TPID is defined as two octets with the
value “8100”.
• TCI (Tag Control Information). The TCI field is also two octets in length and contains:
- User priority. The user priority bits represents eight priority levels, 0 through 7. IEEE 802.1P
defines the operation for these 3 user priority bits.
- CFI (Canonical Format Indicator). The CFI bit indicates that all MAC address information carried
by the frame that may be present in the MAC data is in Canonical format.
- VID (VLAN Identifier). The twelve-bit VID field identifies the VLAN to which the frame belongs.
Three VID values are reserved by the 802.1Q standard.
9.3.2 Setting up a VLAN on a LAN interface
Refer to 9.3.1 - Introducing VLANs on page 271 for an introduction.

To set up a VLAN on the LAN interface, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the lanInterface object, select
the vlan attribute and add one or more entries to this table.
Use this attribute to configure the VLANs you want to set up. Add a row to the vlan table
for each VLAN you want to set up.
As long as no VLANs are created in the vlan table, the LAN interface accepts both VLAN
untagged and VLAN tagged frames. The VLAN untagged frames are bridged and/or
routed (depending on the setting of the mode attribute). The VLAN tagged frames are
bridged (in case the mode attribute is set to bridging or bridgingAndRouting, else they are dis-
carded).
As soon as a VLAN is created in the vlan table, the LAN interface still accepts VLAN
untagged frames but only accepts those VLAN tagged frames of which the VLAN ID cor-
responds with the VLAN ID that has been configured in the vlan table (see the vid element
below). Other VLAN tagged frames are discarded.
2 Configure the elements of the vlan table:

• name. Use this element to assign an administrative name to the VLAN.
• adminStatus. Use this element to activate or deactivate the VLAN.
• mode. Use this element to determine whether for the corresponding VLAN, IP packets
are treated by the routing process or the bridging process.
• ip. Use this element to configure the IP related parameters of the VLAN. Refer to 5.2.3
- Explaining the ip structure on page 54 for more information.
• bridging. Use this element to configure the bridging related parameters in case the mode
attribute is set to bridging. Refer to 8.2.6 - Explaining the bridging structure on page 243
for more information.
• vlan. Use this element to configure the specific VLAN related parameters of the VLAN.
See below.
1
Refer to telindus1421Router/lanInterface/vlan on page 361 for more information.

Step Action
3 Configure the vlan structure in the vlan table. The most important elements in this structure
are:
• vid. Use this element to set the VLAN ID.
Important remark
You can also enter VLAN tag 0 as VLAN ID. This is not really a VLAN, but a way
to reverse the filtering:
- all the untagged data is passed, internally, to VLAN 0.
- all the other, tagged, data for which no VLANs are defined, are handled by the
main LAN interface.
This allows a set-up where a number of VLANs are VLAN switched, while other VLANs
and untagged data are bridged. This is particularly interesting for VLAN based networks
with Ethernet switch discovery protocols like Cisco CDP. Until now, this was not possible
since the VLAN switching mode did not allow flooding packets over multiple interfaces
(bridging), nor did it allow terminating management data in the device.
In such set-up, the configuration looks as follows:
- A first bridge group includes all VLANs that need to be switched. This bridge group
is set in VLAN switching mode.
- A second bridge group includes VLAN 0 and possibly also a VLAN for manage-
ment of the device.
- The interface VLAN table(s) include(s) entries for all switched VLANs, VLAN 0 and
possibly a VLAN for management.
• tagSignificance. Use this element to determine whether the VLAN tag has a local or a
global significance. This element is only relevant when you set the mode element to
bridging.
If the tagSignificance is set to …
- local, then the VLAN header is only relevant for the VLAN itself. When receiving a
packet on the VLAN, the VLAN header is stripped before the packet is forwarded
to the bridging engine. When transmitting a packet on the VLAN, the VLAN header
is inserted.
- global, then the VLAN header is not changed when forwarding packets.
When connecting 2 or more Ethernet VLANs in the same bridge group, then make
sure you set the tagSignificance to local, as both VLANs use different VLAN IDs.
Refer to telindus1421Router/lanInterface/vlan/vlan on page 362 for more information.

9.3.3 Setting up a VLAN on the bridge group
Refer to 9.3.1 - Introducing VLANs on page 271 for an introduction.

Although the Telindus 1421 SHDSL Router bridges VLAN tagged frames when connected to a VLAN
aware switch, the Telindus 1421 SHDSL Router itself can only be managed via IP if a VLAN is configured
on the bridge group. In other words, if you want that the data carried by a VLAN can be delivered to the
Telindus 1421 SHDSL Router itself (e.g. so that it can be delivered to the protocol stack, routed, etc.),
then you have to configure a VLAN on the bridge group.
You can …
• either configure one single VLAN on the bridge group using the attribute telindus1421Router/bridge/bridge-
Group/vlan on page 489. Refer to Configuring a single VLAN on the bridge group on page 275.
• or configure several VLANs on the bridge group using the attribute telindus1421Router/bridge/bridgeGroup/
multiVlans on page 491. Refer to Configuring multiple VLANs on the bridge group on page 276.
Configuring a single VLAN on the bridge group
To set up a single VLAN on the bridge group, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the bridgeGroup object and
select the vlan attribute.
2 Configure the elements of the vlan structure:

• Use this element to enable or disable …
- the VLAN tagging of Ethernet frames sent by the Telindus 1421 SHDSL Router.
- the recognition of VLAN tagged Ethernet frames received by the Telindus 1421
SHDSL Router.
• vid. Use this element to set the VLAN ID over which the Telindus 1421 SHDSL Router
can be managed.
• userPriority. Use this element to set the user priority in the VLAN tag and this for all
frames sent by the Telindus 1421 SHDSL Router.
• changeTos. Use this element to enable or disable the COS to TOS mapping.
If you set the changeTos attribute to disabled, then the element cosTosMap is ignored.
• cosTosMap. Use this element to determine how the VLAN user priority (COS) maps
onto the IP TOS byte value.
• tosCosMap. Use this element to determine how the IP TOS byte value maps onto the
VLAN user priority (COS).
As said before, you can either use the vlan attribute or the multiVlan attribute. So, if
you set the dotQTagging element to …
• enabled, then only the vlan attribute is considered and the multiVlan attribute is ignored.
• disabled, then only the multiVlan attribute is considered and the vlan attribute is ignored.
Refer to telindus1421Router/bridge/bridgeGroup/vlan on page 489 for more information.

Configuring multiple VLANs on the bridge group
To set up multiple VLANs on the bridge group, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the bridgeGroup object, select
the multiVlans attribute and add one or more entries to this table.
Use this attribute to configure the VLANs you want to set up. Add a row to the multiVlans
table for each VLAN you want to set up.
2 Configure the elements of the multiVlans table:

• name. Use this element to assign an administrative name to the VLAN.
• adminStatus. Use this element to activate or deactivate the VLAN.
• ip. Use this element to configure the IP related parameters of the VLAN. Refer to 5.2.3
- Explaining the ip structure on page 54 for more information.
• vlan. Use this element to configure the specific VLAN related parameters of the VLAN.
See below.
Refer to telindus1421Router/bridge/bridgeGroup/multiVlans on page 491 for more information.
3 Configure the vlan structure in the multiVlans table. The elements in this structure are:
• vid. Use this element to set the VLAN ID.
• txCos. Use this element to set the default user priority (802.1P, also called COS) of the
transmitted VLAN frames.
• changeTos. Use this element to enable or disable the COS to TOS mapping.
• cosTosMap. Use this element to determine how the VLAN user priority (COS) maps
onto the IP TOS byte value.
• tosCosMap. Use this element to determine how the IP TOS byte value maps onto the
VLAN user priority (COS).
• arp. Use this element to configure the Address Resolution Protocol (ARP) cache.
Refer to telindus1421Router/bridge/bridgeGroup/multiVlans/vlan on page 492 for more information.

9.3.4 Configuring VLAN switching
Refer to 9.3.1 - Introducing VLANs on page 271 for an introduction on VLANs.

To configure VLAN switching, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the bridge/bridgeGroup object
and set the bridgeCache attribute to switching.
2 In the Telindus 1421 SHDSL Router containment tree, go to the bridge/bridgeGroup object,
select the vlanSwitching attribute and add one or more entries to this table.
Use this attribute to specify which VLANs you want to switch. Add a row to the vlanSwitching
table for each VLAN you want to switch.
Step Action
3 Configure the elements of the vlanSwitching table:

• sourceIntf. Use this element to enter the name of the (physical) source interface which
carries the VLAN that has to be switched.
• sourceVlan. Use this element to enter the VLAN ID of the VLAN that has to be switched.
Entering 0 as VLAN ID strips the VLAN tag of the Ethernet frame.
• sourcePMap. Use this element to, if desired, remap the VLAN priorities. The priorities
defined in the sourcePMap are applied after the VLAN is switched from destinationVlan to
sourceVlan.
• destinationIntf. Use this element to enter the name of the (physical) destination interface
which carries the VLAN when it has been switched. The destination interface can also
be a bridge group, in that case just enter the name of the bridge group.
• destinationVlan. Use this element to enter the VLAN ID of the VLAN when it has been
switched. Entering 0 as VLAN ID strips the VLAN tag of the Ethernet frame.
• destinationPMap. Use this element to, if desired, remap the VLAN priorities. The priori-
ties defined in the destinationPMap are applied after the VLAN is switched from sourceVlan
to destinationVlan.
Important remarks
•Note that one row in the vlanSwitching table represents a bidirectional connection.
I.e. data is switched from source to destination and vice versa.
• Also note that only point-to-point connections are possible. Point-to-multipoint con-
nections are not possible. In other words, a certain VLAN may only appear once in the
vlanSwitching table.
Refer to telindus1421Router/bridge/bridgeGroup/vlanSwitching on page 493 for more information on

the elements of the vlanSwitching configuration attribute.
Example - configuring VLAN switching
The following figure shows the LAN interface carrying 3 VLANs that are switched to 3 different ATM
PVCs. One of the VLAN IDs is kept, one is changed and one is stripped.
The following figure shows how to configure the bridge group for VLAN switching.
9.4 Configuring L2TP tunnels
This section introduces the Layer 2 Tunnelling Protocol (L2TP) and gives a short description of the
attributes you can use to configure L2TP.
• 9.4.1 - Introducing L2TP tunnels on page 281
• 9.4.2 - Setting up an L2TP tunnel on page 283
• 9.4.3 - How does an L2TP tunnel work? on page 286
• 9.4.4 - Setting up a main and back-up tunnel on page 287
9.4.1 Introducing L2TP tunnels
What is an L2TP tunnel?
The Layer 2 Tunnelling Protocol (L2TP) is a protocol used for connecting VPNs (Virtual Private Net-
works) over public lines. More specific, it allows you to set up virtual PPP connections. In other words,
an L2TP tunnel simulates an additional PPP interface which directly connects two routers with each
other.
Concrete, using the Layer 2 Tunnelling Protocol you can connect several private and physically dis-
persed local networks with each other over public lines (such as the Internet) in order to create one big
(virtual) local network. This without the need for address translation.
L2TP tunnel terminology
The following table gives some specific L2TP terminology:
Term Description
L2TP Access Con- A node that acts as one side of an L2TP tunnel. It is a peer to the L2TP Network
centrator (LAC) Server (LNS). Packets sent from the LAC to the LNS require tunnelling with the
L2TP protocol.
L2TP Network A node that acts as one side of an L2TP tunnel. It is a peer to the L2TP Access
Server (LNS) Concentrator (LAC). The LNS is the logical termination point of a PPP session
that is being tunnelled from the remote system by the LAC.
Tunnel A tunnel exists between a LAC-LNS pair. The tunnel consists of a Control Con-
nection and zero or more L2TP sessions. The tunnel carries encapsulated PPP
datagrams and Control Messages between the LAC and the LNS.
Control Connection A control connection operates in-band over a tunnel to control the establish-
ment, release, and maintenance of sessions and of the tunnel itself.
Control Messages Control messages are exchanged between LAC and LNS pairs, operating in-
band within the tunnel protocol. Control messages govern aspects of the tunnel
and sessions within the tunnel.
L2TP tunnel encapsulation
The following table shows the L2TP encapsulation on the LAN and WAN interface:
Interface L2TP encapsulation
WAN interface The L2TP encapsulation on the WAN interface is as follows:
LAN interface The L2TP encapsulation on the LAN interface is as follows:

9.4.2 Setting up an L2TP tunnel
Refer to 9.4.1 - Introducing L2TP tunnels on page 281 for an introduction.

To set up an L2TP tunnel, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the router/tunnels object, select
the l2tpTunnels attribute and add one or more entries to this table.
Use this attribute to configure the Layer 2 Tunnelling Protocol tunnels you want to set up.
Add a row to the l2tpTunnels table for each L2TP tunnel you want to set up.
2 Configure the elements of the l2tpTunnels table:

• name. Use this element to assign an administrative name to the tunnel.
• adminStatus. Use this element to activate or deactivate the tunnel.
• mode. Use this element to determine whether for the corresponding tunnel, IP packets
are treated by the routing process, the bridging process or both.
• ip. Use this element to configure the IP related parameters of the tunnel. Building an
L2TP tunnel is based on logical interfaces. Those logical interfaces have their own IP
address. Refer to 5.2.3 - Explaining the ip structure on page 54 for more information.
• bridging. Use this element to configure the bridging related parameters in case the mode
attribute is set to bridging or routingAndBridging. Refer to 8.2.6 - Explaining the bridging
structure on page 243 for more information.
• l2tp. Use this element to configure the L2TP related parameters of the tunnel. See
below.
Refer to telindus1421Router/router/tunnels/l2tpTunnels on page 439 for more information.
3 Configure the l2tp structure in the l2tpTunnels table. The most important elements in this
structure are:
• localIpAddress. Use this element to set the IP address that serves as start point of the
L2TP tunnel.
• remoteIpAddress. Use this element to set the IP address that serves as end point of the
L2TP tunnel.
• type. Use this element to specify the tunnel type (incoming or outgoing).
• mode. Use this element to set the L2TP mode of the Telindus 1421 SHDSL Router
(LAC, LNS or auto). Only use auto in case a Telindus router is located at both sides
of the tunnel.
Refer to telindus1421Router/router/tunnels/l2tpTunnels/l2tp on page 440 for more information.

Remarks
• L2TP tunnels can also be set up by an IP host. The Telindus 1421 SHDSL Router is transparent for
tunnels set up by a host.
• Multiple L2TP tunnels are possible on a single link. Currently, only one single PPP session is possible
per L2TP tunnel.
Example - configuring an L2TP tunnel
Suppose private network 1 has to be interconnected to private network 2 over the Internet. For this pur-
pose you want to set up an L2TP tunnel between the two access routers of these private networks.
So first create a route between the WAN interfaces of Router A and B. Then set up the tunnel between
the WAN interfaces of Router A and B (i.e. the tunnel start point is IP address 207.46.197.101, the tunnel
end point is IP address 198.182.196.56).
The following figure shows how to set up the L2TP tunnel:
9.4.3 How does an L2TP tunnel work?
Suppose a packet coming from the LAN has a destination address for a network that is accessible
through an L2TP tunnel. The following happens:
Phase Description
1 The packet goes through the routing decision process. If the

result of this decision is a route which uses the tunnel interface,
then the packet is encapsulated in PPP first, then L2TP, UDP
and finally IP.
2 Then the packet goes through the routing decision process again. This time using the
outer IP header.
3 The packet is routed over the Internet using the outer IP header.
4 The packet is received in the tunnel's end point, where it is then routed again using the
original IP header.
9.4.4 Setting up a main and back-up tunnel
Refer to 9.4.1 - Introducing L2TP tunnels on page 281 for an introduction.

This example explains how to set up a main and a back-up tunnel. More specifically how to use the
l2tpTunnels/backup element to do so.
Suppose private network 1 has to be interconnected to private network 2 over the Internet. For this pur-
pose you want to set up an L2TP tunnel between the two access routers of these private networks. What
is more, you want one main tunnel and one back-up tunnel.
Configure this example as follows:
Step Action
1 Add two entries to the l2tpTunnels table: one entry for the main tunnel and one for the back-
up tunnel. Configure these entries as described in 9.4.2 - Setting up an L2TP tunnel on
page 283.
Typically the main tunnel is of the type outgoing leased line, whereas the back-up tunnel
usually is an outgoing dial tunnel.
2 Now, by adding two entries to the routingTable, create two routes to network 2: one main
route (through the main tunnel) and one back-up route (through the back-up tunnel).
Differentiate the main route from the back-up route by giving them a different preference:
the main route is preferred (i.e. it’s preference value is lower) above the back-up route (it’s
preference value is higher).
Step Action
3 Now use the backup element in the l2tpTunnels table to optimise the back-up process. Con-
figuring the backup element allows you to quickly set up a back-up tunnel as soon as the
main tunnel goes down, instead of waiting on several time-outs before the back-up tunnel
is set up.
For the main tunnel, you could configure the backup structure as follows:
The backup structure contains the following elements:

• interface. Use this element to enter the name of the back-up tunnel.
• timeOut. Use this element to set the set-up time-out of the main tunnel in seconds. If
the main tunnel is not set up within the specified time-out, then the back-up tunnel is
set up.
• autoRetry. This element is only relevant in case the type element of the main tunnel is
set to outgoingLeasedLine. Use this element to determine, if a leased line tunnel does not
come up, whether it has to keep trying to come up (yes) or quit after one try (no).
4 Configuring the above results in the following:

• The main route and tunnel are up.
⇒Data destined for network 2 goes over the main route/tunnel to network 2.
• The main tunnel goes down.
⇒The back-up tunnel is set up immediately. Data destined for network 2 now goes
over the back-up route/tunnel to network 2.
• The main route and tunnel come up again.
⇒Data destined for network 2 goes over the main route/tunnel again since this is the
preferred route.
Some remarks
1. The back-up mechanism only works for routing.

2. Typically the main tunnel is a leased line tunnel, whereas the back-up tunnel usually is a dial tunnel.
3. You can create an alternating back-up mechanism by letting the main tunnel refer to the back-up tun-
nel and vice versa. In that case you could set …
- the backup/autoRetry of the main tunnel to no, to avoid that both main and back-up tunnel are up at
the same time.
- the l2tp/noTrafficTimeOut of the back-up tunnel to 0, to “simulate” a leased line tunnel with the advan-
tage that this tunnel does not come up when the Telindus 1421 SHDSL Router boots. The back-
up tunnel will only come up (and stay up) at the moment it is triggered.
4. If in the situation as described in remark 3. you set the l2tp/noTrafficTimeOut of the back-up tunnel to
anything else than 0, then it is best to set the backup/autoRetry of the main tunnel to yes. This because
if the back-up tunnel goes down due to the no traffic time-out, then it does not trigger the main tunnel
to come up again. Moreover, due to the main/back-up routes in the routingTable, the only available
route remains the back-up route through the back-up tunnel (since the main tunnel and hence main
route stay down). However, in this case you have to keep in mind that setting up a dial tunnel can
take a long time (especially when using IPSEC with IKE).
9.5 Configuring IP security
This section introduces IP security (IPSEC) and gives a short description of the attributes you can use
to configure IPSEC.
• 9.5.1 - Introducing IPSEC on page 291
• 9.5.2 - Setting up an IPSEC secured L2TP tunnel using a manual SA on page 295
• 9.5.3 - The hardware accelerator (HWA) chip on page 297
9.5.1 Introducing IPSEC
What is IPSEC?
IPSEC (Internet Protocol Security) is a framework for a set of protocols for security at the network or
packet processing layer of network communication. Earlier security approaches have inserted security
at the application layer of the communications model. IPSEC is deployed widely to implement Virtual Pri-
vate Networks (VPNs). A big advantage of IPSEC is that security arrangements can be handled without
requiring changes to individual user computers.
IPSEC compatibility
IPSEC on the Telindus 1421 SHDSL Router is compatible with IPSEC on Cisco devices and on Linux.
The IPSEC modes
IPSEC features two basic modes: transport mode or tunnel mode. The Telindus 1421 SHDSL Router
currently supports L2TP tunnels over IPSEC. IPSEC is used in transport mode. I.e. traffic destined for
an L2TP tunnel is secured with IPSEC (refer to RFC 3193, Securing L2TP using IPSEC).
The IPSEC protocols (ESP and AH)
IPSEC provides two choices of security service:

• Authentication Header (AH), essentially allows authentication of the sender of data and parts of the
IP header.
• Encapsulating Security Payload (ESP), allows both authentication of the sender and encryption of
data as well.
The specific information associated with each of these services is inserted into the packet in a header
that follows the IP packet header.
What is AH?
AH is a protocol used for authenticating a data stream. It uses a cryptographic hash function to produce
a MAC from the data in the IP packet. This MAC is then transmitted with the packet, allowing the remote
gateway to verify the integrity of the original IP packet, making sure the data has not been tampered with
on its way through the Internet.
Apart from the IP packet data, AH also authenticates parts of the IP header.
The AH protocol inserts an AH header after the original IP header, and in tunnel mode, the AH header
is inserted after the outer header, but before the original, inner, IP header.
What is ESP?
The ESP protocol is used for both encryption and authentication of the IP packet. It can also be used to
do either encryption only, or authentication only.
The ESP protocol inserts an ESP header after the original IP header, in tunnel mode, the ESP header
is inserted after the outer header, but before the original, inner, IP header.
All data after the ESP header is encrypted and/or authenticated. The difference from AH is that ESP also
provides encryption of the IP packet. The authentication phase also differs in that ESP only authenticates
the data after the ESP header; thus the outer IP header is left unprotected.
What is a security association (SA)?
IPSEC provides different options for performing network encryption and authentication. The two com-
municating nodes must determine exactly which algorithms to use (e.g. DES or 3DES for encryption,
MD5 or SHA for integrity and authentication) and must share session keys. All this information is
described in the Security Association (SA). In other words, the security association is simply a statement
of the negotiated security policy between two devices.
An SA is, by nature, unidirectional. Hence the need for more than one SA per connection. In most cases,
where either ESP or AH is used, two SAs will be created for each connection: one describing the incom-
ing traffic and the other the outgoing. In cases where ESP and AH are used in conjunction, four SAs will
be created.
What is the Security Parameter Index (SPI)?
An SPI is an arbitrary value that uniquely identifies which SA to use at the receiving host. The sending
host uses the SPI to identify and select which SA to use to secure every packet. The receiving host uses
the SPI to identify and select the encryption algorithm and key used to decrypt packets.
What is a manual SA?
There are two types of security associations:

• Manual SA
• Dynamic SA
The Telindus 1421 SHDSL Router currently supports Manual SA. This requires no negotiation. All val-
ues, including the keys, are static and specified in the configuration. As a result, each peer must have
the same configured options for communication to take place.
In principle, security association is unidirectional (half-duplex). I.e. one SA for the inbound traffic and one
SA for the outbound traffic. The Telindus 1421 SHDSL Router also supports full-duplex SA (one SA for
both inbound and outbound traffic).
IPSEC encryption
You can encrypt the data using the Data Encryption Standard (DES or 3DES).
DES is a widely-used method of data encryption using a private (secret) key. Like other private key cryp-
tographic methods, both the sender and the receiver must know and use the same private key. DES
applies a 56-bit key to each 64-bit block of data. Triple DES applies three keys in succession.
Note that on the Telindus 1421 SHDSL Router LE models, only DES encryption can be used. On the
Telindus 1421 SHDSL Router NE models, the use of encryption is not possible.
IPSEC authentication
You can not only encrypt but also authenticate the data using the Keyed-Hashing for Message Authen-
tication (HMAC).
HMAC is a mechanism for message authentication using cryptographic hash functions. HMAC can be
used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret
shared key.
9.5.2 Setting up an IPSEC secured L2TP tunnel using a manual SA
Refer to 9.5.1 - Introducing IPSEC on page 291 for an introduction.

In order to set up an L2TP tunnel secured with IPSEC using a manual SA, proceed as follows:
Step Action

the router object and add a manualSA[ ] object underneath (refer
to 4.4 - Adding an object to the containment tree on page 42).
E.g. manualSA[mySA]
2 Now configure the attributes of the manualSA[ ] object you added in step 1 to your needs.
These attribute are:
• espEncryptionAlgorithm. Use this attribute to select the algorithm that will be used to
encrypt the data when using IPSEC.
• espEncryptionKey. Use this attribute to define the key that will be used in the encryption
/ decryption process when using IPSEC.
• espAuthenticationAlgorithm. Use this attribute to select the algorithm that will be used to
authenticate the data when using IPSEC.
• espAuthenticationKey. Use this attribute to define the key that will be used in the authen-
tication process when using IPSEC.
• spi. Use this attribute to set the SPI value. Each security association must have a
unique SPI value because this value is used to identify the security association.
Refer to 11.9.4 - Manual SA configuration attributes on page 446 for more information.
3 In the Telindus 1421 SHDSL Router containment tree, go to the router/tunnels object, select
the ipsecL2tpTunnels attribute and add one or more entries to this table.
Use this attribute to configure the IP secured Layer 2 Tunnelling Protocol tunnels you
want to set up. Add a row to the ipsecL2tpTunnels table for each IPSEC L2TP tunnel you
want to set up.
4 Configure the non-IPSEC related parameters in the ipsecL2tpTunnels table as described in

9.4.2 - Setting up an L2TP tunnel on page 283.
The only IPSEC related parameter is the ipsec element in the l2tp structure of the
ipsecL2tpTunnels table.
Step Action
5 In the ipsecL2tpTunnels table, go to the l2tp structure. In this structure, go to the ipsec ele-
ment:
• Set the first part of this element to fdxManualSA or hdxManualSA to choose between full-
duplex or half-duplex manual SA (refer to telindus1421Router/router/tunnels/ipsecL2tpTunnels/
l2tp/ipsec on page 444 for more information).
• In the second part of this element, enter the index name of the manualSA[ ] object you
added in step 1 as value of the ipsec element.
By doing so, you apply the security association on the L2TP tunnel.
E.g. in our example, select fdxManualSA in the
first part of the ipsec element and enter the
string mySA in the second part of the ipsec
element.
9.5.3 The hardware accelerator (HWA) chip
Standard Telindus 1421 SHDSL Router versus Telindus 1421 SHDSL Router HWA
On the standard Telindus 1421 SHDSL Router, encryption in IPSEC is handled by the software. As this
is a processor consuming task, the forwarding performance of the Telindus 1421 SHDSL Router
decreases. Therefore, the Telindus 1421 SHDSL Router is also available in a version with a HWA chip.
This chip takes care of the DES and 3DES encryption / decryption, unburdening the software of this task.
This results in a better forwarding performance.
How to identify a Telindus 1421 SHDSL Router HWA version?
You can not distinguish a standard version from a HWA version on sight. However, you can distinguish
the two versions by looking at the status attribute telindus1421Router/sysDescr. In case you have a HWA ver-
sion, the string “HWA” or “3DES” appears in the sysDescr.
Example:
• Telindus 1421 SHDSL Router Txxxx/xxxxx 01/01/00 12:00 indicates that you have a standard version.
• Telindus 1421 SHDSL Router 3DES Txxxx/xxxxx 01/01/00 12:00 indicates that you have a 3DES version.
The status of the HWA chip
Whenever the Telindus 1421 SHDSL Router boots, it checks the presence of the HWA chip and does a
diagnostic test. Should these checks fail (e.g. because the HWA chip is faulty), then the following mes-
sages appear in the status attribute telindus1421Router/messages:
• encryption chip init failed
• encryption chip diag failed
In case the HWA chip is faulty, the DES and 3DES encryption is done by the software as on the standard
9.6 Configuring RADIUS
This section introduces Remote Authentication Dial-In User Service (RADIUS) and gives a short descrip-
tion of the attributes you can use to configure RADIUS.
• 9.6.1 - Introducing RADIUS on page 299
• 9.6.2 - Enabling RADIUS for device access authentication on page 301
• 9.6.3 - Enabling RADIUS for network access authentication on page 303
• 9.6.4 - Enabling RADIUS for accounting on page 304
• 9.6.5 - Supported RADIUS attribute types on page 305
• 9.6.6 - Client (calling) IP settings on page 307
• 9.6.7 - NAS (called) IP settings on page 307
9.6.1 Introducing RADIUS
What is RADIUS?
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that ena-
bles Network Access Servers (NAS) to communicate with a central server to authenticate dial-in users
and authorize their access to the requested system or service. RADIUS allows a company to maintain
user profiles in a central database that all remote servers can share. It provides better security, allowing
a company to set up a policy that can be applied at a single administered network point. Having a central
service also means that it's easier to track usage for billing and for keeping network statistics.
The following figure shows the interaction between a dial-in user, the RADIUS client and the RADIUS
server:
1. The user initiates PPP authentication to the NAS.

2. The NAS asks for a username and a password (if PAP or CHAP is active).
3. The user replies.
4. The RADIUS client sends the username and encrypted password to the RADIUS server.
5. The RADIUS server responds with accept, reject or challenge.
6. The RADIUS client acts upon services and services parameters bundled with accept or reject.
Authentication and authorisation using RADIUS
The RADIUS server can support a variety of methods to authenticate a user. When it is provided with
the username and original password given by the user, it can support PPP, PAP or CHAP and other
authentication mechanisms.
Typically, a user login consists of a query (Access-Request) from the NAS to the RADIUS server and a
corresponding response (Access-Accept or Access-Reject) from the server:
• Access-Request. The Access-Request packet contains the username, encrypted password, NAS IP
address, and port. The format of the request also provides information about the type of session that
the user wants to initiate.
• Access-Reject. When the RADIUS server receives the Access-Request from the NAS, it searches a
database for the username listed. If the username does not exist in the database, an Access-Reject
message is sent.
• Access-Accept. In RADIUS, authentication and authorisation are coupled together. If the username
is found and the password is correct, the RADIUS server returns an Access-Accept response, includ-
ing a list of attribute-value pairs that describe the parameters to be used for this session. Typical
parameters include service type, protocol type, IP address to assign the user (static or dynamic),
access list to apply, or a static route to install in the NAS routing table. The configuration information
in the RADIUS server defines what will be installed on the NAS.
The figure below illustrates the RADIUS authentication and authorization sequence:
Accounting using RADIUS
The accounting features of the RADIUS protocol can be used independently of RADIUS authentication
or authorisation. The RADIUS accounting functions allow data to be sent at the start and end of sessions,
indicating the amount of resources (such as time, packets, bytes, and so on) used during the session.
An Internet service provider (ISP) might use RADIUS access control and accounting software to meet
special security and billing needs.
Transactions between the client and RADIUS server are authenticated through the use of a shared
secret, which is never sent over the network. In addition, user passwords are sent encrypted between
the client and RADIUS server to eliminate the possibility that someone snooping on an insecure network
could determine a user's password.
9.6.2 Enabling RADIUS for device access authentication
Refer to 9.6.1 - Introducing RADIUS on page 299 for an introduction.

To prevent unauthorised access to the Telindus devices themselves (for management purposes), you
can configure a password in the devices. However, instead of configuring the passwords in the devices
themselves, you can also use a RADIUS server for this purpose.
So in order to enable device access authentication with RADIUS, proceed as follows:
Step Action
1 In the Telindus 1421 SHDSL Router containment tree, go to the router object and select
the radius attribute.
2 Configure the following elements of the radius structure:

• authServers. Use this element to select an authentication server. You can create a list
of several authentication servers. The authServers table contains the following ele-
ments:
- address. Use this element to specify the IP address of the authentication server.
- secret. Use this element to set the shared secret to authenticate the transaction with
the authentication server.
- timeOut. Use this element to specify the authentication time-out.
• retries. Use this element to specify the number of retries before selecting the next
authentication server in the authServers table.
• login. Use this element to set the authentication of access to the Telindus 1421 SHDSL
Router using a management application (e.g. Telnet, FTP, TFTP, TMA, etc.). No
accounting data is sent to the server. The login element has the following values:
- disabled. No RADIUS login authentication is done.
- enabled. Login authentication is always done using a RADIUS server. Refer to step
3.
- fallback. Login authentication is done using a RADIUS server. However, if the server
is not available, then authentication is done using the local security table of the
device.
Step Action
3 If in step 2 you set the login element to enabled or fallback, then you have to configure user-
names and associated passwords on the RADIUS server.
The username and password have to be entered as follows: "username:password". If
the ‘:’ is omitted, then the string is considered to be a password.
Multiple passwords can be added using the same username. Access rights are sent
using the RADIUS attribute CLASS (25) encoded as a string carrying a binary value. The
bit definitions are:
• readAccess = 00000001B
• writeAccess = 00000010B
• securityAccess = 00000100B
• countryAccess = 00001000B (only used on aster4/5)
• fileAccess = 00010000B
Caution should be taken since all access to the device has to be authenticated by a
RADIUS server.
Refer to telindus1421Router/router/radius on page 431 for a complete explanation of the radius attribute.
9.6.3 Enabling RADIUS for network access authentication

The most typical application of RADIUS is where the RADIUS server authenticates dial-in users and
authorises their access to an ISP its network (in order to access the Internet).
So in order to enable network access authentication with RADIUS, proceed as follows:
Step Action
1 Configure a PPP(oA) link towards the remote network (e.g. the ISP’s network) and ena-
ble PAP or CHAP on this link.
Refer to 6.4 - Configuring PPP encapsulation on page 122 for more information.

• authServers. Use this element to select an authentication server. You can create a list
of several authentication servers. The authServers table contains the following ele-
ments:
- address. Use this element to specify the IP address of the authentication server.
the authentication server.
- timeOut. Use this element to specify the authentication time-out.
• retries. Use this element to specify the number of retries before selecting the next
authentication server in the authServers table.
• ppp. Use this element to set the authentication of a PPP connection that uses PAP or
CHAP. The ppp element has the following values:
- disabled. PPP authentication is not done using a RADIUS server. It is done using
the local sysName/sysSecret or sessionName/sessionSecret of the device.
- enabled. PPP authentication is always done using a RADIUS server.
Note that the local configuration of username and password is ignored if a table of RADIUS servers exist.
Furthermore, remote IP address and remote netmask are ignored if a RADIUS server imposes these
attributes.
Refer to telindus1421Router/router/radius on page 431 for a complete explanation of the radius attribute.
9.6.4 Enabling RADIUS for accounting

Together with authentication, an Internet service provider (ISP) might use RADIUS for accounting pur-
poses (e.g. for billing or network statistics).
So in order to enable accounting with RADIUS, proceed as follows:
Step Action

• acctServers. Use this element to select an accounting server. You can only select one
accounting server. The acctServers structure contains the following elements:
- address. Use this element to specify the IP address of the accounting server.
the accounting server.
- timeOut. Use this element to specify the accounting time-out.
• acctUpdate. Use this element to specify the time at which an update of the accounting
data should be send to the server.
Set this element to 0 (default) if no update is required. Note that this is not always sup-
ported by the accounting server.
9.6.5 Supported RADIUS attribute types
This section shows which RADIUS attribute types are supported by the Telindus 1421 SHDSL Router.
RADIUS authentication attribute types
(1) User-Name Is sent.
(2) User-Password Is sent in case of PAP, TELNET, FTP and TMA authentication.
(3) CHAP-Password Is sent in case of CHAP authentication.
(4) NAS-IP-Address Is sent (this is the IP address of the interface that received the incom-
ing call).
(5) NAS-Port-ID Is sent (this is the index of the interface that received the incoming
call).
(7) Framed-Protocol Is sent.
(8) Framed-IP-Address Supported. Local configuration is overruled when received.

• 255.255.255.255: client is allowed to choose an address. It must
be rejected if null.
• 255.255.255.254: remote IP address that is configured on the
NAS is sent to the remote client.
• any valid address: this address is taken as remote IP address.
Also see 9.6.6 - Client (calling) IP settings on page 307 and 9.6.7 -
NAS (called) IP settings on page 307 for NAS and remote client
behaviour when sending/learning IP addresses and masks.
(9) Framed-IP-Netmask Supported.

Also see 9.6.6 - Client (calling) IP settings on page 307 and 9.6.7 -
NAS (called) IP settings on page 307 for NAS and remote client
behaviour when sending/learning IP addresses and masks.
(22) Framed-Route Supported (1 metric).
(25) Class Is used to send the “accessRights” when using TELNET and TMA. Is
sent as a hexadecimal value.
(27) Session-Timeout Supported.
(32) NAS-Identifier Is sent (= sysName).
(33) Proxy-State
(60) CHAP-Challenge Is sent.
(62) Port-Limit Supported in case of multilink.
(80) Message-Authenticator HMAC MD5 authentication of access request. Is not required but is
sent for security reasons.
RADIUS accounting attribute types
(40) Status-Type Supported (values (1) Start, (2) Stop and (3) Update).
(41) Delay-Time Supported.
(42) Input-Octets Supported.
(43) Output-Octets Supported.
(44) Session-ID Supported.
(45) Authentic Supported (always value (1) RADIUS).
(46) Session-Time Supported.
(47) Input-Packets Supported.
(48) Output-Packets Supported.
(49) Terminate-Cause Supported (values (2) Lost Carrier, (5) Session Timeout and (6)
Admin Reset).
(50) Multi-Session-ID Supported in case of multilink.
(51) Link-Count Supported in case of multilink.

9.6.6 Client (calling) IP settings
The following table shows some cases of how and which IP addresses the client can learn on its PPP
link in case of RADIUS:
Case Description
1 IP address and mask are already configured on the client.

⇒Configured IP address and mask are used.
2 No IP address and mask are configured on the client, they are learned from the NAS.
⇒Normal case: add 3 routes (host, network and broadcast). However, if the learned
mask is 255.255.255.252, then no broadcast route is added. If the learned mask
is 255.255.255.255, then only a host route is added.
⇒If the gatewayPreference is not 0, then a default gateway is added via the PPP inter-
face with the configured preference.
⇒If the PPP link goes down, then remove all the routes.
3 No IP address is configured on the client. IP address is learned from the NAS, the mask
not.
⇒Configured IP address is used.
⇒Set mask to 255.255.255.255.
4 The client is configured in unnumbered mode (an IP address and mask are taken from
another interface for which the IP address and mask is configured).
⇒IP address and mask of the referenced interface are used.
9.6.7 NAS (called) IP settings
The following table shows some cases of how and which IP addresses the NAS sets on its PPP link in
case of RADIUS:
Case Description
1 An IP address and mask is configured or unnumbered mode is configured. The remote

client requests an IP address and mask.
⇒If the remote IP address does not fall within the network defined by the own IP
address and mask, then reject the VSO option 0.0.0.0 from the other side. (E.g.
remote IP = 10.0.0.1 and own IP = 192.168.0.1 / 255.255.255.0.)
⇒If (remote IP address and mask) = (local IP address and mask), then a host route
is added for the remote IP address to make sure that the remote can be reached
(via proxy ARP when the NAS is in unnumbered mode).
9.7 Configuring QoS
This section introduces Quality of Service (QoS) and, using schematical drawings, tries to shows which
attributes you can use to configure QoS.
• 9.7.1 - Introducing QoS on page 309
• 9.7.2 - IP QoS on page 310
• 9.7.3 - VLAN QoS on page 311
• 9.7.4 - QoS on an Ethernet interface on page 311
• 9.7.5 - QoS on a PPP interface without fragmentation on page 312
• 9.7.6 - QoS on a PPP interface with fragmentation on page 312
• 9.7.7 - QoS on a multilink PPP interface with fragmentation on page 313
• 9.7.8 - QoS on a Frame Relay interface without fragmentation on page 314
• 9.7.9 - QoS on a Frame Relay interface with fragmentation on page 314
• 9.7.10 - QoS on a multilink Frame Relay interface without fragmentation on page 315
• 9.7.11 - QoS on a multilink Frame Relay interface with fragmentation on page 316
• 9.7.12 - Frame Relay fragmentation options on page 316
• 9.7.13 - QoS on an ATM interface on page 317
• 9.7.14 - QoS on an ATM IMA interface on page 317
• 9.7.15 - QoS on traffic within a VPN tunnel on page 318
9.7.1 Introducing QoS
What is QoS?
Quality of Service (QoS) is the capability of a network to provide better service to certain network traffic
over various technologies (e.g.Frame Relay, ATM, Ethernet and IP networks that use any or all of these
underlying technologies). The primary goal of QoS is to provide priority including dedicated bandwidth,
controlled jitter and latency, and improved loss characteristics. Also important is making sure that pro-
viding priority for one or more flows does not make other flows fail.
QoS is not one attribute that you can set to “low”, “medium” or “high” quality. QoS is a collection of con-
figuration attributes located on different levels (e.g. queueing, PPP fragmentation, bandwidth control,
etc.).
The following table gives an overview of the features that can be used for QoS:
Protocol Feature
All 7 queues: 5 user configurable queues, a low delay queue and a system queue.
All Priority policies: FIFO, round robin, absolute priority, WFQ, low delay WFQ.
All Bandwidth control per queue with CIR values.
IP IP traffic classification based on access lists (trafficShaping), tosDiffServ &

tosMapped.
VLAN VLAN traffic classification based on 802.1P bits.
PPP PPP fragmentation.
PPP PPP multi-class.
PPP Improved load balancing for MLPPP.
Frame Relay Frame Relay fragmentation.
Frame Relay CIR / EIR on outgoing traffic.
Frame Relay CIR / EIR on incoming traffic.
ATM UBR traffic class.

9.7.2 IP QoS
• 7 queues per interface.

- Queue 1 up to 5.
- Low delay queue.
- System queue for e.g. control protocols (PPP LCP, Frame Relay LMI, ATM OAM, …).
- CIR is configurable per queue (except for the system queue).
• Traffic policy: maps IP traffic to a queue.
- Traffic shaping: classification on IP addresses, IP protocol, UDP/TCP port numbers and TOS bits.
- diffServ: fixed mapping to queues and 3 drop levels based on 2 TOS bits.
- TOS mapped: configurable mapping on TOS bits only.
• Priority policy: defines policy to empty the queues.
- FIFO, round robin, absolute priority, WFQ, low delay WFQ.
- Bandwidth control per queue (CIR).
- System queue always has absolute priority.
• Policy based routing: routing is based on higher layer protocols.

- IP addresses, IP protocol, UDP/TCP port numbers and TOS bits.
9.7.3 VLAN QoS
• Only in case of bridging or VLAN switching mode.

• Only applicable on VLAN packets (using the P bits).
• Traffic policy based on P bits value.
• IP TOS to VLAN COS mapping during tagging.
9.7.4 QoS on an Ethernet interface
• Traffic policy and priority policy are configured on physical interface level.
• CIR is configurable per queue.
9.7.5 QoS on a PPP interface without fragmentation
• Traffic policy and priority policy are configured on physical interface level.
• When setting the attribute delayOptimisation to lowSpeedLinks, then the interface queue length is reduced.
This is particularly interesting for low speed links.
9.7.6 QoS on a PPP interface with fragmentation
• Fragmentation on PPP is mostly used for QoS (especially if the link speed is below 2 Mbps).
• Fragmentation can be enabled or disabled per interface (not per class).
• Use multiclass PPP for QoS.
- Set up a PPP bundle to be able to use multiclass.
- Each class is like a separate interface.
- Each class uses one priority queue (configurable per class). There is no need to apply a traffic
policy (use the default queue).
- Apply a priority policy on the physical interface.
9.7.7 QoS on a multilink PPP interface with fragmentation
Similar as for 9.7.6 - QoS on a PPP interface with fragmentation on page 312, except that now you use
several physical interfaces.
9.7.8 QoS on a Frame Relay interface without fragmentation
• Traffic policy is configured on DLCI level.

• Priority policy is configured on physical interface level.
• CIR is configurable per queue and per DLCI.
9.7.9 QoS on a Frame Relay interface with fragmentation
• Use multiple DLCIs per destination for different traffic classes.

• Each DLCI uses one priority queue (configurable per DLCI). There is no need to apply a traffic policy
(use the default queue).
9.7.10 QoS on a multilink Frame Relay interface without fragmentation
• Set up a Frame Relay bundle.

• Traffic policy is configured on DLCI level.
• CIR is configurable per queue and per DLCI.
9.7.11 QoS on a multilink Frame Relay interface with fragmentation
• Set up a Frame Relay bundle.

• Apply the same QoS principles on the bundle interface as on a physical interface.
• Note that Cisco routers do not support fragmentation on a multilink Frame Relay interface.
9.7.12 Frame Relay fragmentation options
• End-to-end fragmentation = fragmentation at DLCI level.

• Segment fragmentation = fragmentation at interface level (up to a switch).
9.7.13 QoS on an ATM interface
• Each PVC behaves like a physical interface.

• Traffic policy and priority policy are configured on PVC level.
• PCR is configurable per PVC.
• AAL5 SAR (= fragmentation) occurs at the end.
9.7.14 QoS on an ATM IMA interface

9.7.15 QoS on traffic within a VPN tunnel
• Set up an L2TP or L2TP IPSec tunnel.

• Applying a traffic policy on the traffic destined for the tunnel is only useful for setting the TOS (DSCP)
bits (the priority field remains unused). So set the copyTos attribute in the l2tp structure to on.
• Create a traffic and priority policy on the lower layer interface. These policies are used on the TOS
values you have set with first traffic policy.
User manual Configuration examples
10 Configuration examples
This chapter shows some basic configuration examples for the Telindus 1421 SHDSL Router. This
allows you to get acquainted with the way the Telindus 1421 SHDSL Router has to be configured. The
first example is a step-by-step example. For the other examples, the CLI code is given.
• 10.1 - Step-by-step example: LAN extension over ATM on page 320
• 10.2 - LAN extension over a PDH/SDH network on page 330
• 10.3 - LAN extension over a Frame Relay network on page 332
• 10.4 - Connecting a LAN to the Internet using NAT and PAT on page 334
• 10.5 - Using PAT with a minimum of official IP addresses on page 336
• 10.6 - Combining bridging and routing in a network on page 339
10.1 Step-by-step example: LAN extension over ATM
In this example, a remote office is connected to a central office over an ATM network.
If you want to configure Telindus 1421 SHDSL Router A as depicted in the set-up above, then proceed
as follows:
Step 1: Connect the Telindus 1421 SHDSL Router
First connect the different connectors of the Telindus 1421 SHDSL Router A. Refer to 2 - Installing and
connecting the Telindus 1421 SHDSL Router on page 9.
Step 2: Connect with TMA
Once the Telindus 1421 SHDSL Router A is connected, you are ready to start with the configuration of
the Telindus 1421 SHDSL Router A. Therefore, connect your PC which is running TMA to the control
connector of the Telindus 1421 SHDSL Router A. Then open a TMA session on the Telindus 1421
SHDSL Router A. Refer to 4.1.3 - Connecting with TMA through the control connector on page 32.
⇒The containment tree of the Telindus 1421 SHDSL Router A is shown in TMA.
Step 3: Configure an IP address on the LAN interface
Usually, the first thing that you configure is an IP address on the LAN interface:
Step Action
1 Select the lanInterface object.
2 Select the ip structure.
3 Set the address element to 192.168.47.254.
4 Set the netMask element to 255.255.255.0.
5 Click on the Send all attributes to the device button . This activates the new config-
uration on the Telindus 1421 SHDSL Router.
Note that at this point the LAN interface is still not reachable via its IP address. This because the LAN
interface mode is still bridging (this is the default value). As long as it is bridging, you can only reach the
LAN interface via its IP address if you configure an IP address in the bridge/bridgeGroup object.
Step 4: Setting the mode on the LAN interface
In our example we do not want to bridge, but we want to route the data on the LAN interface. Therefore
set the mode of the LAN interface to routing:
Step Action
1 Select the lanInterface object.
2 Set the mode attribute to routing.
3 You can leave all other attributes in the lanInterface object to their default value.
4 Click on the Send all attributes to the device button . This activates the new config-
uration on the Telindus 1421 SHDSL Router.
Now the LAN interface is reachable via its IP address. So if you would like to connect with TMA to the
Telindus 1421 SHDSL Router through its LAN interface, then proceed as explained in 4.1.4 - Connecting
with TMA over an IP network on page 34.
Step 5: Setting the encapsulation on the WAN interface
Now start to configure the WAN interface. First select the encapsulation protocol:
Step Action
1 Select the wanInterface object.
2 Set the encapsulation attribute to atm.
3 You can leave all other attributes in the wanInterface object to their default value.
Step 6: Configuring the SHDSL line
Now configure the SHDSL line:

• When using two Telindus 1421 SHDSL Routers in a point-to-point set-up, it should suffice to set the
line/channel attribute of Telindus 1421 SHDSL Router A to central and of Telindus 1421 SHDSL Router
B to remote.
• When using a Telindus 1421 SHDSL Router at one side and a 3rd party SHDSL router on the other
side, then make sure to check the following configuration attributes:
- channel and timingMode. Since these attributes influence the clocking mode of the Telindus 1421
SHDSL Router, it is important to find out in which clocking mode the 3rd party SHDSL router can
be set. One router should be set to internal clocking while the other should be set to slave receive
clocking.
- region. Select the correct region. If the auto value does not suffice, try setting this attribute to a spe-
cific value that corresponds with the region value of the 3rd party SHDSL router (Annex A or
Annex B).
- minSpeed(2P) and maxSpeed(2P). Normally, the default range should suffice since the Telindus 1421
SHDSL Router will try to select a speed within this range that allows good operation. If the default
range does not suffice, try setting a fixed speed (by setting the min and max speed attributes to
the same value) that corresponds with the speed setting of the 3rd party SHDSL router.
- dualPairMode. When using a Telindus 1421 SHDSL Router 2P in combination with a 3rd party
SHDSL router, it is best to set the dualPairMode attribute to standard.
For more information on the SHDSL line configuration attributes, refer to 11.6 - SHDSL line configuration
attributes on page 397.
Step 7: Creating an ATM PVC
Since you selected ATM as encapsulation protocol, you also have to create and configure a ATM PVC
in the ATM PVC table.
Start with adding an entry to the pvcTable:
Step Action
1 Select the wanInterface/atm object.
2 Select the pvcTable attribute.
3 Add a line to the table using the Insert row before/after button .
4 Type a name for the PVC in the name element, e.g. myPvc. This is the name you have to
use in the routing table if you want to refer to this “interface”.
5 The mode element is set to routing by default, so this is OK.

Step 8: Configure an IP address on the ATM PVC
Now configure the IP parameters of the ATM PVC you created in the previous step:
Step Action
1 In the pvcTable, double-click on the ip structure.
2 Set the address element to 192.168.100.1. This is the IP address of the local side of the
PVC that will be set up on the WAN interface.
3 Set the netMask element to 255.255.255.252. This is the subnet mask of the PVC.
4 Set the remote element to 192.168.100.2. This is the IP address of the remote side of the
PVC that will be set up on the WAN interface.
5 You can leave all other attributes in the ip structure to their default value.
6 To exit the ip structure, click on the One level up button .

Step 9: Configure a VCI on the ATM PVC
Finally configure a VCI number on the ATM PVC:
Step Action
1 In the pvcTable, double-click on the atm structure.
2 Set the vci element to 101. This is the Virtual Channel Identifier.
3 You can leave all other attributes in the atm structure to their default value.
4 To exit the atm structure, click on the One level up button .

Step 10: Creating a route to the remote network
The last thing that you have to do is to create a route towards the remote network. Since there is only
one remote network, it suffices to set a default route.
Step Action
1 Select the router object.
2 Select the defaultRoute attribute.
3 Set the gateway element to 192.168.100.2.
4 Set the interface element to myPvc. By doing so, you “point” the route to the ATM PVC you
created earlier.
Note that it is not mandatory to fill in both the gateway and interface element. You
could omit one of the two.
5 You can leave all other attributes in the defaultRoute structure to their default value.
Step 11: Activate the configuration
When you finished configuring the Telindus 1421 SHDSL Router, you have to activate the configuration.
Do this by clicking on the Send all attributes to the device button .
The following gives an overview of the configuration, in CLI format, of Telindus 1421 SHDSL Router A
and B as depicted in our example set-up (10.1 - Step-by-step example: LAN extension over ATM on
page 320).
Telindus 1421 SHDSL Router A Telindus 1421 SHDSL Router B

action "Load Default Configuration" action "Load Default Configuration"
SET SET
{ {
SELECT lanInterface SELECT lanInterface
{ {
LIST LIST
{ {
ip = ip =
{ {
address = 192.168.47.254 address = 192.168.48.254
netMask = 255.255.255.0 netMask = 255.255.255.0
} }
mode = "routing" mode = "routing"
} }
} }
SELECT wanInterface SELECT wanInterface
{ {
LIST LIST
{ {
encapsulation = "atm" encapsulation = "atm"
} }
SELECT atm SELECT atm
{ {
LIST LIST
{ {
pvcTable = pvcTable =
{ {
[a] = [a] =
{ {
name = "myPvc" name = "myPvc"
mode = "routing" mode = "routing"
ip = ip =
{ {
address = 192.168.100.1 address = 192.168.100.2
netMask = 255.255.255.252 netMask = 255.255.255.252
remote = 192.168.100.2 remote = 192.168.100.1
} }
atm = atm =
{ {
vpi = 0 vpi = 0
vci = 101 vci = 101
} }
} }
} }
} }
} }
SELECT line SELECT line
{ {
LIST LIST
{ {
channel = "central" channel = "remote"
} }
} }
} }
SELECT router SELECT router
{ {
LIST LIST
{ {
defaultRoute = defaultRoute =
{ {
gateway = 192.168.100.2 gateway = 192.168.100.1
interface = "myPvc" interface = "myPvc"
} }
} }
} }
} }
action "Activate Configuration" action "Activate Configuration"
10.2 LAN extension over a PDH/SDH network
In this example, a remote office is connected to a central office over a PDH or SDH network.
A modem link connects the remote office to the PDH or SDH network. At the local office a Telindus 1421
SHDSL Router is installed. The central router is a third party router. The WAN encapsulation is PPP with
active link monitoring.
The configuration of the Telindus 1421 SHDSL Router in CLI format is as follows:
action "Load Default Configuration"
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
}
mode = routing
}
}
SELECT wanInterface
{
LIST
{
encapsulation = ppp
}
SELECT ppp
{
LIST
{
ip =
{
address = 192.168.100.1
netMask = 255.255.255.252
}
mode = routing
linkMonitoring =
{
operation = enabled
}
}
}
}
SELECT router
{
LIST
{
routingTable =
{
[a] =
{
network = 192.168.48.0
gateway = 192.168.100.2
}
}
}
}
}
action "Activate Configuration"
10.3 LAN extension over a Frame Relay network
In this example, a remote office is connected to a central office over a Frame Relay network.
A modem link connects the remote office to the Frame Relay network. At the local office a Telindus 1421
SHDSL Router is installed. The central router is a third party router.The Frame Relay network uses LMI
according to the ANSI standard. No Inverse ARP is supported by the network.
DLCI19
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
}
mode = routing
}
}
SELECT wanInterface
{
LIST
{
encapsulation = frameRelay
}
SELECT frameRelay
{
LIST
{
dlciTable =
{
[a] =
{
name = dlci1
ip =
{
address = 192.168.100.1
netMask = 255.255.255.252
remote = 192.168.100.2
}
frameRelay =
{
dlci = 19
}
}
}
lmi =
{
type = ansiT1-617-d
}
}
}
}
SELECT router
{
LIST
{
routingTable =
{
[a] =
{
network = 192.168.48.0
gateway = 192.168.100.2
}
}
}
}
}
10.4 Connecting a LAN to the Internet using NAT and PAT
This is an example of a local network that only uses private addresses.

Your site is connected to an Internet Service Provider. At your site a Telindus 1421 SHDSL Router is
installed. You only received 2 official IP addresses from the ISP, one for all outgoing traffic using PAT
(195.7.12.22) and one for accessing the local web server using NAT (195.7.12.21) with a dedicated pri-
vate address.
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
}
mode = routing
}
}
SELECT wanInterface
{
SELECT atm
{
LIST
{
pvcTable =
{
[a] =
{
ip =
{
address = 195.7.12.22
nat = default
}
mode = routing
}
}
}
}
}
SELECT router
{
LIST
{
defaultRoute =
{
gateway = 195.7.12.254
}
}
SELECT defaultNat
{
LIST
{
patAddress = 195.7.12.22
addresses =
{
[a] =
{
officialAddress = 195.7.12.21
privateAddress = 192.168.47.250
}
}
}
}
}
}
10.5 Using PAT with a minimum of official IP addresses
This is another example of a local network that only uses private addresses.
Your site is connected to an Internet Service Provider. At your site a Telindus 1421 SHDSL Router is
installed. You only received 1 official IP address from the ISP. To reduce the number of official IP
addresses, the ISP also uses private IP addresses on the link. The central router its routing table has a
host route to its PAT address per customer.
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
}
mode = routing
}
}
SELECT wanInterface
{
LIST
{
encapsulation = ppp
}
SELECT ppp
{
LIST
{
ip =
{
address = 192.168.100.1
nat = default
}
mode = routing
}
}
}
SELECT router
{
LIST
{
defaultRoute =
{
gateway = 192.168.100.254
}
}
SELECT defaultNat
{
LIST
{
servicesAvailable =
{
[a] =
{
protocol = tcp
startPort = 80
serverAddress = 192.168.47.250
}
}
}
}
}
}
SET
{
SELECT lanInterface
{
LIST
{
ip =
{
address = 192.168.47.254
}
mode = routing
}
}
SELECT wanInterface
{
SELECT atm
{
LIST
{
pvcTable =
{
[a] =
{
ip =
{
address = 192.168.100.1
nat = default
}
mode = routing
}
}
}
}
}
SELECT router
{
LIST
{
defaultRoute =
{
gateway = 192.168.100.254
}
}
SELECT defaultNat
{
LIST
{
servicesAvailable =
{
[a] =
{
startPort = 80
serverAddress = 192.168.47.250
}
}
}
}
}
}
10.6 Combining bridging and routing in a network
The following example shows a combination of bridging and routing in a network:

Reference manual
Reference manual
Reference manual
User manual Configuration attributes
11 Configuration attributes
This chapter discusses the configuration attributes of the Telindus 1421 SHDSL Router. The following
gives an overview of this chapter:
• 11.1 - Configuration attribute overview on page 344
• 11.2 - General configuration attributes on page 351
• 11.3 - LAN interface configuration attributes on page 357
• 11.4 - WAN interface configuration attributes on page 366
• 11.5 - Encapsulation configuration attributes on page 369
• 11.6 - SHDSL line configuration attributes on page 397
• 11.7 - End and repeater configuration attributes on page 408
• 11.8 - Bundle configuration attributes on page 410
• 11.9 - Router configuration attributes on page 415
• 11.10 - Bridge configuration attributes on page 482
• 11.11 - SNMP configuration attributes on page 499
• 11.12 - Management configuration attributes on page 501
11.1 Configuration attribute overview
Refer to 4.3 - The objects in the Telindus 1421 SHDSL Router containment tree on page 40 to find out
which objects are present by default, which ones you can add yourself and which ones are added auto-
matically.
sysName
sysContact
sysLocation
bootFromFlash
security
alarmMask
alarmLevel
Action: Activate Configuration
Action: Load Default Configuration
Action: Load Preconfiguration
Action: Load Saved Configuration
Action: Cold Boot
>> lanInterface
name
mode
ip
bridging
priorityPolicy
arp
adapter
vlan
alarmMask
alarmLevel
>> wanInterface
name
encapsulation
priorityPolicy
maxFifoQLen
alarmMask
alarmLevel
>>> atm
pvcTable
vp
atm
>>> frameRelay
ip
dlciTable
lmi
modeLearnedDlci
delayOptimisation
fragmentation
mru
>>> ppp
ip
mode
bridging
delayOptimisation
mru
compression
linkMonitoring
authentication
authenPeriod
sessionName
sessionSecret
>>> hdlc
bridging
mru
>>> errorTest
testType
blockSize
programmablePattern
>>> line
channel
region
timingMode
retrain
startupMargin
minSpeed
maxSpeed
minSpeed2P1
maxSpeed2P1
mode1
dualPairMode
linkAlarmThresholds
numExpectedRepeaters
eocHandling
management
alarmMask
alarmLevel
>>>> linePair[ ]
alarmMask
alarmLevel
>>> repeater[ ]
>>>> networkLinePair[ ]
alarmMask
alarmLevel
>>>> customerLinePair[ ]
alarmMask
alarmLevel
>>> end
>>>> linePair[ ]
alarmMask
alarmLevel
1. Only present in case of a 2 pair version.

>> bundle
>>> pppBundle[ ]
members
mode
ip
bridging
fragmentation
multiclassInterfaces
alarmMask
alarmLevel
>> router
defaultRoute
routingTable
routingProtocol
alternativeRoutes
ripUpdateInterval
ripHoldDownTime
ripv2SecretTable
sysSecret
pppSecretTable
helperProtocols
sendTtlExceeded
sendPortUnreachable
sendAdminUnreachable
dhcpStatic
dhcpDynamic
dhcpCheckAddress
radius
dns
alarmMask
alarmLevel
>>> defaultNat
patAddress
portTranslations
servicesAvailable
addresses
gateway
tcpSocketTimeOut
udpSocketTimeOut
tcpSockets
udpSockets
dmzHost
>>> nat[ ]
<Contains the same objects as the defaultNat object.>
>>> tunnels
l2tpTunnels
ipsecL2tpTunnels
>>> manualSA[ ]
espEncryptionAlgorithm
espEncryptionKey
espAuthenticationAlgorithm
espAuthenticationKey
spi
>>> routingFilter[ ]
filter
>>> trafficPolicy[ ]
method
trafficShaping
tos2QueueMapping
dropLevels
>>> priorityPolicy[ ]
algorithm
countingPolicy
queueConfigurations
lowdelayQuotum
bandwidth
>>> ospf
routerId
refBandwidth
keyChains
>>>> area
areaId
stub
networks
virtualLinks
ranges
>> bridge
>>> bridgeGroup
name
ip
arp
bridgeCache
bridgeTimeOut
spanningTree
localAccess
macAddress
vlan
vlanSwitching
>>> vpnBridgeGroup[ ]
ip
arp
bridgeCache
bridgeTimeOut
spanningTree
localAccess
macAddress
vlan
vlanSwitching
>>> accessList[ ]
macAddress
vlanPriorityMap
dropLevels
>> snmp
trapDestinations
mib2Traps
>> management
cms2Address
accessList
snmp
telnet
tftp
ftp
accessPolicy
consoleNoTrafficTimeOut
alarmFilter
atwinGraphics
timedStatsAvailability
timeServer
timeZone
sysLog
loginControl
ctrlPortProtocol
>>> loopback
ipAddress
ipNetMask
11.2 General configuration attributes
This section describes the following configuration attributes:

• telindus1421Router/sysName on page 352
• telindus1421Router/sysContact on page 352
• telindus1421Router/sysLocation on page 352
• telindus1421Router/bootFromFlash on page 352
• telindus1421Router/security on page 353
• telindus1421Router/<alarmConfigurationAttributes> on page 354
This section describes the following actions:
• telindus1421Router/Activate Configuration on page 355
• telindus1421Router/Load Default Configuration on page 355
• telindus1421Router/Load Preconfiguration on page 355
• telindus1421Router/Load Saved Configuration on page 356
• telindus1421Router/Cold Boot on page 356
telindus1421Router/sysName Default:<empty>
Range: 0 … 64 characters
Use this attribute to assign a name to the Telindus 1421 SHDSL Router.
The sysName attribute is an SNMP MIB2 parameter.
This attribute is also used in the PPP authentication process. The PPP authenticator uses the sysName
attribute in order to verify the peer its response.
For more information on PPP authentication, refer to …
telindus1421Router/sysContact Default:<empty>
Use this attribute to add contact information. You could, for instance, enter
the name and telephone number of the person to contact in case problem occur.
The sysContact attribute is an SNMP MIB2 parameter.
telindus1421Router/sysLocation Default:<empty>
Use this attribute to specify the physical location of the Telindus 1421
SHDSL Router. The sysLocation attribute is an SNMP MIB2 parameter.
telindus1421Router/bootFromFlash Default:auto
Range: enumerated, see below
Part of the flash memory of the Telindus 1421 SHDSL Router is organised
as a file system. In this file system, you can store two complete application software versions. You can
use the bootFromFlash attribute to switch between these softwares.
When you store two application software versions in the file system, they are automatically renamed as
CONTROL1 and CONTROL2, respectively. You can check this with the status attribute telindus1421Router/
fileSystem/fileList.
The bootFromFlash attribute has the following values:
Value When the Telindus 1421 SHDSL Router boots …
flash1 the application software CONTROL1 is active.
flash2 the application software CONTROL2 is active.
auto the Telindus 1421 SHDSL Router automatically chooses the most recent applica-
tion software. It does this by comparing the application software version numbers.
telindus1421Router/security Default:<empty>
Range: table, see below
Use this attribute to create a list of passwords with associated access levels
in order to avoid unauthorised access to the Telindus 1421 SHDSL Router and the network.
The security table contains the following elements:
Element Description
password Use this element to set the password. You can then Default:<empty>
associate this password with a certain access level. Range: 0 … 20 characters
Also see Important remarks on page 354.
accessRights Use this element to set the access level associated Default:1111
with the password. It is a bit string of which each bit Range: bit string, see below
corresponds to an access level. The different access
levels are listed below.
The following table shows, for each access level, what you can or can not do:
Access Read Change Read secu- Change Execute Access file

level attributes attributes rity security actions2 system
attributes1 attributes
readAccess yes no no no no no
writeAccess yes yes no no yes no
securityAccess no no yes yes no no
fileSystem- no no no no no yes
Access
1. The Telindus 1421 SHDSL Router has the following security attributes:
telindus1421Router/sysName
telindus1421Router/security
telindus1421Router/router/sysSecret, pppSecretTable and ripv2SecretTable
telindus1421Router/router/priorityPolicy and trafficPolicy
telindus1421Router/wanInterface/ppp/authentication and authenPeriod
telindus1421Router/management/accessList, snmp, telnet and tftp
2. Actions are e.g. Cold Boot, clearArpCache, clearBridgeCache, etc…
Important remarks
• If you create no passwords, everybody has complete access.

• If you define at least one password, it is impossible to access the Telindus 1421 SHDSL Router with
one of the management systems without entering the correct password.
• If you create a list of passwords, create at least one with write and security access. If not, you will be
unable to make configuration and password changes after activation of the new configuration.
• If you access the Telindus 1421 SHDSL Router via RADIUS, then this requires that the password is
associated with a user. So in that case, enter the username and password in the password element as
follows:
"username:password".
- Note that if the ‘:’ is omitted, then the string is considered to be a password.
- Note that if you do not access the device via RADIUS, but you access it directly with e.g. TMA,
then you have to enter the complete string, i.e. "username:password". Not just the password part
of the string.
telindus1421Router/<alarmConfigurationAttributes>
For more information on …

• the alarm configuration attributes alarmMask and alarmLevel and on the alarms in general, refer to 14.2
- Introducing the alarm attributes on page 698.
• the alarms of the telindus1421Router object, refer to 14.3 - General alarms on page 701.
telindus1421Router/Activate Configuration
If you execute this action, then the editable non-active configuration becomes the active configuration.
Refer to 5.6.1 - What are the different configuration types? on page 77 for more information.
When use this action?
If you configure the Telindus 1421 SHDSL Router using …

• any other maintenance tool than the graphical user interface based TMA (e.g. ATWIN, CLI, Web
Interface, EasyConnect terminal, TMA CLI), then execute the Activate Configuration action to activate the
configuration after you finished configuring the Telindus 1421 SHDSL Router or after you executed
the Load Saved Configuration or Load Default Configuration action.
• TMA, then do not just execute the Activate Configuration action to activate the configuration after you fin-
ished configuring the Telindus 1421 SHDSL Router, but use the TMA button Send all attributes to
device instead. You can, however, execute the Activate Configuration action after you executed the
Load Saved Configuration or Load Default Configuration action.
telindus1421Router/Load Default Configuration
If you execute this action, then the non-active configuration is overwritten by the default configuration.
Refer to 5.6.1 - What are the different configuration types? on page 77 for more information.
If you install the Telindus 1421 SHDSL Router for the first time, all configuration attributes have their
default values. If the Telindus 1421 SHDSL Router has already been configured but you want to start
from scratch, then use this action to revert to the default configuration.
telindus1421Router/Load Preconfiguration
If you execute this action, then the non-active configuration is overwritten by the preconfiguration (if
present, else this action does nothing). Refer to 5.6.1 - What are the different configuration types? on
If you install the Telindus 1421 SHDSL Router for the first time and if a preconfiguration is present (i.e.
a precfg.cms file is present on the file system), then some configuration attributes will be set to a pre-
configured value. The rest of the attributes will be set to their default values. If the Telindus 1421 SHDSL
Router has already been configured but you want to revert to the preconfiguration, then use this action.
telindus1421Router/Load Saved Configuration
If you execute this action, then the non-active configuration is overwritten by the active configuration cur-
rently used by the Telindus 1421 SHDSL Router. Refer to 5.6.1 - What are the different configuration
types? on page 77 for more information.
If you are in the progress of modifying the non-active configuration but made some mistakes, then use
this action to revert to the active configuration.
telindus1421Router/Cold Boot
If you execute this action, then the Telindus 1421 SHDSL Router reboots. As a result, the Telindus 1421
SHDSL Router …
• performs a self-test.
• checks the software.
• reads the saved configuration and restarts program execution.
Use this action, for instance, to activate new application software.

11.3 LAN interface configuration attributes

• telindus1421Router/lanInterface/name on page 358
• telindus1421Router/lanInterface/mode on page 358
• telindus1421Router/lanInterface/ip on page 358
• telindus1421Router/lanInterface/bridging on page 358
• telindus1421Router/lanInterface/priorityPolicy on page 359
• telindus1421Router/lanInterface/arp on page 359
• telindus1421Router/lanInterface/adapter on page 360
• telindus1421Router/lanInterface/vlan on page 361
• telindus1421Router/lanInterface/<alarmConfigurationAttributes> on page 365
telindus1421Router/lanInterface/name Default:lan
Use this attribute to assign an administrative name to the LAN interface.
telindus1421Router/lanInterface/mode Default:bridging
Use this attribute to determine whether the packets are treated by the rout-
ing process, the bridging process or both.
The mode attribute has the following values:
Value Description
bridging All packets are bridged.
The settings of the IP configuration attributes of the LAN are ignored. If you
want to manage the Telindus 1421 SHDSL Router via IP, you have to con-
figure an IP address in the bridgeGroup object. Refer to telindus1421Router/bridge/
bridgeGroup/ip on page 484.
routing The IP packets are routed. All other protocols are discarded.
routingAndBridging IP packets are routed. Non-IP packets are bridged.
The settings of the IP configuration attributes are taken into account.
telindus1421Router/lanInterface/ip Default:-
Range: structure, see below
Use this attribute to configure the IP related parameters of the LAN inter-
face.
Refer to …
• 5.2 - Configuring IP addresses on page 51 for general information on configuring IP addresses.
• 5.2.3 - Explaining the ip structure on page 54 for a detailed description of the ip structure.
Important remark
If you set the configuration attribute telindus1421Router/lanInterface/mode to bridging, then the settings of the
configuration attribute telindus1421Router/lanInterface/ip are ignored. As a result, if you want to manage the
Telindus 1421 SHDSL Router via IP, you have to configure an IP address in the bridgeGroup object
instead: telindus1421Router/bridge/bridgeGroup/ip.
telindus1421Router/lanInterface/bridging Default:-
Use this attribute to configure the bridging related parameters of the LAN
interface.
Refer to …
• 8 - Configuring bridging on page 225 for more information on bridging.
• 8.2.6 - Explaining the bridging structure on page 243 for a detailed description of the bridging structure.
telindus1421Router/lanInterface/priorityPolicy Default:<empty>
Use this attribute to apply a priority policy on the LAN interface.
Do this by entering the index name of the priority policy you want to use. You can create the priority policy
itself by adding a priorityPolicy object and by configuring the attributes in this object.
Example
If you created a priorityPolicy object with index name my_priority_policy

(i.e. priorityPolicy[my_priority_policy]) and you want to apply this priority
policy here, then enter the index name as value for the priorityPolicy attribute.
Refer to 7.8.6 - Creating a priority policy on page 210 for more information on priority policies.
telindus1421Router/lanInterface/arp Default:-
Use this attribute to configure the Address Resolution Protocol (ARP)
cache.
The arp structure contains the following elements:
Element Description
timeOut Use this element to set the ageing time of the ARP Default:00000d 02h 00m 00s
cache entries. Refer to The ARP cache time-out. Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
proxyArp Use this element to enable or disable the proxy ARP Default:enabled
mechanism. Refer to What is proxy ARP?. Range: enabled / disabled
Note that when you want to access a proxied device via its IP address that
is configured in the telindus1421Router/proxy/nmsGroup/objectTable, then the
proxyArp element must be set to enabled.
What is the ARP cache?
The LAN interface has been allocated a fixed Ethernet address, also called MAC (Medium Access Con-
trol) address. This MAC address is not user configurable. The IP address of the LAN interface, on the
other hand, is user configurable. This means that the user associates an IP address with the predefined
MAC address. The MAC address - IP address pairs are kept in a table, called the ARP cache. Refer to
telindus1421Router/lanInterface/arpCache on page 527 for an example of such a table.
How does the ARP cache work?
Before the Telindus 1421 SHDSL Router sends an IP packet on the LAN interface, it has to know the
MAC address of the destination device. If the address is not present in the ARP cache table yet, the Tel-
indus 1421 SHDSL Router sends an ARP request on the Ethernet to learn the MAC address and asso-
ciated IP address of the destination device. This address pair is then written in the ARP cache. Once the
address pair is present, the Telindus 1421 SHDSL Router can reference to this pair if it has to send an
IP packet to the same device later on.
The ARP cache time-out
Summarised, all the MAC address - IP address pairs from ARP requests and replies received on the
LAN interface are kept in the ARP cache. However, if devices on the network are reconfigured then this
MAC address - IP address relation may change. Therefore, the ARP cache entries are automatically
removed from the cache after a fixed time-out. This time-out period can be set with the timeOut element.
What is proxy ARP?
Proxy ARP is the technique in which one host, usually a router, answers ARP requests intended for
another machine. By "faking" its identity, the router accepts responsibility for routing packets to the "real"
destination. Proxy ARP can help machines on a subnet reach remote subnets without configuring routing
or a default gateway.
The advantages and disadvantages of proxy ARP are listed below:
advantages The main advantage of using proxy ARP is that it can be added to a single router
on a network without disturbing the routing tables of the other routers on the net-
work.
Proxy ARP should be used on the network where IP hosts are not configured with
default gateway or does not have any routing intelligence.
disadvantages Hosts have no idea of the physical details of their network and assume it to be a
flat network in which they can reach any destination simply by sending an ARP
request. But using ARP for everything has disadvantages, some of which are listed
below:
• It increases the amount of ARP traffic on your segment.
• Hosts need larger ARP tables to handle IP-to-MAC address mappings.
• Security may be undermined. A machine can claim to be another in order to
intercept packets, an act called "spoofing."
• It does not work for networks that do not use ARP for address resolution.
• It does not generalise to all network topologies (for example, more than one
router connecting two physical networks).
telindus1421Router/lanInterface/adapter Default:autoDetect
Use this attribute to set the Ethernet mode of the LAN interface.
The adapter attribute has the following values: autoDetect, 10Mb/halfDuplex, 10Mb/fullDuplex, 100Mb/halfDuplex.
telindus1421Router/lanInterface/vlan Default:<empty>
Use this attribute to create and configure VLANs. Refer to 9.3 - Configuring
VLANs on page 270 for an introduction and a step-by-step procedure.
As long as no VLANs are created in the vlan table, the LAN interface accepts both VLAN untagged and
VLAN tagged frames. The VLAN untagged frames are bridged and/or routed (depending on the setting
of the mode attribute). The VLAN tagged frames are bridged (in case the mode attribute is set to bridging
or bridgingAndRouting, else they are discarded).
As soon as a VLAN is created in the vlan table, the LAN interface still accepts VLAN untagged frames
but only accepts those VLAN tagged frames of which the VLAN ID corresponds with the VLAN ID that
has been configured in the vlan table (refer to the configuration element vid on page 362). Other VLAN
tagged frames are discarded.
The vlan table contains the following elements:
Element Description
name Use this element to assign an administrative name to Default:<empty>

the VLAN. Range: 0 … 24 characters
adminStatus Use this element to activate (up) or deactivate (down) Default:up

the VLAN. Range: up / down
mode Use this element to determine whether, for the corre- Default:bridging
sponding VLAN, the packets are treated by the rout- Range: enumerated, see below
ing process or the bridging process.
• bridging. All packets received on the VLAN are bridged.
• routing. All packets received on the VLAN are routed.
ip Use this element to configure the IP related parame- Default:-

ters of the VLAN. Range: structure, see below
Refer to …
• 5.2 - Configuring IP addresses on page 51 for general information on configur-
ing IP addresses.
• 5.2.3 - Explaining the ip structure on page 54 for a detailed description of the ip
structure.
bridging Use this element to configure the bridging related Default:-

parameters of the VLAN. Range: structure, see below
Refer to …
• 8.2.6 - Explaining the bridging structure on page 243 for a detailed description of
the bridging structure.
vlan Use this element to configure the specific VLAN Default:-

parameters. Range: structure, see below
Refer to telindus1421Router/lanInterface/vlan/vlan on page 362 for a detailed description of
the vlan structure.
telindus1421Router/lanInterface/vlan/vlan Default:-
Use the vlan structure in the vlan table to configure the VLAN related param-
eters of the corresponding VLAN.
Refer to 9.3 - Configuring VLANs on page 270 for an introduction on VLANs.
The vlan structure contains the following elements:
Element Description
vid Use this element to set the VLAN ID. Default:1

Range: 0 … 4095
Important remark
You can also enter VLAN tag 0 as VLAN ID. This is not really a VLAN, but
a way to reverse the filtering:
- all the untagged data is passed, internally, to VLAN 0.
- all the other, tagged, data for which no VLANs are defined, are handled by
the main LAN interface.
This allows a set-up where a number of VLANs are VLAN switched, while other
VLANs and untagged data are bridged. This is particularly interesting for VLAN
based networks with Ethernet switch discovery protocols like Cisco CDP. Until
now, this was not possible since the VLAN switching mode did not allow flooding
packets over multiple interfaces (bridging), nor did it allow terminating manage-
ment data in the device.
In such set-up, the configuration looks as follows:
- A first bridge group includes all VLANs that need to be switched. This bridge
group is set in VLAN switching mode.
- A second bridge group includes VLAN 0 and possibly also a VLAN for man-
agement of the device.
- The interface VLAN table(s) include(s) entries for all switched VLANs, VLAN
0 and possibly a VLAN for management.
Element Description
tagSignificance This element is only relevant when you set the mode Default:global
element to bridging. Range: local / global
Use this element to determine whether the VLAN tag has a local or a global signif-
icance.
The tagSignificance element has the following values:
• local. The VLAN tag only has a local significance, i.e. it is only present on the
LAN interface side. This means that when the data is moved …
- from the LAN interface to the bridge group, the VLAN tag is removed.
- from the bridge group to the LAN interface, the VLAN tag is added.
Keep in mind that when the VLAN tag is removed, you not only discard the
VLAN ID but also the user priority.
When you perform bridging between VLANs, then set the tagSignificance element to
local. Else you get multiple VLAN tags in the Ethernet frames.
• global. The VLAN tag has a global significance, i.e. it is both present on the LAN
interface and the bridge group side.
This means that when the data is moved from the LAN interface to the bridge
group or vice versa, the VLAN tag is always preserved.
Refer to the figure Local or global VLAN tag significance on page 365.
txCos Use this element to set the default user priority Default:0
(802.1P, also called COS) of the transmitted VLAN Range: 0 … 7
frames.
changeTos Use this element to enable or disable the COS to TOS Default:disabled
mapping. Range: enabled / disabled
Note that the TOS to COS mapping is always enabled, irrespective with the
setting of the changeTos attribute.
cosTosMap Use this element to determine how the VLAN user pri- Default:-
ority (COS) maps onto the IP TOS byte value. Range: structure, see below
Note that the COS to TOS mapping only occurs in case …
• the mode element is set to routing and the changeTos element is set to enabled.
or
• the mode element is set to bridging, the changeTos element is set to enabled and
the tagSignificance element is set to local.
The cosTosMap structure contains the following elements:

• p0 … p7. Use these elements to define which VLAN Default:0
user priority (0 up to 7) maps onto which IP TOS Range: 0 … 7
byte value (0 up to 255).
Element Description
tosCosMap Use this element to determine how the IP TOS byte Default:-
value maps onto the VLAN user priority (COS). Range: table, see below
Note that the COS to TOS mapping only occurs in case …
• the mode element is set to routing.
or
• the mode element is set to bridging and the tagSignificance element is set to local.
The tosCosMap table contains the following elements:

• startTos and endTos. Use these elements to set the Default:0
TOS byte value range that has to be mapped. Range: 0 … 255
• cos. Use this element to set the VLAN user priority Default:0
(COS) value on which the specified TOS byte Range: 0 … 7
value range has to be mapped.
Local or global VLAN tag significance
The following figure shows how the tagSignificance element influences the VLAN tagging between the LAN
interface and the bridge group:
telindus1421Router/lanInterface/<alarmConfigurationAttributes>

• the alarms of the lanInterface object, refer to 14.4 - LAN interface alarms on page 703.
11.4 WAN interface configuration attributes

• telindus1421Router/wanInterface/name on page 367
• telindus1421Router/wanInterface/encapsulation on page 367
• telindus1421Router/wanInterface/priorityPolicy on page 367
• telindus1421Router/wanInterface/maxFifoQLen on page 367
• telindus1421Router/wanInterface/<alarmConfigurationAttributes> on page 367
telindus1421Router/wanInterface/name Default:wan
Use this attribute to assign an administrative name to the WAN interface.
telindus1421Router/wanInterface/encapsulation Default:atm
Use this attribute to select the encapsulation protocol on the WAN interface.
The encapsulation attribute has the following values: atm, frameRelay, ppp and hdlc.
telindus1421Router/wanInterface/priorityPolicy Default:<empty>
Use this attribute to apply a priority policy on the WAN interface.
Do this by entering the index name of the priority policy you want to use. You can create the priority policy
itself by adding a priorityPolicy object and by configuring the attributes in this object.
Example
If you created a priorityPolicy object with index name my_priority_policy

(i.e. priorityPolicy[my_priority_policy]) and you want to apply this priority
policy here, then enter the index name as value for the priorityPolicy attribute.
Refer to 7.8.6 - Creating a priority policy on page 210 for more information on priority policies.
telindus1421Router/wanInterface/maxFifoQLen Default:200
Range: 1 … 4000
Use this attribute to set the maximum length (number of packets) of the First
In First Out queue.
Refer to telindus1421Router/router/priorityPolicy[ ]/algorithm on page 474 for more information on this queue.
telindus1421Router/wanInterface/<alarmConfigurationAttributes>

• the alarms of the wanInterface object, refer to 14.5 - WAN interface alarms on page 704.
11.5 Encapsulation configuration attributes
This section discusses the configuration attributes of the encapsulation protocols that can be used on
• 11.5.1 - ATM configuration attributes on page 370
• 11.5.2 - Frame Relay configuration attributes on page 378
• 11.5.3 - PPP configuration attributes on page 387
• 11.5.4 - HDLC configuration attributes on page 393
• 11.5.5 - Error test configuration attributes on page 395
11.5.1 ATM configuration attributes

• telindus1421Router/wanInterface/atm/pvcTable on page 371
• telindus1421Router/wanInterface/atm/vp on page 376
• telindus1421Router/wanInterface/atm/atm on page 377
telindus1421Router/wanInterface/atm/pvcTable Default:<empty>
Use this attribute to configure the ATM Permanent Virtual Circuits (PVCs).
Refer to 6.2.2 - Configuring ATM PVCs on page 93 for more information on PVCs.
The pvcTable contains the following elements:
Element Description

the PVC. Range: 0 … 24 characters

the PVC. Range: up / down
mode Use this element to determine whether, for the corre- Default:routing
sponding PVC, the packets are treated by the routing Range: enumerated, see below
• bridging. All packets received on the PVC are bridged.
• routing. All packets received on the PVC are routed.
• routingAndBridging. The SNAP header is checked to determine whether the pack-
ets have to be bridged or routed.
priorityPolicy Use this element to set a priority policy per PVC. Default:<empty>
Refer to telindus1421Router/wanInterface/priorityPolicy on Range: 0 … 24 characters

ters of the PVC. Range: structure, see below
Refer to …
ing IP addresses.
structure.

parameters of the PVC. Range: structure, see below
Refer to …
atm Use this element to configure the specific PVC param- Default:-
eters. Range: structure, see below
Refer to telindus1421Router/wanInterface/atm/pvcTable/atm on page 373 for a detailed
description of the atm structure.
Element Description
ppp Use this element to configure the PPP related param- Default:-
eters of the PVC in case you choose to map PPP onto Range: structure, see below
AAL5 (refer to the elements higherLayerProtocol and mul-
tiProtocolMech on page 373).
Refer to 11.5.3 - PPP configuration attributes on page 387 for a detailed descrip-
tion of the elements in the ppp structure.
telindus1421Router/wanInterface/atm/pvcTable/atm Default:-
Use the atm structure in the pvcTable to configure the ATM related parame-
ters of the corresponding PVC.
Refer to 6.2.2 - Configuring ATM PVCs on page 93 for more information on PVCs.
The atm structure contains the following elements:
Element Description
vpi Use this element to set the Virtual Path Identifier Default:0
(VPI). Range: 0 … 255
vci Use this element to set the Virtual Channel Identifier Default:32
(VCI). Range: 32 … 65535
You can configure multiple virtual channels per virtual path. Refer to What is VPI
and VCI? on page 86.
higherLayerProtocol Use this attribute to select the protocol you want to run Default:rfc2684
over ATM. Range: enumerated, see below
The higherLayerProtocol element has the following values:
• rfc2684. Select this value in case you want to run bridged/routed Ethernet/IP
over ATM (RFC 2684).
• ppp. Select this value in case you want to run PPP over ATM (PPPoA, RFC
2364).
• pppOverEthernet. Select this value in case you want to run PPP over Ethernet
(PPPoE, RFC 2516).
-In the PPPoE context, the Telindus 1421 SHDSL Router can only act
as a client.
- If you use PPPoE on your computer, then the IP MTU size has to be limited
to 1492 bytes. This is a general rule defined in the PPPoE protocol.
multiProtocolMech Use this element to define how you want to encapsu- Default:llcEncapsulation
late the higher layer protocol data in ATM. Range: enumerated, see below
The multiProtocolMech element has the following values:
• llcEncapsulation. Logical Link Control (LLC) encapsulation multiplexes multiple
protocols over a single virtual connection. The protocol type of each protocol
data unit (PDU) is identified by a prefixed IEEE 802.2 Logical Link Control (LLC)
header.
In general, LLC encapsulation tends to require fewer VCs in a multi-protocol
environment but has more fragmentation overhead.
• vcMultiplexing. Virtual Circuit (VC) multiplexing uses one virtual connection to
carry the PDUs of exactly one protocol type. When multiple protocols need to
be transported, there is a separate VC for each.
VC multiplexing tends to reduce fragmentation overhead (e.g. an IPV4 data-
gram containing a TCP control packet with neither IP nor TCP options exactly
fits into a single cell) but needs more VCs.
Element Description
serviceCategory Use this element to specify the ATM service category. Default:ubr
The serviceCategory element has the following values: Range: enumerated, see below
cbr, vbr-rt, vbr-nrt, ubr.
For more information on ATM service categories, refer to 6.2.1 - Introducing ATM
on page 86.
peakCellRate Use this element to set the Peak Cell Rate (PCR) of Default:auto
the PVC. Range: auto, 64000…
The peakCellRate is expressed in bps. Enter a multiple of 64000 bps as peakCellRate
value (e.g. 2048000). The maximum value is the physical connection towards the
ATM network.
In auto mode, the PVC will try to get the maximum bandwidth, i.e. the speed of the
physical connection towards the ATM network. This is the line speed on which the
Telindus 1421 SHDSL Router is trained.
For more information on PCR and how to configure it, refer to …
• 6.2.1 - Introducing ATM on page 86
• 6.2.6 - Configuring UBR on page 98
inArpTimeOut Use this element to set the time between the trans- Default:00000d 00h 00m 30s
mission of two consecutive Inverse ARP frames. Range: 00000d 00h 00m 01s -
00000d 01h 00m 00s
oamF5Loopback Use this element to configure the transmission of Default:-

OAM F5 LoopBack cells. Refer to What are OAM Range: structure, see below
LoopBack (LB) cells? on page 92.
Refer to telindus1421Router/wanInterface/atm/pvcTable/atm/oamF5Loopback on page 375 for a
detailed description of the oamF5Loopback structure.
telindus1421Router/wanInterface/atm/pvcTable/atm/oamF5Loopback Default:-
Use the oamF5Loopback structure to configure the transmission of OAM F5
loopback cells.
The oamF5Loopback structure contains the following elements:
Element Description
operation Use this element to enable or disable loopback oper- Default:disabled

ation. Range: enabled / disabled
The operation element has the following values:
• disabled. Loopback operation is disabled, i.e. the loopback cells are not sent.
This means that the ifOperStatus of the PVC becomes up when the ATM is syn-
chronised globally. However, this does not guarantee that the PVC is config-
ured (correctly) on the remote side.
• enabled. Loopback operation is enabled, i.e. the Telindus 1421 SHDSL Router
sends loopback cells at regular intervals. If consecutive cells are not returned
by the remote side, then the ifOperStatus of the PVC becomes down.
The Telindus 1421 SHDSL Router always responds to OAM LB cells

received from the peer ATM device (both segment and end-to-end cells).
However, when OAM LB is activated, the Telindus 1421 SHDSL Router only
sends end-to-end OAM LB request cells.
interval Use this element to set the time interval between the Default:00000d 00h 00m 10s
sending of two consecutive loopback cells. Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
failsPermitted Use this element to set the number of non-returned Default:4

loopback cells after which the Telindus 1421 SHDSL Range: 1 … 30
Router declares the PVC down.
Example
Suppose failsPermitted is set to 10. If 10 consecutive loopback cells are not returned
by the remote side, then the Telindus 1421 SHDSL Router declares the PVC
down.
telindus1421Router/wanInterface/atm/vp Default:<empty>
Use this attribute to configure the transmission of OAM F4 loopback cells.
The vp table contains the following elements:
Element Description
vpi Use this element to enter the Virtual Path Identifier Default:0
(VPI) of the Virtual Path for which you want to send Range: 0 … 255
the OAM F4 loopback cells.
oamF4Loopback Use this element to configure the transmission of Default:-

OAM F4 LoopBack cells. Refer to What are OAM Range: structure, see below
LoopBack (LB) cells? on page 92.
The elements contained in this structure are the same as those in the
oamF5Loopback structure. For a detailed description of these elements refer to
telindus1421Router/wanInterface/atm/pvcTable/atm/oamF5Loopback on page 375.
All entries in the vp configuration table are considered, even if for a certain VPI number no corresponding
PVC has been configured. In the vp status and performance tables only the information about VPs that
are configured in the vp configuration table is shown. However, the Telindus 1421 SHDSL Router does
respond to loopback requests for VPs that are not configured in the vp configuration table but for which
a PVC has been configured.
telindus1421Router/wanInterface/atm/atm Default:-
Use this attribute to configure the general ATM parameters.
Element Description
idleCellFormat Use this element to set the format of the ATM idle Default:itu
cells. These cells are transmitted when no data is Range: enumerated, see below
transmitted over the line. I.e. the line is idle.
The idleCellFormat element has the following values:
• itu. Sets the cells according to the ITU-T format. In this case they are effectively
called “idle cells”.
• atmForum. Sets the cells according to the ATM forum format. In this case they
are actually called “unassigned cells”.
Some devices use the ITU-T format, others the ATM forum format. Should the per-
formance attribute telindus1421Router/wanInterface/atm/unknownCells increase rapidly,
then try selecting a different format. However, the default value suffices in most
cases.
scrambling Use this element to enable or disable scrambling. Default:enabled

Scrambling is designed to randomise the pattern of 1s Range: enabled / disabled
and 0s carried in ATM cells or the physical layer frame. Randomising the digital
bits can prevent continuous, non-variable bit patterns, in other words long strings
of all 1s or all 0s. Several physical layer protocols rely on transitions between 1s
and 0s to maintain clocking.
coset Use this element to enable or disable coset polyno- Default:enabled

mial algorithm. Range: enabled / disabled
The coset polynomial algorithm is used to do header error check calculations.
11.5.2 Frame Relay configuration attributes

• telindus1421Router/wanInterface/frameRelay/ip on page 379
• telindus1421Router/wanInterface/frameRelay/dlciTable on page 380
• telindus1421Router/wanInterface/frameRelay/lmi on page 383
• telindus1421Router/wanInterface/frameRelay/modeLearnedDlci on page 386
• telindus1421Router/wanInterface/frameRelay/delayOptimisation on page 386
• telindus1421Router/wanInterface/frameRelay/fragmentation on page 386
• telindus1421Router/wanInterface/frameRelay/mru on page 386
telindus1421Router/wanInterface/frameRelay/ip Default:<empty>
Use this attribute to globally configure the IP parameters of the DLCIs. More
specifically, use this attribute to configure the IP related parameters of all the DLCIs for which …
• in the dlciTable no IP address is defined for that specific DLCI,
• and the mode element is set to routing or routingAndBridgning.
If you want to configure the IP related parameters for one specific DLCI, then configure for that DLCI the
ip structure in the dlciTable.
Refer to …
• 6.3.4 - Configuring IP addresses in Frame Relay on page 115 for more specific information on con-
figuring IP addresses in Frame Relay.
telindus1421Router/wanInterface/frameRelay/dlciTable Default:<empty>
Use this attribute to configure the Frame Relay Data Link Connection Iden-
tifiers (DLCIs).
Refer to 6.3.2 - Configuring Frame Relay DLCIs on page 112 for more information on DLCIs.
The dlciTable contains the following elements:
Element Description

the DLCI. Range: 0 … 24 characters

the DLCI. Range: up / down
sponding DLCI, the packets are treated by the routing Range: enumerated, see below
• bridging. All packets received on the DLCI are bridged.
• routing. All packets received on the DLCI are routed.
priorityPolicy Use this element to set a priority policy per DLCI. Default:<empty>
Refer to telindus1421Router/wanInterface/priorityPolicy on Range: 0 … 24 characters

ters of the corresponding DLCI. Range: structure, see below
Refer to …
ing IP addresses.
structure.
• 6.3.4 - Configuring IP addresses in Frame Relay on page 115 for more specific
information on configuring IP addresses in Frame Relay.

parameters of the DLCI. Range: structure, see below
Refer to …
frameRelay Use this element to configure the specific DLCI Default:-

Refer to telindus1421Router/wanInterface/frameRelay/dlciTable/frameRelay on page 381, for a
detailed description of the frameRelay structure.
telindus1421Router/wanInterface/frameRelay/dlciTable/frameRelay Default:-
Use the frameRelay structure in the dlciTable to configure the Frame Relay
related parameters of the corresponding DLCI.
Refer to …
• 6.3.2 - Configuring Frame Relay DLCIs on page 112 for more information on DLCIs.
• 6.3.6 - Configuring CIR and EIR on page 119 for more information on CIR and EIR.
The frameRelay structure contains the following elements:
Element Description
dlci Use this element to set the Data Link Connection Default:16
Identifier (DLCI). Range: 16 … 1022
The DLCI number may have any value between 16 and 1022. However, if you set
the type element of the lmi structure to q933-Annex-A, you should only use DLCIs up
to 1007.
cir Use this element to set the Committed Information Default:0

Rate for the DLCI. Range: 0 …
The cir is expressed in bps. Enter a multiple of 64000 bps as cir value (e.g. 2048000).
The maximum value is the physical connection towards the Frame Relay network.
If the cir value is set to 0 (default), it means the complete bandwidth may be used
(no flow control).
eir Use this element to set the Excess Information Rate Default:0
for the DLCI. Range: 0 …
The eir is expressed in bps. Enter a multiple of 64000 bps as eir value (e.g. 2048000).
The maximum value is the physical connection towards the Frame Relay network.
If the eir value is set to 0 (default), it means no excess burst is allowed.
The bursts of data that are allowed are the CIR value + EIR value. I.e. If you want
a CIR of 1 Mbps and you want to allow bursts up to 1.5 Mbps, then set the CIR to
1024000 bps and the EIR to 512000 bps.
overhead Use this element to set the amount of overhead you Default:0
want to add to the configured CIR value. The overhead Range: 0 … 50
element is expressed in bytes.
Normally when you specify CIR, you have to make sure that the CIR value you
enter includes the user data (i.e. the payload) and the Frame Relay headers (i.e.
the overhead). However, you could choose to only specify the amount of payload
as CIR value. In that case use the overhead element to specify the amount of over-
head.
tc Use this element to set the measurement interval Default:200

(TC). The TC interval is expressed in milliseconds. Range: 50 … 1000
TC is the time over which rates and burst sizes are measured. In general, the dura-
tion of TC is proportional to the burstiness of traffic.
Element Description
slidingWindow Use this element to enable or disable sliding window. Default:disabled

If the slidingWindow element is set to … Range: enabled / disabled
• disabled (default), then TC is a periodic time interval.

• enabled, then TC is a sliding window. This means that data triggers the TC inter-
val which continues until it completes its commuted duration.
deBitSet Use this element to determine, in case the CIR is Default:enabled

exceeded, whether all subsequent frames get marked Range: enabled / disabled
Discard Eligible (deBitSet = enabled) or not (deBitSet = dis-
abled).
If congestion occurs at a node in the Frame Relay network, packets marked DE
are the first to be dropped.
defaultQueue Use this element to select a default queue. Default:queue1

This allows you to easily set up a traffic policy without Range: enumerated, see below
having to create and apply traffic policy profiles. However, you still have to create
and apply a priority policy profile to empty the queues.
fragmentation Use this element to enable or disable Frame Relay Default:-

fragmentation on an end-to-end level. Refer to What Range: structure, see below
is end-to-end Frame Relay fragmentation? on
page 111.
The fragmentation structure contains the following elements:
• endToEndFormat. Use this element to enable or dis- Default:disabled
able Frame Relay fragmentation on an end-to-end Range: enabled / disabled
level.
When end-to-end Frame Relay fragmentation is enabled, long frames are frag-
mented into a sequence of shorter frames. At the remote side they are reas-
sembled into the original frame.
telindus1421Router/wanInterface/frameRelay/lmi Default:-
Use this attribute to select the Local Management Interface (LMI) protocol
and to fine-tune the LMI operation.
Refer to 6.3.5 - Configuring LMI on page 118 for more information on LMI.
The lmi structure contains the following elements:
Element Description
mode Use this element to set the Frame Relay mode. Default:auto
The mode element has the following values: Range: enumerated, see below
• noLmi. No LMI is used.

• user. In the LMI context, the Telindus 1421 SHDSL Router is defined as Frame
Relay user. This means it only sends Status Enquiries and receives Status
Responses.
• network. In the LMI context, the Telindus 1421 SHDSL Router is defined as
Frame Relay network. This means it only receives Status Enquiries and sends
Status Responses.
• auto. In the LMI context, the Telindus 1421 SHDSL Router is both Frame Relay
user and Frame Relay network. This means it can both send and receive Status
Enquiries and Status Responses.
At initialisation, the Telindus 1421 SHDSL Router sends the first Full Status
Enquiry. As soon as it gets a Full Status Response, it declares that LMI is up.
If you use the Telindus 1421 SHDSL Router in combination with equipment
from another vendor and you set the LMI mode to auto, then the LMI mode
on the other equipment may only be set to user or network to insure valid oper-
ation.
• nni. In the LMI context, the Telindus 1421 SHDSL Router is both Frame Relay
user and Frame Relay network. This means it can both send and receive Status
Enquiries and Status Responses.
In a Network-to-Network Interface (NNI) it is important for the connected Frame
Relay devices that they know which DLCIs are configured on each side. There-
fore, in comparison with the auto setting, one extra step is required before LMI
is declared to be up.
So at initialisation, the Telindus 1421 SHDSL Router sends the first Full Status
Enquiry and receives a Full Status Response. Then it waits until it receives a
Full Status Enquiry from the remote before it declares that LMI is up.
Refer to Interaction between the LMI modes on page 385 for an overview of how
the different LMI modes work together.
Element Description
type Use this element to set the LMI variant. There are sev- Default:q933-Annex-A
eral standards for the LMI protocol with small varia- Range: enumerated, see below
tions between them. Therefore you should configure
the Telindus 1421 SHDSL Router according to the standard that is used by your
service provider.
The type element has the following values:
• lmiRev1. Set this value only for compatibility with older equipment.
• ansiT1-617-d. Set this value for ANSI LMI compliance.
• q933-Annex-A. Set this value for ITU-T LMI compliance.
• frf1-2. Set this value for FRF.1-2 compliance.
pollingInterval Use this element to set the time between consecutive Default:00000d 00h 00m 10s
Status Enquiry messages. Range: 00000d 00h 00m 05s -
00000d 00h 00m 30s
errorThreshold Use this element to set the maximum number of unan- Default:3
swered Status Enquiry messages that the Telindus Range: 1 … 10
1421 SHDSL Router will accept before declaring the
DLCI down. Also see the monitoredEvents element.
monitoredEvents Use this element to set the number of status polling Default:4
intervals over which the error threshold is counted. Range: 1 … 10
In other words, if the station receives an errorThreshold number of unanswered Sta-
tus Enquiry messages within a monitoredEvents number of pollingInterval intervals, then
the interface is declared down.
Example
If the station receives 3 unanswered Status Enquiry messages within 4 x 10s =

40s, then the interface is declared down.
expectedPollInterval Use this element to set the maximum time between Default:00000d 00h 00m 15s
two consecutive incoming Status Enquiry messages. Range: 00000d 00h 00m 00s -
Select the value 0 in order to disable verification. 00000d 00h 00m 30s
This element is only relevant when using Frame Relay over a point-to-point link (no
Frame Relay network). In Frame Relay language, a router is normally considered
as a Frame Relay user or DTE. However, if two routers are connected to each
other in Frame Relay but without a real Frame Relay network in between, then the
routers also have to take the role of a Frame Relay network or DCE (refer to the
mode element). In that case the Status Enquiry messages are sent in both direc-
tions.
fullEnquiryInterval Use this element to set the number of Status Enquiry Default:6
intervals that have to pass before sending a Full Sta- Range: 1 … 255
tus Enquiry message.
Interaction between the LMI modes
The following table shows how the different LMI modes work together when two routers are connected
to each other over a Frame Relay network:
LMI mode LMI status DLCI status Router learns DLCIs?
Router Router Router Router Router Router Router A Router B

A B A B A B
noLmi noLmi up up up up no no
user up down up down no no
network up down up down no no
nni up down up down no no
auto up down up down no no
user user down down down down no no
network up up up up learns (user) no
nni up down up down learns (user) no
auto up up up up learns (user) no
network network down down down down no no
nni up down up down no learns (nni)
auto up up up up no learns (auto)
nni nni up up up up learns learns
auto up up up up learns learns
auto auto up up up up learns learns

telindus1421Router/wanInterface/frameRelay/modeLearnedDlci Default:routing
If the Frame Relay network supports LMI, then the Telindus 1421 SHDSL
Router can learn its active and inactive DLCIs. Use this attribute to determine whether, for learned
DLCIs, the packets are treated by the routing process, the bridging process or both.
The modeLearnedDlci attribute has the following values:
Value Description
bridging All packets received on the DLCI are bridged.
routing All packets received on the DLCI are routed.
routingAndBridging The SNAP header is checked to determine whether the packets have to be bridged
or routed.
telindus1421Router/wanInterface/frameRelay/delayOptimisation Default:none
Range: none / lowSpeedLinks
Use this attribute to reduce the delay on low speed links. Especially if these
links have to transport delay sensitive data (e.g. voice over IP).
telindus1421Router/wanInterface/frameRelay/fragmentation Default:-
Use this attribute to enable or disable Frame Relay fragmentation on (phys-
ical) interface level. Refer to What is interface Frame Relay fragmentation? on page 110.
The fragmentation structure contains the following elements:
Element Description
interfaceFormat Use this element to enable or disable Frame Relay Default:disabled

fragmentation on (physical) interface level. Range: enabled / disabled
When interface Frame Relay fragmentation is enabled, long frames are frag-
mented into a sequence of shorter frames. At the remote side they are reassem-
bled into the original frame.
telindus1421Router/wanInterface/frameRelay/mru Default:1560
Range: 500 … 1650
Use this attribute to set the Maximum Receive Unit (MRU) of the interface.
What is MRU?
The Maximum Receive Unit (MRU) is the largest size packet or frame, specified in octets (eight-bit
bytes), that can be received in a packet- or frame-based network (e.g. the Internet).
11.5.3 PPP configuration attributes

• telindus1421Router/wanInterface/ppp/ip on page 388
• telindus1421Router/wanInterface/ppp/mode on page 388
• telindus1421Router/wanInterface/ppp/bridging on page 388
• telindus1421Router/wanInterface/ppp/delayOptimisation on page 388
• telindus1421Router/wanInterface/ppp/mru on page 388
• telindus1421Router/wanInterface/ppp/compression on page 389
• telindus1421Router/wanInterface/ppp/linkMonitoring on page 390
• telindus1421Router/wanInterface/ppp/authentication on page 391
• telindus1421Router/wanInterface/ppp/authenPeriod on page 391
• telindus1421Router/wanInterface/ppp/sessionName on page 392
• telindus1421Router/wanInterface/ppp/sessionSecret on page 392
telindus1421Router/wanInterface/ppp/ip Default:<empty>
Use this attribute to configure the IP related parameters of the PPP link.
Refer to …
telindus1421Router/wanInterface/ppp/mode Default:bridging
Value Description
bridging All packets received on the PPP link are bridged. BCP is set up.
routing All packets received on the PPP link are routed. IPCP is set up.
or routed. IPCP and BCP are set up.
multiLink Select this value if the PPP link is part of a bundle of PPP links (multi-link PPP or
MLPPP).
telindus1421Router/wanInterface/ppp/bridging Default:-
Use this attribute to configure the bridging related parameters of the PPP
link.
Refer to …
telindus1421Router/wanInterface/ppp/delayOptimisation Default:none
Range: none / lowSpeedLinks
Use this attribute to reduce the delay on low speed links. Especially if these
links have to transport delay sensitive data (e.g. voice over IP).
telindus1421Router/wanInterface/ppp/mru Default:1560
Range: 1510 … 1650
What is MRU?
telindus1421Router/wanInterface/ppp/compression Default:disabled
Use this attribute to enable or disable the compression of PPP encapsu-
lated packets.
The compression attribute has the following values:
Value Description
disabled No PPP compression is done.
predictor1 PPP compression is done using the Predictor type 1 compression algorithm (RFC
1978). Using compression you can increase the throughput on PPP links.
Important remark
The PPP compression algorithm uses a lot of memory (64 KB for compression and 64 KB for decom-
pression, per PPP session). Since it is possible to have multiple PPP sessions (when using ATM PVCs
up to 31 simultaneous sessions are allowed, which can all be configured to use PPP compression), the
memory can turn out to be insufficient. In this case …
• the compression is switched off on the interfaces that could not allocate enough memory,
• a message is dumped in the message table, containing the relevant interface and a warning that the
router must be rebooted to reactivate compression on that specific interface.
It is also possible that, when looking at the statistics, enough memory seems to be available but that the
allocation problem remains. This means that the memory is fragmented and no block as big as 64 KB is
found.
telindus1421Router/wanInterface/ppp/linkMonitoring Default:-
Use this attribute to enable or disable link monitoring and to fine-tune it.
Refer to 6.4.5 - Configuring link monitoring on page 131 for more information on link monitoring.
The linkMonitoring structure contains the following elements:
Element Description
operation Use this element to enable or disable link monitoring. Default:disabled

Range: enabled / disabled
interval Use this element to set the time interval between two Default:00000d 00h 00m 10s
consecutive echo requests. Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
replyTimeOut Use this element to set the time the Telindus 1421 Default:00000d 00h 00m 02s
SHDSL Router waits for a reply on the echo request. Range: 00000d 00h 00m 00s -
00000d 00h 04m 15s
If no reply has been received within this time-out, then
the Telindus 1421 SHDSL Router considers this as a failed echo request.
failsPermitted Use this element to set the number of failed echo Default:4
requests after which the Telindus 1421 SHDSL Range: 1 … 30
Router declares the PPP link down.
Example
Suppose failsPermitted is set to 10. If on 10 consecutive echo requests no reply is

given, then the Telindus 1421 SHDSL Router declares the PPP link down and the
PPP handshake is started again.
telindus1421Router/wanInterface/ppp/authentication Default:disabled
Use this attribute to enable or disable authentication on the PPP link.
• 6.4.6 - Configuring PAP on page 132.
• 6.4.8 - Configuring CHAP on page 135.
The authentication attribute has the following values:
Value Description
disabled Authentication is disabled. However, the Telindus 1421 SHDSL Router will answer
to authentication requests received from the remote side.
pap This side of the link requests a PAP authentication from the remote router.
chap This side of the link requests a CHAP authentication from the remote router.
chapOrPap This side of the link requests a CHAP or PAP authentication from the remote
router.
If the remote router supports …
• only PAP, then PAP is used.
• only CHAP, then CHAP is used.
• both CHAP and PAP, then CHAP is used.
msChap This side of the link requests an MS CHAP version 1 authentication from the
remote router.
msChapV2 This side of the link requests an MS CHAP version 2 authentication from the
remote router.
telindus1421Router/wanInterface/ppp/authenPeriod Default:00000d 00h 10m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to set the PPP authentication interval. 24855d 03h 14m 07s
Normally on an authenticated PPP link, authentication is not only performed
at link set-up but also at regular intervals during the data transfer. You can set this interval using the
authenPeriod attribute. If you set the authenPeriod attribute to 00000d 00h 00m 00s, then authentication is only
performed at link set-up and not during the data transfer.
• 6.4.6 - Configuring PAP on page 132.
• 6.4.8 - Configuring CHAP on page 135.
telindus1421Router/wanInterface/ppp/sessionName Default:<empty>
Use this attribute to set the PPP authentication name of the Telindus 1421
SHDSL Router.
telindus1421Router/wanInterface/ppp/sessionSecret Default:<empty>
Use this element to set the PPP authentication secret of the Telindus 1421
SHDSL Router.
11.5.4 HDLC configuration attributes

• telindus1421Router/wanInterface/hdlc/bridging on page 394
• telindus1421Router/wanInterface/hdlc/mru on page 394
telindus1421Router/wanInterface/hdlc/bridging Default:-
Use this attribute to configure the bridging related parameters of the HDLC
link.
Refer to …
telindus1421Router/wanInterface/hdlc/mru Default:1560
Range: 500 … 1650
What is MRU?
11.5.5 Error test configuration attributes

• telindus1421Router/wanInterface/errorTest/testType on page 396
• telindus1421Router/wanInterface/errorTest/blockSize on page 396
• telindus1421Router/wanInterface/errorTest/programmablePattern on page 396
telindus1421Router/wanInterface/errorTest/testType Default:itu32767(2^15)
Use this attribute to select a test pattern.
Possible patterns are: itu511(2^9), ituInv511(2^9), tls1023(2^10), tlsInv1023(2^10), itu2047(2^11), ituInv2047(2^11),
itu32767(2^15), ituInv32767(2^15), itu1048575(2^20), ituInv1048575(2^20), itu8388607(2^23), ituInv8388607(2^23), space,
mark, dot, programmablePattern.
If you set the testType attribute to programmablePattern, then you can generate your own test pattern by typ-
ing a test pattern in the programmablePattern attribute (refer to telindus1421Router/wanInterface/errorTest/program-
mablePattern on page 396).
Refer to 6.6 - Configuring an error test on page 147 for more information on setting up an error test.
telindus1421Router/wanInterface/errorTest/blockSize Default:512
Range: 256, 512, 1024
Use this attribute to set the size of the test blocks.
telindus1421Router/wanInterface/errorTest/programmablePattern Default:<empty>
Range: 32 bit string
Use this attribute to generate your own test pattern.
Do this by typing a test pattern in the programmablePattern attribute and by setting the testType attribute to
programmablePattern (refer to telindus1421Router/wanInterface/errorTest/testType on page 396).
11.6 SHDSL line configuration attributes
This section describes the following line configuration attributes:

• telindus1421Router/wanInterface/line/channel on page 398
• telindus1421Router/wanInterface/line/region on page 398
• telindus1421Router/wanInterface/line/timingMode on page 399
• telindus1421Router/wanInterface/line/retrain on page 400
• telindus1421Router/wanInterface/line/startupMargin on page 402
• telindus1421Router/wanInterface/line/minSpeed on page 402
• telindus1421Router/wanInterface/line/maxSpeed on page 402
• telindus1421Router/wanInterface/line/minSpeed2P on page 403
• telindus1421Router/wanInterface/line/maxSpeed2P on page 403
• telindus1421Router/wanInterface/line/mode on page 403
• telindus1421Router/wanInterface/line/dualPairMode on page 403
• telindus1421Router/wanInterface/line/linkAlarmThresholds on page 405
• telindus1421Router/wanInterface/line/numExpectedRepeaters on page 406
• telindus1421Router/wanInterface/line/eocHandling on page 406
• telindus1421Router/wanInterface/line/management on page 406
• telindus1421Router/wanInterface/line/<alarmConfigurationAttributes> on page 407
This section describes the following line pair configuration attributes:
• telindus1421Router/wanInterface/line/linePair[ ]/<alarmConfigurationAttributes> on page 407
telindus1421Router/wanInterface/line/channel Default:remote
Range: central / remote
Use this attribute to determine which unit is the central unit and which the
remote unit. I.e. it determines which unit acts as master and which as slave during the synchronisation
procedure. Therefore set one device to central and its remote counterpart to remote.
On the Telindus 1421 SHDSL Router, the clocking follows the channel attribute:
If the channel attribute is set to … then the clocking is set to …
central internal.
remote slave-receive.
Important remark
Note that also the timingMode attribute influences the clocking. Refer to telindus1421Router/wanInterface/line/
timingMode on page 399.
telindus1421Router/wanInterface/line/region Default:auto
Use this attribute to determine which SHDSL standard is used.
The region attribute has the following values:
Value Description
annexA The North-American SHDSL standard is used.
annexB The European SHDSL standard is used.
auto The Telindus 1421 SHDSL Router itself determines which standard it has to use.
telindus1421Router/wanInterface/line/timingMode Default:synchronous
Use this attribute to set the timing mode. It is important to set the timingMode
attribute correct when using the Telindus 1421 SHDSL Router in combination with other SHDSL devices.
For more information on compatibility issues, refer to the document “Interoperability for Telindus SHDSL
products” (PDF).
The timingMode attribute has the following values:
Value Description
synchronous The Telindus 1421 SHDSL Router operates in synchronous mode. In this case the
clocking follows the setting of the channel attribute. Refer to telindus1421Router/wanIn-
terface/line/channel on page 398.
plesiochronous The Telindus 1421 SHDSL Router operates in plesiochronous mode. In this case
the clocking is always slave-receive, independently of the setting of the channel
attribute. This means that the remote device (e.g. a Crocus SHDSL) has to supply
the clock.
Important remarks
• If you have two Telindus 1421 SHDSL Routers on which you set the timingMode attribute to plesio-
chronous, then you can not connect them with each other point-to-point because they both operate in
slave-receive clocking.
• Plesiochronous mode can only work when the speed falls within the range of 192 kbps and 2048 kbps
(i.e. minSpeed = 192kbps or minSpeed2P = 384kbps and maxSpeed(2P) = 2048kbps). If a speed is selected
which is …
- lower than 192 kbps, the actual speed is automatically increased to 192 kbps (or 384 kbps in case
of a 2 pair version).
- higher than 2048 kbps, the actual speed is automatically limited to 2048 kbps.
telindus1421Router/wanInterface/line/retrain Default:-
Use this attribute to determine when the Telindus 1421 SHDSL Router
should retrain.
The retrain criteria
The following criteria determine when to retrain:
Criterion Description
no SHDSL frame synchro- When the Telindus 1421 SHDSL Router cannot synchronise on the
nisation SHDSL framing, it retrains.
SHDSL frame CRC error SHDSL framing sends 166 blocks per second over the line, independ-
threshold exceeded ently of the speed. Each block has a CRC check. When a certain per-
centage of frames has a CRC error, the Telindus 1421 SHDSL Router
retrains.
signal to noise ratio too low When the signal to noise ratio becomes too low during a certain period
of time, the Telindus 1421 SHDSL Router retrains.
layer 2 protocol not yet up When you connect the Telindus 1421 SHDSL Router with a remote
SHDSL device, the Telindus 1421 SHDSL Router trains and establishes
a layer 1 link with the remote SHDSL device. Then the Telindus 1421
SHDSL Router tries to establish a layer 2 link (e.g. PPP, FR, ATM). If the
layer 2 handshake does not succeed within 1 minute, then the Telindus
1421 SHDSL Router retrains and the whole process restarts. Also the
following message is dumped in the message table: Retrain due to
framer-out-of-sync. However, once the layer 2 handshake succeeds
(layer 2 is up), then a drop of the layer 2 link will not cause a retrain.
Configuring the retrain criteria
The retrain structure contains the following elements:
Element Description
enabled Use this attribute to enable (yes) or disable (no) Default:yes

retraining. So when selecting no, the Telindus 1421 Range: yes / no
SHDSL Router will never retrain (even not when the
line is disconnected).
errorPersistence- Use this element to set the period, in seconds, during Default:10
Time which each retrain criterion is measured. If within this Range: 1 … 30
period the predefined criterion value is equalled or
exceeded, the Telindus 1421 SHDSL Router retrains.
errorThreshold Use this element to set the amount of CRC errors, in Default:10
promille, at which the Telindus 1421 SHDSL Router Range: 1 … 1000
should retrain. If the amount of CRC errors exceeds
this value, then the Telindus 1421 SHDSL Router retrains.
The erroneous SHDSL frames can be monitored using the performance

attribute codeViolations.
snrThreshold Use this element to set the signal to noise ratio, in dB, Default:23
which has to be maintained. If the measured signal to Range: 20 … 25
noise ratio drops below this value, then the Telindus
1421 SHDSL Router retrains. It will retrain at a lower speed (because of the dete-
riorated line conditions).
stepupMargin In case the Telindus 1421 SHDSL Router retrains Default:disabled

because the measured signal to noise ratio drops Range: 3 … 15
below the snrThreshold value, then it will retrain at a
lower speed (because of the deteriorated line conditions).
If after this retrain the measured signal to noise value increases again with a value
as configured in the stepupMargin element, then the Telindus 1421 SHDSL Router
retrains again in order to achieve a higher speed.
telindus1421Router/wanInterface/line/startupMargin Default:2dB
Use this attribute to set the target margin in function of which a line speed
has to be selected during the ITU-T G.994.1 auto speed negotiation.
The startupMargin attribute is only relevant in case on both the central and remote Telindus 1421 SHDSL
Router (or any other compatible SHDSL device) a speed range is selected. In other words, the startup-
Margin attribute has no function in case a fixed speed is selected (i.e. minSpeed(2P) = maxSpeed(2P)).
The higher the startupMargin, the lower the selected line speed but the more stable the line will be. The
startupMargin attribute has the following values: disabled, 0dB, 1dB, 2dB, 3dB, 4dB, 5dB, 6dB, 7dB, 8dB, 9dB, 10dB.
When you set the startupMargin to disabled, the target margin is not considered during the ITU-T G.994.1
auto speed negotiation. I.e. all the speeds in the range as set with the attributes minSpeed(2P) and
maxSpeed(2P) are available.
What is the target margin?
The target margin is the amount of received signal power in excess of that required to achieve the DSL
target bit error rate of 10-7.
telindus1421Router/wanInterface/line/minSpeed Default:64kbps
Use this attribute to set the lowest line speed the Telindus 1421 SHDSL
Router may select. The minSpeed attribute has the following values: 64kbps up to 2304kbps in steps of
64kbps.
Refer to 5.3.2 - Selecting an SHDSL line speed (range) on page 64 for more information.
telindus1421Router/wanInterface/line/maxSpeed Default:2304kbps
Use this attribute to set the highest line speed the Telindus 1421 SHDSL
Router may select. The maxSpeed attribute has the following values: 64kbps up to 2304kbps in steps of
64kbps.
telindus1421Router/wanInterface/line/minSpeed2P Default:128kbps
This attribute is only present on the Telindus 1421 SHDSL Router 2 pair ver-
sion.
Use this attribute to set the lowest line speed the Telindus 1421 SHDSL Router 2 pair version may select
(if it is truly in 2 pair operation, refer to telindus1421Router/wanInterface/line/mode). The minSpeed2P attribute has
the following values: 128kbps up to 4608kbps in steps of 128kbps.
telindus1421Router/wanInterface/line/maxSpeed2P Default:2304kbps
sion.
Use this attribute to set the highest line speed the Telindus 1421 SHDSL Router 2 pair version may
select (if it is truly in 2 pair operation, refer to telindus1421Router/wanInterface/line/mode). The maxSpeed2P
attribute has the following values: 128kbps up to 4608kbps in steps of 128kbps.
telindus1421Router/wanInterface/line/mode Default:dualPair
Range: singlePair / dualPair
sion.
Use this attribute to select between single pair or dual pair operation. When you change the mode
attribute, then make sure that you use the correct speed attributes to set the speed:
If the mode attribute is set to … then configure the speed using the attributes …
singlePair, minSpeed and maxSpeed.
dualPair, minSpeed2P and maxSpeed2P.
telindus1421Router/wanInterface/line/dualPairMode Default:enhanced
Range: standard / enhanced
sion.
If the mode attribute is set to dualPair, then use the dualPairMode attribute to set the dual pair operation
mode. The dualPairMode attribute has the following possible values:
Value Description
standard The dual pair SHDSL line operates strictly as described in the SHDSL standard. If
the Telindus 1421 SHDSL Router is connected to a remote device that operates
strictly according to the SHDSL standard, then select the standard value.
enhanced The dual pair SHDSL line operates slightly different than described in the SHDSL
standard (some enhancements are present). If you select the enhanced value, then
it is possible that you experience problems when connecting to third party SHDSL
devices. In that case, select the standard value.
If you have two Telindus 1421 SHDSL Routers connected to each other in a point-to-point set-up, then
make sure that you set the dualPairMode attribute to the same value at both sides!
telindus1421Router/wanInterface/line/linkAlarmThresholds Default:-
Use this attribute to set the alarm threshold values of the most important line
parameters. If this predefined threshold value is exceeded, then a corresponding alarm is generated.
The linkAlarmThresholds structure contains the following elements:
Element Description
lineAttenuationOn Use this element to set the alarm threshold value of Default:0.0
the line attenuation in dB. If the line attenuation … Range: 0.0 … 63.5
• exceeds this value during at least 10 seconds, then the lineAttenuation alarm is
raised.
• drops below this value during at least 10 seconds, then the lineAttenuation alarm
is cleared.
signalNoiseOn Use this element to set the alarm threshold value of Default:0.0
the signal noise in dB. If the signal noise … Range: 0.0 … 58.4
• drops below this value during at least 10 seconds, then the signalNoise alarm is
raised.
• exceeds this value during at least 10 seconds, then the signalNoise alarm is
cleared.
errSecOn Use this element to set the alarm threshold value of Default:00000d 00h 00m 36s
the erroneous seconds in days, hours, minutes and Range: 00000d 00h 00m 00s -
seconds. If the amount of erroneous seconds … 00000d 18h 12m 15s
• exceeds this value within a 15 minutes period1, then the errSecExceeded alarm is
raised.
• drops below this value within a 15 minutes period, then the errSecExceeded alarm
is cleared.
sevErrSecOn Use this element to set the alarm threshold value of Default:00000d 00h 00m 02s
the severely erroneous seconds in days, hours, min- Range: 00000d 00h 00m 00s -
utes and seconds. If the amount of severely errone- 00000d 18h 12m 15s
ous seconds …
• exceeds this value within a 15 minutes period1, then the sevErrSecExceeded
alarm is raised.
• drops below this value within a 15 minutes period, then the sevErrSecExceeded
alarm is cleared.
1. The 15 minutes periods run synchronous with the 15 minutes periods of the telindus1421Router/
wanInterface/line/h2Line performance attribute.
Because alarms are raised or cleared within 15 minutes periods, there is a delay in the alarm
status. For example, suppose that in the first minute of a 15 minutes period the errSecOn value
is exceeded, then the errSecExceeded alarm is raised. The alarm stays on for the remainder of
the 15 minutes period. The alarm is only cleared if also in the next 15 minutes period the
errSecOn value is not exceeded.
telindus1421Router/wanInterface/line/numExpectedRepeaters Default:0
Range: 0 … 8
Use this attribute to set the number of Crocus SHDSL Repeaters that the
Telindus 1421 SHDSL Router can expect to find on the SHDSL line. If the actual number of repeaters
does not match the number you entered in the numExpectedRepeaters attribute, then the invalidNumRepeaters
alarm is raised.
telindus1421Router/wanInterface/line/eocHandling Default:none
SHDSL devices can communicate with each other through the Embedded
Operations Channel (EOC). Use the eocHandling attribute to define the handling of the EOC messages.
Refer to 5.4.3 - Controlling the standard EOC message exchange on page 68 for more information.
telindus1421Router/wanInterface/line/management Default:o10-PathManagement
Use this attribute to determine whether and which management data is for-
warded over the SHDSL line.
Refer to 5.4.2 - Controlling the proprietary EOC message exchange on page 67 for more information.
telindus1421Router/wanInterface/line/<alarmConfigurationAttributes>

• the alarms of the line object, refer to 14.6 - SHDSL line alarms on page 705.
telindus1421Router/wanInterface/line/linePair[ ]/<alarmConfigurationAttributes>

• the alarms of the linePair[ ] object, refer to 14.7 - SHDSL line pair alarms on page 706.
11.7 End and repeater configuration attributes

• telindus1421Router/wanInterface/repeater[ ]/<alarmConfigurationAttributes> on page 409
• telindus1421Router/wanInterface/end/<alarmConfigurationAttributes> on page 409
The repeater[ ] and the end objects are not present in the containment tree by default. They are added auto-
matically when you configure the eocHandling attribute. Refer to 5.4.3 - Controlling the standard EOC mes-
sage exchange on page 68.
telindus1421Router/wanInterface/repeater[ ]/<alarmConfigurationAttributes>

• the alarms of the repeater[ ] object, refer to 14.8 - End and repeater alarms on page 708.
telindus1421Router/wanInterface/end/<alarmConfigurationAttributes>

• the alarms of the end object, refer to 14.8 - End and repeater alarms on page 708.
11.8 Bundle configuration attributes
This section describes the configuration attributes of the different bundles that you can set up on the Tel-
• 11.8.1 - PPP bundle configuration attributes on page 411
11.8.1 PPP bundle configuration attributes

• telindus1421Router/bundle/pppBundle[ ]/members on page 412
• telindus1421Router/bundle/pppBundle[ ]/mode on page 412
• telindus1421Router/bundle/pppBundle[ ]/ip on page 412
• telindus1421Router/bundle/pppBundle[ ]/bridging on page 412
• telindus1421Router/bundle/pppBundle[ ]/fragmentation on page 413
• telindus1421Router/bundle/pppBundle[ ]/multiclassInterfaces on page 413
• telindus1421Router/bundle/pppBundle[ ]/<alarmConfigurationAttributes> on page 414
This object is not present in the containment tree by default. If you want to use the feature associated
with this object, then add the object first. Refer to 4.4 - Adding an object to the containment tree on
page 42.
telindus1421Router/bundle/pppBundle[ ]/members Default:<empty>

Use this attribute to make the WAN interface a part of the PPP bundle. Do
this by adding one entry to the members table and by typing “wan” as value of the interface element.
Note that in case you run PPP over ATM (PPPoA) you can also create PPP bundles. In that case, just
type the name of the ATM PVC as value of the interface element in the members table.
Refer to 6.4.11 - Setting up multilink PPP on page 139 for more information on how to set up a PPP bun-
dle.
telindus1421Router/bundle/pppBundle[ ]/mode Default:bridging

Value Description
bridging All packets received on the PPP bundle are bridged. BCP is set up.
routing All packets received on the PPP bundle are routed. IPCP is set up.
or routed. IPCP and BCP are set up.
telindus1421Router/bundle/pppBundle[ ]/ip Default:<empty>

Use this attribute to configure the IP related parameters of the PPP bundle.
Refer to …
telindus1421Router/bundle/pppBundle[ ]/bridging Default:-

Use this attribute to configure the bridging related parameters of the PPP
bundle.
Refer to …
telindus1421Router/bundle/pppBundle[ ]/fragmentation Default:enabled

Use this attribute to enable or disable PPP fragmentation. Refer to What is
PPP fragmentation? on page 126.
When PPP fragmentation is enabled, long frames are fragmented into a sequence of shorter frames. At
the remote side they are reassembled into the original frame.
telindus1421Router/bundle/pppBundle[ ]/multiclassInterfaces Default:<empty>

Use this attribute to set up multiclass PPP links. So you have to add an entry
to the multiclassInterfaces table for every multiclass PPP link that you want to create.
Refer to 6.4.13 - Setting up multiclass PPP on page 142 for more information.
The multiclassInterfaces table contains the following elements:
Element Description

the multiclass PPP link. Range: 0 … 24 characters

the multiclass PPP link. Range: up / down
sponding multiclass PPP link, the packets are treated Range: enumerated, see below
by the routing process, the bridging process or both.
• bridging. All packets received on the multiclass PPP link are bridged.
• routing. All packets received on the multiclass PPP link are routed.

ters of the multiclass PPP link. Range: structure, see below
Refer to …
ing IP addresses.
structure.

parameters of the multiclass PPP link in case the mul- Range: structure, see below
ticlass PPP link is in bridging mode (i.e. in case the
mode element is set to bridging).
Refer to …
Element Description
multiclass Use this element to configure the multiclass specific Default:-

parameters of the multiclass PPP link. Range: structure, see below
Refer to telindus1421Router/bundle/pppBundle[ ]/multiclassInterfaces/multiclass on page 414 for
a detailed description of the multiclass structure.
telindus1421Router/bundle/pppBundle[ ]/multiclassInterfaces/multiclass Default:-

Use this structure to configure the multiclass specific parameters of the mul-
ticlass PPP link.
The multiclass structure contains the following elements:
Element Description
multiclass Use this element to set a multiclass identifier for the Default:1
multiclass PPP link. Range: 1 … 7
defaultQueue Use this element to select a default queue. Default:queue1

This allows you to easily set up a traffic policy without Range: enumerated, see below
having to create and apply traffic policy profiles. However, you still have to create
and apply a priority policy profile to empty the queues.
telindus1421Router/bundle/pppBundle[ ]/<alarmConfigurationAttributes>

• the alarm configuration attributes alarmMask, alarmLevel, alarmContactHighMask and alarmContactLowMask
and on the alarms in general, refer to 14.2 - Introducing the alarm attributes on page 698.
• the alarms of the pppBundle[ ] object, refer to 14.9 - Bundle alarms on page 710.
11.9 Router configuration attributes
This section discusses the configuration attributes concerned with routing. First it describes the general
routing configuration attributes. Then it explains the configuration attributes of the extra features as there
are NAT, L2TP tunnelling, filtering, traffic and priority policy, etc…
• 11.9.1 - General router configuration attributes on page 416
• 11.9.2 - NAT configuration attributes on page 434
• 11.9.3 - L2TP tunnel configuration attributes on page 438
• 11.9.4 - Manual SA configuration attributes on page 446
• 11.9.5 - OSPF configuration attributes on page 450
• 11.9.6 - Routing filter configuration attributes on page 463
• 11.9.7 - Traffic policy configuration attributes on page 465
• 11.9.8 - Priority policy configuration attributes on page 473
• 11.9.9 - VRRP configuration attributes on page 478
11.9.1 General router configuration attributes

• telindus1421Router/router/defaultRoute on page 417
• telindus1421Router/router/routingTable on page 418
• telindus1421Router/router/routingProtocol on page 419
• telindus1421Router/router/alternativeRoutes on page 419
• telindus1421Router/router/ripUpdateInterval on page 419
• telindus1421Router/router/ripHoldDownTime on page 420
• telindus1421Router/router/ripv2SecretTable on page 421
• telindus1421Router/router/sysSecret on page 422
• telindus1421Router/router/pppSecretTable on page 422
• telindus1421Router/router/helperProtocols on page 423
• telindus1421Router/router/sendTtlExceeded on page 424
• telindus1421Router/router/sendPortUnreachable on page 425
• telindus1421Router/router/sendAdminUnreachable on page 425
• telindus1421Router/router/dhcpStatic on page 426
• telindus1421Router/router/dhcpDynamic on page 428
• telindus1421Router/router/dhcpCheckAddress on page 430
• telindus1421Router/router/radius on page 431
• telindus1421Router/router/dns on page 433
• telindus1421Router/router/<alarmConfigurationAttributes> on page 433
telindus1421Router/router/defaultRoute Default:-
Use this attribute to set the default route, also called gateway address.
Refer to 7.3 - Configuring static routes on page 152 for more information on static routes.
The defaultRoute structure contains the following elements:
Element Description
gateway Use this element to specify the IP address of the next Default:0.0.0.0
router that will route all packets for which no specific Range: up to 255.255.255.255
(static or dynamic) route exists in the routing table.
Whether you can omit the gateway element or not, is linked to the following condi-
tions:
If the interface element then …

specifies …
the LAN interface, you can not omit the gateway element.
the WAN interface, you can omit the gateway element only when using
PPP encapsulation.
a DLCI, PVC or tunnel, you can omit the gateway element.
interface Use this element to specify the interface through Default:<empty>

which the gateway can be reached. Range: 0 … 24 characters
Do this by typing the name of the interface as you assigned it using the configura-
tion attribute name (e.g. telindus1421Router/lanInterface/name). Note that this interface
can also be a DLCI, PVC, tunnel, etc.
If you do not specify a value for the interface element, then it is deduced by checking
all interfaces (including DLCIs, PVCs and tunnels) and finding an interface for
which the gateway lies in the subnet defined by the IP address and net mask of
that interface.
Typing the string “discard”, discards all packets for the corresponding destination.
preference Use this element to set the level of importance of the Default:10
default route with respect to routes learnt via RIP. Range: 1 … 200
RIP routes always have a preference of 60. Routes with a lower preference value
are chosen over routes with higher preference value.
metric Use this element to set with how much the metric Default:1
parameter of a route has to be incremented. Range: 1 … 15
If two routes exist with the same preference, then the route with the lowest metric
value is chosen. This element is only important when combining static routes and
RIP routes.
Refer to 7.5.3 - Explaining the rip structure on page 169 for more information on
the metric parameter.
telindus1421Router/router/routingTable Default:<empty>
Use this attribute to configure the static IP routes.
Refer to 7.3 - Configuring static routes on page 152 for more information on static routes.
The routingTable table contains the following elements:
Element Description
network Use this element to specify the IP address of the des- Default:0.0.0.0
tination network. Range: up to 255.255.255.255
mask Use this element to specify the network mask of the Default:255.255.255.0
destination network. Range: up to 255.255.255.255
gateway Use this element to specify the IP address of the next Default:0.0.0.0
router on the path to the destination network. Range: up to 255.255.255.255
Whether you can omit the gateway element or not, is linked to the following condi-
tions:
If the interface element then …

specifies …
the LAN interface, you can not omit the gateway element.
the WAN interface, you can omit the gateway element only when using
PPP encapsulation.
a DLCI, PVC or tunnel, you can omit the gateway element.
interface Use this element to specify the interface through Default:<empty>

which the destination network can be reached. Range: 0 … 24 characters
Do this by typing the name of the interface as you assigned it using the configura-
tion attribute name (e.g. telindus1421Router/lanInterface/name on page 358). Note that the
“interface” can also be a DLCI, PVC, tunnel, etc.
If you do not specify a value for the interface element, then it is deduced by checking
all interfaces (including DLCIs, PVCs and tunnels) and finding an interface for
which the gateway lies in the subnet defined by the IP address and net mask of
that interface.
Typing the string “discard”, discards all packets for the corresponding destination.
preference Use this element to set the level of importance of the Default:10
route. Range: 1 … 200
Routes with a lower preference value are chosen over routes with higher prefer-
ence value. Note that routes learned through RIP always have a preference of 60.
metric Use this element to set with how much the metric Default:1
parameter of a route has to be incremented. Range: 1 … 15
If two routes exist with the same preference, then the route with the lowest metric
value is chosen. Refer to 7.5.3 - Explaining the rip structure on page 169 for more
information on the metric parameter.
telindus1421Router/router/routingProtocol Default:none
Use this attribute to activate or deactivate the Routing Information Protocol
(RIP).
Refer to 7.5 - Configuring RIP on page 165 for more information on RIP.
The routingProtocol attribute has the following values:
Value Description
none No routing protocol is used. Only static routes are used.
rip The RIP routing protocol is active. You can set the RIP version per interface. Refer
to the elements txVersion and rxVersion in the rip structure (refer to 7.5.3 - Explaining
the rip structure on page 169).
telindus1421Router/router/alternativeRoutes Default:backup
Use this attribute to determine how the Telindus 1421 SHDSL Router deals
with identical routes.
If more than one route to a (sub-)network is defined in the routing table, and these routes have …
• identical destination addresses, masks, preferences and metrics,
• a different gateway,
… then you can use the alternativeRoutes attribute to determine which route the Telindus 1421 SHDSL
Router uses to reach the (sub-)network.
The alternativeRoutes attribute has the following values:
Value Description
backup The Telindus 1421 SHDSL Router always uses the same route to reach the (sub-
)network. Only when this route goes down, it uses the alternative route.
roundRobin The Telindus 1421 SHDSL Router alternately uses the two possible routes to
reach the (sub-)network. However, once a certain route is used to reach a specific
address, this same route is always used to reach this specific address.
telindus1421Router/router/ripUpdateInterval Default:00000d 00h 00m 30s

Range: 00000d 00h 00m 05s -
Use this attribute to set the interval the Telindus 1421 SHDSL Router trans- 00000d 00h 10m 00s
mits RIP update messages.
Normally, RIP update messages are transmitted every 30 seconds. It is possible to change this interval.
However, changing this interval will also change the lifetime of routes learnt through RIP. If a RIP route
is received for the last time, it is declared down after 6 times the ripUpdateInterval. After the route is down,
it is deleted after 4 times the ripUpdateInterval.
telindus1421Router/router/ripHoldDownTime Default:00000d 00h 03m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to set the time during which routing information regarding 00000d 00h 10m 00s
better paths is suppressed.
It should be at least three times the value of the ripUpdateInterval attribute. A route enters into a hold-down
state when an update packet is received that indicates the route is unreachable. The route is marked
inaccessible and advertised as unreachable. However, the route is still used for forwarding packets.
When hold-down expires, routes advertised by other sources are accepted and the route is no longer
inaccessible.
What is the RIP hold-down time?
Suppose you have a situation as depicted in the figure

alongside.
Now suppose the following happens:
1. Route X goes down.
⇒Router A sends a RIP update message to router B
declaring route X down.
2. Only a few moments later, route X goes up for a while
after which it goes down again. This continues for a certain time. In other words, the route status tog-
gles between up and down.
⇒Every time the status of route X changes, Router A sends a RIP update message to router B. Also
router B propagates these RIP update messages. In other words, the toggling of route X causes
that a lot of RIP update messages are sent.
The ripHoldDownTime attribute tries to avoid situations as described above. Suppose router B has a
ripHoldDownTime attribute. In that case, the situation is as follows:
1. Route X goes down.
⇒Router A sends a RIP update message to router B declaring route X down. Router B starts the RIP
hold-down timer.
2. The status of route X starts toggling between up and down.
⇒Router A sends several RIP update messages concerning route X to router B. Router B holds the
status of route X down, as longs as the RIP hold-down timer has not expired.
When the RIP hold-down timer expires and the route is …

• down, then the route status stays down.
• up, then the route status changes to up.
telindus1421Router/router/ripv2SecretTable Default:<empty>
Use this attribute to define the secrets used for the RIP authentication.
Refer to 7.5.4 - Enabling RIP authentication on an interface on page 172 for more information on RIP
authentication.
The ripv2SecretTable table contains the following elements:
Element Description
keyId Use this element to set a unique identifier for each Default:0
secret. Range: 0 … 255
secret Use this element to define the secret. Default:<empty>

This secret is sent with the RIP updates on the speci- Range: 0 … 16 characters
fied interface. It is also used to authenticate incoming RIP updates.
interface Use this element to specify on which interface the Default:all

secret is used. Range: 0 … 24 characters
Entering the string “all” (default) means the secret is used on all the interfaces.
Remarks
• If authentication is enabled (either text or md5), then only updates using that authentication are proc-
essed. All other updates on that interface are discarded.
• If you use md5 and if for a certain interface multiple secrets are present in the ripv2SecretTable, then the
first entry in the ripv2SecretTable is used to transmit RIP updates. Authentication of the received RIP
updates is done by looking for the first secret with a matching key.
• If you use text and if for a certain interface multiple secrets are present in the ripv2SecretTable, then only
the first entry in the ripv2SecretTable is used to transmit and receive RIP updates.
telindus1421Router/router/sysSecret Default:<empty>
Use this attribute for the PPP authentication process. The PPP authentica-
tor uses the sysSecret attribute in order to verify the peer its response.
telindus1421Router/router/pppSecretTable Default:<empty>
Use this attribute for the PPP authentication process. Enter the authentica-
tion name and secret of the remote router in this table.
The pppSecretTable contains the following elements:
Element Description
name Use this element to set the PPP authentication name Default:<empty>
of the remote router. Range: 0 … 64 characters
If the remote router is a Telindus 1421 SHDSL Router, then the name element
should correspond with the remote Telindus 1421 SHDSL Router its sysName or
sessionName attribute. Refer to 6.4.10 - Use which name and secret attributes for
PPP authentication? on page 138.
secret Use this element to set the PPP authentication secret Default:<empty>
of the remote router. Range: 0 … 64 characters
If the remote router is a Telindus 1421 SHDSL Router, then the secret element
should correspond with the remote Telindus 1421 SHDSL Router its sysSecret or
sessionSecret attribute. Refer to 6.4.10 - Use which name and secret attributes for
PPP authentication? on page 138.
telindus1421Router/router/helperProtocols Default:<empty>
Use this attribute to define the TCP and UDP port numbers for which broad-
cast forwarding is required. Use this attribute if you specified helper IP addresses using the helpers ele-
ment in the ip structure of the LAN interface. Refer to 5.2.3 - Explaining the ip structure on page 54.
If the helperProtocols table is empty (default), then address substitution is applied for the following proto-
cols:
Protocol name TCP/UDP port number
Time Server 37
IEN-116 Host Name Server 42
Domain Name Server 53
TACACS database service 65
Boot Protocol (BootP) / DHCP server 68
NetBIOS Name Server 137
NetBIOS Datagram Server 138
Important remark
Specifying at least one value in the helperProtocols table clears the default helper list automatically. In that
case, if you want that for instance NetBios Datagram Server broadcast is forwarded, you have to specify
port number 138 again.
For BootP / DHCP broadcast packets, the Telindus 1421 SHDSL Router is also a BootP / DHCP Relay
Agent. If the protocol is selected, then the Telindus 1421 SHDSL Router will write the IP address of its
Ethernet interface in the BootP or DHCP gateway field and increment the hops field in addition to the
address substitution.
telindus1421Router/router/sendTtlExceeded Default:enabled
Use this attribute to enable or disable the sending of ICMP “TTL exceeded“
messages.
The sendTtlExceeded attribute has the following values:
Value Description
enabled The Telindus 1421 SHDSL Router sends ICMP “TTL exceeded" messages.
disabled The Telindus 1421 SHDSL Router does not send ICMP “TTL exceeded” mes-
sages.
This also implies that the router is not recognised by the UNIX or Windows trace-
route feature.
What is Time To Live (TTL)?
Each IP packet has a Time To Live (TTL) value in its header. Each device that sends an IP packet sets
this parameter at some fixed or predefined value. When the packet enters a router, the router decre-
ments the TTL value. If a router finds a value 0 after decrementing the TTL, it discards the packet. This
because a value 0 means the packet has passed too many routers. Probably the packet is looping
between a number of routers. This mechanism avoids that routers with configuration errors bring down
a complete network.
The ICMP message “TTL exceeded”
If a router discards a packet because its TTL is exceeded, it normally sends an ICMP “TTL exceeded“
message to the originator of the packet. With the sendTtlExceeded attribute you can define whether you
want the Telindus 1421 SHDSL Router to send such ICMP messages or not.
It has been chosen to allow TTL exceeded messages in case of PPP. However, this has the effect that
TTL exceeded is also transmitted on some Ethernet broadcasts.
telindus1421Router/router/sendPortUnreachable Default:enabled
Use this attribute to enable or disable the sending of ICMP “Destination
unreachable: Port unreachable“ messages.
The sendPortUnreachable attribute has the following values:
Value Description
enabled The Telindus 1421 SHDSL Router sends ICMP “port unreachable" messages.
disabled The Telindus 1421 SHDSL Router does not send ICMP “port unreachable” mes-
sages.
This also implies that the router is not recognised by the UNIX or Windows trace-
route feature.
The ICMP message “port unreachable”
The Telindus 1421 SHDSL Router supports a number of higher-layer IP protocols (Telnet, SNMP and
TMA) for management purposes. If an IP packet is sent to the Telindus 1421 SHDSL Router for a higher-
layer protocol that it does not support, it normally sends an ICMP “Destination unreachable: Port
unreachable“ message to the originator of the packet. With the sendPortUnreachable attribute you can
define whether you want the Telindus 1421 SHDSL Router to send such an ICMP message or not.
telindus1421Router/router/sendAdminUnreachable Default:enabled
Use this attribute to enable or disable the sending of ICMP "Destination
unreachable: Communication with destination is administratively prohibited” messages.
The sendAdminUnreachable attribute has the following values:
Value Description
enabled The Telindus 1421 SHDSL Router sends ICMP “communication prohibited“ mes-
sages.
disabled The Telindus 1421 SHDSL Router does not send ICMP “communication prohib-
ited“ messages.
The ICMP message “communication prohibited”
If the Telindus 1421 SHDSL Router receives an IP packet that is destined for a prohibited destination
(because this destination is defined in an access list), then it sends an ICMP "Destination unreachable:
Communication with destination is administratively prohibited” message to the originator of the packet.
With the sendAdminUnreachable attribute you can define whether you want the Telindus 1421 SHDSL
Router to send such an ICMP message or not.
telindus1421Router/router/dhcpStatic Default:<empty>
This attribute activates the DHCP server on the Telindus 1421 SHDSL
Router. Use this attribute to assign a fixed IP address to a client its MAC address and this for an infinite
time.
The dhcpStatic table contains the following elements:
Element Description
ipAddress Use this element to assign an IP address to a certain Default:0.0.0.0

client. This client is identified with its MAC address. Range: up to 255.255.255.255
If no IP address is specified, then there is no connection to the client. In that case,
all other attributes in the table are ignored for this client.
mask Use this element to set the client its subnet mask. Default:255.255.255.0
Range: up to 255.255.255.255
gateway Use this element to set the default gateway for the cli- Default:0.0.0.0
ent its subnet. Range: up to 255.255.255.255
If the interface element is left empty (default), then it is the gateway element that
determines on which interface the Telindus 1421 SHDSL Router will act as DHCP
server. Namely the interface through which the IP address as entered in the gate-
way element can be reached.
If no gateway is specified, then the Telindus 1421 SHDSL Router gives its own
address. This address lies in the subnet of the interface through which the Telindus
1421 SHDSL Router sends out the DHCP reply.
interface Use this element to specify the name of the interface Default:<empty>
on which you want the Telindus 1421 SHDSL Router Range: 0 … 36 characters
to act as DHCP server.
dnsSetting Use this element to determine which DNS servers are Default:learned
used for handling the DNS requests. Range: enumerated, see below
The dnsSetting element has the following values:
• configured. The Telindus 1421 SHDSL Router sends all DNS requests to the
DNS servers that have been configured in the attribute telindus1421Router/router/
dns on page 433.
• learned. If DNS servers have been configured in the attribute telindus1421Router/
router/dns, then all DNS requests are sent to these servers. However, if no DNS
servers have been configured, then the Telindus 1421 SHDSL Router tries to
learn the DNS servers from the network. During the time the Telindus 1421
SHDSL Router has not learned the DNS servers yet, DNS relay is active allow-
ing DNS between the clients that already have been given an IP address.
• relay. The Telindus 1421 SHDSL Router acts as a DNS server for its clients,
caching all DNS requests. It answers to DNS requests if possible. However, if
an entry is not present in its cache, then it relays this request to the DNS serv-
ers that have been configured in the attribute telindus1421Router/router/dns.
nameServer Use this element to set the IP address of the name Default:0.0.0.0
server that is available to the client. Range: up to 255.255.255.255
Element Description
nameServer2 Use this element to set the IP address of the second Default:0.0.0.0
name server that is available to the client. Range: up to 255.255.255.255
tftpServer Use this element to set the IP address of the TFTP Default:0.0.0.0
server that is available to the client. It is the next Range: up to 255.255.255.255
server to use in boottrap.
macAddress Use this element to enter the client its MAC address. Default:0.0.0.0.0.0
If no MAC address is specified, then there is no con- Range: up to ff.ff.ff.ff.ff.ff
nection to the client. Therefore, all other attributes in the table are ignored for this
client.
bootFile Use this element to set the location of the boot file. Default:<empty>
hostName Use this element to set the name of the client. Default:<empty>
domainName Use this element to set the name the client should use Default:<empty>
when resolving hostnames via the Domain Name Range: 0 … 20 characters
System (DNS).
netbiosNameServer Use this element to set the IP address of the NetBios Default:0.0.0.0
server. Range: up to 255.255.255.255
netbiosNameServer Use this element to set the IP address of the second Default:0.0.0.0
2 NetBios server. Range: up to 255.255.255.255
netbiosNodeType Use this element to configure the client as described Default:<opt>

in RFC 1001 / RFC 1002. Range: enumerated, see below
The netbiosNodeType element has the following values: no-node, B-node, P-node, M-
node, H-node.
telindus1421Router/router/dhcpDynamic Default:<empty>
This attribute activates the DHCP server on the Telindus 1421 SHDSL
Router. Use this attribute to specify the IP address range from which an IP address may be dynamically
assigned to a client its MAC address.
The dhcpDynamic table contains the following elements:
Element Description
ipStartAddress Use this element to define the start address of the IP Default:192.168.1.100
address range. It is from this range that an IP address Range: up to 255.255.255.255
will be dynamically assigned to a client.
If no IP start address is specified, all other attributes on the same line in the table
are ignored.
ipEndAddress Use this element to define the end address of the IP Default:192.168.1.254
address range. It is from this range that an IP address Range: up to 255.255.255.255
will be dynamically assigned to a client.
The IP address range will only contain the ipStartAddress in case …
• no ipEndAddress is specified,
• the specified ipEndAddress is the same as the ipStartAddress,
• the specified ipEndAddress is smaller than the ipStartAddress,
• the specified ipEndAddress belongs to another subnet than the ipStartAddress.
Do not include the Telindus 1421 SHDSL Router its own IP address in this
range!
mask Use this element to set the client its subnet mask for Default:255.255.255.0
the specified IP address range. Range: up to 255.255.255.255
gateway Use this element to set the default gateway for the cli- Default:0.0.0.0
ent its subnet. Range: up to 255.255.255.255
If the interface element is left empty (default), then it is the gateway element that
determines on which interface the Telindus 1421 SHDSL Router will act as DHCP
server. Namely the interface through which the IP address as entered in the gate-
way element can be reached.
If no gateway is specified, then the Telindus 1421 SHDSL Router gives its own
address. This address lies in the subnet of the interface through which the Telindus
1421 SHDSL Router sends out the DHCP reply.
interface Use this element to specify the name of the interface Default:<empty>
on which you want the Telindus 1421 SHDSL Router Range: 0 … 36 characters
to act as DHCP server.
Element Description
dnsSetting Use this element to determine which DNS servers are Default:learned
used for handling the DNS requests. Range: enumerated, see below
The dnsSetting element has the following values:
• configured. The Telindus 1421 SHDSL Router sends all DNS requests to the
DNS servers that have been configured in the attribute telindus1421Router/router/
dns on page 433.
• learned. If DNS servers have been configured in the attribute telindus1421Router/
router/dns, then all DNS requests are sent to these servers. However, if no DNS
servers have been configured, then the Telindus 1421 SHDSL Router tries to
learn the DNS servers from the network. During the time the Telindus 1421
SHDSL Router has not learned the DNS servers yet, DNS relay is active allow-
ing DNS between the clients that already have been given an IP address.
• relay. The Telindus 1421 SHDSL Router acts as a DNS server for its clients,
caching all DNS requests. It answers to DNS requests if possible. However, if
an entry is not present in its cache, then it relays this request to the DNS serv-
ers that have been configured in the attribute telindus1421Router/router/dns.
nameServer Use this element to set the IP address of the name Default:0.0.0.0
server that is available to the client. Range: up to 255.255.255.255
nameServer2 Use this element to set the IP address of the second Default:0.0.0.0
name server that is available to the client. Range: up to 255.255.255.255
tftpServer Use this element to set the IP address of the TFTP Default:0.0.0.0
server that is available to the client. It is the next Range: up to 255.255.255.255
server to use in boottrap.
leaseTime Use this element to set the maximum time a client can Default:00000d 00h 00m 00s
lease an IP address from the specified IP address Range: 00000d 00h 00m 00s -
range. 24855d 03h 14m 07s
If 00000d 00h 00m 00s (default) is specified, then the lease time is infinite.
holdTime Use this element to set the time between two consec- Default:00000d 00h 00m 00s
utive leases of an IP address. I.e. if a client has just let Range: 00000d 00h 00m 00s -
go of its dynamically assigned IP address, then this 24855d 03h 14m 07s
same IP address can not be reassigned before the
holdTime has elapsed.
bootFile Use this element to set the location of the boot file. Default:<empty>
hostName Use this element to set the name of the client. Default:<empty>
Because the DHCP server can not give the same Range: 0 … 20 characters
name to all clients of this IP address range, a number is added to the hostname
from the second IP address onwards. The number goes up to 99.
Example
Suppose the hostname is Telindus. In that case the name for the start IP address is
Telindus, for the second IP address Telindus1, and so on.
Element Description
domainName Use this element to set the name the client should use Default:<empty>
when resolving hostnames via the Domain Name Range: 0 … 20 characters
System (DNS).
netbiosNameServer Use this element to set the IP address of the NetBios Default:0.0.0.0
server. Range: up to 255.255.255.255
netbiosNameServer Use this element to set the IP address of the second Default:0.0.0.0
2 NetBios server. Range: up to 255.255.255.255
netbiosNodeType Use this element to configure the client as described Default:<opt>

in RFC 1001 / RFC 1002. Range: enumerated, see below
The netbiosNodeType element has the following values: no-node, B-node, P-node, M-
node, H-node.
telindus1421Router/router/dhcpCheckAddress Default:disabled
Use this attribute to allow that the IP address assigned by the DHCP server
is probed with an ARP request (Ethernet) or ICMP Echo Request (IP). This checks and prevents the dou-
ble use of IP addresses.
The dhcpCheckAddress attribute has the following values:
Value Description
disabled No probing is done when an IP address is leased by a client.
enabled Probing is done when an IP address is leased by a client. In case of …

• Ethernet, the probing is done with an ARP request.
• IP, the probing is done with an ICMP Echo Request (ping).
If a reply is received, it means the IP address is already in use. Therefore, another
IP address is assigned.
arpOnly Probing is done when an IP address is leased by a client. However, the probing is
only done by means of an ARP request (Ethernet).
telindus1421Router/router/radius Default:-
Use this attribute to configure the Telindus 1421 SHDSL Router for
RADIUS. Also see 9.6 - Configuring RADIUS on page 298.
To enable the use of RADIUS in PPP, PAP or CHAP should be enabled on the Telindus 1421 SHDSL
Router. The local configuration of the username and password is ignored if a table of RADIUS servers
exist. Furthermore, remote IP address and remote netmask are ignored if a RADIUS server imposes
these attributes.
The radius structure contains the following elements:
Element Description
authServers Use this element to select an authentication server. Default:<empty>

You can create a list of several authentication servers. Range: table, see below
The authServers table contains the following elements:
• address. Use this element to specify the IP address Default:0.0.0.0
of the authentication server. Range: up to 255.255.255.255
• secret. Use this element to set the shared secret to Default:<empty>
authenticate the transaction with the authentica- Range: 0 … 64 characters
tion server.
• timeOut. Use this element to specify the authentica- Default:00000d 00h 00m 05s
tion time-out. Range: 00000d 00h 00m 01s -
00000d 00h 00m 10s
acctServer Use this element to select an accounting server. You Default:-

can only select one accounting server. Range: structure, see below
The acctServer structure contains the following elements:
• address. Use this element to specify the IP address Default:0.0.0.0
of the accounting server. Range: up to 255.255.255.255
• secret. Use this element to set the shared secret to Default:<empty>
authenticate the transaction with the accounting Range: 0 … 64 characters
server.
• timeOut. Use this element to specify the accounting Default:00000d 00h 00m 05s
time-out. Range: 00000d 00h 00m 01s -
00000d 00h 00m 10s
retries Use this element to specify the number of retries Default:1

before selecting the next authentication server in the Range: 0 … 10
authServers table.
acctUpdate Use this element to specify the time at which an Default:00000d 00h 00m 00s
update of the accounting data should be send to the Range: 00000d 00h 00m 00s -
server. 00000d 00h 01m 00s
Set this element to 0 (default) if no update is required. Note that this is not always
supported by the accounting server.
Element Description
login Use this element to set the authentication of access to Default:disabled

the Telindus 1421 SHDSL Router using Telnet, FTP, Range: enumerated, see below
TFTP or TMA. No accounting data is sent to the
server.
The login element has the following values:
• disabled. No RADIUS login authentication is done.
• enabled. Login authentication is always done using a RADIUS server.
The username and password have to be entered as follows: "username:pass-
word". If the ‘:’ is omitted, then the string is considered to be a password.
Multiple passwords can be added using the same username. Access rights are
sent using the RADIUS attribute CLASS (25) encoded as a string carrying a
binary value. The bit definitions are:
- readAccess = 00000001B
- writeAccess = 00000010B
- securityAccess = 00000100B
- countryAccess = 00001000B (only used on aster4/5)
- fileAccess = 00010000B
Caution should be taken since all access to the device has to be authenticated
by a RADIUS server.
• fallback. Login authentication is done using a RADIUS server. However, if the
server is not available, then authentication is done using the local security table
of the device.
ppp Use this element to set the authentication of a PPP Default:enabled

connection that uses PAP or CHAP. Range: enumerated, see below
The ppp element has the following values:
• disabled. PPP authentication is done using the local sysName/sysSecret or session-
Name/sessionSecret of the device.
• enabled. PPP authentication is always done using a RADIUS server.
telindus1421Router/router/dns Default:-
Use this attribute to enter the DNS server addresses. Also see What is
DNS? on page 716.
The dns structure contains the following elements:
Element Description
primaryDns Use this element to specify the IP address of the pri- Default:0.0.0.0
mary DNS server. Range: up to 255.255.255.255
secondaryDns Use this element to specify the IP address of the sec- Default:0.0.0.0
ondary DNS server. Range: up to 255.255.255.255
domainName Use this element to enter the domain name to which Default:<empty>
the Telindus 1421 SHDSL Router belongs. Range: 0 … 32 characters
What is DNS?
The Domain Name Service (DNS) is an Internet service that translates domain names into IP addresses.
Because domain names are alphabetic, they are easier to remember. The Internet however, is really
based on IP addresses. Therefore, every time you use a domain name, a DNS service must translate
the name into the corresponding IP address. For example, the domain name www.mywebsite.com might
translate to 198.105.232.4.
The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular
domain name, it asks another one, and so on, until the correct IP address is returned.
What is DNS proxy?
The Telindus 1421 SHDSL Router is a DNS proxy. This means that if the Telindus 1421 SHDSL Router
has not received a DNS address (as DHCP client), then it gives its own address in DHCP requests (as
DHCP server). The Telindus 1421 SHDSL Router relays DNS requests it receives to configured or
learned DNS servers.
telindus1421Router/router/<alarmConfigurationAttributes>

• the alarms of the router object, refer to 14.10 - Router alarms on page 711.
11.9.2 NAT configuration attributes

• telindus1421Router/router/defaultNat/patAddress on page 435
• telindus1421Router/router/defaultNat/portTranslations on page 435
• telindus1421Router/router/defaultNat/servicesAvailable on page 436
• telindus1421Router/router/defaultNat/addresses on page 436
• telindus1421Router/router/defaultNat/gateway on page 437
• telindus1421Router/router/defaultNat/tcpSocketTimeOut on page 437
• telindus1421Router/router/defaultNat/udpSocketTimeOut on page 437
• telindus1421Router/router/defaultNat/tcpSockets on page 437
• telindus1421Router/router/defaultNat/udpSockets on page 437
• telindus1421Router/router/defaultNat/dmzHost on page 437
telindus1421Router/router/defaultNat/patAddress Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to enter the official IP address that has to be used for the
Port Address Translation. Entering an address different from the default value 0.0.0.0 automatically ena-
bles PAT.
Refer to 7.7 - Configuring address translation on page 182 for more information on PAT.
telindus1421Router/router/defaultNat/portTranslations Default:<empty>
Use this attribute to define specific port number ranges that should not be
translated.
Some TCP or UDP applications do not allow port translations: these applications require a dedicated
source port number. In the portTranslations table you can define UDP and TCP port ranges that should not
be translated. If a packet with a source port number in such a range is received, PAT replaces only the
source IP address provided it is the first device using this port number. When other devices using the
same application (hence the same port number) try to send traffic to the same Internet destination
address, PAT discards this traffic.
It is also possible to define port ranges that PAT should always discard. The port translation range PAT
uses goes from 60928 up to 65535.
The portTranslations table contains the following elements:
Element Description
protocol Use this element to select the protocol: tcp or udp. Default:tcp
Range: tcp / udp
startPort Use this element to set the lowest value of the TCP or Default:0
UDP port range. Range: 0 … 65535
endPort Use this element to set the highest value of the TCP Default:<opt>
or UDP port range. Range: 0 … 65535
If no endPort value is defined (<opt>), then the port range is limited to the startPort
value only.
action Use this element to set the action in case a packet is Default:noTranslation
received with a source port number that falls within Range: enumerated, see below
the specified port range.
The action element has the following values:
• noTranslation. The port numbers that fall within the specified port range are not
translated.
• deny. Packets with port numbers that fall within the specified port range are dis-
carded.
telindus1421Router/router/defaultNat/servicesAvailable Default:<empty>
Use this attribute to define specific port number ranges for incoming Internet
traffic that should not be translated. Instead it is sent to the corresponding private IP address.
The servicesAvailable table makes it possible to have a server on the local network that can be accessed
from the Internet, although it has no official IP address.
The servicesAvailable table contains the following elements:
Element Description
protocol Use this element to select the protocol: tcp or udp. Default:tcp
Range: tcp / udp
startPort Use this element to set the lowest value of the TCP or Default:0
UDP port range. Range: 0 … 65535
endPort Use this element to set the highest value of the TCP Default:<opt>
or UDP port range. Range: 0 … 65535
If no endPort value is defined (<opt>), then the port range is limited to the startPort
value only.
serverAddress Use this element to set the private server address. Default:0.0.0.0
If a packet is received with a source port number that Range: up to 255.255.255.255
falls within the specified port range, then it is sent to the private server address.
telindus1421Router/router/defaultNat/addresses Default:<empty>
Use this attribute to enter all the official IP addresses that have to be used
for Network Address Translation. Entering an address in the addresses table automatically enables the
general NAT process. Now you can activate or deactivate NAT per IP interface. Note that by default NAT
is deactivated on all IP interfaces.
Refer to 7.7 - Configuring address translation on page 182 for more information on NAT.
The addresses table contains the following elements:
Element Description
officialAddress Use this element to set the official IP address. Default:0.0.0.0

These addresses are used in the reverse order as Range: up to 255.255.255.255
they appear in the list.
privateAddress Use this element to set the private IP address, i.e. to Default:<opt>
permanently assign an official IP address to a private Range: up to 255.255.255.255
address.
If you do not specify a private IP address, then NAT is applied dynamically. I.e. the
official IP address is used for any private source IP address.
telindus1421Router/router/defaultNat/gateway Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to define the gateway addresses of routes on which NAT
or PAT should be applied. If you do not configure the gateway attribute, then NAT or PAT is applied on all
routes through this interface.
telindus1421Router/router/defaultNat/tcpSocketTimeOut Default:00001d 00h 00m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to define the time-out for TCP sessions that are not closed 24855d 03h 14m 07s
by the application.
Such sessions, whether PAT or NAT is in use, remain active for one day by default. Only decrease this
attribute if some TCP applications do not close properly, filling up the available translation sessions.
telindus1421Router/router/defaultNat/udpSocketTimeOut Default:00000d 00h 03m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to define the time-out for UDP sessions that are not closed 24855d 03h 14m 07s
by the application.
Such sessions, whether PAT or NAT is in use, remain active for 3 minutes by default. Only decrease this
attribute if some UDP applications do not close properly, filling up the available translation sessions.
telindus1421Router/router/defaultNat/tcpSockets Default:1024
Range: 500 … 4500
Use this attribute to set the maximum number of TCP session that may be
used simultaneously for address translation.
telindus1421Router/router/defaultNat/udpSockets Default:1024
Range: 500 … 4500
Use this attribute to set the maximum number of UDP session that may be
used simultaneously for address translation.
telindus1421Router/router/defaultNat/dmzHost Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to set the address of the DMZ (demilitarised zone) host.
What is a DMZ?
In computer networks, a DMZ (demilitarised zone) is a computer host or small network inserted as a
"neutral zone" between a company's private network and the outside public network. It prevents outside
users from getting direct access to a server that has company data. A DMZ is an optional and more
secure approach to a firewall and effectively acts as a proxy server as well.
In a typical DMZ configuration for a small company, a separate computer receives requests from users
within the private network for access to Web sites or other companies accessible on the public network.
The DMZ host then initiates sessions for these requests on the public network. However, the DMZ host
is not able to initiate a session back into the private network. It can only forward packets that have
already been requested.
Users of the public network outside the company can access only the DMZ host. The DMZ may typically
also have the company's Web pages so these could be served to the outside world. However, the DMZ
provides access to no other company data. In the event that an outside user penetrated the DMZ host's
security, the Web pages might be corrupted but no other company information would be exposed.
11.9.3 L2TP tunnel configuration attributes

• telindus1421Router/router/tunnels/l2tpTunnels on page 439
• telindus1421Router/router/tunnels/ipsecL2tpTunnels on page 444
telindus1421Router/router/tunnels/l2tpTunnels Default:<empty>
Use this attribute to configure the Layer 2 Tunnelling Protocol tunnels you
want to set up. Add a row to the l2tpTunnels table for each L2TP tunnel you want to set up.
The l2tpTunnels table contains the following elements:
Element Description

the tunnel. Range: 0 … 24 characters
adminStatus Use this element to activate (up) or deactivate the tun- Default:down
nel (down). Range: up / down
mode Use this element to determine whether for the corre- Default:routing
sponding tunnel, IP packets are treated by the routing Range: enumerated, see below
• bridging. All packets received on the tunnel are bridged.
• routing. All packets received on the tunnel are routed.

ters of the tunnel. Range: structure, see below
Refer to …
ing IP addresses.
structure.

parameters of the tunnel. Range: structure, see below
When bridging is enabled on a tunnel interface, the tunnel acts exactly as a bridge
port for a physical PPP connection.
Refer to …
l2tp Use this element to configure the L2TP related Default:-

Refer to telindus1421Router/router/tunnels/l2tpTunnels/l2tp on page 440 for a detailed
description of the l2tp structure.
backup Use this element to configure the back-up related Default:-

Refer to telindus1421Router/router/tunnels/l2tpTunnels/backup on page 443 for a detailed
description of the backup structure.
telindus1421Router/router/tunnels/l2tpTunnels/l2tp Default:-
Use the l2tp structure in the l2tpTunnels table to configure the L2TP related
parameters of the tunnel.
The l2tp structure contains the following elements:
Element Description
localIpAddress Use this element to set the official IP address that Default:<opt>
serves as start point of the L2TP connection. Range: up to 255.255.255.255
remoteIpAddress Use this element to set the official IP address that Default:<opt>
serves as end point of the L2TP connection. Range: up to 255.255.255.255
Both localIpAddress and remoteIpAddress together with the well-known port number for
L2TP (i.e. 1701), make up the socket used for the L2TP session. At the moment,
only one L2TP session can exist between one localIpAddress and remoteIpAddress
combination.
remoteDnsName Instead of specifying a remoteIpAddress, you can specify Default:<empty>

the DNS name of the end point of the L2TP connec- Range: 0 … 64 characters
tion. In that case, the DNS name will be resolved to an
IP address.
Note that in this case, DNS has to be configured on the Telindus 1421 SHDSL
Router. Refer to telindus1421Router/router/dns on page 433.
pppAuthentication Use this element to enable or disable authentication Default:disabled

on the PPP link in the tunnel. Range: enumerated, see below
Refer to telindus1421Router/wanInterface/ppp/authentication on page 391 for more informa-
tion.
pppSesionName Use this element to set the PPP authentication name Default:<empty>
of the PPP link in the tunnel. Range: 0 … 64 characters
pppSesionSecret Use this element to set the PPP authentication secret Default:<empty>
of the PPP link in the tunnel. Range: 0 … 64 characters
linkMonitoring Use this element to enable or disable link monitoring Default:-

on the PPP link in the tunnel and to fine-tune it. Range: structure, see below
Refer to telindus1421Router/wanInterface/ppp/linkMonitoring on page 390 for more informa-
tion.
Element Description
type Use this element to specify the tunnel type. Default:outgoingDial

The type element has the following values: Range: enumerated, see below
• outgoingDial. The outgoing tunnel is not continuously open. It is opened when-

ever data has to be sent through the tunnel, and closed when no data is
detected for a certain time.
• outgoingLeasedLine. The outgoing tunnel is opened as soon as the Telindus 1421
SHDSL Router is up, and it stays open.
• incoming. The tunnel is an incoming tunnel.
Important remark
Make sure that if the type element is set to outgoingDial or outgoingLeasedLine at

one end of the tunnel, that at the other end of the tunnel the type element is set to
incoming.
dataChannelSe- Use this element to enable (on) or disable (off) Default:off

quenceNumbering sequence numbering on the data messages. These Range: on / off
sequence numbers are used to detect lost packets
and/or restore the original sequence of packets that may have been reordered dur-
ing transport.
On control messages, sequence numbering is always enabled.
It is recommended that for connections where reordering or packet loss may occur,
dataChannelSequenceNumbering is enabled.
keepAliveTimeOut Use this element to set the amount of time (in sec- Default:30
onds) the tunnel waits before it sends a keep alive Range: 1 … 3600
message in case it receives no data.
If the tunnel does not receive incoming data during a certain time, it sends a keep
alive message to the other side and waits for an acknowledgement.
noTrafficTimeOut This element applies on dial tunnels only (i.e. for Default:120
which the type element is set to outgoingDial). Range: 1 … 3600
Use this element to set the amount of time (in seconds) the tunnel waits before it
closes in case it receives no data.
l2tpMode Use this element to set the L2TP function of the Telindus 1421 SHDSL Router.
The l2tpMode element has the following values:
• lac. The Telindus 1421 SHDSL Router acts as an L2TP Access Concentrator.
• lns. The Telindus 1421 SHDSL Router acts as an L2TP Network Server.
• auto. If both local and remote Telindus 1421 SHDSL Router are set to auto, they
mutually decide who will be the LAC and who the LNS.
Important remark
Only select auto if you use a Telindus router at both sides of the tunnel. In
conjunction with routers from other vendors (e.g. Cisco), specifically select an
L2TP mode (lac or lns).
Element Description
tunnelAuthentication Use this element to enable (on) or disable (off) tunnel Default:off
authentication. Range: on / off
L2TP incorporates a simple, optional, CHAP-like tunnel authentication system dur-
ing control connection establishment.
If the LAC or LNS wishes to authenticate the identity of the peer it is contacting or
being contacted by, it sends a challenge packet. If the expected response and
response received from a peer does not match, the tunnel is not opened.
To participate in tunnel authentication, a single shared secret has to exist between
the LAC and LNS.
tunnelSecret Use this element to set the tunnel secret. This secret Default:<empty>
is used in the tunnel authentication in order to verify Range: 0 … 64 characters
the peer its response.
copyTos Use this element to enable (on) or disable (off) the cop- Default:on
ying of the TOS byte value from the payload its IP Range: on / off
header to the L2TP header.
maxNrOfRetrans- Use this element to set the number of times a control Default:4
missions message has to be retransmitted in case no acknowl- Range: 0 … 10
edgement follows, before the tunnel is closed.
transmitWindowSize Use this element to set the window size for transmit- Default:4
ting control messages. Range: 1 … 30
receiveWindowSize Use this element to set the window size for receiving Default:4
control messages. Range: 1 … 30
udpChecksum Use this element to enable (on) or disable (off) the Default:off
UDP checksum. Range: on / off
It is recommended to enable the UDP checksum on lower quality links.
calledNr Use this element to set the called number. This ele- Default:<empty>
ment is present for compatibility with other vendors Range: 0 … 48 characters
that support this feature. If you set up a tunnel
between two Telindus devices, then you can leave this element empty.
The called number is an indication to the receiver of a call as to what (telephone)
number the caller used to reach it. It encodes the (telephone) number to be called
for an outgoing call request (OCRQ) and the called number for an incoming call
request (ICRQ).
The called number is an ASCII string. Contact between the administrator of the
LAC and the LNS may be necessary to coordinate interpretation of the value
needed in this element.
speed Use this element to make an indication of the Default:64000

expected speed for the tunnel in case of MLPPP. Range: 0 … 2147483647
In case you use MLPPP, the Bandwidth Allocation Protocol adds or deletes PPP
links from the bundle depending on the actual amount of traffic. However, some-
how you have to be able to specify the normally required speed. Do this using the
speed element.
telindus1421Router/router/tunnels/l2tpTunnels/backup Default:-
Use the backup structure in the l2tpTunnels table to configure the back-up
related parameters of the tunnel.
In a main/back-up tunnel mechanism, configuring the backup element allows you to quickly set up a back-
up tunnel as soon as the main tunnel goes down, instead of waiting on several time-outs before the back-
up tunnel is set up. Refer to 9.4.4 - Setting up a main and back-up tunnel on page 287.
The backup structure contains the following elements:
Element Description
interface Use this element to enter the name of the tunnel that Default:<empty>
will act as back-up in a main/back-up mechanism. Range: 0 … 24 characters
Alternatively, if the string "discard" is entered as a backup interface, then the
backup functionality is executed for the main tunnel even if no backup tunnel is
present. So the main tunnel is reset and the route to the main tunnel is closed (so
the route status goes “down” instead of “spoofing”). In that case, if an alternative
route is present, then this route will be taken.
timeOut Use this element to set the set-up time-out in sec- Default:30
onds. If the tunnel is not set up within the specified Range: 1 … 3600
time-out, then the back-up tunnel is set up.
autoRetry This element is only relevant in case the type element Default:no
of the tunnel is set to outgoingLeasedLine. Range: yes / no
Use this element to determine, if a leased line tunnel does not come up, whether
it has to keep trying to come up (yes) or quit after one try (no).
telindus1421Router/router/tunnels/ipsecL2tpTunnels Default:<empty>
Use this attribute to configure the IP secured Layer 2 Tunnelling Protocol
tunnels you want to set up. Add a row to the IpsecL2tpTunnels table for each IPSEC L2TP tunnel you want
to set up.
The elements of the ipsecL2tpTunnel are basically the same as the elements of the l2tpTunnel (refer to
telindus1421Router/router/tunnels/l2tpTunnels on page 439). The only difference is the presence of the ipsec ele-
ment within the l2tp structure. Refer to telindus1421Router/router/tunnels/ipsecL2tpTunnels/l2tp/ipsec on page 444 for
more information on the ipsec element.
telindus1421Router/router/tunnels/ipsecL2tpTunnels/l2tp/ipsec Default:-
Range: choice, see below
Use this element to apply a security association on the IPSEC L2TP tunnel.
Do this by typing the index name of the security association you want to use. You can create the security
association itself by adding a manualSA or ikeSA object and by configuring the attributes in this object.
Refer to 9.5 - Configuring IP security on page 290 for more information on IP security.
The ipsec element offers you the following choice:
Choice Description
fdxManualSA Select this value if you want to apply a manual secu- Default:<empty>
rity association on both the inbound and outbound Range: 0 … 24 characters
traffic of the IPSEC L2TP tunnel.
If you select this value, then a field appears behind the value. Type the manualSA
object its index name in this field.
Example
If you created a manualSA object with index name my_SA

(i.e. manualSA[my_SA]) and you want to apply this security
association on an IPSEC L2TP tunnel, then enter the
index name as value of the ipsec element.
Choice Description
hdxManualSA Select this value if you want to apply a manual secu- Default:-
rity association on the inbound traffic and another Range: structure, see below
manual security association on the outbound traffic of
the IPSEC L2TP tunnel.
If you select this value, then a structure appears behind the value. This structure
contains the following elements:
• inbound. To apply a security association on the Default:<empty>
inbound traffic, type the manualSA object its index Range: 0 … 24 characters
name in this field.
• outbound. To apply a security association on the Default:<empty>
outbound traffic, type the manualSA object its index Range: 0 … 24 characters
name in this field.
Example
If you created a manualSA object with index name my_SA_in (i.e. manualSA[my_SA_in])
and one with index name my_SA_out (i.e. manualSA[my_SA_out]) and you want to apply
the first on the inbound and the latter on the outbound traffic, then enter the index
names of the manualSA objects as follows:
11.9.4 Manual SA configuration attributes

• telindus1421Router/router/manualSA[ ]/espEncryptionAlgorithm on page 447
• telindus1421Router/router/manualSA[ ]/espEncryptionKey on page 448
• telindus1421Router/router/manualSA[ ]/espAuthenticationAlgorithm on page 449
• telindus1421Router/router/manualSA[ ]/espAuthenticationKey on page 449
• telindus1421Router/router/manualSA[ ]/spi on page 449
page 42.
telindus1421Router/router/manualSA[ ]/espEncryptionAlgorithm Default:des

Use this attribute to select the algorithm that will be used to encrypt the data
when using IPSEC.
Note that:
• on the Telindus 1421 SHDSL Router LE models, only null and DES encryption can be used. Although
3DES encryption can be selected, it is not used.
• on the Telindus 1421 SHDSL Router NE models, the use of encryption is not possible. Although
3DES and DES encryption can be selected, they are not used.
The espEncryptionAlgorithm attribute has the following values:
Value Description
null No encryption is done.

The null encryption algorithm is simply a convenient way to represent the optional
use of applying encryption within ESP. ESP can then be used to provide authenti-
cation and integrity without confidentiality.
des DES is used to encrypt / decrypt the data. The DES key has to be entered in the
espEncryptionKey attribute.
3des Triple DES is used to encrypt / decrypt the data. The 3DES key has to be entered
in the espEncryptionKey attribute.
Make sure that for the same security association on both the local and remote router the same ESP
encryption algorithm is selected.
telindus1421Router/router/manualSA[ ]/espEncryptionKey Default:<empty>

Range: octet string, 0 … 24
Use this attribute to define the key that will be used in the encryption /
decryption process when using IPSEC.
Note that:
• on the Telindus 1421 SHDSL Router LE models, only null and DES encryption can be used. Although
3DES encryption can be selected, it is not used.
• on the Telindus 1421 SHDSL Router NE models, the use of encryption is not possible. Although
3DES and DES encryption can be selected, they are not used.
The algorithm can be selected using the espEncryptionAlgorithm attribute.
If you use … then …
null encryption the setting of the espEncryptionKey attribute is irrelevant.
DES encryption only the first 8 octets of the key are used. All other octets are ignored.
11 11 11 11 11 11 11 11 22 22 22 22 22 22 22 22 33 33 33 33 33 33 33 33
not used in the encryption

used in the encryption
/ decryption process
/ decryption process
3DES encryption at the transmitter side, the first set of 8 octets of the key are used to encrypt the
data, the second set of 8 octets to decrypt the data and the third set of 8 octets to
encrypt the data again.
11 11 11 11 11 11 11 11 22 22 22 22 22 22 22 22 33 33 33 33 33 33 33 33
encryption encryption
decryption
At the receiver side, the opposite occurs.
encryption key is used.
telindus1421Router/router/manualSA[ ]/espAuthenticationAlgorithm Default:hmac_md5

Use this attribute to select the algorithm that will be used to authenticate the
data when using IPSEC.
The espAuthenticationAlgorithm attribute has the following values:
Value Description
null No authentication is done.
hmac_md5 The MD5 hash function is used to authenticate the data. The MD5 key has to be
entered in the espAuthenticationKey attribute.
hmac_sha-1 The SHA-1 hash function is used to authenticate the data. The SHA-1 key has to
be entered in the espAuthenticationKey attribute.
authentication algorithm is selected.
telindus1421Router/router/manualSA[ ]/espAuthenticationKey Default:<empty>

Range: octet string, 0 … 20
Use this attribute to define the key that will be used in the authentication
process when using IPSEC. The algorithm can be selected using the espAuthenticationAlgorithm attribute.
If you use … then …
null authentication the setting of the espAuthenticationKey attribute is irrelevant.
MD5 authentication only the first 16 octets of the key are used. All other octets are ignored.
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20
used in the authentication not used in the

process authentication process
SHA-1 authentication all 20 octets of the key are used.
Make sure that on both the local and remote router the same ESP authentication key is used.
telindus1421Router/router/manualSA[ ]/spi Default:256

Range: 256 … 2147483647
Use this attribute to set the SPI value. Each security association must have
a unique SPI value because this value is used to identify the security association.
Make sure that for the same security association on both the local and remote router the same SPI value
is used.
11.9.5 OSPF configuration attributes
This section discusses the configuration attributes concerned with OSPF. First it describes the general
OSPF configuration attributes. Then it explains the OSPF area configuration attributes.
• General OSPF configuration attributes on page 451
• Area configuration attributes on page 455
General OSPF configuration attributes

• telindus1421Router/router/ospf/routerId on page 452
• telindus1421Router/router/ospf/refBandwidth on page 452
• telindus1421Router/router/ospf/keyChains on page 452
• telindus1421Router/router/ospf/importMetrics on page 453
• telindus1421Router/router/ospf/importFilter on page 454
²v
telindus1421Router/router/ospf/routerId Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to set the unique sequence number for the router in the
OSPF network.
telindus1421Router/router/ospf/refBandwidth Default:100000 bps

Range: 0 … 2147483647
Use this attribute to set the reference bandwidth. It is used to calculate the
cost of an interface in OSPF. Refer to 7.6.1 - Introducing OSPF on page 174 for more information about
cost.
telindus1421Router/router/ospf/keyChains Default:<empty>
Use this attribute to set the key chains that will be used in the MD-5 authen-
tication process. For more information on authentication, refer to …
• 7.6.3 - Enabling OSPF authentication on page 180
• telindus1421Router/router/ospf/area[ ]/networks/authentication on page 459
• telindus1421Router/router/ospf/area[ ]/virtualLinks/authentication on page 461
The keyChains table contains the following elements:
Element Description
name Use this element to assign an administrative name to Default:chain

the key chain. Range: 0 … 24 characters
chain Use this element to set the properties of each key Default:<empty>
chain. Range: table, see below
Refer to telindus1421Router/router/ospf/keyChains/chain on page 453 for a detailed descrip-
tion of this element.
telindus1421Router/router/ospf/keyChains/chain Default:<empty>
The chain table contains the following elements:
Element Description
keyId Use this element to set a unique identifier for each Default:0
secret. Range: 0 … 255
secret Use this element to define the secret. Default:<empty>

sendDate Use this element to set the start date from which the Default:01/01/01
secret is allowed to be sent. Enter the date as argu- Range: 01/01/01 … 31/12/99
ment value in the format dd/mm/yy (e.g. 01/01/05)
sendTime Use this element to set the time from which the secret Default:00:00:00
is allowed to be sent. Enter the time as argument Range: 00:00:00 … 23:59:59
value in the format hh:mm:ss (e.g. 12:30:45).
sendDuration Use this element to set the period of time during which Default:00000d 00h 00m 00s
the secret is allowed to be sent. Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
acceptDate Use this element to set the start date from which the Default:01/01/01
secret is allowed to be accepted by the other routers Range: 01/01/01 … 31/12/99
in the OSPF network. Enter the date as argument
value in the format dd/mm/yy (e.g. 01/01/05)
acceptTime Use this element to set the time from which the secret Default:00:00:00
is allowed to be accepted by the other routers in the Range: 00:00:00 … 23:59:59
OSPF network. Enter the time as argument value in
the format hh:mm:ss (e.g. 12:30:45).
acceptDuration Use this element to set the period of time during which Default:00000d 00h 00m 00s
the secret is allowed to be accepted by the other rout- Range: 00000d 00h 00m 00s -
ers in the OSPF network. Enter this value in seconds. 24855d 03h 14m 07s
telindus1421Router/router/ospf/importMetrics Default:-
Use this attribute to configure the default cost for importing RIP and static
routes into OSPF.
The importMetrics structure contains following elements:
Element Description
static Use this element to set the default cost of a static Default:20
route which will be imported into OSPF. Range: 0 … 2147483647
rip Use this element to set the default cost of a RIP route Default:20
which will be imported into OSPF. Range: 0 … 2147483647
telindus1421Router/router/ospf/importFilter Default:<empty>
Use this attribute to configure the import filter which allows or denies the
import of external routes into OSPF.
The importFilter table contains following elements:
Element Description
type Use this element to select the type of routes which will Default:all
be allowed or denied into OSPF. Range: static / rip / all
Whether a route is allowed into OSPF or denied access to OSPF, is set by the ele-
ment mode which is described further on in this table.
• all. All routes are allowed into OSPF / denied access to OSPF.
• static. Static routes are allowed into OSPF / denied access to OSPF.
• rip. Rip routes are allowed into OSPF / denied access to OSPF.
address Use this element to set the IP address the external Default:0.0.0.0
route has to comply to. Range: up to 255.255.255.255
mask Use this element to set the netmask the external route Default:0.0.0.0
has to comply to. Range: up to 255.255.255.255
Address and mask define the address range the external route has to comply
to.
mode Use this element to allow or deny the import of exter- Default:allow
nal routes into OSPF. Range: deny / allow
costType Use this element to set the type of cost of the external Default:type2
route. Range: type1 / type2
The costType element has the following values:
• type1. The external cost is expressed in the same units as OSPF interface cost
(i.e. in terms of the link state metric).
• type2. The external cost is an order of magnitude larger; any type 2 cost is con-
sidered greater than the cost of any path internal to the OSPF routing domain.
Use of type 2 external cost assumes that routing outside the OSPF domain is
the major cost of routing a packet, and eliminates the need for conversion of
external costs to internal link state costs.
cost Use this element to set the cost of the external route. Default:0
Range: 0 … 65535
tag Each external route can be tagged, enabling the Default:0

passing of additional information between AS bound- Range: 0 … 2147483647
ary routers.
Area configuration attributes

• telindus1421Router/router/ospf/area[ ]/areaId on page 456
• telindus1421Router/router/ospf/area[ ]/stub on page 456
• telindus1421Router/router/ospf/area[ ]/networks on page 457
• telindus1421Router/router/ospf/area[ ]/virtualLinks on page 460
• telindus1421Router/router/ospf/area[ ]/ranges on page 462
page 42.
telindus1421Router/router/ospf/area[ ]/areaId Default:0.0.0.0

Range: up to 255.255.255.255
Use this attribute to set the unique sequence number for the area. The back
bone area must always be area 0.
telindus1421Router/router/ospf/area[ ]/stub Default:-

Use this attribute to define an area as a stub area. Refer to 7.6.1 - Introduc-
ing OSPF on page 174 for the definition of a stub area.
The stub structure contains the following elements:
Element Description
mode Use this element to enable or disable the area as a Default:disabled

stub area. Range: enabled / disabled
defaultCost Use this element to assign a default cost to the area. Default:0
This is the cost of the default route of the area. Range: 0 … 2147483647
importSummaries Use this element to enable or disable the import of Default:enabled

summary links into the stub area. Range: disabled / enabled
When this attribute is disabled, only the default route will be injected into the area
(by the Area Border Router). When it is enabled, also the summary links are
injected into the area.
Refer to 7.6.1 - Introducing OSPF on page 174 for the definition of a summary link.
translatorRole Use this element to specify whether or not the Telin- Default:candidate
dus 1421 SHDSL Router will unconditionally translate Range: candidate / always
Type-7 LSAs into Type-5 LSAs.
The translatorRole element has the following values:
• always. The Telindus 1421 SHDSL Router always translates Type-7 LSAs into
Type-5 LSAs regardless of the translator state of other NSSA border routers.
• candidate. The Telindus 1421 SHDSL Router participates in the translator elec-
tion process. I.e. only one NSSA border router is elected as Type-7 translator
among all the NSSA border routers that were set as candidate.
translatorInterval Use this element to define the length of time the Tel- Default:00000d 00h 00m 40s
indus 1421 SHDSL Router, if it is an elected Type-7 Range: 00000d 00h 00m 00s -
translator, will continue to perform its translator duties 00000d 18h 12m 15s
once it has determined that its translator status has
been deposed by another NSSA border router translator.
If an NSSA border router is elected as Type-7 translator among all the NSSA bor-
der routers that were set as candidate, then it will continue to perform translation
duties until supplanted by a reachable NSSA border router whose Nt bit is set or
whose router ID is greater. Such an event may happen when an NSSA router with
translatorRole set to always regains border router status, or when a partitioned NSSA
becomes whole. If an elected translator determines its services are no longer
required, it continues to perform its translation duties for the additional time interval
defined by the translatorInterval. This minimizes excessive flushing of translated
Type-7 LSAs and provides for a more stable translator transition.
telindus1421Router/router/ospf/area[ ]/networks Default:<empty>

Use this attribute to identify the interfaces which are part of the area.
The networks table contains following elements:
Element Description
name Use this element to assign an administrative name to Default:<network>

a network. Range: 0 … 24 characters
address Use this element to specify the IP address of the net- Default:0.0.0.0
work. Range: up to 255.255.255.255
mask Use this element to specify the IP address mask of the Default:255.255.255.0
attached network (Network Mask). Range: up to 255.255.255.255
Address and mask define the network address to select the interfaces that will
be part of the OSPF network (with the OSPF parameters defined in this net-
work).
cost Use this element to specify the cost of the link. When Default:0
the cost is set to 0, the actual cost is calculated auto- Range: 0 … 65535
matically.
Refer to 7.6.1 - Introducing OSPF on page 174 for more information about cost.
priority Use this element to set the priority of the link. On the Default:0
basis of this element, the designated router in the net- Range: 0 … 255
work is elected.
Refer to 7.6.1 - Introducing OSPF on page 174 for more information about desig-
nated routers.
This element is only important for broadcast networks. It must not be set for
P2P links.
helloInterval Use this element to specify the length of time, in sec- Default:00000d 00h 00m 30s
onds, between the hello packets that a router sends Range: 00000d 00h 00m 00s -
on an OSPF interface. 00000d 18h 12m 15s
OSPF requires the hello interval and dead interval to be exactly the same
for all routers attached to a common network.
Element Description
deadInterval Use this element to specify the maximum length of Default:00000d 00h 02m 00s
time, in seconds, before the neighbours declare the Range: 00000d 00h 00m 00s -
OSPF router down when they stop hearing the 24855d 3h 14m 07s
router's Hello Packets.
retransmitinterval Use this element to specify the length of time, in sec- Default:00000d 00h 00m 05s
onds, after which an hello packet is retransmitted. Range: 00000d 00h 00m 00s -
00000d 00h 4m 15s
authentication Use this element to authenticate OSPF packets. Default:-
OSPF packets can be authenticated so that routers Range: structure, see below
can be part of routing domains based on predefined passwords. By default, a
router uses a Null authentication which means that routing exchanges over a net-
work are not authenticated. There are two other authentication methods: Simple
Password authentication and Message Digest authentication (MD-5).
Refer to telindus1421Router/router/ospf/area[ ]/networks/authentication on page 459 for a
detailed description of this element.
mode Use this element to activate or disable an interface in Default:active

the OSPF network. Range: active / disabled
When an interface is active it is known in the OSPF network, and will pass OSPF
data through the OSPF network. When it is disabled the interface is known in the
OSPF network, but OSPF data will not be passed through (e.g. if an interface is
connected to the outside world using RIP, the other routers in the area will know
this interface, but there is no OSPF link to the outside world).
telindus1421Router/router/ospf/area[ ]/networks/authentication Default:-

The authentication structure contains the following elements:
Element Description
type Use this element to set the type of authentication. Default:disabled

The type element has the following values: Range: disabled / text/ md5
• disabled. No authentication is done.

• test. This allows a password (key) to be configured per interface. Interfaces of
different routers that want to exchange OSPF information will have to be con-
• md5. Message Digest authentication. This is a cryptographic authentication. A
key (password) and key-id are configured on each router. The router uses an
algorithm based on the OSPF packet, the key, and the key-id to generate an
"authentication secret" that gets added to the packet. Unlike the simple authen-
tication, the key is not exchanged over the wire.
text Use this element to set the password when using text Default:-
authentication. Range: 0 … 8 characters
keyChain Use this element to set the key chain which will be Default:chain
used in this network when using md5 authentication. Range: 0 … 24 characters
telindus1421Router/router/ospf/area[ ]/virtualLinks Default:<empty>

Use this attribute to set up a virtual link between the current area and a
remote area which is not physically connected to the backbone area.
Refer to 7.6.1 - Introducing OSPF on page 174 for more information on the back bone area.
The virtual links table contains following elements:
Element Description
remoteId Use this element to set the IP address of the remote Default:0.0.0.0
router with which the virtual link is established. Range: up to 255.255.255.255
helloInterval Use this element to specify the length of time, in sec- Default:00000d 00h 00m 30s
onds, between the hello packets that a router sends Range: 00000d 00h 00m 00s -
on an OSPF interface. 00000d 18h 12m 15s
deadInterval Use this element to specify the maximum length of Default:00000d 00h 02m 00s
time, in seconds, between the sent hello packets after Range: 00000d 00h 00m 00s -
which the neighbours declare the virtual link down. 24855d 3h 14m 07s
retransmitinterval Use this element to specify the length of time, in sec- Default:00000d 00h 00m 05s
onds, after which an hello packet is retransmitted. Range: 00000d 00h 00m 00s -
00000d 00h 4m 15s
authentication Use this element to authenticate OSPF packets. Default:-
OSPF packets can be authenticated so that routers Range: structure, see below
can be part of routing domains based on predefined passwords. By default, a
router uses a Null authentication which means that routing exchanges over a net-
work are not authenticated. There are two other authentication methods: Simple
Password authentication and Message Digest authentication (MD-5).
Refer to telindus1421Router/router/ospf/area[ ]/virtualLinks/authentication on page 461 for more
information.
telindus1421Router/router/ospf/area[ ]/virtualLinks/authentication Default:-

The authentication structure contains the following elements:
Element Description
type Use this element to set the type of authentication. Default:disabled

The type element has the following values: Range: disabled / text/ md5
• disabled. No authentication is done.

• test. This allows a password (key) to be configured per interface. Interfaces of
different routers that want to exchange OSPF information will have to be con-
• md5. Message Digest authentication. This is a cryptographic authentication. A
key (password) and key-id are configured on each router. The router uses an
algorithm based on the OSPF packet, the key, and the key-id to generate an
"authentication secret" that gets added to the packet. Unlike the simple authen-
tication, the key is not exchanged over the wire.
text Use this element to set the password when using text Default:--
authentication. Range: 0 … 8 characters
keyChain Use this element to set the key chain which will be Default:chain
used in the virtual link when using md5 authentication. Range: 0 … 24 characters
telindus1421Router/router/ospf/area[ ]/ranges Default:<empty>

By defining ranges in an area, Summary-LSAs can be condensed before
being injected in an other area (by defining a larger subnet mask).
Refer to 7.6.1 - Introducing OSPF on page 174 for more information about Summary-LSAs.
Each address range is defined as an address-mask pair. Many separate networks may then be con-
tained in a single address range, just as a subnetted network is composed of many separate subnets.
Area border routers then summarize the area contents (for distribution to the backbone) by advertising
a single route for each address range. The cost of the route is the maximum cost to any of the networks
falling in the specified range.
The ranges table contains following elements:
Element Description
type Use this element to set the type of Summary-LSA that Default:all
has to be created. Range: enumerated, see below
• summary. The area's routing information is condensed.
• nssa. In case of an NNSA, multiple Type-7 LSAs are aggregated into a single
Type-5 LSA.
• all. Both tasks are performed.
network Use this element to set the IP address of the network. Default:0.0.0.0
Range: up to 255.255.255.255
mask Use this element to set the subnet mask. Default:255.255.255.0

Range: up to 255.255.255.255
advertise Use this element to enable or disable the advertise- Default:enabled

ment of the Summary-LSAs into the other areas. Range: enabled / disabled
When this element is disabled, the Summary-LSAs which are part of this range,
will not be known in the other area’s in the OSPF network. When this element is
enabled, the summaries are injected in the other areas of the OSPF network.
tag This element is only relevant in case of NSSAs. Default:0

Use this element to retag the summary of the external Range: 0 … 2147483647
routes entering the NSSA.
11.9.6 Routing filter configuration attributes

• telindus1421Router/router/routingFilter[ ]/filter on page 464
page 42.
telindus1421Router/router/routingFilter[ ]/filter Default:<empty>

Use this attribute to set up a routing update filter.
Only the routes to networks that are specified in the filter table are forwarded. All other routes are blocked.
If the filter table is empty, then all routes are forwarded.
The filter table contains the following elements:
Element Description
network This is the IP address of the network. The address Default:0.0.0.0

may be a (sub-)network address. It should match an Range: up to 255.255.255.255
entry in the telindus1421Router/router/routingTable status
attribute of the Telindus 1421 SHDSL Router.
mask This is the IP subnet mask of the network. By combin- Default:255.255.255.0

ing an IP address with a mask you can uniquely iden- Range: up to 255.255.255.255
tify a range of addresses.
Currently, the Telindus 1421 SHDSL Router supports up to 5 routing update filters. Although you can
add more than 5 routingFilter[ ] objects to the containment tree, no more than 5 will be active.
Example
This example shows a filter that only forwards the route to subnet
192.168.48.0.
11.9.7 Traffic policy configuration attributes

• telindus1421Router/router/trafficPolicy[ ]/method on page 466
• telindus1421Router/router/trafficPolicy[ ]/trafficShaping on page 467
• telindus1421Router/router/trafficPolicy[ ]/dropLevels on page 470
• telindus1421Router/router/trafficPolicy[ ]/tos2QueueMapping on page 472
page 42.
telindus1421Router/router/trafficPolicy[ ]/method Default:trafficShaping

Use this attribute to choose an IP traffic policy method. This IP traffic policy
is then used to …
• determine, on traffic overload conditions, how and which queues are filled with the “excess” data.
Refer to 7.8 - Configuring traffic and priority policy on the router on page 200.
• do policy based routing. Refer to 7.4 - Configuring policy based routing on page 160.
• filter data on an interface. Refer to 9.2 - Configuring the access restrictions on page 258.
The method attribute has the following values:
Value Description
trafficShaping The data is …

• redirected to the queues based on the settings of the attribute telindus1421Router/
router/trafficPolicy[ ]/trafficShaping (queuing).
• redirected to an interface or a gateway based on the settings of the attribute
telindus1421Router/router/trafficPolicy[ ]/trafficShaping (policy based routing).
• filtered based on the settings of the attribute telindus1421Router/router/trafficPolicy[ ]/
trafficShaping (extended access list).
tosDiffServ The data is redirected to the queues based on DiffServ (refer to RFC 2597) regard-
ing class and drop precedence. Refer to What is AF PHB? on page 203.
This means that, depending on their DSCP field in the TOS byte, some packets
are moved to other queues and/or dropped sooner than other packets in case the
queue is full.
The highest 3 bits of the DSCP field are mapped as follows:
Bit values … are mapped to …
000 up to 100 queues 1 up to 5, respectively.
101 and higher the low delay queue.
The next 2 bits of the DSCP field define the drop levels:
Bit values … correspond with …
00 and 01 dropLevel1
10 dropLevel2
11 dropLevel3
Refer to the attribute telindus1421Router/router/trafficPolicy[ ]/dropLevels for more informa-

tion on drop levels.
tosMapped The data is redirected to …

• the queues based on the settings of the attribute telindus1421Router/router/trafficPol-
icy[ ]/tos2QueueMapping (queuing).
• an interface or a gateway based on the settings of the attribute
telindus1421Router/router/trafficPolicy[ ]/tos2QueueMapping (policy based routing).
telindus1421Router/router/trafficPolicy[ ]/trafficShaping Default:<empty>

The function of this attribute is threefold:
• Traffic and priority policing
In case you have set the telindus1421Router/router/trafficPolicy[ ]/method attribute to trafficShaping, then use
the trafficShaping table to specify which data has to be redirected to which queue. If an overload con-
dition occurs, then a packet is redirected to the specified queue when the criteria as specified in the
trafficShaping table are met.
Refer to 7.8 - Configuring traffic and priority policy on the router on page 200.
• Policy based routing
the trafficShaping table to specify which data has to be redirected to which interface or gateway. Pack-
ets are redirected to the specified interface or gateway when the criteria as specified in the trafficShap-
ing table are met.
Refer to 7.4 - Configuring policy based routing on page 160.
• Extended access list
the trafficShaping table to specify which data is forwarded. Packets are forwarded when the criteria as
specified in the trafficShaping table are met. If more than one entry applies to the same packet, then the
entry which has the narrowest filter range (when looking at the filter criteria from left to right) is cho-
sen.
Refer to 9.2 - Configuring the access restrictions on page 258.
Important remarks
• By default, the entries in the trafficShaping table are “allow” rules. I.e. only the traffic defined in the table
is permitted, all other traffic is discarded (independent whether the traffic shaping table is used as an
access list, for priority policing or policy based routing). However, you can inverse an entry making it
a “deny” rule by entering “discard” as value of the interface element.
• If more than one entry applies to the same packet, then the entry which has the narrowest filter range
(when looking at the filter criteria from left to right) is chosen. For example: two rows in the trafficShaping
table apply to the same packet, but row 1 wants to forward packets to queue 3 and row 2 wants to
forward packets to the low delay queue. In that case, first the IP source address is considered. The
row with the smallest range wins. If the ranges are exactly the same, then the IP destination address
is considered. And so on. Should the two rows be completely identical except for the queue, then one
of the rows is chosen at random.
• You do not necessarily have to fill in IP addresses in the trafficShaping table. It is perfectly valid to filter
on IP protocol, IP protocol/port combination or TOS values only. However, you can not filter on port
numbers only. What is more, you can only filter on port numbers when the IP protocol is set to TCP
or UDP. So in other words, if the IP protocol element is set to a value different from TCP or UDP, then
The trafficShaping table contains the following elements:
Element Description
sourceIpStart- Use these elements to set the IP source address as Default:0.0.0.0

Address specified in the IP header. Range: up to 255.255.255.255
sourceIpEnd- Packets that fall within the specified range are forwarded and queued if applicable.
Address
destinationIpStart- Use these elements to set the IP destination address Default:0.0.0.0

Address as specified in the IP header. Range: up to 255.255.255.255
destinationIpEnd- Packets that fall within the specified range are forwarded and queued if applicable.
Address
tosStartValue Use these elements to set the TOS byte value. Default:any(start)/optional(end)
Packets that fall within the specified range are for- Range: 0 … 256
tosEndValue
warded and queued if applicable.
ipProtocol Use this element to set the protocol field from the IP Default:any
header. Range: 0 … 255
Packets that have the specified protocol field are forwarded and queued if applica-
ble.
You can specify the protocol by typing the protocol number. For ease of use, some
common protocols can be selected from a drop-down box: any (0), ICMP (1), IGMP
(2), IPinIP (4), TCP (6), EGP (8), IGP (9), UDP (17), RSVP (46), IGRP (88), OSPFIGP (89),
TCPestablished (255).
sourcePortStart Use these elements to set the source port as specified Default:any(start)/optional(end)
in the UDP / TCP headers. Range: 0 … 65535
sourcePortEnd
Packets that fall within the specified range are forwarded and queued if applicable.
You can specify the port by typing the protocol number. For ease of use, some
common port numbers can be selected from a drop-down box: any or optional (0),
echo (7), discard (9), ftp-data (20), ftp (21), telnet (23), smtp (25), domain (53), www-http
(80), pop3 (110), nntp (119), snmp (161), snmptrap (162), z39.50 (210), syslog (514),
router (520), socks (1080), I2tp (1701), telindus (1728).
Note that the predefined “echo” value is a UDP port. It has nothing to do with
ICMP echo.
destinationPortStart Use these elements to set the destination port as Default:any(start)/optional(end)

specified in the UDP / TCP headers. Range: 0 … 65535
destinationPortEnd
You can specify the port by typing the protocol number. For ease of use, some
common port numbers can be selected from a drop-down box: see above.
newTosValue Use this element to set the new TOS byte value. Default:unchanged
When you select a new TOS byte value, then a packet Range: 0 … 256
that matches an entry in the trafficShaping table its TOS byte value is changed.
Selecting unchanged, leaves the TOS byte value as it is.
Element Description
priority Use this element to set the destination queue for a Default:queue1
packet matching an entry in the trafficShaping table. Range: enumerated, see below
In case an overload condition occurs, then a packet that matches an entry in the
trafficShaping table is sent to the specified queue.
The priority element has the following values: queue1, queue2, queue3, queue4, queue5,
lowDelayQueue.
interface Use this element to set the destination interface for a Default:<empty>
packet matching an entry in the trafficShaping table. Range: 0 … 24 characters
This is policy based routing.
Type the name of the interface in the interface element, e.g. lan.
Note that by default, the entries in the trafficShaping table are “allow” rules. I.e. only
the traffic defined in the table is permitted, all other traffic is discarded (independ-
ent whether the traffic shaping table is used as an access list, for priority policing
or policy based routing). However, you can inverse an entry making it a “deny” rule
by entering “discard” as value of the interface element.
gateway Use this element to set the gateway for a packet Default:<opt>
matching an entry in the trafficShaping table. This is pol- Range: up to 255.255.255.255
icy based routing.
Start and end values
Except for the ipProtocol, newTosValue and priority elements, it is possible to specify ranges using the start
and end values. There are two special cases:
• A start value is entered, but no end value ⇒ an exact match is needed for the start value.
• Neither a start nor an end value is entered ⇒ the field is not checked.
telindus1421Router/router/trafficPolicy[ ]/dropLevels Default:-

Use this attribute to define for each user configurable queue, how many
packets may be queued before they are dropped.
The dropLevels table contains the following elements:
Element Description
dropLevel1 Use this element to set the maximum length (drop Default:100
level 1), in packets, of each user configurable queue. Range: 1 … 3000
In case you set the attribute telindus1421Router/router/trafficPolicy[ ]/method to …
• trafficShaping or tosMapped, then only this drop level is relevant.
• tosDiffServ, then this drop level corresponds with the drop level bits value 00 and
01.
• trafficShaping or tosMapped, then this drop level is not relevant.
• tosDiffServ, then this drop level corresponds with the drop level bits value 10.
• trafficShaping or tosMapped, then this drop level is not relevant.
• tosDiffServ, then this drop level corresponds with the drop level bits value 11.
Examples
Suppose …
• telindus1421Router/router/trafficPolicy[ ]/method is set to trafficShaping or tosMapped.
• for queue 1 you set maxLength1 = 1000, for queue 2 to 500, for queue 3 to 3000, for queue 4 to 1000
and for queue 5 to 200.
In this case, packets are dropped when the amount of packets in the queue exceeds the amount as
specified with the maxLength1 element.
Suppose …
• telindus1421Router/router/trafficPolicy[ ]/method is set to tosDiffServ.
• for queue 1 you set maxLength1 = 100, maxLength2 = 200 and maxLength3 = 50.
In this case, the following applies:
Queue 1 contains … data An incoming data packet with … is …

packets.
drop level1 1 drop level 2 drop level 3
less than 50 accepted accepted accepted
more than 50, less than 100 accepted accepted dropped
more than 100, less than 200 dropped accepted dropped
more than 200 dropped dropped dropped
1. As defined in the TOS byte.

telindus1421Router/router/trafficPolicy[ ]/tos2QueueMapping Default:<empty>

• Traffic and priority policing
In case you have set the telindus1421Router/router/trafficPolicy[ ]/method attribute to tosMapped, then use the
tos2QueueMapping table to specify which data has to be redirected to which queue. If an overload con-
dition occurs, then a packet is redirected to the specified queue when the criteria as specified in the
tos2QueueMapping table are met.
Refer to 7.8 - Configuring traffic and priority policy on the router on page 200 and 8.3.2 - Configuring
a traffic policy on the bridge on page 249.
• Policy based routing
In case you have set the telindus1421Router/router/trafficPolicy[ ]/method attribute to tosMapped, then use the
tos2QueueMapping table to specify which data has to be redirected to which interface or gateway. Pack-
ets are redirected to the specified interface or gateway when the criteria as specified in the
tos2QueueMapping table are met.
Refer to 7.4 - Configuring policy based routing on page 160.
The tos2QueueMapping table contains the following elements:
Element Description
startTos Use these elements to set the TOS byte value. Default:0 (start) / 255 (end)
endTos Packets that have a TOS byte value within the speci- Range: 0 … 255
fied range are redirected to the targetQueue.
targetQueue Use this element to set the destination queue. Default:Queue1

The targetQueue element has the following values: Range: enumerated, see below
Queue1, Queue2, Queue3, Queue4, Queue5, lowDelayQueue.
interface Use this element to set the destination interface for a Default:<empty>
packet matching an entry in the tos2QueueMapping Range: 0 … 24 characters
table. This is policy based routing.
Type the name of the interface in the interface element, e.g. lan.
gateway Use this element to set the gateway for a packet Default:<opt>
matching an entry in the tos2QueueMapping table. This Range: up to 255.255.255.255
is policy based routing.
11.9.8 Priority policy configuration attributes

• telindus1421Router/router/priorityPolicy[ ]/algorithm on page 474
• telindus1421Router/router/priorityPolicy[ ]/countingPolicy on page 476
• telindus1421Router/router/priorityPolicy[ ]/queueConfigurations on page 476
• telindus1421Router/router/priorityPolicy[ ]/lowdelayQuotum on page 476
• telindus1421Router/router/priorityPolicy[ ]/bandwidth on page 477
page 42.
telindus1421Router/router/priorityPolicy[ ]/algorithm Default:fifo

Use this attribute to determine how and which queues are emptied.
The algorithm attribute has the following values:
Value Description
fifo This is a First In First Out queue. The data that enters the queue first, also leaves
the queue first. This is the fastest but most superficial queuing mechanism.
You can change the maximum length of the FIFO queue on an interface using the
configuration attribute maxFifoQLen.
roundRobin This is a priority queuing mechanism. In this case, all user configurable queues
containing data have an equal weight. In other words, if all the user configurable
queues contain data, they are addressed in turns. The low delay has a higher pri-
ority, it is addressed between every user configurable queue. The system queue
has absolute priority, it is emptied as soon as it contains data.
• Queues 1 up to 5: user configurable queues. These queues are addressed in
turns.
• Queue 6: low delay queue. This queue is addressed between every user con-
figurable queue.
• Queue 7: system queue. This queue has absolute priority over all other queues.
As soon as it contains data, it is emptied.
absolutePriority This is a priority queuing mechanism. In this case, queues with a high priority have
absolute priority over queues with a low priority. In other words, no lower priority
queue is emptied as long as a higher priority queue contains data.
The priority of the queues runs parallel to the queue number. I.e. the user config-
urable queue number 1 has the lowest priority, whereas the system queue
(number 7) has the highest priority.
• Queues 1 up to 5: user configurable queues. Queue 1 has the lowest priority
whereas queue 5 has the highest priority. A lower priority queue is only emptied
in case no higher priority queue contains data.
• Queue 6: low delay queue. This queue is only emptied in case the system
queue contains no data.
Note that there is a risk of starvation. This means that it is possible that the
lower priority queues are never emptied because a higher priority queue
continuously receives data.
Value Description
weightedFair- This is a priority queuing mechanism. In this case, the user configurable queues
Queueing are addressed based on their weight. The low delay has a higher priority, it is
addressed between every user configurable queue. The system queue has abso-
lute priority, it is emptied as soon as it contains data.
• Queues 1 up to 5: user configurable queues. These queues are addressed
based on their weight. The weight can be configured in the telindus1421Router/
router/priorityPolicy[ ]/queueConfigurations attribute.
• Queue 6: low delay queue. This queue is addressed between every user con-
figurable queue.
lowDelayWeighted- This is a priority queuing mechanism. It is a combination of absolute priority and

FairQueueing weighted fair queueing. In this case, the user configurable queues are addressed
based on their weight. The low delay queue has absolute priority over all user con-
figurable queues and the system queue has absolute priority over all queues.
• Queues 1 up to 5: user configurable queues. These queues are addressed
based on their weight. The weight can be configured in the telindus1421Router/
router/priorityPolicy[ ]/queueConfigurations attribute.
• Queue 6: low delay queue. This queue has absolute priority over all user con-
figurable queues. If the system queue does not contain data but the low delay
queue and the user configurable queues do, then it is the low delay queue that
is emptied.
In a network that carries both voice and data, the lowDelayWeightedFairQueueing

algorithm is the most suited mechanism to get the voice over the network
with a minimum delay. In this case, the voice has to be queued in the low
delay queue.
telindus1421Router/router/priorityPolicy[ ]/countingPolicy Default:bytes

Use this attribute to define whether the quotum of the queues is expressed
in bytes or packets.
telindus1421Router/router/priorityPolicy[ ]/queueConfigurations Default:<empty>

Use this attribute to …
• set the number of bytes/packets that is dequeued from the user configurable queue when the queue
is addressed.
• set the relative importance of the user configurable queues.
The queueConfigurations table contains the following elements:
Element Description
quotum Use this element to set the number of bytes/packets Default:1500

that is dequeued from the user configurable queue Range: 1 … 25000
when the queue is addressed.
The unit of the quotum (bytes or packets) can be set with the telindus1421Router/
router/priorityPolicy[ ]/countingPolicy attribute.
weight Use this element to set the relative importance of the Default:1
user configurable queues. Range: 1 … 10
The weight element is only relevant in case the telindus1421Router/router/priorityPolicy[ ]/
algorithm attribute is set to weightedFairQueueing.
Example
Suppose queue 1 has weight 2, queue 2 has weight 1 and both queues contain
data. In that case the queues are emptied in the following order: queue 1 → queue
1 → queue 2 → queue 1 → queue 1 → queue 2 → etc.
Refer to 7.8.1 - Introducing traffic and priority policy on page 201 for more information on queues.
telindus1421Router/router/priorityPolicy[ ]/lowdelayQuotum Default:1500

Range: 1 … 25000
Use this attribute to set the number of bytes/packets that is dequeued from
the low delay queue when the queue is addressed. The unit of the quotum (bytes or packets) can be set
with the telindus1421Router/router/priorityPolicy[ ]/countingPolicy attribute.
telindus1421Router/router/priorityPolicy[ ]/bandwidth Default:-

Use this attribute to set the bandwidth per queue.
The bandwidth table contains the following elements:
Element Description
cir Use this element to set the Committed Information Default:0

Rate (CIR), in bits per second, of the different queues. Range: 0 … 2147483647
Using entry 1 up to 5 in the bandwidth table you can set the CIR for queues 1 up to
5, respectively. Using entry 6 in the bandwidth table you can set the CIR for the low
delay queue.
If the CIR is exceeded, then the data is first queued. The amount of data that is
queued can be set using the maxFifoQLen attribute. If the queue is completely filled
up, then the data is discarded.
11.9.9 VRRP configuration attributes

• telindus1421Router/router/vrrp[ ]/vrId on page 479
• telindus1421Router/router/vrrp[ ]/ipAddresses on page 479
• telindus1421Router/router/vrrp[ ]/interfaces on page 480
• telindus1421Router/router/vrrp[ ]/criticals on page 480
• telindus1421Router/router/vrrp[ ]/advertiseInterval on page 481
• telindus1421Router/router/vrrp[ ]/preemptMode on page 481
page 42.
telindus1421Router/router/vrrp[ ]/vrId Default:0

Range: 0 … 255
Use this attribute to set the identification of the virtual router. Specify a
number between 1 and 255. The VRID has to be set the same on all participating routers.
Setting the vrId to 0 (default) disables this virtual router instance.
telindus1421Router/router/vrrp[ ]/ipAddresses Default:<empty>

Use this attribute to configure one or more IP addresses on the virtual
router.
The ipAddresses table contains the following element:
Element Description
address Use this element to configure the IP address of the vir- Default:0.0.0.0
tual router. This address must be the same on all rout- Range: up to 255.255.255.255
ers participating in this virtual router.
By adding several IP addresses, several IP addresses can be configured on a sin-
gle virtual router. This can be used to ensure redundancy while migrating from one
address scheme to another. It cannot be used for load balancing purposes, in this
case multiple virtual routers must be used.
If no IP address is configured, this virtual router instance is not active.
It is important that all VRRP routers have a physical interface configured with an IP address in the same
subnet as the virtual router. The VRRP protocol sends only IP addresses and not subnet information.
Without the corresponding subnet information, the VRRP router will add the virtual router address as a
single IP address with a host (255.255.255.255) netmask. This will prevent routing from working prop-
erly, as the virtual router will not listen to broadcasts from the local network.
telindus1421Router/router/vrrp[ ]/interfaces Default:<empty>

Use this attribute to add Ethernet-alike interfaces2 to the virtual router and
assign a priority to them. This priority is used in the master virtual router election process.
The interfaces table contains the following element:
Element Description
name Use this element to specify the name of the interface Default:<empty>
that you want to add to the virtual router. Range: 0 … 36 characters
priority Use this element to specify the priority of the interface. Default:100
Specify a number between 1 and 254. The higher the Range: 1 … 254
number, the higher the priority.
The numbers 0 and 255 are reserved numbers and cannot be set by the user:
• 0 specifies that the master has stopped working and that the backup router
needs to transition to master state.
• 255 specifies that the VRRP router is the IP address owner and therefore is
master, independently from the priority settings.
Refer to 7.9.1 - Introducing VRRP on page 219 for more information on how the
priority plays a role in the election of a master virtual router.
telindus1421Router/router/vrrp[ ]/criticals Default:<empty>

Use this attribute to specify which interfaces must be up before a router may
be elected as master virtual router.
The criticals table contains the following element:
Element Description
name Use this element to specify the name of the interface Default:<empty>
that must be up before the router may be elected as Range: 0 … 36 characters
master.
So as soon as an interface that is defined in the criticals table goes down, the com-
plete router is considered to be down (on VRRP level that is). In that case, a new
master has to be elected. So this adds an extra condition to the election process
as shown in How is a master virtual router elected? on page 220.
2. Ethernet-alike interfaces are e.g. an Ethernet interface, a VLAN on an Ethernet interface, a

bridge group, a VLAN on a bridge group, etc.
telindus1421Router/router/vrrp[ ]/advertiseInterval Default:00000d 00h 00m 01s

Range: 00000d 00h 00m 00s -
Use this attribute to set the time between VRRP advertisement transmis- 00000d 18h 12m 15s
sions.
Actually, only the master virtual router sends VRRP advertisements. However, the advertisement inter-
val has to be set the same on all participating routers.
telindus1421Router/router/vrrp[ ]/preemptMode Default:enabled

Use this attribute to allow a backup virtual router to take over from the mas-
ter virtual router in case the backup virtual router has a higher priority on the enclosing virtual router.
The preemptMode attribute has the following values:
Value Description
enabled If after a router is elected as master a backup appears which has a higher priority
than the master, then the backup begins to send its own advertisements. The cur-
rent master will see that the backup has higher priority and stop functioning as the
master. The backup will then see that the master has stopped sending advertise-
ments and assume the role of master.
disabled Once a router is elected as master, it stays master until it goes down. So the
appearance of a backup with a higher priority after the master has been elected
does not cause a new election process.
While preemption can ensure that a primary router will return to master status once it returns to service,
preemption also causes a brief outage while the election process takes place. Disabling preemption will
ensure maximum up-time on the network, but will not always result in the primary or highest priority
router acting as master.
Note that, regardless of the setting of the preemptMode attribute, the VRRP IP address owner will always
preempt.
11.10 Bridge configuration attributes
This section discusses the configuration attributes concerned with bridging. First it describes the general
bridging configuration attributes. Then it explains the configuration attributes of the extra features as
there are access listing, user priority mapping, etc…
• 11.10.1 - Bridge group configuration attributes on page 483
• 11.10.2 - Bridge access list configuration attributes on page 495
• 11.10.3 - Bridge traffic policy configuration attributes on page 497
11.10.1 Bridge group configuration attributes

• telindus1421Router/bridge/bridgeGroup/name on page 484
• telindus1421Router/bridge/bridgeGroup/ip on page 484
• telindus1421Router/bridge/bridgeGroup/arp on page 484
• telindus1421Router/bridge/bridgeGroup/bridgeCache on page 485
• telindus1421Router/bridge/bridgeGroup/bridgeTimeOut on page 486
• telindus1421Router/bridge/bridgeGroup/spanningTree on page 486
• telindus1421Router/bridge/bridgeGroup/localAccess on page 487
• telindus1421Router/bridge/bridgeGroup/macAddress on page 488
• telindus1421Router/bridge/bridgeGroup/vlan on page 489
• telindus1421Router/bridge/bridgeGroup/multiVlans on page 491
• telindus1421Router/bridge/bridgeGroup/vlanSwitching on page 493
telindus1421Router/bridge/bridgeGroup/name Default:bridge
Use this attribute to assign an administrative name to the bridge.
This attribute is only present on the default bridge group (bridgeGroup), not on the user instantiatable
bridge groups (vpnBridgeGroup[ ]). The user instantiatable bridge groups their name is the index name that
you have to specify when you add the bridge group object to the containment tree (refer to 8.2.3 - Adding
a bridge group on page 239).
telindus1421Router/bridge/bridgeGroup/ip Default:<empty>
Use this attribute to configure the IP related parameters of the bridge.
Refer to …
Important remark
If you set the configuration attribute telindus1421Router/lanInterface/mode to bridging, then the settings of the
configuration attribute telindus1421Router/lanInterface/ip are ignored. As a result, if you want to manage the
Telindus 1421 SHDSL Router via IP, you have to configure an IP address in the bridgeGroup object
instead: telindus1421Router/bridge/bridgeGroup/ip.
telindus1421Router/bridge/bridgeGroup/arp Default:-
Use this attribute to configure the Address Resolution Protocol (ARP) cache
of the bridge.
Refer to telindus1421Router/lanInterface/arp on page 359 for a detailed description of the arp structure.
telindus1421Router/bridge/bridgeGroup/bridgeCache Default:learning
Use this attribute to determine how the bridge group should act: as a
repeater, a filter or a switch.
The bridgeCache attribute has the following values:
Value Description
disabled The bridge group acts as a

repeater.
All the data which origi-
nates from network 1 will
be let through to network
2. Even if the data is not
destined for that network.
learning The bridge group acts as a filter.

Data coming from network 1, will only be let through by the bridge if this data has
a destination outside network 1 or if it has a broadcast or multicast address. This
means the bridge filters the data and decreases the amount of data traffic on the
separated LAN segments.
switching The bridge group acts as a VLAN switch.

VLANs on network 1 are switched to VLANs on network 2. Use the vlanSwitching
attribute to specify which VLANs you want to switch. Refer to …
What is the bridge cache?
Whereas the ARP cache keeps MAC address - IP address pairs, the bridge cache (also called address
database) keeps MAC address - interface pairs. This allows the bridge to know which device is reacha-
ble through which interface. Refer to telindus1421Router/bridge/bridgeGroup/bridgeCache on page 615 for an
example of such a table.
telindus1421Router/bridge/bridgeGroup/bridgeTimeOut Default:00000d 00h 05m 00s

Range: 00000d 00h 00m 00s-
Use this attribute to set the ageing time of the bridge cache entries. 24855d 03h 14m 07s
The bridge cache time-out
If devices on the network are (re)moved then the MAC address - interface relation changes (refer to
What is the bridge cache?). Therefore, the bridge cache entries are automatically removed from the
cache after a fixed time-out. This time-out period can be set with the bridgeTimeOut attribute. This in case
no topology change is detected, otherwise the time-out is equal to the value of the bridgeForwardDelay ele-
ment of the spanningTree attribute.
When checking the bridgeCache it may appear that some entries are present for a longer time than is con-
figured with the bridgeTimeOut attribute. This because the entries in the bridgeCache are not monitored con-
tinuously, but once per minute. As a result, some entries may appear to be “overtime”. However, this
should be no more than ± 75 seconds.
telindus1421Router/bridge/bridgeGroup/spanningTree Default:-
Use this attribute to configure the bridging related parameters.
Whereas the bridging attribute groups the bridging related parameters per interface, the spanningTree
attribute groups the bridging related parameters of the bridge as a whole.
The spanningTree structure contains the following elements:
Element Description
protocol Use this element to select the bridging protocol. Default:none

The protocol element has the following values: Range: enumerated, see below
• none. The Telindus 1421 SHDSL Router uses the self-learning principle.
This means that the bridge itself learns which data it has to forward and which
data it has to block. I.e. it builds its own bridging table.
• p802.1D. The Telindus 1421 SHDSL Router uses the self-learning principle in
conjunction with the Spanning Tree protocol.
Because Spanning Tree bridging is somewhat more complicated than self-
learning bridging, an introduction is given in 8.1.2 - The self-learning and Trans-
parent Spanning Tree bridge on page 228.
When using Frame Relay or ATM encapsulation on the WAN interface

together with the Spanning Tree protocol, every DLCI or PVC link is consid-
ered as a separate bridge port. Each link is than considered as a special
kind of LAN with only both end points connected.
Element Description
bridgePriority Use this element to set the priority of the bridge. Default:32768
The bridge its MAC address together with the Range: 0 … 65535
bridgePriority element form a unique bridge identifier. This identifier is used to deter-
mine which bridge becomes the root bridge.
The bridge with the lowest bridgePriority value becomes the root bridge. If two
bridges have the same bridgePriority value, then the bridge with the lowest MAC
address becomes the root bridge.
bridgeMaxAge Use this element to set the time the bridge retains Default:00000d 00h 00m 20s
bridging information before discarding it. Range: 00000d 00h 00m 06s -
00000d 00h 00m 40s
bridgeHelloTime Use this element to set the interval by which the root Default:00000d 00h 00m 02s
bridge sends Configuration BPDUs, also called Hello Range: 00000d 00h 00m 01s -
messages. 00000d 00h 00m 10s
bridgeForwardDelay Use this element to set … Default:00000d 00h 00m 15s

• the delay a bridge port applies to move from listen- Range: 00000d 00h 00m 04s -
00000d 00h 00m 30s
ing state to learning state or from learning state to
forwarding state. Refer to 8.1.5 - The Spanning Tree bridge port states on
page 231 for more information on the possible states of a bridge port.
• the time-out (or ageing) for purging MAC addresses from the bridge cache in
case a topology change is detected.
telindus1421Router/bridge/bridgeGroup/localAccess Default:permitted
Use this attribute to allow or deny access to the bridge group itself.
The localAccess attribute has the following values:
Value Description
permitted Bridged packets can be delivered to the bridge group itself.
restricted No bridged packets can be delivered to the bridge group itself. This adds some
security, because the Telindus 1421 SHDSL Router can not be accessed through
the bridge group.
You could for instance create one bridge group specifically for …
• management purposes. In this bridge group, set the localAccess attribute to peri-
mitted.
• the actual data coming from the customers. In this bridge group, set the localAc-
cess attribute to restricted. In this way, the customer can never access the Telin-
dus 1421 SHDSL Router itself.
telindus1421Router/bridge/bridgeGroup/macAddress Default:<deviceMac> lan

Range: choice, see below
Use this attribute to determine whether a fixed, a random or a user defined
MAC address is associated with the bridge group.
The macAddress attribute has the following values:
Value Description
deviceMac A MAC address from the Telindus 1421 SHDSL Router itself is associated with the
bridge group.
Use the second part of the macAddress attribute to define which MAC address has
to be selected:
• lan. The LAN interface its MAC address is associated with the bridge group.
• random. The Telindus 1421 SHDSL Router generates a random MAC address
and this is associated with the bridge group.
userMac A user defined MAC address is associated with the bridge group.
Use the second part of the macAddress attribute to enter the MAC address.
telindus1421Router/bridge/bridgeGroup/vlan Default:-
Use this attribute to set up a VLAN on the bridge group in case you want to
manage the Telindus 1421 SHDSL Router over a VLAN.
protocol stack of the Telindus 1421 SHDSL Router (e.g. so that it can be routed), then you have to con-
figure the VLAN on the bridge group.
You can …
Group/vlan on page 489.
multiVlans on page 491.
Element Description
dotQTagging Use this element to enable or disable … Default:disabled

• the VLAN tagging of Ethernet frames sent by the Range: enabled / disabled
• the recognition of VLAN tagged Ethernet frames received by the Telindus 1421
SHDSL Router.
As said before, you can either use the vlan attribute or the multiVlan attribute.
So, if you set the dotQTagging element to …
• enabled, then only the vlan attribute is considered and the multiVlan attribute is
ignored.
• disabled, then only the multiVlan attribute is considered and the vlan attribute is
ignored.
vid Use this element to set the VLAN ID over which the Default:1
Telindus 1421 SHDSL Router can be managed. Range: 1 … 4094
userPriority Use this element to set the user priority in the VLAN Default:0
tag and this for all frames sent by the Telindus 1421 Range: 0 … 7
SHDSL Router.
Element Description
telindus1421Router/bridge/bridgeGroup/multiVlans Default:<empty>
Use this attribute to set up (a) VLAN(s) on the bridge group in case you want
to manage the Telindus 1421 SHDSL Router over (a) VLAN(s).
protocol stack of the Telindus 1421 SHDSL Router (e.g. so that it can be routed), then you have to con-
figure the VLAN on the bridge group.
You can …
Group/vlan on page 489.
multiVlans on page 491.
The multiVlans table contains the following elements:
Element Description

the VLAN. Range: 0 … 24 characters

the VLAN. Range: up / down

ters of the VLAN. Range: structure, see below
Refer to …
ing IP addresses.
structure.
vlan Use this element to configure the specific VLAN Default:-

Refer to telindus1421Router/bridge/bridgeGroup/multiVlans/vlan on page 492 for a detailed
description of the vlan structure.
telindus1421Router/bridge/bridgeGroup/multiVlans/vlan Default:-
Use this structure to configure the specific VLAN related parameters of a
VLAN.
Element Description
vid Use this element to set the VLAN ID. Default:1

Range: 1 … 4095
txCos Use this element to set the default user priority Default:0
(802.1P, also called COS) of the transmitted VLAN Range: 0 … 7
frames.
arp Use this element to configure the Address Resolution Default:-

Protocol (ARP) cache. Range: structure, see below
Refer to telindus1421Router/lanInterface/arp on page 359 for more information.
telindus1421Router/bridge/bridgeGroup/vlanSwitching Default:<empty>
Use this attribute specify which VLANs you want to switch in case the bridge
group is used as a VLAN switch. Note that you have to enable VLAN switching on the bridge group by
setting the bridgeCache attribute to switching. Refer to …
The vlanSwitching attribute contains the following elements:
Element Description
sourceIntf Use this element to enter the name of the (physical) Default:<empty>
source interface which carries the VLAN that has to Range: 0 … 24 characters
be switched.
sourceVlan Use this element to enter the VLAN ID of the VLAN Default:1
that has to be switched. Range: 0 … 4094
Stripping the VLAN tag
Entering 0 as VLAN ID strips the VLAN tag of the Ethernet frame.

Example: suppose you enter 1 as srcVlan and 0 as dstVlan. So VLAN 1 is switched
from the source interface to the destination interface. But before it is sent out on
the destination interface, the VLAN tag is stripped. So instead of VLAN tagged
Ethernet frames, plain Ethernet frames are sent out. In the opposite direction how-
ever, the VLAN tag is added again.
sourcePMap Use this element to, if desired, remap the VLAN prior- Default:-
ities. The priorities defined in the sourcePMap are Range: structure, see below
applied after the VLAN is switched from destinationVlan
to sourceVlan.
The structure contains the elements p0 up to p7, which represent priority
0 up to priority 7. If you want to remap priorities, then enter the new priority
value under one of these priority elements.
Example: suppose you want to remap priority 5 to priority 7, then enter 7
as value of the p5 element.
destinationIntf Use this element to enter the name of the (physical) Default:<empty>
destination interface which carries the VLAN when it Range: 0 … 24 characters
has been switched.
The destination interface can also be a bridge group, in that case just enter the
name of the bridge group.
destinationVlan Use this element to enter the VLAN ID of the VLAN Default:1
when it has been switched. Range: 0 … 4094
Entering 0 as VLAN ID strips the VLAN tag of the Ethernet frame. Refer to Strip-
ping the VLAN tag for more information.
Element Description
destinationPMap Use this element to, if desired, remap the VLAN prior- Default:-
ities. The priorities defined in the destinationPMap are Range: structure, see below
applied after the VLAN is switched from sourceVlan to
destinationVlan.
Refer to the sourcePMap element for more information on this structure.
Note that the switching always happens in both directions (bidirectional, i.e. from source to destination
and vice versa).
11.10.2 Bridge access list configuration attributes

• telindus1421Router/bridge/accessList[ ]/macAddress on page 496
page 42.
telindus1421Router/bridge/accessList[ ]/macAddress Default:<empty>

Use this attribute to filter bridged frames based on the source MAC address.
This is an outbound access list. Packets coming from MAC addresses that are specified in the access
list are not sent out on the interface on which the access list is applied.
To apply the access list on a bridge interface, type the index name of the accessList[ ] object as value of
the accessList element in the bridging structure.
Example
If you created an accessList object with index name my_access_list (i.e. access-
List[my_access_list]) and you want to apply this access list on a bridge interface, then
enter the index name as value for the accessList element in the bridging structure.
11.10.3 Bridge traffic policy configuration attributes

• telindus1421Router/bridge/trafficPolicy[ ]/vlanPriorityMap on page 498
• telindus1421Router/bridge/trafficPolicy[ ]/dropLevels on page 498
page 42.
telindus1421Router/bridge/trafficPolicy[ ]/vlanPriorityMap Default:-

Use this attribute to impose a bridging traffic policy on the bridged VLAN
frames received by the Telindus 1421 SHDSL Router.
Each VLAN frame has a certain priority (this is specified in the 802.1P part of the 802.1Q header of the
VLAN frame). In case a traffic overload condition occurs and in case you imposed this traffic policy on a
certain interface, then the VLAN frames are sent to a queue. Using the vlanPriorityMap attribute, you can
specify which VLAN frame is sent to which queue based on the priority of the VLAN frame.
The vlanPriorityMap structure contains the following elements:
Element Description
priority0 Use these elements to define which priority corresponds with which queue. The
… possible queues are: queue1 up to queue5 and lowDelayQueue. To empty these
queues, specify a priority policy.
priority7
Frames that are not tagged are all considered to have priority 0.
Refer to 8.3.2 - Configuring a traffic policy on the bridge on page 249 for more
information on traffic policy, priority policy and priority queuing.
telindus1421Router/bridge/trafficPolicy[ ]/dropLevels Default:-

Use this attribute to define for each user configurable queue, how many
packets may be queued before they are dropped.
The dropLevels table contains the following element:
Element Description
dropLevel1 Use this element to set the maximum length, in pack- Default:100
ets, of each user configurable queue. Range: 1 … 3000
11.11 SNMP configuration attributes

• telindus1421Router/snmp/trapDestinations on page 500
• telindus1421Router/snmp/mib2Traps on page 500
telindus1421Router/snmp/trapDestinations Default:<empty>
Use this attribute to define to which IP address the SNMP traps have to be
sent.
The Telindus 1421 SHDSL Router translates all alarm status changes into SNMP traps. These traps can
then be sent to a management system. To enable this, configure in the trapDestinations table the IP
addresses to which the traps have to be sent. If the trapDestinations table is empty then no traps are sent.
The trapDestinations table contains the following elements:
Element Description
address Use this element to set the IP address of the manage- Default:0.0.0.0
ment station to which the SNMP trap messages have Range: up to 255.255.255.255
to be sent.
community Use this element to set the community string which is Default:public
included in the SNMP traps that are sent to the man- Range: 0 … 20 characters
agement station. It is used as a password in the
SNMP communication. Give it the same value as on your SNMP management sta-
tion.
telindus1421Router/snmp/mib2Traps Default:off
Range: on / off
Use this attribute to enable (on) or disable (off) the sending of SNMP traps
as MIB2 traps.
If you want to send the SNMP traps as MIB2 traps, proceed as follows:
Step Action
1 Select the snmp/trapDestinations attribute. Add an entry to this table for each network man-
agement station that should receive SNMP traps. Refer to telindus1421Router/snmp/trapDes-
tinations on page 500.
2 Configure the mib2Traps attribute:

• on. The alarms coldBoot, warmBoot and linkDown are sent as MIB2 traps instead of enter-
prise specific (private) MIB traps.
• off. All alarms are sent as enterprise specific (private) MIB traps.
3 Set for each object of the Telindus 1421 SHDSL Router:

• the alarms that you want to send using the attribute alarmMask.
• the importance of each alarm using the attribute alarmLevel.
By default only the most important alarms are enabled.

11.12 Management configuration attributes

• telindus1421Router/management/sysLog on page 502
• telindus1421Router/management/timeServer on page 504
• telindus1421Router/management/timeZone on page 504
• telindus1421Router/management/cms2Address on page 505
• telindus1421Router/management/accessList on page 506
• telindus1421Router/management/snmp on page 507
• telindus1421Router/management/telnet on page 507
• telindus1421Router/management/tftp on page 507
• telindus1421Router/management/ftp on page 507
• telindus1421Router/management/accessPolicy on page 507
• telindus1421Router/management/consoleNoTrafficTimeOut on page 508
• telindus1421Router/management/alarmFilter on page 508
• telindus1421Router/management/timedStatsAvailability on page 508
• telindus1421Router/management/atwinGraphics on page 509
• telindus1421Router/management/loginControl on page 510
• telindus1421Router/management/ctrlPortProtocol on page 511
• telindus1421Router/management/loopback/ipAddress on page 511
• telindus1421Router/management/loopback/ipNetMask on page 511
telindus1421Router/management/sysLog Default:-
Use this attribute to configure the sending of syslog messages.
The sysLog structure contains the following elements:
Element Description
separator Use this element to specify the separator character in Default:;

the syslog messages. Refer to What is syslog? on Range: 1 character
page 502 for more information on the syslog mes-
ages.
destinations Use this element to enter the IP address(es) of the Default:<empty>

syslog server(s). Up to 3 addresses can be entered. Range: table, see below
As soon a valid syslog server address is entered, a syslog message is sent to this
server for each (unmasked) alarm that occurs. If multiple syslog server addresses
are sent, then the syslog messages are sent to all servers.
The syslog messages are not sent in case the interface or the route through which
they have to be sent is down. In this case, the syslog messages are kept in a his-
tory list (maximum 31 messages). These pending messages are sent as soon as
the interface and/or route comes up again.
What is syslog?
The syslog protocol (RFC 3164) is used for the transmission of event notification messages across net-
works.
A syslog message is sent on UDP port 514. It has the following format:
"<facility*8+severity> date hostname message"
where …
• the priority value is the number contained within the angle brackets, i.e. <facility*8+severity>.
• facility is a part of the priority value: facility = 23 * 8 = 184
In this case no facility has been explicitly assigned and therefore a "local use" facility is used (numer-
ical code value 23).
• severity is a part of the priority value: severity = 6 - <alarmLevel of the alarm>
The severity only ranges from 0 up to 6. So in case the alarm level of an alarm is bigger than 6, the
severity is limited to 0.
• date is the date the syslog message was generated: Mmm dd hh:mm:ss (e.g. Jan 01 12:45:55).
• hostname is the IP address of the interface through which the syslog message was sent (e.g.
10.0.28.3).
• message is the alarm message. It has the following format:
"alarm:<sysName>;<realTimeClock>;<sysUpTime>;<devSeverityLevel>;<severit-
yLevel>;<alarmMessage>"
where …
- <sysName> is the sysName configured in the Telindus 1421 SHDSL Router.
- <realTimeClock> is the value of the real time clock at the moment the alarm was generated: dd/
mm/yy hh:mm:ss (e.g. 25/12/02 22:45:55).
- <sysUpTime> is the system up-time of the Telindus 1421 SHDSL Router at the moment the alarm
was generated: xxxxxd xxh xxm xxs (e.g. 00025d 08h 45m 55s).
- <devSeverityLvl> is the device severity level: devSeverityLvl = 6 - <totalAlarmLevel of

the device>. The device severity level only ranges from 0 up to 6. So in case the total alarm level
of the Telindus 1421 SHDSL Router is bigger than 6, the device severity level is limited to 0.
- <severityLvl> is the alarm severity level: severityLvl = 6 - <alarmLevel of the alarm>.
The alarm severity level only ranges from 0 up to 6. So in case the alarm level of an alarm is bigger
than 6, the alarm severity level is limited to 0.
- <alarmMessage> is the alarm itself: path.alarmName on|off (e.g. telindus1421Router/lan-
Interface.linkDown on).
- ; is the separator character. If desired, you can specify another separator character. Refer to the
configuration element separator on page 502.
Example:
The following gives an example of a complete syslog message. In this case, the separator is the ^ char-
acter.
"<189>Feb 28 16:56:15 10.0.28.2 alarm:telindus1421Router^28/02/03 16:56:15^130^3^5^
telindus1421Router.configChanged on"
telindus1421Router/management/timeServer Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to enter the IP address of the SNTP time server with which
the Telindus 1421 SHDSL Router can synchronise its clock. Date and time are displayed in the status
attributes telindus1421Router/date and telindus1421Router/time.
You can also set the time zone and the daylight saving time using the configuration attribute
telindus1421Router/management/timeZone on page 504.
What is SNTP?
Short for Simple Network Time Protocol, a simplified version of NTP. SNTP is used when the ultimate
performance of the full NTP implementation described in RFC 1305 is not needed or justified.
The Telindus 1421 SHDSL Router can only act as an SNTP client, not as an SNTP server.
telindus1421Router/management/timeZone Default:-
Use this attribute to set the time zone when using an SNTP time server.
Refer to telindus1421Router/management/timeServer on page 504.
The timeZone structure contains the following elements:
Element Description
timeZone Use this element to set the time zone. Default:utc+1

The timeZone element has the following values: utc, Range: enumerated, see below
utc+1 up to utc+12 and utc-1 up to utc-12.
What is UTC?
UTC is the coordinated universal time, formerly known as Greenwich mean time
(GMT). It is the international time standard.
daylightSaving Use this element to set the daylight saving time. Default:europeanUnion
The daylightSaving element has the following values: Range: europeanUnion / none
europeanUnion and none.
telindus1421Router/management/cms2Address Default:0
Range: 0 … 65535
Use this attribute to assign an absolute address to the Telindus 1421
SHDSL Router.
What is relative and absolute addressing?
If you want to connect with TMA to a Telindus device, you have to specify the address of the device in
the Connect… window. Refer to 4 - Maintaining the Telindus 1421 SHDSL Router on page 29.
There are two different address types: relative and absolute. The following table explains the difference
between these address types:
Type Description
relative This type of addressing is meant for a network topology where the Telindus
devices are connected in-line on management level. I.e. with extended manage-
ment connections between two Telindus devices. An extended management con-
nection is realised with a crossed cable between the control connectors of two
Telindus devices.
To enable relative addressing, no address has to be specified in the Telindus

device. In other words, leave the cms2Address attribute at its default value, being 0.
absolute This type of addressing is meant for a network topology where the Telindus
devices are not connected in-line on management level. I.e. when there is a digital
multipoint device present (e.g. an Orchid DM).
To enable absolute addressing, an address has to be specified in the Telindus

device. Do this using the cms2Address attribute. The absolute addressing range
goes from 1 up to 65535.
telindus1421Router/management/accessList Default:<empty>
Use this attribute to set up an inbound simple access list on the protocol
stack. Refer to 9.2 - Configuring the access restrictions on page 258 for more information on inbound
access lists.
The access list filters incoming traffic, based on the source IP address. You can specify multiple entries
within the access list. When more than one entry applies to the same packet, then only the most specific
one is taken in consideration. I.e. the entry covering the smallest range. If not one entry matches, then
the packet is dropped. If the access list is empty, then all packets are forwarded.
The accessList table contains the following elements:
Element Description
sourceAddress Use this element to set the IP source address of the Default:0.0.0.0
packet. The address may be a (sub)network address. Range: up to 255.255.255.255
mask Use this element to set the IP subnet mask for the Default:255.255.255.255
sourceAddress. By combining an IP address with a Range: up to 255.255.255.255
mask you can uniquely identify a range of addresses.
action Use this element to set the action when a packet Default:deny
arrives with a source IP address that falls within the Range: enumerated, see below
specified address range.
The possible actions are:
• deny. The packet is dropped.
• allow. The packet is forwarded.
If you specify one entry or multiple entries for which the action is set to deny, then also specify at least
one entry for which the action is set to allow. Else all packets are dropped!
Example 1
This example shows an access list that only allows

traffic from subnet 192.168.48.0, except for packets
from station 192.168.48.10.
Example 2
The next example shows an access list that allows all

traffic, except the traffic from subnet 192.168.48.0.
The second entry is the rule to add if you want all pack-
ets that do not match the previous entries to be
allowed.
telindus1421Router/management/accessPolicy Default:<empty>
Use this attribute to apply an inbound extended access list on the protocol
stack.
Do this by entering the index name of the traffic policy you want to apply. You can create the traffic policy
itself by adding a trafficPolicy object and by configuring the attributes in this object.
Important remark
It is possible that the Telindus 1421 SHDSL Router has to answer to DHCP requests or terminate L2TP
and IPSec tunnels. In that case, if you set up an access list on the protocol stack, then make sure that
these protocols are allowed access to the protocol stack.
Refer to 9.2 - Configuring the access restrictions on page 258 for more information on inbound access
lists.
Example
If you created a trafficPolicy object with index name my_traffic_policy (i.e.

trafficPolicy[my_traffic_policy]) and you want to apply this traffic policy here, then enter the
index name as value for the trafficPolicy element.
telindus1421Router/management/snmp Default:enabled
Use this attribute to accept (enabled) or discard (disabled) SNMP requests.
telindus1421Router/management/telnet Default:enabled
Use this attribute to accept (enabled) or discard (disabled) Telnet sessions.
Use this attribute also to accept (enabled) or discard (disabled) HTTP (Web Interface) sessions.
telindus1421Router/management/tftp Default:enabled
Use this attribute to accept (enabled) or discard (disabled) TFTP sessions.
telindus1421Router/management/ftp Default:enabled
Use this attribute to accept (enabled) or discard (disabled) FTP sessions.
telindus1421Router/management/consoleNoTrafficTimeOut Default:00000d 00h 30m 00s

Range: 00000d 00h 00m 00s -
Use this attribute to set the time-out period after which a management ses- 24855d 03h 14m 07s
sion is closed when there is no user interaction. The purpose of such a timer
is to protect the Telindus 1421 SHDSL Router against unauthorised access in case the last user did not
close his session.
This timer applies on …
• terminal (emulation) sessions (through the control port).
• Telnet and HTTP sessions (over IP).
It does not apply on TMA or TMA CLI sessions (nor through the control port, nor over IP). They have a
fixed time-out of 15 minutes.
telindus1421Router/management/alarmFilter Default:0
Range: 0 … 50000
Use this attribute to selectively ignore / drop alarms in TMA for HP Open-
View if these alarms are below a certain level.
The filter number that you define using the alarmFilter attribute, has to correspond with a filter that you
have to define in the Alarm Manager of TMA for HP OpenView. In the Alarm Manager, it is possible to
specify a minimum alarm level that is needed before alarms are logged in HP OpenView. This can be
specified for each filter number.
telindus1421Router/management/timedStatsAvailability Default:basic
Use this attribute to determine whether the nested tables in the timed per-
formance statistics (i.e. 2 hour, 24 hour and 7 days performance statistics) are visible or not.
The timedStatsAvailability attribute has the following values:
Value Description
none Only the “first level” timed performance statistics are available. In other words, the
nested tables (i.e. a table in a table) in the timed performance statistics are not dis-
played.
basic The full performance statistics are available on the physical interfaces only (e.g.
the LAN interface, etc.). Not on the logical interfaces (e.g. a PVC, a VLAN, etc.).
full The full performance statistics are available on both the physical (e.g. the LAN
interface, etc.) and logical (e.g. a PVC, a VLAN, etc.) interfaces
If you have a lot of PVCs this may require quite some memory space and
processing power.
telindus1421Router/management/atwinGraphics Default:enabled
Use this attribute to enable or disable the graphical symbols in the ATWIN
user interface.
One of the tools that allows you to manage the Telindus 1421 SHDSL Router is ATWIN (refer to 1.3 -
Maintenance and management tools on page 6). ATWIN is a basic, menu-driven user interface. You can
start it using a terminal (emulation program) on the control port or using Telnet on an IP interface (e.g.
the LAN interface) and by typing atwin at the command prompt (refer to the Maintenance tools manual
(PDF) for more information).
By default, ATWIN uses graphical symbols to draw the borders of the “windows”. In some cases how-
ever, these graphical symbols are displayed incorrectly. In that case you can choose to disable the
graphical symbols. By doing so, the window borders are drawn using + and - signs.
The atwinGraphics attribute has the following values:
Value Description
enabled The ATWIN window borders are drawn using graphical symbols.
disabled The ATWIN window borders are drawn using + and - signs.
telindus1421Router/management/loginControl Default:-
Use this attribute to configure the monitoring of management access to the
device.
The loginControl structure contains the following elements:
Element Description
alarm Use this element to determine when the access failure Default:-
alarm should be logged in the accessLog table and a Range: structure, see below
syslog message is sent.
The alarm structure contains the following elements:
• maxFailCnt. Use this element to set the access fail- Default:3
ure alarm threshold. If this value is exceeded Range: 0 … 100
within the access failure alarm period, then the
access failure alarm is raised.
• period. Use this element to set the access failure Default:00000d 00h 15m 00s
alarm period. If within this period the access failure Range: 00000d 00h 00m 00s -
alarm threshold is exceeded, then the access fail- 00001d 00h 00m 00s
ure alarm is raised.
Example
By default, if within a period of 15 minutes 3 access attempts fail, then the access
failure alarm is logged in the accessLog table as follows:
Jul 13 11:00:00 00000d 00h 15m 58s accessFailureOn
If within the consecutive period of 15 minutes no or less than 3 access attempts

fail, then the access failure alarm is cleared in the accessLog table as follows:
Jul 13 11:15:00 00000d 00h 30m 58s accessFailureOff
Also see telindus1421Router/management/accessLog on page 621.

telindus1421Router/management/ctrlPortProtocol Default:console
Use this attribute to set the function of the control connector.
The ctrlPortProtocol attribute has the following values:
Value Description
management Select this value if you want to connect the control connector of the Telindus 1421
SHDSL Router to …
• a management concentrator for management purposes.
• the control connector of another Telindus device using a crossed cable (i.e.
they are connected back-to-back) in order to create an extended management
link. Refer to What is relative and absolute addressing? on page 505 for more
information on extended management links.
When connecting the control connector of the Telindus 1421 SHDSL Router to a
COM port of your computer, you can still open a TMA session on the Telindus 1421
SHDSL Router. You can however not open a CLI or ATWIN session.
console Select this value if you want to connect the control connector of the Telindus 1421
SHDSL Router to a COM port of your computer in order to manage the Telindus
1421 SHDSL Router using TMA, CLI, ATWIN, etc.
telindus1421Router/management/loopback/ipAddress Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to assign an IP address to the loopback interface.
The loopback interface is a software interface which can be used for management purposes. This inter-
face is always up, regardless of the state of the physical interfaces. This means the router will always
respond to ICMP echo requests sent to this address. In every other respect the loopback address
behaves the same as an IP address of a physical interface.
If the loopback address is used and RIP is active, then a host route to the loopback address is included
in the RIP updates.
telindus1421Router/management/loopback/ipNetMask Default:0.0.0.0
Range: up to 255.255.255.255
Use this attribute to assign an IP netmask to the loopback interface.
Also see telindus1421Router/management/loopback/ipAddress on page 511.
User manual Status attributes
12 Status attributes
This chapter discusses the status attributes of the Telindus 1421 SHDSL Router. The following gives an
overview of this chapter:
• 12.1 - Status attribute overview on page 514
• 12.2 - General status attributes on page 520
• 12.3 - LAN interface status attributes on page 524
• 12.4 - WAN interface status attributes on page 532
• 12.5 - Encapsulation status attributes on page 535
• 12.6 - SHDSL line status attributes on page 558
• 12.7 - End and repeater status attributes on page 563
• 12.8 - Bundle status attributes on page 567
• 12.9 - Router status attributes on page 574
• 12.10 - Bridge status attributes on page 612
• 12.11 - Management status attributes on page 619
• 12.12 - File system status attributes on page 624
• 12.13 - Operating system status attributes on page 627
12.1 Status attribute overview
Refer to 4.3 - The objects in the Telindus 1421 SHDSL Router containment tree on page 40 to find out
which objects are present by default, which ones you can add yourself and which ones are added auto-
matically.
sysDescr
sysObjectID
sysUpTime
sysServices
flash1Version
flash2Version
activeFlash
flashVersions
bootVersion
loaderVersion
tdreVersion
messages
deviceId
configurationSaving
date
time
Action: Set Date
Action: Set Time
>> lanInterface
ifDescr
ifType
ifOperStatus
ifLastChange
ifSpeed
ifMtu
ip
macAddress
arpCache
bridging
adapter
vlan
ipAdEntBcastAddr
ipAdEntReasmMaxSize
Action: clearArpCache
>> wanInterface
ifDescr
ifType
ifOperStatus
ifLastChange
ifSpeed
ifMtu
>>> atm
atmSync
pvcTable
vp
>>> frameRelay
ip
dlciTable
lmi
cllmLastCongestionCause
>>> ppp
ip
bridging
lcpState
ipcpState
bcpState
ccpState
lcpMyOptions
lcpHisOptions
ipcpMyOptions
ipcpHisOptions
bcpMyOptions
bcpHisOptions
ccpMyOptions
ccpHisOptions
myCompressionRatio
hisCompressionRatio
myAuthenticationStatus
hisAuthenticationStatus
>>> hdlc
bridging
>>> errorTest
status
type
startSysUpTime
duration
blockSize
programmablePattern
receiveSample
>>> line
ifDescr
ifType
ifOperStatus
ifSpeed
region
maxSpeedSearch
maxSpeedResult
linePairsSwapped
numDiscoveredRepeaters
eocAlarmThresholds
Action: maximumSpeedSearch
>>>> linePair[ ]
ifSpeed
ifOperStatus
status
timeSinceLastRetrain
lineAttenuation
signalNoise
actualBitRate
>>> repeater[ ]
vendorId
vendorModel
vendorSerial
vendorSoftVersion
eocSoftVersion
shdslVersion
eocState
eocAlarmThresholds
Action: loopbackActivation
lineAttenuation
signalNoise
lineAttenuation
signalNoise
>>> end
vendorId
vendorModel
vendorSerial
vendorSoftVersion
eocSoftVersion
shdslVersion
eocState
eocAlarmThresholds
>>>> linePair[ ]
lineAttenuation
signalNoise
>> bundle
>>> pppBundle[ ]
ifDescr
ifType
ifOperStatus
ifSpeed
members
ip
bridging
ipcpState
ipcpMyOptions
ipcpHisOptions
bcpState
bcpMyOptions
bcpHisOptions
multiclassInterfaces
>> router
routingTable
igmpTable
dhcpBinding
dhcpStatistics
dhcpBlackList
radius
dns
dnsServers
Action: unBlacklist
>>> defaultNat
addresses
>>> tunnels
l2tpTunnels
ipsecL2tpTunnels
>>> ospf
type
routers
externalRoutes
asExtLsas
>>>> area
interfaces
hosts
neighbors
routers
stub
routerLsas
networkLsas
summLsas
asbrLsas
nssaLsas
>>> vrrp[ ]
macAddress
interfaces
criticals
>> bridge
>>> bridgeGroup
ifDescr
ifType
ifOperStatus
ifMtu
ip
arpCache
bridgeCache
bridging
spanningTree
Action: clearArpCache
Action: clearBridgeCache
>> management
cms2Address
timeServer
alarmLog
accessLog
>>> loopback
ifDescr
ifType
ifOperStatus
ifMtu
ipAddress
>> fileSystem
fileList
freeSpace
status
corruptBlocks
Action: Delete File
Action: Rename File
>> operatingSystem
taskInfo
12.2 General status attributes
This section describes the following status attributes:

• telindus1421Router/sysDescr on page 521
• telindus1421Router/sysObjectID on page 521
• telindus1421Router/sysUpTime on page 521
• telindus1421Router/sysServices on page 521
• telindus1421Router/flash1Version on page 521
• telindus1421Router/flash2Version on page 521
• telindus1421Router/activeFlash on page 522
• telindus1421Router/flashVersions on page 522
• telindus1421Router/bootVersion on page 522
• telindus1421Router/loaderVersion on page 522
• telindus1421Router/tdreVersion on page 522
• telindus1421Router/messages on page 522
• telindus1421Router/deviceId on page 523
• telindus1421Router/configurationSaving on page 523
• telindus1421Router/date on page 523
• telindus1421Router/time on page 523
• telindus1421Router/Set Date on page 523
• telindus1421Router/Set Time on page 523
telindus1421Router/sysDescr
This attribute displays a textual description of the device.

Example: Telindus 1421 SHDSL Router Txxxx/xxxxx 01/01/00 12:00
In this example the following parameters are visible:
• Telindus 1421 SHDSL Router is the device name.
• Txxxx/xxxxx is the application software code and version.
• 01/01/00 12:00 is the application software release date and time.
telindus1421Router/sysObjectID
This attribute displays the identification string.
telindus1421Router/sysUpTime
This attribute displays the elapsed time since the last power-on or cold boot of the Telindus 1421 SHDSL
Router.
telindus1421Router/sysServices
This attribute displays the service identification.
telindus1421Router/flash1Version
This attribute displays the code and version of the application software stored as CONTROL1.
Example: Txxxx/xxxxx 01/01/00 12:00
• Txxxx is the application software code for this device.
• /xxxxx is the application software version.
• 01/01/00 is the application software release date.
• 12:00 is the application software release time.
telindus1421Router/flash2Version
This attribute displays the code and version of the application software stored as CONTROL2.
Example: Txxxx/xxxxx 01/01/00 12:00
• Txxxx is the application software code for this device.
• /xxxxx is the application software version.
• 01/01/00 is the application software release date.
• 12:00 is the application software release time.
telindus1421Router/activeFlash
This attribute displays which application software is currently active. Possible values are:
Value Description
flash1 The application software CONTROL1 is active.
flash2 The application software CONTROL2 is active.
telindus1421Router/flashVersions
This attribute displays how many application software versions can be stored in the file system.
telindus1421Router/bootVersion
This attribute displays the code, version, release date and time of the boot software currently used in the
telindus1421Router/loaderVersion
This attribute displays the code, version, release date and time of the loader software currently used in
telindus1421Router/tdreVersion
This attribute displays the version of the TDRE (Telindus Dynamic Routing Engine) currently used in the
Example: xxx.yyy.zzz
• xxx is the major TDRE version. This number is incremented only when a complete new version of the
TDRE is released.
• yyy is the minor TDRE version. This number is incremented every time new features are added to the
TDRE.
• zzz is the build version. This number is incremented every time a new TDRE version is built (also in
case of bug fixes etc.).
telindus1421Router/messages
This attribute displays informative and error messages, e.g. Reconfigured, Cold Boot, … The messages table
displays maximum 20 messages.
If you open a TMA session on the Telindus 1421 SHDSL Router over IP, i.e. not through the control port,
then the messages are also sent to the control port. This means that if you open a terminal emulation
session on the control port, you can monitor these messages. If you hit the ENTER key, the messages
stop and you get the (CLI) password prompt.
telindus1421Router/deviceId
This attribute displays a unique code. This code is programmed into the Telindus 1421 SHDSL Router
before it leaves the factory. You can use this code for inventory purposes.
telindus1421Router/configurationSaving
This attribute indicates when the Telindus 1421 SHDSL Router is writing its (new) configuration to the
flash memory. Possible values are:
Value Description
busy The Telindus 1421 SHDSL Router is busy writing its configuration to the flash
memory. During this state, do not power-down or reboot the Telindus 1421 SHDSL
Router else the new configuration will be lost.
done The Telindus 1421 SHDSL Router has finished writing its configuration to the flash
memory.
telindus1421Router/date
This attribute displays the current date in the format dd/mm/yy (e.g. 01/01/00).
telindus1421Router/time
This attribute displays the current time in the format hh:mm:ss (e.g. 12:30:45).
telindus1421Router/Set Date
Use this action to set the current date. Enter the date as argument value in the format dd/mm/yy (e.g. 01/
01/00). Then execute the action.
telindus1421Router/Set Time
Use this action to set the current time. Enter the time as argument value in the format hh:mm:ss (e.g.
12:30:45). Then execute the action.
12.3 LAN interface status attributes

• telindus1421Router/lanInterface/ifDescr on page 525
• telindus1421Router/lanInterface/ifType on page 525
• telindus1421Router/lanInterface/ifOperStatus on page 525
• telindus1421Router/lanInterface/ifLastChange on page 525
• telindus1421Router/lanInterface/ifSpeed on page 525
• telindus1421Router/lanInterface/ifMtu on page 525
• telindus1421Router/lanInterface/ip on page 526
• telindus1421Router/lanInterface/macAddress on page 526
• telindus1421Router/lanInterface/arpCache on page 527
• telindus1421Router/lanInterface/bridging on page 528
• telindus1421Router/lanInterface/adapter on page 530
• telindus1421Router/lanInterface/ipAdEntBcastAddr on page 531
• telindus1421Router/lanInterface/ipAdEntReasmMaxSize on page 531
• telindus1421Router/lanInterface/clearArpCache on page 531
telindus1421Router/lanInterface/ifDescr
This attribute displays the interface description.
telindus1421Router/lanInterface/ifType
This attribute displays the interface type.
telindus1421Router/lanInterface/ifOperStatus
This attribute displays the current operational status of the interface.
telindus1421Router/lanInterface/ifLastChange
This attribute shows the system-up time on the moment the interface entered its current operational
state. I.e. the moment the value of the ifOperStatus status attribute changes (from up to down or vice versa),
the system-up time value is written into the ifLastChange status attribute.
telindus1421Router/lanInterface/ifSpeed
This attribute displays the interface speed in bits per second (bps).
telindus1421Router/lanInterface/ifMtu
This attribute displays the interface its Maximum Transfer Unit, i.e. the maximum number of bytes that
one packet can contain on this interface.
telindus1421Router/lanInterface/ip
This attribute displays the IP information of the interface.

Element Description
status This is the current operational status of the IP layer (layer 3).
address This is the IP address of the interface. It is either configured or retrieved automat-
ically.
netMask This is the IP subnet mask of the interface. It is either configured or retrieved auto-
matically.
telindus1421Router/lanInterface/macAddress
This attribute displays the MAC address of the Telindus 1421 SHDSL Router its LAN interface.
The LAN interface has been allocated a fixed Ethernet address, also called MAC (Medium Access Con-
trol) address. The MAC address is globally unique and can not be modified. It is a 6 byte code, repre-
sented in hexadecimal format. Each byte in the code is separated by a colon.
Refer to What is the ARP cache? on page 359 for more information on the MAC addresses.
telindus1421Router/lanInterface/arpCache
This attribute displays all the MAC address - IP address pairs from ARP requests and replies received
on the LAN interface. Refer to What is the ARP cache? on page 359 for more information.
The arpCache table contains the following elements:
Element Description
macAddress This is the MAC address.
ipAddress This is the associated IP address.
type This is the ARP cache entry type. Possible values are:
• dynamic. The MAC - IP address pair is retrieved from an ARP request or reply
message.
• static. The MAC - IP address pair is configured.
There is only one static entry, i.e. the Telindus 1421 SHDSL Router its own IP
and MAC address.
timeOut This is the time the entry will remain in the ARP cache. For the static entry, this
value is 0.
Example
The following figure shows part of an ARP cache table as an example:

telindus1421Router/lanInterface/bridging
This attribute displays the bridging status of the interface.

The bridging structure contains the following elements:
Element Description
state This displays the current state of the port. Possible values are:
• disabled1. The port is not in use because of a management action.
• blocking. The port does not participate in frame forwarding.
• listening. The port prepares to participate in frame forwarding, but it does not
update its MAC address database (also called bridge cache).
• learning. The port prepares to participate in frame forwarding, and it learns the
present MAC addresses.
• forwarding1. The port participates in frame forwarding.
Refer to 8.1.5 - The Spanning Tree bridge port states on page 231 for more infor-
mation on port states2.
subState2 This gives additional information on the port state. Possible values are:
• root. This is the port through which the root bridge can be reached. Conse-
quently, the root bridge itself does not have a root port. All other bridges must
have a root port.
• designated. This is the designated port for this (virtual) LAN. All ports of the root
bridge are designated ports.
• alternate. This port is not active. Either because of a management action, or
through protocol intervention.
designatedPriority2 Together, these two elements form a unique bridge identifier. Depending whether
the current port is a designated port or not, these two elements display the unique
designatedMac2
bridge identifier of …
• the bridge to which this port belongs, in case of a designated port.
• the bridge believed to be the designated bridge for the LAN that is currently
connected to this port, in all other cases.
This bridge identifier is used …
• together with the designatedPortPriority and designatedPortId attributes to determine
whether this port should be the designated port for the LAN that is currently
connected to this port.
• to test the value of the bridge identifier parameter conveyed in received Config-
uration BPDUs.
Element Description
designatedPort- Together, these two elements form a unique port identifier. They display the
Priority2 unique port identifier of the bridge port through which the designated bridge trans-
designatedPortId2 mits the configuration message information stored by this port.
This port identifier is used …
• together with the designatedPriority and designatedMac attributes to determine
whether this port should be the designated port for the LAN that is currently
connected to this port.
• by the management system to determine the topology of the bridged LAN.
topologyChangeAck This displays the value of the Topology Change Acknowledgement flag in the next
2
Configuration BPDU that will be transmitted on this port.
This element is used to assess the need to set the Topology Change Acknowl-
edgement flag in response to a received Topology Change Notification BPDU.
configuration- This is used to determine whether a Configuration BPDU should be transmitted on

Pending2 this port after expiry of the hold timer. This avoids that Configuration BPDUs are
transmitted too often, although ensuring that up-to-date information is transmitted.
1. These are the only possible port states for a bridge that is not running the Spanning Tree pro-
tocol (IEEE p802.1D).
2. Only relevant when the bridge uses the Spanning Tree Protocol.
telindus1421Router/lanInterface/adapter
This attribute displays the Ethernet mode of the LAN interface as set using the telindus1421Router/lanInter-
face/adapter attribute.
The adapter structure contains the following elements:
Element Description
speed This is the Ethernet speed in Mbps. Possible values are: 10 and 100.
duplex This is the Ethernet duplex mode. Possible values are: halfDuplex and fullDuplex.
telindus1421Router/lanInterface/vlan
This attribute displays the status of the VLAN(s) on this interface.

Element Description
name This is the name of the VLAN as you configured it. If you did not configure a name,
then this element displays: <LAN interface name> “vlan” <VLAN ID>.
E.g. lan vlan 2
ifOperStatus This is the current operational status of the VLAN.
ifLastChange This is the system-up time on the moment the VLAN entered its current operational
state. I.e. the moment the value of the ifOperStatus element changes (from up to down
or vice versa), the system-up time value is written into the ifLastChange element.
ip This displays the IP address and subnet mask of the VLAN.
bridging This displays the bridging information of the VLAN.

Refer to telindus1421Router/lanInterface/bridging on page 528 for a detailed description of
vlan This displays the specific VLAN related status information.

• identifier. This element displays the VLAN identifier.
• arpCache. This element displays all the MAC address - IP address pairs from
ARP requests and replies received on the VLAN.
Refer to telindus1421Router/lanInterface/arpCache on page 527 for a detailed descrip-
tion of the arpCache table.
telindus1421Router/lanInterface/ipAdEntBcastAddr
This attribute displays the value of the least-significant bit in the IP broadcast address. This address is
used for sending packets on the interface which is associated with the IP address of this entry. The value
applies to the general broadcast, the subnet and network broadcasts.
telindus1421Router/lanInterface/ipAdEntReasmMaxSize
This attribute displays the size of the largest IP packet which this entity can re-assemble from incoming
IP fragmented packets received on this interface.
telindus1421Router/lanInterface/clearArpCache
Use this action to clear the ARP cache table.

12.4 WAN interface status attributes

• telindus1421Router/wanInterface/ifDescr on page 533
• telindus1421Router/wanInterface/ifType on page 533
• telindus1421Router/wanInterface/ifSpeed on page 533
• telindus1421Router/wanInterface/ifMtu on page 533
• telindus1421Router/wanInterface/ifLastChange on page 533
• telindus1421Router/wanInterface/ifOperStatus on page 533
telindus1421Router/wanInterface/ifDescr
telindus1421Router/wanInterface/ifType
telindus1421Router/wanInterface/ifSpeed
This attribute displays the interface speed in bits per second (bps).
telindus1421Router/wanInterface/ifMtu
telindus1421Router/wanInterface/ifLastChange
This attribute shows the system-up time on the moment the interface entered its current operational
state. I.e. the moment the value of the ifOperStatus status attribute changes (from up to down or vice versa),
the system-up time value is written into the ifLastChange status attribute.
telindus1421Router/wanInterface/ifOperStatus
This attribute displays the current operational status of the interface. Possible values are:
Value Description
up The WAN interface is up, data transfer is possible.
down The WAN interface is down, data transfer is not possible.

The ifOperStatus attribute is down in case of …
• ATM, when …
- the ATM synchronisation status is “not synched”.
- the line is not in data state.
- the bit pump is not synchronised.
• PPP(oA), when …
- LCP is not open.
• Frame Relay, when …

- LMI is not up.
Important remarks
• Whether the Telindus 1421 SHDSL Router is configured in bridging or routing has no effect on the
value of the attributes wanInterface/ifOperStatus:Status and wanInterface/alarmInfo/linkDown:Alarms.
• In case of ATM, if the configuration element pvcTable/atm/oamF5Loopback is set to disabled, then the ifOp-
erStatus of the PVC becomes up when the ATM is synchronised globally. However, this does not guar-
antee that the PVC is configured (correctly) on the remote side. However, the other conditions as
stated in the table above remain.
• In case of PPP(oA), if the configuration element linkMonitoring/operation is set to disabled, then it is pos-
sible that the wanInterface/ifOperStatus value does not go down even if the link quality is too bad for a
proper data link. This because the link monitoring mechanism is the only PPP mechanism that will
start a renegotiation of the LCP layer.
• In case of Frame Relay, if the configuration element lmi/auto is set to noLmi, then the value of the status
element lmi/status:Status is always up. However, the other conditions as stated in the table above
remain.
12.5 Encapsulation status attributes
This section discusses the status attributes of the encapsulation protocols that can be used on the Tel-
• 12.5.1 - ATM status attributes on page 536
• 12.5.2 - Frame Relay status attributes on page 541
• 12.5.3 - PPP status attributes on page 546
• 12.5.4 - HDLC status attributes on page 554
• 12.5.5 - Error test status attributes on page 556
12.5.1 ATM status attributes

• telindus1421Router/wanInterface/atm/atmSync on page 537
telindus1421Router/wanInterface/atm/atmSync
This attribute displays the ATM synchronisation status. Possible values are: synced, notSynced.
telindus1421Router/wanInterface/atm/pvcTable
This attribute gives the complete status information of all known PVCs.
The pvcTable table contains the following elements:
Element Description
name This is the name of the PVC as you configured it. If you did not configure a name,
then this element displays: <interface name> “vpi” <vpi number> “vci” <vci number>.
E.g. wan vpi 102 vci 102
ifOperStatus This is the current operational status of the PVC.

In case OAM F5 …
• LoopBack (LB) or Continuity Check (CC) is disabled, i.e. no OAM F4 LB/CC
cells are sent, then the ifOperStatus of the PVC becomes up when the ATM is syn-
chronised globally. However, this does not guarantee that the PVC is config-
ured (correctly) on the remote side.
• LoopBack (LB) is enabled, i.e. OAM F5 loopback cells are sent at regular inter-
vals, then the ifOperStatus of the PVC becomes up when the loopback cells are
returned and down when the loopback cells are not returned by the remote side.
ifLastChange This is the system-up time on the moment the PVC entered its current operational
ip This displays the IP information of the PVC.

Refer to telindus1421Router/wanInterface/atm/pvcTable/ip on page 538 for a detailed
description of the ip structure.
bridging This displays the bridging information of the PVC.

atm This displays the specific ATM related status information of the PVC.
description of the atm structure.
telindus1421Router/wanInterface/atm/pvcTable/ip
The ip structure in the pvcTable displays the IP information of the PVC.

Element Description
address This is the IP address of the PVC. It is either configured or retrieved automatically.
netMask This is the IP subnet mask of the PVC. It is either configured or retrieved automat-
ically.
remote This is the IP address of the remote end of the PVC. It is either configured or
retrieved automatically.
telindus1421Router/wanInterface/atm/pvcTable/atm
The atm structure in the pvcTable displays the specific ATM related status information of the PVC.
Element Description
vpi This displays the Virtual Path Identifier (VPI).
vci This displays the Virtual Channel Identifier (VCI).

The VPI in conjunction with the VCI identifies the next destination of a cell as it
passes through a series of ATM switches on the way to its destination.
peakCellRate This displays the Peak Cell Rate (PCR) of the PVC in bps.
pppOverEth When the Telindus 1421 SHDSL Router wants to initiate a PPP over Ethernet
(PPPoE) session, it must first perform a discovery to identify the Ethernet MAC
address of the host and to establish a PPPoE session ID. The pppOverEth structure
displays information on the PPPoE discovery.
The pppOverEth structure contains the following elements:
• discState. This is the state of the discovery. The discovery goes as follows:
- The Telindus 1421 SHDSL Router sends a PADI packet (PPPoE Active Dis-
covery Initiation).
- When the host receives a PADI that it can serve, it replies by sending a
PADO packet (PPPoE Active Discovery Offer).
- The Telindus 1421 SHDSL Router then sends one PADR packet (PPPoE
Active Discovery Request) to the host that it has chosen.
- When the host receives a PADR packet, it prepares to begin a PPP session.
It generates a unique session ID for the PPPoE session and replies to the
Telindus 1421 SHDSL Router with a PADS packet (PPPoE Active Discov-
ery Session-confirmation).
So possible discState values are: idle, waitForPADO, waitForPADS, established.
• remoteMacAddress. This is the MAC address of the remote system as learned dur-
ing the discovery.
ppp This displays the PPP information of the PVC.

Refer to 12.5.3 - PPP status attributes on page 546 for a detailed description of the
elements in the ppp structure.
telindus1421Router/wanInterface/atm/vp
Whereas the pvcTable gives the current operational status for each Virtual Channel, the vp table gives the
current operational status of a complete Virtual Path.
Element Description
vpi This is the Virtual Path Identifier (VPI).
ifOperStatus This is the current operational status of the Virtual Path.

In case OAM F4 …
• LoopBack (LB) or Continuity Check (CC) is disabled, i.e. no OAM F4 LB/CC
cells are sent, then the ifOperStatus of the VP becomes up when the ATM is syn-
chronised globally. However, this does not guarantee that the VP is configured
(correctly) on the remote side.
• LoopBack (LB) is enabled, i.e. OAM F4 loopback cells are sent at regular inter-
vals, then the ifOperStatus of the VP becomes up when the loopback cells are
returned and down when the loopback cells are not returned by the remote side.
In case a VP goes down, also all VCs belonging to the VP go down.
12.5.2 Frame Relay status attributes

• telindus1421Router/wanInterface/frameRelay/ip on page 542
• telindus1421Router/wanInterface/frameRelay/cllmLastCongestionCause on page 545
telindus1421Router/wanInterface/frameRelay/ip
This attribute displays the IP information of the Frame Relay link.

Refer to telindus1421Router/lanInterface/ip on page 526 for a detailed description of the ip structure.
telindus1421Router/wanInterface/frameRelay/dlciTable
This attribute gives the complete status information of all known DLCIs.
The dlciTable table contains the following elements:
Element Description
name This is the name of the DLCI as you configured it. If you did not configure a name,
then this element displays: <interface name> “dlci” <dlci number>.
E.g. wan dlci 16
ifOperStatus This is the current operational status of the DLCI.
ifLastChange This is the system-up time on the moment the DLCI entered its current operational
ip This displays the IP information of the DLCI.

bridging This displays the bridging information of the DLCI.

frameRelay This displays the specific Frame Relay related status information of the DLCI.
Refer to telindus1421Router/wanInterface/frameRelay/dlciTable/frameRelay on page 543 for a
telindus1421Router/wanInterface/frameRelay/dlciTable/frameRelay
The frameRelay structure in the dlciTable displays the specific Frame Relay related status information of the
DLCI.
Element Description
dlci This is the DLCI identification number.
active This indicates whether the corresponding DLCI is active (on) or not (off).
new This is set to on if the DLCI has just been created, else it is off.
deleted This is set to on if the DLCI has been deleted, else it is off.
rr This element is only relevant for LMI revision 1. It is the flow control flag. If it is on,
then no traffic can be sent on this DLCI. Else it is off.
bandwidth This element is only relevant for LMI revision 1 (in all other cases this value is 0).
It is the CIR value, in bps, as it is configured on the remote.
cllmLastCongestion- CLLM (Consolidated Link Layer Management) is a Frame Relay protocol used for
Cause traffic management. The cllmLastCongestionCause element indicates the last reason,
which was received from the network, for congestion on the corresponding DLCI.
Refer to telindus1421Router/wanInterface/frameRelay/cllmLastCongestionCause on page 545
for the possible values of the cllmLastCongestionCause element.
telindus1421Router/wanInterface/frameRelay/lmi
This attribute gives a complete LMI status information overview.

Element Description
mode This displays the Frame Relay mode. Possible values are: noLmi, user, network, auto.
Refer to telindus1421Router/wanInterface/frameRelay/lmi on page 383 for more information
on these values.
type This displays the LMI variant. Possible values are: lmiRev1, ansiT1-617-d, q933-Annex-
A, frf1-2.
Refer to telindus1421Router/wanInterface/frameRelay/lmi on page 383 for more information
on these values.
status This displays the current state of LMI. Possible values are:
• up. LMI messages can and are exchanged.
• down. No LMI messages can be exchanged.
lastStatusChange This is the system-up time when the LMI status entered its current state. I.e. the
moment the value of the status element changes (from up to down or vice versa), the
system-up time value is written into the lastStatusChange element.
lastError This displays the last error condition reported by LMI. Possible values are: none,
protocol error, unknown information element, sequence error, unknown report, timer expired,
invalid report type, unsolicited status.
netTxSeqNum This is the sequence number of the last LMI Status Response frame that was sent.
Since only a Frame Relay network or DCE can transmit Status Responses, the
value of this element only changes in case the Telindus 1421 SHDSL Router is
defined as a Frame Relay network or both user and network. I.e. in case the mode
element is set to network, auto or nni.
netRxSeqNum This is the sequence number of the last LMI Status Enquiry frame that was
received.
Since only a Frame Relay network or DCE can receive Status Enquiries, the value
of this element only changes in case the Telindus 1421 SHDSL Router is defined
as a Frame Relay network or both user and network. I.e. in case the mode element
is set to network, auto or nni.
netErrors This is the number of errors on LMI commands issued by the Frame Relay network
or DCE during the last monitoredEvents period.
userTxSeqNum This is the sequence number of the last LMI Status Enquiry frame that was sent.
Since only a Frame Relay user or DTE can transmit Status Enquiries, the value of
this element only changes in case the Telindus 1421 SHDSL Router is defined as
a Frame Relay user or both user and network. I.e. in case the mode element is set
to user, auto or nni.
Element Description
userRxSeqNum This is the sequence number of the last LMI Status Response frame that was
received.
Since only a Frame Relay user or DTE can receive Status Responses, the value
of this element only changes in case the Telindus 1421 SHDSL Router is defined
as a Frame Relay user or both user and network. I.e. in case the mode element is
set to user, auto or nni.
userErrors This is the number of errors on LMI commands issued by the Frame Relay user or
DTE during the last monitoredEvents period.
userWaitFullEnquiry This is the number of LMI frames still to be sent before a Full Status Enquiry will
be requested.
userLastReport- This displays the type of the most recent report that was sent. Possible values are:
TypeSent
• full status. The last report contained the full status.
• link integrity. The last report only contained the link integrity information.
telindus1421Router/wanInterface/frameRelay/cllmLastCongestionCause
This attribute indicates the last reason, which was received from the network, for congestion on any of
the DLCIs. Possible values are:
• none
• short term, excessive traffic
• long term, excessive traffic
• short term, equipment failure
• long term, equipment failure
• short term, maintenance action
• long term, maintenance action
• short term, unknown cause
• long term, unknown cause
• unknown cause
12.5.3 PPP status attributes

• telindus1421Router/wanInterface/ppp/ip on page 547
• telindus1421Router/wanInterface/ppp/bridging on page 547
• telindus1421Router/wanInterface/ppp/lcpState on page 548
• telindus1421Router/wanInterface/ppp/ipcpState on page 548
• telindus1421Router/wanInterface/ppp/bcpState on page 548
• telindus1421Router/wanInterface/ppp/ccpState on page 548
• telindus1421Router/wanInterface/ppp/lcpMyOptions on page 549
• telindus1421Router/wanInterface/ppp/lcpHisOptions on page 549
• telindus1421Router/wanInterface/ppp/ipcpMyOptions on page 550
• telindus1421Router/wanInterface/ppp/ipcpHisOptions on page 550
• telindus1421Router/wanInterface/ppp/bcpMyOptions on page 551
• telindus1421Router/wanInterface/ppp/bcpHisOptions on page 551
• telindus1421Router/wanInterface/ppp/ccpMyOptions on page 552
• telindus1421Router/wanInterface/ppp/ccpHisOptions on page 552
• telindus1421Router/wanInterface/ppp/myCompressionRatio on page 552
• telindus1421Router/wanInterface/ppp/hisCompressionRatio on page 552
• telindus1421Router/wanInterface/ppp/myAuthenticationStatus on page 553
• telindus1421Router/wanInterface/ppp/hisAuthenticationStatus on page 553
telindus1421Router/wanInterface/ppp/ip
This attribute displays the IP information of the PPP link.

Element Description
status This is the current operational status of the IP layer (layer 3) of the PPP link.
address This is the IP address of the PPP link. It is either configured or retrieved automat-
ically.
netMask This is the IP subnet mask of the PPP link. It is either configured or retrieved auto-
matically.
remote This is the IP address of the remote end of the PPP link. It is either configured or
retrieved automatically.
telindus1421Router/wanInterface/ppp/bridging
This attribute displays the bridging status of the PPP link.

Refer to telindus1421Router/lanInterface/bridging on page 528 for a detailed description of the bridging structure.
telindus1421Router/wanInterface/ppp/lcpState
This attribute reflects the status of the LCP (Link Control Protocol) protocol. Possible values are:
Value Description
Initial LCP handshake has not started yet.
Starting, Closed, These values correspond with the transient states in the LCP state diagram.
Stopped, Closing,
Stopping
Req-Sent The local side of the PPP link has sent an LCP request. The remote side did not
answer yet.
Ack-Rcvd The local side of the PPP link has received an LCP acknowledge from the remote
side. This is a transient state.
Ack-Sent The local side of the PPP link has acknowledged the LCP request from the remote
side.
Opened The LCP handshake succeeded.
telindus1421Router/wanInterface/ppp/ipcpState
This attribute reflects the status of the IPCP (Internet Protocol Control Protocol) protocol. The possible
values are the same as those of the lcpState attribute.
Refer to telindus1421Router/wanInterface/ppp/lcpState on page 548.
telindus1421Router/wanInterface/ppp/bcpState
This attribute reflects the status of the BCP (Bridging Control Protocol) protocol. The possible values are
the same as those of the lcpState attribute.
telindus1421Router/wanInterface/ppp/ccpState
This attribute reflects the status of the CCP (Compression Control Protocol) protocol. The possible val-
ues are the same as those of the lcpState attribute.
telindus1421Router/wanInterface/ppp/lcpMyOptions
During the LCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the LCP options for the router at this side (local side) of the link.
The lcpMyOptions table contains the following elements:
Element Description
option The Telindus 1421 SHDSL Router supports the following LCP options:
• 3: the Authentication-Protocol option.
• 5: the Magic-Number option.
For more information on the LCP configuration options, refer to RFC 1661.
length This is the length of the option field.
value This is the option value represented as an octet string (hexadecimal ASCII repre-
sentation).
telindus1421Router/wanInterface/ppp/lcpHisOptions
This attribute lists the LCP options for the router at the other side (remote side) of the link. The
lcpHisOptions table contains the same elements as the lcpMyOptions table. Refer to telindus1421Router/wanIn-
terface/ppp/lcpMyOptions on page 549.
Other option values than the ones supported by the Telindus 1421 SHDSL Router may be present.
telindus1421Router/wanInterface/ppp/ipcpMyOptions
During the IPCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the IPCP options for the router at this side (local side) of the link.
The ipcpMyOptions table contains the following elements:
Element Description
option The Telindus 1421 SHDSL Router supports the following IPCP option:
• 3: the IP-Address option.
• ip-vso: the IP-Vendor Specific option. This is used to negotiate the netmask.
For more information on the IPCP configuration options, refer to RFC 1332.
sentation).
telindus1421Router/wanInterface/ppp/ipcpHisOptions
This attribute lists the IPCP options for the router at the other side (remote side) of the link. The
ipcpHisOptions table contains the same elements as the ipcpMyOptions table. Refer to telindus1421Router/wan-
Interface/ppp/ipcpMyOptions on page 550.
telindus1421Router/wanInterface/ppp/bcpMyOptions
During the BCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the BCP options for the router at this side (local side) of the link.
The bcpMyOptions table contains the following elements:
Element Description
option The Telindus 1421 SHDSL Router supports the following BCP options:
• 1: the Bridge-Identification option.
• 2: the Line-Identification option.
• 3: the MAC-Support option.
• 4: the Tinygram-Compression option.
• 5: the LAN-Identification option.
• 6: the MAC-Address option.
• 7: the Spanning-Tree-Protocol option.
For more information on the BCP configuration options, refer to RFC 2878.
sentation).
telindus1421Router/wanInterface/ppp/bcpHisOptions
This attribute lists the BCP options for the router at the other side (remote side) of the link. The
bcpHisOptions table contains the same elements as the bcpMyOptions table. Refer to telindus1421Router/wanIn-
terface/ppp/bcpMyOptions on page 551.
telindus1421Router/wanInterface/ppp/ccpMyOptions
During the CCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the CCP options for the router at this side (local side) of the link.
The ccpMyOptions table contains the following elements:
Element Description
option The Telindus 1421 SHDSL Router supports the following CCP option:
• 1: the Predictor1 option.
For more information on the CCP configuration options, refer to RFC 1962.
sentation).
telindus1421Router/wanInterface/ppp/ccpHisOptions
This attribute lists the CCP options for the router at the other side (remote side) of the link. The
ccpHisOptions table contains the same elements as the ccpMyOptions table. Refer to telindus1421Router/wanIn-
terface/ppp/ccpMyOptions on page 552.
telindus1421Router/wanInterface/ppp/myCompressionRatio
When PPP compression is enabled, this attribute displays the compression ratio achieved by the router
at this side (local side) of the link.
telindus1421Router/wanInterface/ppp/hisCompressionRatio
When PPP compression is enabled, this attribute displays the compression ratio achieved by the router
at the other side (remote side) of the link.
telindus1421Router/wanInterface/ppp/myAuthenticationStatus
This attribute displays the authentication state of the router at this side (local side) of the link. I.e. the
state of the authenticator. Possible values are:
Value Description
No-Authentication The local side does not request PPP authentication or still has to start the CHAP
authentication (LCP handshake is busy).
Wait-On-Response The local side has sent a challenge packet and is waiting for an answer.
Authen-Successful The response packet is found to be correct. This is the state when authentication
succeeded.
Authen-Failure The response packet is found to be incorrect. This is a transient state since the
router starts the LCP handshake again after a failing authentication.
telindus1421Router/wanInterface/ppp/hisAuthenticationStatus
This attribute displays the authentication state of the router at the other side (remote side) of the link. I.e.
the state of the peer. Possible values are:
Value Description
No-Authentication This is the start-up state.
Wait-On-Challenge During the LCP handshake the authenticator already indicates it wants to authen-
ticate. From that moment on, the peer awaits a challenge packet.
Wait-On-Success Once the peer has sent a response, it awaits a success or failure message.
Authen-Successful The peer has received a success packet. It remains in this state during data trans-
fer.
Authen-Failure The peer has received a failure packet. This is a transient state since the router
starts the LCP handshake again after a failing authentication.
Authen-Not-Allowed This state only occurs when the peer does not accept the authentication request
during the LCP handshake. A possible reason might be that the peer router does
not support CHAP.
12.5.4 HDLC status attributes

• telindus1421Router/wanInterface/hdlc/bridging on page 555
telindus1421Router/wanInterface/hdlc/bridging
This attribute displays the bridging status of the HDLC link.

12.5.5 Error test status attributes

• telindus1421Router/wanInterface/errorTest/status on page 557
• telindus1421Router/wanInterface/errorTest/type on page 557
• telindus1421Router/wanInterface/errorTest/startSysUpTime on page 557
• telindus1421Router/wanInterface/errorTest/duration on page 557
• telindus1421Router/wanInterface/errorTest/blockSize on page 557
• telindus1421Router/wanInterface/errorTest/programmablePattern on page 557
• telindus1421Router/wanInterface/errorTest/receiveSample on page 557
• telindus1421Router/wanInterface/errorTest/startTest on page 557
• telindus1421Router/wanInterface/errorTest/stopTest on page 557
telindus1421Router/wanInterface/errorTest/status
This attribute displays the status of the error test.
Due to RAM limitations, it is possible that not all test patterns are supported. In that case the string ram-
Limit is displayed as value of the status attribute telindus1421Router/wanInterface/errorTest/status.
telindus1421Router/wanInterface/errorTest/type
This attribute displays the type of error test.
telindus1421Router/wanInterface/errorTest/startSysUpTime
This attribute displays the value of the sysUpTime attribute at the moment the error test was started.
telindus1421Router/wanInterface/errorTest/duration
This attribute displays the duration of the error test.
telindus1421Router/wanInterface/errorTest/blockSize
This attribute displays the size of the test blocks.
telindus1421Router/wanInterface/errorTest/programmablePattern
This attribute displays the bit string pattern as you configured it in the programmablePattern configuration
attribute.
telindus1421Router/wanInterface/errorTest/receiveSample
This attribute displays the received test pattern.
telindus1421Router/wanInterface/errorTest/startTest
Use this action to start an error test.

telindus1421Router/wanInterface/errorTest/stopTest
Use this action to stop an error test.

12.6 SHDSL line status attributes
This section describes the following line status attributes:

• telindus1421Router/wanInterface/line/ifDescr on page 559
• telindus1421Router/wanInterface/line/ifType on page 559
• telindus1421Router/wanInterface/line/ifOperStatus on page 559
• telindus1421Router/wanInterface/line/ifSpeed on page 559
• telindus1421Router/wanInterface/line/region on page 559
• telindus1421Router/wanInterface/line/maxSpeedSearch on page 559
• telindus1421Router/wanInterface/line/maxSpeedResult on page 559
• telindus1421Router/wanInterface/line/linePairsSwapped on page 560
• telindus1421Router/wanInterface/line/numDiscoveredRepeaters on page 560
• telindus1421Router/wanInterface/line/eocAlarmThresholds on page 560
This section describes the following line pair status attributes:
• telindus1421Router/wanInterface/line/linePair[ ]/ifOperStatus on page 562
• telindus1421Router/wanInterface/line/linePair[ ]/ifSpeed on page 562
• telindus1421Router/wanInterface/line/linePair[ ]/status on page 562
• telindus1421Router/wanInterface/line/linePair[ ]/timeSinceLastRetrain on page 562
• telindus1421Router/wanInterface/line/linePair[ ]/lineAttenuation on page 562
• telindus1421Router/wanInterface/line/linePair[ ]/signalNoise on page 562
• telindus1421Router/wanInterface/line/linePair[ ]/actualBitRate on page 562
• telindus1421Router/wanInterface/line/maximumSpeedSearch on page 561
telindus1421Router/wanInterface/line/ifDescr
telindus1421Router/wanInterface/line/ifType
telindus1421Router/wanInterface/line/ifOperStatus
This attribute displays the current operational status of the line. Possible values are:
Value Description
up The line is up, data transfer is possible.
down The line is down, data transfer is not possible.
testing A line test is active.
telindus1421Router/wanInterface/line/ifSpeed
This attribute displays the current line speed in bits per second (bps).
In case of a Telindus 1421 SHDSL Router 2 pair version, the line/ifSpeed attribute displays the sum of the
speed of line pair 1 and 2.
telindus1421Router/wanInterface/line/region
This attribute displays the SHDSL standard currently used. Possible values are: auto, annexA, annexB.
Refer to telindus1421Router/wanInterface/line/region on page 398 for more information on these values.
telindus1421Router/wanInterface/line/maxSpeedSearch
This attribute displays the status of the maximumSpeedSearch action. Possible values are:
Value Description
idle No maximumSpeedSearch action has been performed.
progressing The maximumSpeedSearch action is running.
aborted The maximumSpeedSearch action stopped without result.
completed The maximumSpeedSearch action is finished. The result is displayed in the

maxSpeedResult attribute.
telindus1421Router/wanInterface/line/maxSpeedResult
This attribute displays the maximum speed, in bits per second (bps), that was achieved during the exe-
cution of the maximumSpeedSearch action.
telindus1421Router/wanInterface/line/linePairsSwapped
This attribute is only present on the Telindus 1421 SHDSL Router 2 pair version.
This attribute indicates whether the line pairs have been swapped when connecting the central with the
remote device. Possible values are:
Value Description
yes The line pairs are swapped.
no The line pairs are not swapped.
unknown The Telindus 1421 SHDSL Router is unable to determine whether the line pairs
have been swapped (e.g. because it is still training).
telindus1421Router/wanInterface/line/numDiscoveredRepeaters
This attribute displays the number of Crocus SHDSL repeaters that the Telindus 1421 SHDSL Router
discovered on the SHDSL line.
telindus1421Router/wanInterface/line/eocAlarmThresholds
What this attribute displays depends on the setting of the telindus1421Router/wanInterface/line/eocHandling

attribute:
If eocHandling is then …
set to …
none the eocAlarmThresholds attribute does not display relevant information. It always dis-
plays 0.0.
discovery • on the central1 device, the eocAlarmThresholds attribute displays the values as set
in the telindus1421Router/wanInterface/line/linkAlarmThresholds attribute.
inventory
• on the remote2 device, the eocAlarmThresholds attribute does not display relevant
info information. It always displays 0.0.
alarmConfiguration the eocAlarmThresholds attribute displays the values as set in the telindus1421Router/
wanInterface/line/linkAlarmThresholds attribute on the central device.
The eocAlarmThresholds structure contains the following elements:

• lineAttenuation
• signalNoise
telindus1421Router/wanInterface/line/maximumSpeedSearch
Use this action to determine the highest possible line speed that can be achieved between the central
and remote Telindus 1421 SHDSL Router.
When you execute this test, the following happens:
Phase Action
1 The Telindus 1421 SHDSL Router interrupts the normal data transfer.
2 Both local and remote Telindus 1421 SHDSL Router go to auto speed mode in order to
determine the highest possible line speed. Meanwhile, the status of the test can be mon-
itored with the maxSpeedSearch attribute.
3 When the test ends, the result is displayed by the maxSpeedResult attribute.
4 The Telindus 1421 SHDSL Router resumes normal data transfer at the speed that was
selected before the test.
Important remarks
• The Telindus 1421 SHDSL Router has to be in data state (i.e. after a successful training sequence
and when the data connection is up) before you can execute the maximumSpeedSearch action.
• While the maximumSpeedSearch action is running, no data transmission is possible.
• In case of a Telindus 1421 SHDSL Router 2 pair version, you can not execute the maximumSpeedSearch
action because you can not define a speed range on both the central and remote Telindus 1421
SHDSL Router.
telindus1421Router/wanInterface/line/linePair[ ]/ifOperStatus
This attribute displays the current operational status of the line pair. Possible values are:
Value Description
up The line pair is up, data transfer is possible. This is the case when the value of the
linePair[ ]/status attribute is dataState.
down The line pair is down, data transfer is not possible.
testing A line test is active.
telindus1421Router/wanInterface/line/linePair[ ]/ifSpeed
This attribute displays the line pair speed, in bits per second (bps), when the line pair is in data state.
telindus1421Router/wanInterface/line/linePair[ ]/status
This attribute displays the current status of the line pair. Possible values are:
Value Description
idle No link is present.
training A training cycle is in progress.
dataState A data link is present.
telindus1421Router/wanInterface/line/linePair[ ]/timeSinceLastRetrain
This attribute displays the elapsed time since the last retrain cycle.
telindus1421Router/wanInterface/line/linePair[ ]/lineAttenuation
This attribute displays the current line pair attenuation in dB.
The lineAttenuation attribute does not display meaningful information when the line is not trained. It is only
relevant for a line that is in data state for at least 5 minutes.
telindus1421Router/wanInterface/line/linePair[ ]/signalNoise
This attribute displays the current signal to noise ratio on the line pair in dB.
The signalNoise attribute does not display meaningful information when the line is not trained. It is only
relevant for a line that is in data state for at least 5 minutes.
telindus1421Router/wanInterface/line/linePair[ ]/actualBitRate
This attribute displays the maximum speed, in bits per second (bps), that could be negotiated on the line
pair during the training sequence.
12.7 End and repeater status attributes

• telindus1421Router/wanInterface/end/vendorId on page 564
• telindus1421Router/wanInterface/end/vendorModel on page 564
• telindus1421Router/wanInterface/end/vendorSerial on page 564
• telindus1421Router/wanInterface/end/vendorSoftVersion on page 564
• telindus1421Router/wanInterface/end/eocSoftVersion on page 564
• telindus1421Router/wanInterface/end/shdslVersion on page 564
• telindus1421Router/wanInterface/end/eocState on page 565
• telindus1421Router/wanInterface/end/eocAlarmThresholds on page 565
• telindus1421Router/wanInterface/end/linePair[ ]/lineAttenuation on page 565
• telindus1421Router/wanInterface/end/linePair[ ]/signalNoise on page 565
• telindus1421Router/wanInterface/repeater/loopbackActivation on page 566
• Exactly which information is retrieved from the remote SHDSL device(s) through the EOC channel
depends on the setting of the eocHandling attribute. Refer to 5.4.4 - none or passiveWhich standard EOC
information is retrieved? on page 70 for an overview.
• The repeater[ ] and end objects contain the same attributes, therefore only the attributes of the end
object are listed here.
telindus1421Router/wanInterface/end/vendorId
This attribute is only retrieved in case the eocHandling attribute is set to discovery, inventory, info or alarmCon-
figuration.
This attribute displays information about the vendor of the repeater or end device. The vendorId structure
contains the following elements:
• countryCode E.g. 65295 for Belgium.
• providerCode E.g. TLS_ for Telindus.
• vendorSpecific
telindus1421Router/wanInterface/end/vendorModel
This attribute is only retrieved in case the eocHandling attribute is set to inventory, info or alarmConfiguration.
This attribute displays the model of the repeater or end device. E.g. SHDSL TT 2P for a Crocus SHDSL
Table Top 2 pair version.
telindus1421Router/wanInterface/end/vendorSerial
This attribute displays the serial number of the repeater or end device. For a Telindus devices this is the
deviceId attribute (refer to telindus1421Router/deviceId on page 523).
telindus1421Router/wanInterface/end/vendorSoftVersion
This attribute displays the version of the firmware used on the repeater or end device. For a Telindus
device this is the part after “/” of the T-code string displayed in the flashVersion attribute (refer to
telindus1421Router/flash1Version on page 521).
telindus1421Router/wanInterface/end/eocSoftVersion
figuration.
This attribute displays the EOC software version used on the repeater or end device.
telindus1421Router/wanInterface/end/shdslVersion
figuration.
This attribute displays the SHDSL version used on the repeater or end device.
telindus1421Router/wanInterface/end/eocState
figuration.
This attribute displays the state of the EOC channel.
telindus1421Router/wanInterface/end/eocAlarmThresholds
This attribute is only retrieved in case the eocHandling attribute is set to info or alarmConfiguration.
What this attribute displays depends on the setting of the telindus1421Router/wanInterface/line/eocHandling
attribute:
If eocHandling is then …
set to …
info the eocAlarmThresholds attribute displays the values as set in the telindus1421Router/
wanInterface/line/linkAlarmThresholds attribute on the remote1 device.
alarmConfiguration the eocAlarmThresholds attribute displays the values as set in the telindus1421Router/
wanInterface/line/linkAlarmThresholds attribute on the central2 device.
The eocAlarmThresholds structure contains the following elements:

• lineAttenuation
• signalNoise
telindus1421Router/wanInterface/end/linePair[ ]/lineAttenuation
This attribute displays the line attenuation, in dB, as it is measured on the line pair of the repeater or end
device.
telindus1421Router/wanInterface/end/linePair[ ]/signalNoise
This attribute displays the noise margin, in dB, as it is measured on the line pair of the repeater or end
device.
telindus1421Router/wanInterface/repeater/loopbackActivation
This action is only present in the repeater[ ] object.

Use this action to set up a loop at the network side of the Crocus SHDSL Repeater:
network loop- customer

side back side
central device repeater
Set the loop by selecting the action argument value initiateNetworkLoopback and executing the action (in
TMA, double-click the loopbackActivation string). Stop the loop by selecting the action argument value
clearAllMaintenanceStates and executing the action (in TMA, double-click the loopbackActivation string).
Important remarks
• You can only set up a loop at the network side of the Crocus SHDSL Repeater. Not at the customer
side.
• You can only start the loopbackActivation action on the central device. Not on the remote device.
• You can only start the loopbackActivation action in case the telindus1421Router/wanInterface/line/eocHandling
attribute is set to alarmConfiguration.
12.8 Bundle status attributes
This section describes the status attributes of the different bundles that can be set up on the Telindus
1421 SHDSL Router. The following gives an overview of this section:
• 12.8.1 - PPP bundle status attributes on page 568
12.8.1 PPP bundle status attributes

• telindus1421Router/bundle/pppBundle[ ]/ifDescr on page 569
• telindus1421Router/bundle/pppBundle[ ]/ifType on page 569
• telindus1421Router/bundle/pppBundle[ ]/ifOperStatus on page 569
• telindus1421Router/bundle/pppBundle[ ]/ifSpeed on page 569
• telindus1421Router/bundle/pppBundle[ ]/members on page 569
• telindus1421Router/bundle/pppBundle[ ]/ip on page 570
• telindus1421Router/bundle/pppBundle[ ]/ipcpState on page 570
• telindus1421Router/bundle/pppBundle[ ]/ipcpMyOptions on page 571
• telindus1421Router/bundle/pppBundle[ ]/ipcpHisOptions on page 571
• telindus1421Router/bundle/pppBundle[ ]/bridging on page 572
• telindus1421Router/bundle/pppBundle[ ]/bcpState on page 572
• telindus1421Router/bundle/pppBundle[ ]/bcpMyOptions on page 572
• telindus1421Router/bundle/pppBundle[ ]/bcpHisOptions on page 572
• telindus1421Router/bundle/pppBundle[ ]/multiclassInterfaces on page 573
telindus1421Router/bundle/pppBundle[ ]/ifDescr
This attribute displays the interface description of the PPP bundle.
telindus1421Router/bundle/pppBundle[ ]/ifType
This attribute displays the interface type of the PPP bundle.
telindus1421Router/bundle/pppBundle[ ]/ifOperStatus
This attribute displays the current operational status of the PPP bundle.
telindus1421Router/bundle/pppBundle[ ]/ifSpeed
This attribute displays the current speed of the PPP bundle in bits per second (bps). It is the sum of the
speeds of all the bundle links in the bundle.
telindus1421Router/bundle/pppBundle[ ]/members
This attribute displays the status of the different bundle links in the PPP bundle.
The members table contains the following elements:
Element Description
ifDescr This element displays the name of the bundle link as you entered it in the members
configuration attribute.
Refer to 6.4.11 - Setting up multilink PPP on page 139 for more information.
memberStatus This element displays the member status of the bundle link in the bundle. Possible
values are:
• notJoined. The bundle link is currently not an active member of the bundle. E.g.
because the bundle link is down.
• joined. The bundle link is currently an active member of the bundle.
• notFound. The bundle link that you specified in the members configuration attribute
could not be found. E.g. because you entered a wrong channel index name or
because you did not create a channel yet.
Refer to 6.4.11 - Setting up multilink PPP on page 139 for more information on
the channels and channel index names.
ifLastChange This element displays the system-up time on the moment the bundle link entered
its current operational state. I.e. the moment the value of the memberStatus status
element changes (from notJoined to joined or vice versa), the system-up time value
is written into the ifLastChange status element.
ifSpeed This element displays the current speed of the bundle link in bits per second (bps).
telindus1421Router/bundle/pppBundle[ ]/ip
This attribute displays the IP information of the PPP bundle.

Element Description
status This is the current operational status of the IP layer (layer 3) of the PPP bundle.
address This is the IP address of the PPP bundle. It is either configured or retrieved auto-
matically.
netMask This is the IP subnet mask of the PPP bundle. It is either configured or retrieved
automatically.
remote This is the IP address of the remote end of the PPP bundle. It is either configured
or retrieved automatically.
telindus1421Router/bundle/pppBundle[ ]/ipcpState
This attribute reflects the status of the IPCP (Internet Protocol Control Protocol) protocol. Possible val-
ues are:
Value Description
Initial IPCP handshake has not started yet.
Starting, Closed, These values correspond with the transient states in the IPCP state diagram.
Stopped, Closing,
Stopping
Req-Sent The local side of the PPP link has sent an IPCP request. The remote side did not
answer yet.
Ack-Rcvd The local side of the PPP link has received an IPCP acknowledge from the remote
side. This is a transient state.
Ack-Sent The local side of the PPP link has acknowledged the IPCP request from the remote
side.
Opened The IPCP handshake succeeded.

telindus1421Router/bundle/pppBundle[ ]/ipcpMyOptions
During the IPCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the IPCP options for the router at this side (local side) of the link.
The ipcpMyOptions table contains the following elements:
Element Description
option The Telindus 1421 SHDSL Router supports the following IPCP option:
• 3: the IP-Address option.
• ip-vso: the IP-Vendor Specific Option. This is used to negotiate the netmask.
For more information on the IPCP configuration options, refer to RFC 1332.
sentation).
telindus1421Router/bundle/pppBundle[ ]/ipcpHisOptions
This attribute lists the IPCP options for the router at the other side (remote side) of the link. The
ipcpHisOptions table contains the same elements as the ipcpMyOptions table. Refer to telindus1421Router/bun-
dle/pppBundle[ ]/ipcpMyOptions on page 571.
telindus1421Router/bundle/pppBundle[ ]/bridging
This attribute displays the bridging status of the PPP bundle.

telindus1421Router/bundle/pppBundle[ ]/bcpState
This attribute reflects the status of the BCP (Bridging Control Protocol) protocol. The possible values are
the same as those of ipcpState attribute. Refer to telindus1421Router/bundle/pppBundle[ ]/ipcpState on page 570.
telindus1421Router/bundle/pppBundle[ ]/bcpMyOptions
During the BCP handshake, a number of options can be exchanged between the local and remote side
of the link. This attribute lists the BCP options for the router at this side (local side) of the link.
The bcpMyOptions table contains the following elements:
Element Description
option The Telindus 1421 SHDSL Router supports the following BCP options:
• 1: the Bridge-Identification option.
• 2: the Line-Identification option.
• 3: the MAC-Support option.
• 4: the Tinygram-Compression option.
• 5: the LAN-Identification option.
• 6: the MAC-Address option.
• 7: the Spanning-Tree-Protocol option.
For more information on the BCP configuration options, refer to RFC 2878.
sentation).
telindus1421Router/bundle/pppBundle[ ]/bcpHisOptions
This attribute lists the BCP options for the router at the other side (remote side) of the link. The
bcpHisOptions table contains the same elements as the bcpMyOptions table. Refer to telindus1421Router/bundle/
pppBundle[ ]/bcpMyOptions on page 572.
telindus1421Router/bundle/pppBundle[ ]/multiclassInterfaces
This attribute displays the status of the different multiclass PPP links in the PPP bundle.
The multiclassInterfaces table contains the following elements:
Element Description
name This element displays the name of the multiclass PPP link as you defined it in the
multiclassInterfaces configuration attribute.
ifOperStatus This element displays the current operational status of the multiclass PPP link.
ifLastChange This element shows the system-up time on the moment the multiclass PPP link
entered its current operational state. I.e. the moment the value of the ifOperStatus
status attribute changes (from up to down or vice versa), the system-up time value
is written into the ifLastChange status attribute.
ip This element displays the IP information of the multiclass PPP link.

bridging This element displays the bridging information of the multiclass PPP link.
ppp This element displays the PPP information of the multiclass PPP link.
multiclass This element displays the multiclass identifier of the multiclass PPP link.
12.9 Router status attributes
This section discusses the status attributes concerned with routing. First it describes the general routing
status attributes. Then it explains the status attributes of the extra features as there are NAT, L2TP tun-
nelling, etc…
• 12.9.1 - General router status attributes on page 575
• 12.9.2 - NAT status attributes on page 585
• 12.9.3 - L2TP tunnel status attributes on page 587
• 12.9.4 - OSPF status attributes on page 592
• 12.9.5 - VRRP status attributes on page 610
12.9.1 General router status attributes

• telindus1421Router/router/igmpTable on page 579
• telindus1421Router/router/dhcpBinding on page 581
• telindus1421Router/router/dhcpStatistics on page 581
• telindus1421Router/router/dhcpRelayInfo on page 582
• telindus1421Router/router/dhcpBlackList on page 582
• telindus1421Router/router/radius on page 583
• telindus1421Router/router/dns on page 583
• telindus1421Router/router/dnsServers on page 583
• telindus1421Router/router/unBlacklist on page 583
telindus1421Router/router/routingTable
This attribute lists all known routes (both static and learned routes) with their operating status.
The routingTable contains the following elements:
Element Description
network This is the IP address of the destination network.
mask This is the network mask of the destination network.
gateway This is the IP address of the next router on the path to the destination network.
interface This is the interface through which the destination network can be reached. Pos-
sible values are:
• internal. The own protocol stack is used.
• <name>. The destination network can be reached through this particular inter-
face. The <name> of the interface is the name as you configured it.
Note that the “interface” can also be a DLCI, an ATM PVC, a tunnel, etc.
• discard. Packets for this destination are discarded.
encapsulation This is the used encapsulation. It is related to the interface for this route. Possible
values are:
• none. The IP packets are not encapsulated.
• ethernet. The IP packets are encapsulated with the ARPA MAC header.
• frameRelay. The IP packets are encapsulated in Frame Relay.
• ppp. The IP packets are encapsulated in PPP.
• atm. The IP packets are encapsulated in ATM.
Element Description
status This is the route status. Possible values are:

• up. The route is up, data transfer is possible.
• down. The route is down, data transfer is not possible.
• spoofing. This applies on routes over an ISDN/PSTN dial-up connection or
through an L2TP outgoing dial tunnel.
It means that the route is available, but that it is not truly up (yet). I.e. the (dial)
connection can be made, but is currently not up. As soon as a connection is
established, then the status of the route changes from spoofing to up.
• holdDown. This applies on RIP routes.
A route enters into a hold-down state when an update packet is received that
indicates the route is unreachable. The route is marked inaccessible and adver-
tised as unreachable. However, the route is still used for forwarding packets.
When hold-down expires, routes advertised by other sources are accepted and
the route is no longer inaccessible.
Refer to telindus1421Router/router/ripHoldDownTime on page 420 for more information.
• closed. This applies on L2TP tunnels and VRRP. In case of …
- L2TP tunnels where you configure a main and a backup tunnel (refer to
9.4.4 - Setting up a main and back-up tunnel on page 287) and the main tun-
nel goes down, then it is not desirable that the route to the main tunnel its
status returns from up to spoofing because in that case the Telindus 1421
SHDSL Router will keep trying to send data across the main route/tunnel.
That is why in such a case the route to the main tunnel is “artificially”
blocked. I.e. its status is set to closed.
- VRRP (refer to 7.9 - Configuring VRRP on page 218), it is sometimes desir-
able that the IP address on an Ethernet interface no longer answers to
pings, even if the Ethernet interface is up. That is why in such a case the
host route is “artificially” blocked. I.e. its status is set to closed.
preference This displays the route preference. If more than one route matches the IP destina-
tion address, this attribute determines which route is used. The route with the low-
est preference value will be used.
type This is the type of the route. Possible values are:

• host. This is a host route, i.e. a route to a single IP address instead of a complete
network. This is also used for the router its own IP address.
• internal. A route with this status is irrelevant.
• local. This is a route to a directly connected network.
• rip. This is a route that has been received via a RIP update.
• static. This is a route that has been configured, i.e. it is a static route.
• float. This is a route that has been added for a PPP link for which no local or
remote IP address was configured. These were learned from the other side.
Refer to 6.4.4 - Imposing IP addresses on the remote in PPP on page 130 for
more information.
Element Description
metric If two routes exist with the same preference, then the route with the lowest metric
value is chosen. The metric attribute serves as a cost for using the route. In most
cases it indicates the number of hops (= routers) required to reach a destination.
timeOut In case of a RIP route, the timeOut attribute displays the time the route will remain
in the routing table if no RIP updates are received anymore. For other routes this
attribute always displays 00000d 00h 00m 00s.
Example
The following figure displays an example of a routing table:
The lines in the routing table depicted above represent the following:
• Line 1 represents the default gateway, which is not defined.
• Lines 2 and 5 represent the subnets on the LAN and WAN interface respectively.
• Lines 3 and 6 represent the interface its IP addresses.
• Line 7 represents the static route to the remote LAN.
• Finally, line 4 represents the multicast address for RIP version 2.
Remark
If the LAN is not connected to the Telindus 1421 SHDSL Router, it is still possible to contact the Telindus
1421 SHDSL Router with e.g. TMA or Telnet over the WAN link by using the IP address of the LAN inter-
face. This means that the status attribute telindus1421Router/lanInterface/ip/status still indicates up, although in
the routingTable the corresponding route to the network is down. This implementation seems not logical
but is necessary to insure correct operation with HP OpenView.
telindus1421Router/router/igmpTable
This attribute shows the multicast address, reported by one or more clients. The igmpTable is always
updated, even if no proxy is configured.
The igmpTable contains the following elements:
Element Description
multicast This is the multicast address.
interface This is the interface name of the client(s). In case of multiple interface names, they
are separated from each other by a comma.
What is IGMP?
Internet Group Management Protocol (IGMP) is defined in RFC 1112 as the standard for IP multicasting
in the Internet.
It is used to establish host memberships in particular multicast groups on a single network. The mecha-
nisms of the protocol allow a host to inform its local router, using Host Membership Reports, that it wants
to receive messages addressed to a specific multicast group.
All hosts conforming to level 2 of the IP multicasting specification require IGMP.
IGMP topology
Consider the following multicasting topology:
In this topology …
• Client 1 and Client 2 are multicast clients.
• Router 1, 2 and 3 are multicast enabled routers.
• Server 1 is a multicast server.
The following are some characteristics of an IGMP topology:

• Only 1 IGMP proxy can be defined per device.
• The TTL of an IGMP frame is always 1. IGMP messages are never forwarded.
• An IGMP frame contains an IP router alert option.
• IGMPv1 routers may be present in the network.
The multicasting IGMP protocol can be configured on every IP interface. Refer to the igmp element in
5.2.3 - Explaining the ip structure on page 54.
A client can leave or join a multicast group by erasing or adding a multicast address from a table, defined
in the client application. A list of multicast group addresses is maintained in the routers. The reported
multicast addresses can be seen in the igmpTable. Refer to telindus1421Router/router/igmpTable on page 579.
On a router interface, IGMP join and leave messages are interpreted and the multicast member list is
adapted accordingly. Multicast frames are forwarded if they are present in the multicast member list. On
a proxy interface, IGMP join and leave messages are transmitted according to the multicast member list.
Multicast frames are always forwarded.
Since IGMP is send in UDP (join/leave can be lost), the clients (proxies) are polled every 125 seconds:
• A general query is send to 224.0.0.1 (poll all systems).
• A leave group message is send to 224.0.0.2 (all routers).
telindus1421Router/router/dhcpBinding
This attribute contains a list of dynamically assigned (i.e. leased) IP addresses.

The dhcpBinding table contains the following elements:
Element Description
ipAddress This is the IP address that is dynamically assigned to a client.
macAddress This is the MAC address of the client.
leaseTime This is the remaining lease time.
hostName This is the hostname of the client.
interface This is the name of the interface on which the client has been bound.
state This is the state of the lease. Possible values are leased and onHold.
telindus1421Router/router/dhcpStatistics
This attribute contains the statistics of all IP address ranges that have been specified in the configuration
attribute telindus1421Router/router/dhcpDynamic.
The dhcpStatistics table contains the following elements:
Element Description
startRange Displays the IP start address of an IP address range.
endRange Displays the IP end address of an IP address range.
interface For the corresponding IP address range, this is the name of the interface on which
the clients have been bound.
free For the corresponding IP address range, this displays the number of IP addresses
that are still free.
leased For the corresponding IP address range, this displays the number of IP addresses
that are leased.
hold For the corresponding IP address range, this displays the number of IP addresses
that are on hold.
During power-down of the DHCP server, some leased IP addresses can still be active. Because the
duration of the power-down can not be known, all timer information about lease and hold time becomes
meaningless. Therefore, the DHCP server incorporated in the Telindus 1421 SHDSL Router sends a
ping to all leased addresses after a warm boot. When the client responds to this ping, the DHCP server
resets all timers to their default value and keeps the lease with this client.
telindus1421Router/router/dhcpRelayInfo
This attribute displays the status information of the DHCP relay process in case the Telindus 1421
SHDSL Router is configured to act as DHCP relay agent.
The dhcpRelayInfo table contains the following elements:
Element Description
sourceIntf This is the name of the interface on which the DHCP request has been received.
mac This is the MAC address of the client.
assignedIp This is the IP address that has been dynamically assigned to the client by the
remote DHCP server.
serverIp This is the IP address of the remote DHCP server.
dhcpStatus This is the status of the DHCP process. Possible values are: discover, offer, request,
decline, ack, nack, release, inform, idle.
leaseTime This is the remaining lease time.
telindus1421Router/router/dhcpBlackList
This attribute displays the MAC and IP address of blacklisted clients and the reason why they are on the
black list.
The dhcpBlackList table contains the following elements:
Element Description
ipAddress This is the IP address of the blacklisted client.
macAddress This is the MAC address of the blacklisted client.
reason This is the reason why the client is on the black list. Possible values are:
• arp. The ARP request probing indicated that the IP address is already in use by
a client on the network. Refer to telindus1421Router/router/dhcpCheckAddress on
page 430.
• ping. The ICMP Echo Request (ping) probing indicated that the IP address is
already in use by a client on the network. Refer to telindus1421Router/router/dhcp-
CheckAddress on page 430.
• alienAck. Another DHCP server assigned an IP address to the client.
• declined. The client explicitly declined the IP address that was assigned.
• networkOrBroadcast. The DHCP server tried to assign a network or broadcast
address to a client. This indicates that the IP address ranges in the DHCP
server have been misconfigured.
telindus1421Router/router/radius
This attribute shows some RADIUS status information. Refer to What is RADIUS? on page 299 for more
information.
The radius structure contains the following elements:
Element Description
authServer This is the IP address of the authentication server the Telindus 1421 SHDSL
Router is connected to.
acctServer This is the IP address of the accounting server the Telindus 1421 SHDSL Router
is connected to.
pendingRequests This is the amount of pending requests on these servers.
telindus1421Router/router/dns
This attribute shows some DNS status information. Refer to What is DNS? on page 716 for more infor-
mation.
The dns table contains the following elements:
Element Description
ipAddress This is the IP address of the DNS server.
hostname This is the hostname of the DNS server.
ttl This is the time-to-live of the cached DNS data.
infiniteTimeOut This indicates that the DNS record has an infinite TTL or at least longer than 24
days.
telindus1421Router/router/dnsServers
This attribute displays the IP address(es) of the DNS server(s) that have been configured or learned.
The dns table contains the following elements:
Element Description
primaryDns This is the IP address of the primary DNS server.
secondaryDns This is the IP address of the secondary DNS server.
telindus1421Router/router/unBlacklist
This action removes an entry from the blacklist.

The unBlacklist action contains the following argument values:
Element Description
startIp Use this element to specify an IP address (range) that has to be removed from the
blacklist.
If you want to specify …
• a single IP address, then just enter the IP address in the startIp element and
leave the stopIp element at its default value (<opt>).
• an IP address range, then enter the first IP address of the range in the startIp
element and the last IP address of the range in the stopIp element.
stopIp Use this element to specify the last IP address of an IP address range that has to
be removed from the blacklist.
mac Use this element to specify a MAC address of an entry that has to be removed from
the blacklist.
12.9.2 NAT status attributes

• telindus1421Router/router/defaultNat/addresses on page 586
telindus1421Router/router/defaultNat/addresses
This attribute displays the status of each official IP address that is configured in the configuration
attribute telindus1421Router/router/defaultNat/addresses.
The addresses table contains the following elements:
Element Description
officialAddress This is the official IP address as you entered it in the addresses configuration
attribute.
privateAddress This is the private IP address that is currently linked with the official IP address.
status This is the status of the official IP address. Possible values are:
• free. This official IP address is currently not in use.
• fixed. This address has a pre-configured mapping between the official and pri-
vate IP address.
• allocated. This official IP address is currently assigned to a private IP address,
but it is not fixed.
uses This indicates how many sessions are currently used by this official IP address.
If the attribute value becomes zero, the assigned official IP address becomes free
again and can be assigned to another private IP address.
12.9.3 L2TP tunnel status attributes

telindus1421Router/router/tunnels/l2tpTunnels
This attribute displays status information of the L2TP tunnels.

Element Description
name This is the name of the tunnel as you configured it. If you did not configure a name,
then this element displays: “tunnel” <local IP address of the tunnel>.
E.g. tunnel 192.168.5.1
ifOperStatus This displays the operational status of the tunnel. Possible values are:
• up. The tunnel is up, data transfer is possible.
• down. The tunnel is down, data transfer is not possible.
• dormant. The tunnel is "stand-by". As soon as data has to be sent over the tun-
nel, control connect messages are exchanged and the operational status of the
tunnel becomes up.
ifLastChange This is the system-up time on the moment the tunnel entered its current opera-
tional state. I.e. the moment the value of the ifOperStatus status element changes
(from up to down or vice versa), the system-up time value is written into the
ifLastChange status element.
ip This displays the IP information of the tunnel.

bridging This displays the bridging information of the tunnel.

l2tp This displays the specific L2TP related status information of the tunnel.
Refer to the telindus1421Router/router/tunnels/l2tpTunnels/l2tp on page 589 for a detailed
description of the l2tp structure.
ppp This displays the PPP information of the tunnel.

telindus1421Router/router/tunnels/l2tpTunnels/l2tp
The l2tp structure in the l2tpTunnels table displays the specific L2TP related status information of the tun-
nel.
The l2tp structure contains the following elements:
Element Description
sendingSeqNum In case sequence numbering on the data messages is enabled (dataChannelSequen-

ceNumbering = on), then this displays the transmit data sequence numbers.
receivingSeqNum In case sequence numbering on the data messages is enabled (dataChannelSequen-

ceNumbering = on), then this displays the receive data sequence numbers.
l2tpType This displays which L2TP server type the Telindus 1421 SHDSL Router currently
is: LAC or LNS.
If you set the configuration attribute l2tpMode to auto, then the status attribute l2tpType
displays the auto value until the Telindus 1421 SHDSL Routers have mutually
decided who will be the LAC and who the LNS.
controlState This displays the states associated with the LNS or LAC control connection estab-
lishment. Refer to L2TP status - control states on page 590 for more information.
callState This displays the states associated with the LNS or LAC incoming or outgoing
calls. Refer to L2TP status - call states on page 590 for more information.
deliveryState This displays the states associated with the LNS or LAC packet delivery. Refer to
L2TP status - delivery states on page 591 for more information.
authenState This displays the states associated with the LNS or LAC authentication. Refer to
L2TP status - authentication states on page 591 for more information.
telindus1421Router/router/tunnels/ipsecL2tpTunnels
This attribute displays status information of the IPSEC L2TP tunnels.

The ipsecL2tpTunnels table contains the same elements as the l2tpTunnels table. Refer to telindus1421Router/
router/tunnels/l2tpTunnels on page 588.
L2TP status - control states
The states associated with the LNS or LAC for control connection establishment are:
Value Description
idle No control connection is present.

Both initiator and recipient start from this state. An initiator transmits a Start Control
Connection Request, while a recipient remains in the idle state until receiving a
Start Control Connection Request.
waitCtlReply This is the state where a Start Control Connection Reply is awaited.
waitCtlConn This is the state where a Start Control Connection Connected is awaited. Upon
receipt, the challenge response is checked. The tunnel either is established, or is
torn down if an authorisation failure is detected.
established The control connection is established.

An established connection may be terminated by either a local condition or the
receipt of a Stop Control Connection Notification. The session then returns to the
idle state.
L2TP status - call states
The states associated with the LNS or LAC incoming or outgoing calls are:
Value Description
idle No data is exchanged over the tunnel.
waitTunnel This is the state in which is waited …

• either for the control connection to be opened,
• or for verification that the tunnel is already open.
Once an indication is received that the tunnel has/was opened, session control
messages may be exchanged. The first of these is the Incoming Call Request.
waitReply This is the state where an Incoming or Outgoing Call Reply message is awaited. If
an Incoming or Outgoing Call Reply message is received, an incoming or Outgoing
Call Connected message is sent and the session moves to the established state.
waitConnect This is the state where an Incoming or Outgoing Call Connected message is
awaited. If an Incoming or Outgoing Call Connected message is received, the call
was successful and the session moves to the established state.
established Data is exchanged over the tunnel.

The session is terminated when receiving or sending a Call Disconnect Notify mes-
sage. The session then returns to the idle state.
L2TP status - delivery states
The states associated with the packet delivery are:
Value Description
operating The Telindus 1421 SHDSL Router has sent a packet, but has not received an
acknowledgement on this packet yet.
idle All transmitted packets have been acknowledged.
L2TP status - authentication states
The states associated with the LNS or LAC authentication are:
Value Description
noAuthentication Authentication is not enabled. This is also the start-up state for the authentication
process.
authenSuccessful Authentication was successful. The Telindus 1421 SHDSL Router remains in this
state during data transfer.
authenFailure Authentication failed. This is a transient state since the Telindus 1421 SHDSL
Router starts the handshake again after a failing authentication.
12.9.4 OSPF status attributes
This section discusses the status attributes concerned with OSPF. First it describes the general OSPF
status attributes. Then it explains the OSPF area status attributes.
• General OSPF status attributes on page 593
• Area status attributes on page 598
General OSPF status attributes

• telindus1421Router/router/ospf/type on page 594
• telindus1421Router/router/ospf/routes on page 595
• telindus1421Router/router/ospf/externalRoutes on page 596
• telindus1421Router/router/ospf/asExtLsas on page 597
telindus1421Router/router/ospf/type
This attribute indicates the kind of router link being described.

The type structure contains the following elements
Element Description
areaBorder This element indicates whether the router is an Area Border Router.
asbr This element indicates whether the router is an Autonomous System Border
Router.
Refer to 7.6.1 - Introducing OSPF on page 174 for more information.
virtualLink This element indicates whether a virtual link is present on the router.
wildCardMulticast This element indicates whether multicast extensions are supported by the router.
Note that wildcard multicast is not yet supported by the Telindus 1421
SHDSL Router.
nssaTranslator This element indicates whether the router is an NSSA border router translator.
telindus1421Router/router/ospf/routes
This attribute displays all detected routes in the OSPF network. All detected routes are transferred to the
routing table of this router as type OSPF.
The routes table contains the following elements:
Element Description
network This element displays the IP address of the sub network.
mask This element displays the network mask.
type This element displays the type of the network. Possible values are:
• direct. This value indicates a direct route. This is a route to a host connected
directly to the router.
• intra. This value indicates an intra-area route. This is a route with destinations
belonging to one of the router's attached areas.
• inter. This value indicates an inter-area route.This is a route with destinations in
other OSPF areas.
• extType1. This value indicates an external route of type 1.
• extType2. This value indicates an external route of type 2.
• reject. This value indicates a rejected route.
• static. This value indicates a static route.
• none. This value indicates a non-existing route.
cost This element displays the cost of the route.

There are two exceptions, when another value is displayed. These are:
• unknown. This value indicates that the cost of the route is unknown.
• infinite. This value indicates that the route is not available.
gateway This element displays the IP address of the next interface on the path to the des-
tination network.
outgoingIp This element displays the IP address of the outgoing router interface.
interface This element displays the administrative name of the interface.

telindus1421Router/router/ospf/externalRoutes
This attribute displays all external routes which are injected into the OSPF network by this router.
The externalRoutes table contains following elements:
Element Description
network This element displays the IP address of the sub network.
mask This element displays the network mask.
gateway This element displays the IP address of the next interface on the path to the des-
tination network.
interface This element displays the administrative name of the interface.
costType This element displays the type of cost of the external route. Possible values are:
• type1. The type of cost of the external route is type 1.
Also refer to telindus1421Router/router/ospf/importFilter on page 454.

There are two exceptions, when another value is displayed. These are:
• unknown. This value indicates that the cost of the route is unknown.
• infinite. This value indicates that the route is not available.
tag This element displays the 32-bit field attached to each external route. This is not
used by the OSPF protocol itself. It is used to communicate information between
AS boundary routers.
advertise This element displays whether the router advertises the external route to the rest
of the OPSF network. Possible values are:
• yes. The router advertises the external route to the rest of the OPSF network.
• no. The router does not advertise the external route to the rest of the OPSF net-
work.
routeType This element displays how the external route is injected into OSPF. Possible val-
ues are:
• static. Static route configured by the user.
• rip. This route was learned through the rip protocol.
telindus1421Router/router/ospf/asExtLsas
This attribute displays the database entries for all external routes in the OSPF network.
The asExtLsas table contains following elements:
Element Description
linkStateId This element displays the portion of the network that is being described by the
LSA. The contents of this field depend on the type of LSA.
advRouterId This element displays the router ID of the router that originated the LSA.
age This element displays the time in seconds since the LSA was originated.
sequenceNr This element displays the LS sequence number (successive instances of an LSA
are given successive LS sequence numbers).
options This element indicates if the advertising router supports optional OSPF capabili-
ties. Routers of differing capabilities can be mixed within an OSPF routing domain.
The options structure contains the following elements:
• floodExternal. Entire OSPF areas can be configured as "stubs". AS-external-
LSAs will not be flooded into stub areas. This capability is represented by the
element floodExternal.
• multicast. This element indicates whether IP multicast datagrams are forwarded.
• nssa. This element indicates whether the router supports nssa area‘s.
• externalAttributes. This element indicates the router's willingness to receive and
forward external LSAs.
• demandCircuit. This element indicates the router's handling of demand circuits.
• opaque. This element indicates if the router can handle opaque-LSAs.
netMask This element displays the IP address mask for the advertised destination.
Also refer to telindus1421Router/router/ospf/importFilter on page 454.
cost This element displays the cost of this route.
tag This element displays a 32-bit field attached to each external route. This is not
forwardAddress This element displays the address to which data traffic for the advertised destina-
tion is forwarded to.
Area status attributes

• telindus1421Router/router/ospf/area[ ]/interfaces on page 599
• telindus1421Router/router/ospf/area[ ]/hosts on page 601
• telindus1421Router/router/ospf/area[ ]/neighbors on page 601
• telindus1421Router/router/ospf/area[ ]/routers on page 603
• telindus1421Router/router/ospf/area[ ]/routerLsas on page 604
• telindus1421Router/router/ospf/area[ ]/networkLsas on page 606
• telindus1421Router/router/ospf/area[ ]/summLsas on page 607
• telindus1421Router/router/ospf/area[ ]/asbrLsas on page 608
• telindus1421Router/router/ospf/area[ ]/nssaLsas on page 609
telindus1421Router/router/ospf/area[ ]/interfaces
This attribute displays all interfaces available in the area. If an interface is part of more than one network,
the interface belongs to the network with the most significant subnet mask.
The interfaces table contains following elements:
Element Description
name This element displays the name of the interface.
address This element displays the IP address of the interface.
netMask This element displays the subnet mask.
network This element displays the name of the sub network the interface is part of.
type This element displays the interface type. Possible values are:
• pointToPoint: The interface is a point-to-point interface.
• broadcast: The interface is a broadcast interface.
• virtualLink: The interface is a virtual link interface.
• loopback: The interface is a loopback interface.
cost This element displays the cost of the link.
priority This element displays the priority of the network.
status This element displays the status of the router interface.

Refer to telindus1421Router/router/ospf/area[ ]/interfaces/status on page 600 for more infor-
mation.
dr This element displays the IP address of the Designated Router of the sub network.
backupDr This element displays the IP address of the Backup Designated Router.
neighbors This element displays the amount of neighbors of the router.
adjNeighbors This element displays the amount of adjacent neighbors of the router.
bandwidth This element displays the bandwidth of the link.

telindus1421Router/router/ospf/area[ ]/interfaces/status
The states are listed in order of progressing functionality. For example, the inoperative state is listed
first, followed by a list of intermediate states before the final, fully functional state is achieved.
Possible values are:
Value Description
unknown The router status is unknown.
down This is the initial interface state. No protocol traffic at all will be sent or received.
loopback The router's interface to the network is looped back. The interface will be unavail-
able for regular data traffic.
waiting The router is trying to determine the identity of the (Backup) Designated Router for
the network. To do this, the router monitors the Hello Packets it receives. The
router is not allowed to elect a Backup Designated Router nor a Designated Router
until it transitions out of Waiting state. This prevents unnecessary changes of
(Backup) Designated Router.
pointToPoint The interface is operational, and connects either to a physical point-to-point net-
work or to a virtual link. Upon entering this state, the router attempts to form an
adjacency with the neighbouring router. Hello Packets are sent to the neighbour
every helloInterval seconds.
drOther The interface is connected to a broadcast or NBMA network on which another

router has been selected to be the Designated Router. In this state, the router itself
has not been selected Backup Designated Router either. The router forms adja-
cencies to both the Designated Router and the Backup Designated Router (if they
exist).
backupDr The router itself is the Backup Designated Router on the attached network. It will
be promoted to Designated Router when the present Designated Router fails. The
router establishes adjacencies to all other routers attached to the network.
dr In this state, this router itself is the Designated Router on the attached network.
Adjacencies are established to all other routers attached to the network. The router
must also originate a network-LSA for the network node.
telindus1421Router/router/ospf/area[ ]/hosts
This attribute displays all hosts in the OSPF network.

Loopback interfaces that are added to the OSPF network are referred to as hosts. The loop-back inter-
face is a software interface which can be used for management purposes. This interface is always up,
regardless of the state of the physical interfaces.
The hosts table contains following elements
Element Description
intfName This element displays the administrative name of the loop-back interface.
address This element displays the IP address of the loop-back interface.
netMask This element displays the subnet mask of the loop-back interface.
network This element displays the administrative name of the network that the loop-back
interface is part of.
cost This element displays the cost of the loop-back interface link.
telindus1421Router/router/ospf/area[ ]/neighbors
This attribute displays the neighbours of the router.

Routers that share a common segment become neighbours on that segment. Neighbours are discov-
ered via the Hello protocol. Bidirectional communication is indicated when the router sees itself listed in
the neighbour’s Hello Packet.
The neighbors table contains following elements:
Element Description
interface This element displays the administrative name of the neighbouring interface.
routerId This element displays the unique sequence number for the router in the OSPF net-
work.
routerPriority This element displays the priority of the neighbouring router.
ipAddress This element displays the IP address of the neighbouring interface.
status This element displays the status of the neighbouring router.

Refer to telindus1421Router/router/ospf/area[ ]/neighbors/status on page 602 for more infor-
mation.
telindus1421Router/router/ospf/area[ ]/neighbors/status
The states are listed in order of progressing functionality. For example, the inoperative state is listed
first, followed by a list of intermediate states before the final, fully functional state is achieved.
Possible values are:
Value Description
down This is the initial state of a neighbour conversation. It indicates that there has been
no recent information received from the neighbour.
attempt This state is only valid for neighbors attached to NBMA networks. It indicates that
no recent information has been received from the neighbour, but that a more con-
certed effort should be made to contact the neighbour. This is done by sending
the neighbour Hello packets at intervals of helloInterval
init An Hello packet has recently been seen from the neighbour. However, bidirec-
tional communication has not yet been established with the neighbour (i.e., the
router itself did not appear in the neighbour’s Hello packet). All neighbors in this
state (or higher) are listed in the Hello packets sent from the associated interface.
2way Communication between the two routers is bidirectional. This has been assured
by the operation of the Hello Protocol.
exchangeStart This is the first step in creating an adjacency between the two neighbouring rout-
ers. The goal of this step is to decide which router is the master. Neighbour con-
versations in this state or greater are called adjacencies.
exchange The router is describing its entire link state database by sending Database
Description packets to the neighbour. Link State Request Packets may also be
sent asking for the neighbour’s more recent LSAs.
loading Link State Request packets are sent to the neighbour asking for the more recent
LSAs that have been discovered (but not yet received) in the Exchange state.
fullAdjacency The neighbouring routers are fully adjacent. These adjacencies will now appear in
router-LSAs and network-LSAs.
telindus1421Router/router/ospf/area[ ]/routers
This attribute displays all routers in the current area.

The routers table contains following elements:
Element Description
routerId This element displays the unique sequence number for the router in this OSPF
autonomous system.
gateway This element displays the IP address of the next interface on the path to reach this
router.
routerType This element indicates which type of router is detected.

The routerType structure contains the following elements:
• areaBorder. This element indicates that the detected router is an Area Border
Router (ABR).
• asbr. This element indicates that the detected router is an Autonomous System
Border Router (ASBR).
• virtualLink. This element indicates that the link to the detected router is a virtual
link.
• wildCardMulticast. This element indicates if multicast extensions are supported by
the router.
telindus1421Router/router/ospf/area[ ]/routerLsas
This attribute displays the router-LSAs.

Each router in an area originates router-LSAs. The LSA describes the state and cost of the router's links
(i.e., interfaces) to the area. All of the router's links to the area must be described in a single router-LSA.
The routerLsas table contains following elements:
Element Description
linkStateId This element displays the router's OSPF Router ID.

It displays the portion of the network that is being described by the LSA. The con-
tents of this field depend on the type of LSA.
advRouterId This element displays the router ID of the router that originated the LSA.
The options structure contains following elements:
routerType This element indicates the kind of router link being described. The routerType struc-
ture contains following elements:
• areaBorder. This element indicates a link to an ABR.
• asbr. This element indicates a link to an ASBR.
• virtualLink. This element indicates a virtual link.
• wildCardMulticast. This element indicates a multicast link.
linkNr This element displays the number of router links described in this LSA.
linkId This element identifies the object that this router link connects to. When connecting
to an object that also originates an LSA (i.e., another router or a transit network)
the Link ID is equal to the neighbouring LSAs Link State ID. This provides the key
for looking up the neighbouring LSA in the link state database during the routing
table calculation.
Element Description
linkData The value of this element depends on the linkType:

• For connections to stub networks, linkData specifies the network's IP address
mask.
• For unnumbered point-to-point connections, it specifies the interface's MIB-II
interface Index value.
• For the other link types it specifies the router interface's IP address.
This latter piece of information is needed during the routing table build process,
when calculating the IP address of the next hop.
linkType This element displays the type of the link. Possible values are:
• pointToPoint. The link is a point-to-point connection.
• transit. The link is a transit connection.
• stub. The link is a connection within a stub area.
• virtualLink. The link is a virtual link.
cost This element displays the cost of this link.

telindus1421Router/router/ospf/area[ ]/networkLsas
This attribute displays the network-LSAs.

A network-LSA is originated for each network in the area which supports two or more routers. The net-
work-LSA is originated by the network's Designated Router. The LSA describes all routers attached to
the network, including the Designated Router itself.
The networkLsas table contains following elements:
Element Description
linkStateId This element displays the IP interface address of the Designated Router.
It displays the portion of the network that is being described by the LSA. The con-
tents of this field depend on the type of LSA.
AdvRouterId This element displays the router ID of the router that originated the LSA.
netMask This element displays the IP address mask for the network.
linkNr This element displays the number of router links described in this LSA.
routerId This element displays the router IDs of each of the routers attached to the network.
Only those routers that are fully adjacent to the Designated Router are listed. The
Designated Router itself is included in this list.
telindus1421Router/router/ospf/area[ ]/summLsas
This attribute displays the Summary-LSAs. Summary-LSAs are originated by area border routers and
describe inter-area destinations.
The summLsas table contains following elements:
Element Description
linkStateId If the destination is an IP network, then the linkStateId element is an IP network

number. If the destination is an AS boundary router, then the linkStateId element is
the AS boundary router's OSPF Router ID.
This element displays the portion of the network that is being described by the
netMask This element displays the IP address mask for the destination network.

telindus1421Router/router/ospf/area[ ]/asbrLsas
This attribute displays the ASBR-LSAs.

The asbrLsas table contains following elements:
Element Description

telindus1421Router/router/ospf/area[ ]/nssaLsas
This attribute displays the NSSA-LSAs.

The nssaLsas table contains following elements:
Element Description
netMask This element displays the IP address mask for the advertised destination.
tag This element displays a 32-bit field attached to each external route. This is not
forwardAddress This element displays the address to which data traffic for the advertised destina-
tion is forwarded to.
12.9.5 VRRP status attributes

• telindus1421Router/router/vrrp[ ]/macAddress on page 611
• telindus1421Router/router/vrrp[ ]/interfaces on page 611
• telindus1421Router/router/vrrp[ ]/criticals on page 611
telindus1421Router/router/vrrp[ ]/macAddress
This attribute displays the for VRRP reserved MAC address. The first 5 bytes are fixed (00:00:5e:00:01).
The last byte is the virtual router ID.
telindus1421Router/router/vrrp[ ]/interfaces
This attribute displays the status of the virtual router its interfaces.
The interfaces table contains the following elements:
Element Description
name This element displays the interface name.
priority This element displays the interface priority.
status This element displays the interface status. Possible values are:
• initial: The virtual router interface is in an initial state (e.g. during the master/
backup election process).
• master: The virtual router interface is elected master after the master/backup
election process.
• backup: The virtual router interface is elected backup after the master/backup
election process.
• inactive: The virtual router interface is inactive (e.g. because VRRP is not active).
telindus1421Router/router/vrrp[ ]/criticals
This attribute displays the status of the virtual router interfaces that you defined as critical (refer to
telindus1421Router/router/vrrp[ ]/criticals on page 480).
The criticals table contains the following elements:
Element Description
interface This element displays the name of the critical interface.
status This element displays the operational status (e.g. up, down, etc.) of the critical
interface.
12.10 Bridge status attributes

• telindus1421Router/bridge/bridgeGroup/ifDescr on page 613
• telindus1421Router/bridge/bridgeGroup/ifType on page 613
• telindus1421Router/bridge/bridgeGroup/ifOperStatus on page 613
• telindus1421Router/bridge/bridgeGroup/ifMtu on page 613
• telindus1421Router/bridge/bridgeGroup/ip on page 613
• telindus1421Router/bridge/bridgeGroup/macAddress on page 613
• telindus1421Router/bridge/bridgeGroup/arpCache on page 614
• telindus1421Router/bridge/bridgeGroup/bridging on page 616
• telindus1421Router/bridge/bridgeGroup/spanningTree on page 616
• telindus1421Router/bridge/bridgeGroup/clearArpCache on page 618
• telindus1421Router/bridge/bridgeGroup/clearBridgeCache on page 618
telindus1421Router/bridge/bridgeGroup/ifDescr
telindus1421Router/bridge/bridgeGroup/ifType
telindus1421Router/bridge/bridgeGroup/ifOperStatus
This attribute displays the current operational status of the bridge group.
telindus1421Router/bridge/bridgeGroup/ifMtu
telindus1421Router/bridge/bridgeGroup/ip
This attribute displays the IP information of the bridge.

Element Description
address This is the IP address of the bridge. It is either configured or retrieved automati-
cally.
netMask This is the IP subnet mask of the interface. It is either configured or retrieved auto-
matically.
telindus1421Router/bridge/bridgeGroup/macAddress
This attribute displays the MAC address of the bridge group.

telindus1421Router/bridge/bridgeGroup/arpCache
This attribute displays all the MAC address - IP address pairs from ARP requests and replies received
on the LAN interface. Refer to What is the ARP cache? on page 359 for more information.
The arpCache table contains the following elements:
Element Description
macAddress This is the MAC address.
ipAddress This is the associated IP address.
type This is the ARP cache entry type. Possible values are:
• dynamic. The MAC - IP address pair is retrieved from an ARP request or reply
message.
• static. The MAC - IP address pair is configured.
There is only one static entry, i.e. the Telindus 1421 SHDSL Router its own IP
and MAC address.
timeOut This is the time the entry will remain in the ARP cache. For the static entry, this
value is 0.
telindus1421Router/bridge/bridgeGroup/bridgeCache
When a port of the bridge enters the learning state, it stores the MAC addresses of the stations situated
on the network that is connected to this port. The MAC addresses are stored in a MAC address database
or bridge cache. The bridgeCache attribute visualises this address database. Refer to What is the bridge
cache? on page 485 for more information.
The bridgeCache table contains the following elements:
Element Description
interface This is the interface through which the station can be reached.
macAddress This is the MAC address of the station situated on the network connected to the
interface.
type This displays whether the MAC address entry is static or dynamic:
• dynamic. The corresponding MAC address is learned on one of the interfaces.
• static. There are only two static entries:
- the Telindus 1421 SHDSL Router its own MAC address.
- a MAC address used for Spanning Tree.
age This is the elapsed time since a frame was received from the station.
Example
The following figure shows part of a bridge cache table as an example:

telindus1421Router/bridge/bridgeGroup/bridging
The bridging attributes or elements in the individual interface objects display the bridging information for
that particular interface. This bridging attribute, however, displays the bridging information of all the
(bridged) interfaces of the Telindus 1421 SHDSL Router.
Note however that the bridge group bridging structure contains one extra element: name. This is the name
of the interface as you configured it. Note that the interface can also be a DLCI, an ATM PVC, a tunnel,
etc.
telindus1421Router/bridge/bridgeGroup/spanningTree
This attribute gives you the Spanning Tree status information of the bridge.
The spanningTree structure contains the following elements:
Element Description
designatedPriority Together, these two elements form the unique bridge identifier.
designatedMAC They display the unique bridge identifier of the root bridge as it is indicated in the
root identifier parameter of the Configuration BPDUs. These BPDUs are transmit-
ted by the designated bridge for the LAN that is currently connected to this port.
This bridge identifier is used to test the value of the root identifier parameter con-
veyed in received Configuration BPDUs.
rootPathCost This is the cost of the path from this bridge to the root bridge.
If this bridge is the root bridge, the rootPathCost value equals 0. Else, the rootPathCost
value equals the sum of …
• the path cost as it is up to the designated bridge for the LAN that is currently
connected to this port (this cost is transmitted in Configuration BPDUs by the
designated bridge)
and
• the path cost as it is configured for the root port.
The rootPathCost element is used …
• to test the value of the root path cost parameter conveyed in received Config-
uration BPDUs.
• as the value of the root path cost parameter in transmitted Configuration
BPDUs.
The total cost of the path to the root bridge should not exceed 65500.
rootPort This is the port identifier of the port that offers the lowest cost path to the root.
If two or more ports offer equal least cost paths to the root bridge, then the root port
is selected to be that with the highest designatedPriority (i.e. the lowest numerical
value).
If two or more ports offer equal least cost paths to the root bridge and the same
designatedPriority, then the root port is selected to be that with the highest
designatedPortPriority (i.e. the lowest numerical value).
Element Description
bridgePriority Together, these two attributes form the unique bridge identifier of this bridge.
bridgeMAC
maxAge This is the time-out value to be used by all bridges in the bridged LAN for discard-
ing bridging information.
The maxAge element displays the value as it is set by the root bridge. This informa-
tion is conveyed by the root bridge to ensure that each bridge in the bridged LAN
has a consistent value against which to test the age of stored configuration infor-
mation.
helloTime This is the interval between the generation of Configuration BPDUs by the root
bridge.
The helloTime element displays the value as it is set by the root bridge. This attribute
is not directly used by the Spanning Tree algorithm, but it is conveyed by the root
bridge to facilitate the monitoring of protocol performance by the management sys-
tem.
forwardDelay This is the time-out value to be used by all bridges in the bridged LAN for …
• a bridge port applies to move from listening state to learning state or from learn-
ing state to forwarding state.
• time-out (or ageing) for purging MAC addresses from the bridge cache in case
a topology change is detected.
The forwardDelay element displays the value as it is set by the root bridge. This infor-
mation is conveyed by the root bridge to ensure that each bridge in the bridged
LAN has a consistent value for the forward delay timer.
topologyChange This is a Boolean value (0 or 1) to report …

• for a bridge that is not a root bridge, whether or not the most recently accepted
Configuration BPDU indicates a change in the active topology.
• for the root bridge, whether or not a change in topology has been detected
within the preceding topologyChangeTime period.
The topologyChange element is used to …
• propagate the topology change indication in transmitted Configuration BPDUs.
• determine whether the short (bridgeForwardDelay) or long (bridgeTimeOut) time-out
(or ageing) value is used to purge dynamic MAC addresses from the bridge
cache.
topologyChange- This is a Boolean value (0 or 1) to report that a topology change has been detected
Detection by or notified to the bridge.
topologyChange- This displays the time during which the root bridge transmits Configuration BPDUs
Time indicating a topology change, after it detected this topology change.
The topologyChangeTime element value is equal to the sum of the root bridge its
bridgeMaxAge element value and bridgeForwardDelay element value.
Refer to telindus1421Router/bridge/bridgeGroup/spanningTree on page 486 for more informa-
tion on the latter two elements.
telindus1421Router/bridge/bridgeGroup/clearArpCache
Use this action to clear the ARP cache table.
telindus1421Router/bridge/bridgeGroup/clearBridgeCache
Use this action to clear the bridge cache table.

12.11 Management status attributes

• telindus1421Router/management/cms2Address on page 620
• telindus1421Router/management/timeServer on page 620
• telindus1421Router/management/alarmLog on page 620
• telindus1421Router/management/accessLog on page 621
• telindus1421Router/management/loopback/ifDescr on page 623
• telindus1421Router/management/loopback/ifType on page 623
• telindus1421Router/management/loopback/ifOperStatus on page 623
• telindus1421Router/management/loopback/ifMtu on page 623
• telindus1421Router/management/loopback/ipAddress on page 623
• telindus1421Router/management/loopback/mask on page 623
telindus1421Router/management/cms2Address
This attribute displays the absolute device address as you configured it.
telindus1421Router/management/timeServer
This attribute displays the status of the SNTP function.

The timeServer structure contains the following elements:
Element Description
state This is the state of the Telindus 1421 SHDSL Router its clock. Possible values are:
• notConfigured. The Telindus 1421 SHDSL Router is not configured for SNTP.
• notSynchronised. The Telindus 1421 SHDSL Router its clock is not synchronised
with the time server.
• synchronised. The Telindus 1421 SHDSL Router its clock is synchronised with
the time server.
connection This is the state of the connection with the time server. Possible values are:
• notConfigured. The Telindus 1421 SHDSL Router is not configured for SNTP.
• notSynchronised. The connection with the time server is not synchronised.
• synchronised. The connection with the time server is synchronised.
• noContact. The connection with the time server is lost.
stratum This is the stratum level of the time server its reference clock. Possible values are:
• 0: unspecified or unavailable
• 1: primary reference (e.g. radio clock)
• 2 - 15: secondary reference (via SNTP)
delay This is the total roundtrip delay of the time server with its reference clock.
telindus1421Router/management/alarmLog
This attribute displays the alarm log. It displays the 32 most recent alarms that occurred on the Telindus
1421 SHDSL Router.
The alarmLog table contains the following elements:
Element Description
timeStamp This is the value of the real time clock at the moment the alarm was generated.
sysUpTime This is the system up-time of the Telindus 1421 SHDSL Router at the moment the
alarm was generated.
totalAlarmLevel This is the total alarm level of the Telindus 1421 SHDSL Router.
alarmLevel This is the alarm level of the alarm.
alarm This is the alarm itself in the format path.alarmName on|off (e.g. telindus1421Router/lanIn-
terface.linkDown on).
telindus1421Router/management/accessLog
This attribute displays the access log. It displays the 32 most recent login events that occurred on the
The accessLog table contains the following elements:
Element Description
timeStamp This element displays the value of the real time clock at the moment the access
event occurred.
sysUpTime This element displays the system up-time of the Telindus 1421 SHDSL Router at
the moment the access event occurred.
type This element displays the type of access event. Possible values are:
• login. A successful login was detected.
• loginFailure. A failed login was detected.
• accessFailureOn. The number of failed logins exceeded the access failure thresh-
old within the access failure period. Refer to telindus1421Router/management/login-
Control on page 510.
• accessFailureOff. After an accessFailureOn event was logged, the number of failed
logins dropped below the access failure threshold within the access failure
period. Refer to telindus1421Router/management/loginControl on page 510.
user This element displays the name of the user who caused the access event. If you
entered a …
• password string only in the password element of the security table, then the user
element displays nothing.
• user/password string in the password element of the security table (of the type
"username:password"), then the user element displays the username part of
the user/password string. Also see telindus1421Router/security on page 353.
application This element displays the type of application that caused the access event. Possi-
ble values are:
• cms2. The access event is caused by any maintenance application. For exam-
ple, TMA, TMA CLI, CLI or ATWIN (via a Telnet or terminal session), WebInter-
face, etc.
• ftp. The access event is caused by FTP.
• fileSystem. The access event is caused by any maintenance application access-
ing the file system. For example, FTP, TFTP, TML, etc. when downloading
firmware.
• snmp. The access event is caused by SNMP. Note that since SNMP is not ses-
sion oriented, each successful SNMP request would result in an access event.
So an SNMP walk would result in thousands of access events being logged.
Therefore, in case of SNMP, only the failed requests are logged.
• proxy. The access event is caused by any maintenance application accessing a
CMS device through the Telindus 1421 SHDSL Router (i.e. the Telindus 1421
SHDSL Router acts as proxy). This since the password of the Telindus 1421
SHDSL Router is used to control the access to the CMS devices.
Element Description
accessRights This element displays the access rights that are associated with the access event.
Note that some applications may cause more than one access event. For example, suppose you access
the Telindus 1421 SHDSL Router with FTP and download a file to the file system. In that case two events
are logged in the accessLog table:
1. One event logging the access of the FTP application to the Telindus 1421 SHDSL Router.
2. One event logging the access of the FTP application to the file system when downloading the file.
telindus1421Router/management/loopback/ifDescr
telindus1421Router/management/loopback/ifType
telindus1421Router/management/loopback/ifOperStatus
This attribute displays the current operational status of the loopback interface.
The loopback interface is always up.
telindus1421Router/management/loopback/ifMtu
telindus1421Router/management/loopback/ipAddress
This attribute displays the IP address of the loopback interface as you configured it.
telindus1421Router/management/loopback/mask
This attribute displays the subnet mask of the loopback interface as you configured it.
12.12 File system status attributes

• telindus1421Router/fileSystem/fileList on page 625
• telindus1421Router/fileSystem/freeSpace on page 625
• telindus1421Router/fileSystem/status on page 625
• telindus1421Router/fileSystem/corruptBlocks on page 625
• telindus1421Router/fileSystem/Delete File on page 626
• telindus1421Router/fileSystem/Rename File on page 626
telindus1421Router/fileSystem/fileList
Part of the flash memory of the Telindus 1421 SHDSL Router is organised as a file system and a number
of files are stored in it. The fileList attribute shows all the files that are present on the file system. Usually,
the following files are present:
• The configuration file of the Telindus 1421 SHDSL Router (file config1.db).
• Up to two application software files of the Telindus 1421 SHDSL Router (files CONTROL1 and CON-
TROL 2).
The fileList table contains the following elements:
Element Description
name This is the filename. Maximum length of the filename is 24 characters. All charac-
ters are allowed (including spaces). The filename is case sensitive.
length This is the length of the file in bytes.
telindus1421Router/fileSystem/freeSpace
This attribute displays the number of free bytes on the file system.
telindus1421Router/fileSystem/status
This attribute displays the status of the file system. Possible values are:
Value Description
ready Normal situation.
formatting The file system is being formatted. This can be triggered when the file system is
found to be corrupt at boot.
corrupt The file system is in a state were no guarantee can be given about the correct
operation of the file system. The file system will be formatted at the following boot.
corruptBlocks A certain block can not be erased.
telindus1421Router/fileSystem/corruptBlocks
The file system of the Telindus 1421 SHDSL Router consists of several blocks. When a block can not
be erased, the corruptBlocks count is incremented. This block can no longer be used to store data.
telindus1421Router/fileSystem/Delete File
Use this action to remove obsolete files from the file system. You have to enter the filename you want to
delete as argument value.
Filenames are case sensitive!
telindus1421Router/fileSystem/Rename File
Use this action to rename a file on the file system. You have to enter the old and new filename in a struc-
ture.
Filenames are case sensitive!

12.13 Operating system status attributes

• telindus1421Router/operatingSystem/taskInfo on page 628
telindus1421Router/operatingSystem/taskInfo
This attribute displays status information about the operating system.

The taskInfo table contains the following elements:
Element Description
taskName This is the name of the task.
taskStatus This is the current status of the task. Possible values are:
• awake. This task is actually running.
• asleep. This task is waiting on an event.
• inactive. This task slot is not active, i.e. no task has been assigned to this slot.
load30s This is the load on the processor, in percent, during the last 30 seconds.
load5m This is the load on the processor, in percent, during the last 5 minutes.
runningInMedium Each task can be running with a low, medium or high priority. This element gives
the percentage of time this task has been running with medium priority during the
last 30 seconds.
runningInHigh Each task can be running with a low, medium or high priority. This element gives
the percentage of time this task has been running with high priority during the last
30 seconds.
The percentage of time this task has been running with low priority can be calcu-
lated using the following formula:
running in low priority = 100% - runningInMedium - runningInHigh
programCounter This is the current value of the program counter. The program counter is the mem-
ory address for the current instruction of this task.
User manual Performance attributes
13 Performance attributes
This chapter discusses the performance attributes of the Telindus 1421 SHDSL Router. The following
gives an overview of this chapter:
• 13.1 - Performance attributes overview on page 630
• 13.2 - General performance attributes on page 636
• 13.3 - LAN interface performance attributes on page 638
• 13.4 - WAN interface performance attributes on page 643
• 13.5 - Encapsulation performance attributes on page 644
• 13.6 - SHDSL line performance attributes on page 657
• 13.7 - End and repeater performance attributes on page 661
• 13.8 - Bundle performance attributes on page 662
• 13.9 - Router performance attributes on page 665
• 13.10 - Bridge performance attributes on page 682
• 13.11 - Management performance attributes on page 688
• 13.12 - Operating system performance attributes on page 691
13.1 Performance attributes overview
Action: resetAllCounters
>> lanInterface
ifInOctets
ifInUcastPkts
ifInNUcastPkts
ifInDiscards
ifInErrors
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts
ifOutDiscards
ifOutErrors
ifOutQLen
h2Performance
h24Performance
ifOutPQLen
ifDropLevelExceeded
vlan
Action: resetCounters
>> wanInterface
ifInOctets
ifInUcastPkts
ifInNUcastPkts
ifInDiscards
ifInErrors
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts
ifOutDiscards
ifOutErrors
ifOutQLen
ifOutPQLen
ifDropLevelExceeded
h2Performance
h24Performance
>>> atm
pvcTable
unknownCells
vp
>>> frameRelay
dlciTable
lmi
cllmInFrames
>>> errorTest
status
duration
ifUpTime
ifDownCount
rxBitErrors
rxBlockErrors
rxBlocks
rxAllOneBlocks
rxAllZeroBlocks
rxPatternSlip
rxShiftCount
rxSyncLoss
txBlocks
txInjectErrors
Action: startTest
Action: stopTest
Action: injectError
Action: clearCounters
>>> line
h2Line
h24Line
d7Line
line
Action: retrain
>>>> linePair[ ]
h2LineParameters
h2Performance
h24LineParameters
h24Performance
d7LineParameters
d7Performance
lineParameters
performance
>>> repeater[ ]
h2LineParameters
h2Performance
h24LineParameters
h24Performance
d7LineParameters
d7Performance
lineParameters
performance
h2LineParameters
h2Performance
h24LineParameters
h24Performance
d7LineParameters
d7Performance
lineParameters
performance
>>> end
>>>> linePair[ ]
h2LineParameters
h2Performance
h24LineParameters
h24Performance
d7LineParameters
d7Performance
lineParameters
performance
>> bundle
>>> pppBundle[ ]
ifInOctets
ifInUcastPkts
ifInNUcastPkts
ifInDiscards
ifInErrors
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts
ifOutDiscards
ifOutErrors
ifOutQLen
h2Performance
h24Performance
multiclassinterfaces
>> router
routingTable
radiusAuth
radiusAcct
pingResults
tracertResults
Action: startPing
Action: stopPing
Action: startTracert
Action: stopTracert
Action: clearTracert
>>> defaultNat
socketsFree
allocFails
discards
addressesAvailable
tcpSocketsUsed
udpSocketsUsed
icmpSocketsUsed
tcpAllocs
udpAllocs
icmpAllocs
Action: reset
>>> tunnels
l2tpTunnels
ipsecL2tpTunnels
>>> manualSA[ ]
inPackets
outPackets
espAuthenticationFailure
espDecryptionFailure
espSequenceNrReplay
espDroppedFrames
discards
trafficShaping
>> bridge
>>> bridgeGroup
bridgeCache
bridgeDiscards
bridgeFloods
multiVlans
>>> accessList[ ]
bridgeAccessList
>> management
cms2SessionCount
tftpSessionCount
cliSessionCount
tcpSessionCount
ipStackEvents
>> operatingSystem
currUsedProcPower
usedProcPower
freeDataBuffers
totalDataBuffers
largestFreeBlockSize
freeBlockCount
freeMemory
totalMemory
taskInfo
13.2 General performance attributes
There are no general performance attributes. However, there is one general performance action:
• telindus1421Router/resetAllCounters on page 637
telindus1421Router/resetAllCounters
Use this action to reset all counters in all objects in the containment tree of the Telindus 1421 SHDSL
Router.
You can also reset the counters per object. To do so, use the resetCounters action located in the corre-
sponding object.
13.3 LAN interface performance attributes
This section describes the following performance attributes:

• telindus1421Router/lanInterface/ifInOctets on page 639
• telindus1421Router/lanInterface/ifInUcastPkts on page 639
• telindus1421Router/lanInterface/ifInNUcastPkts on page 639
• telindus1421Router/lanInterface/ifInDiscards on page 639
• telindus1421Router/lanInterface/ifInErrors on page 639
• telindus1421Router/lanInterface/ifInUnknownProtos on page 639
• telindus1421Router/lanInterface/ifOutOctets on page 640
• telindus1421Router/lanInterface/ifOutUcastPkts on page 640
• telindus1421Router/lanInterface/ifOutNUcastPkts on page 640
• telindus1421Router/lanInterface/ifOutDiscards on page 640
• telindus1421Router/lanInterface/ifOutErrors on page 640
• telindus1421Router/lanInterface/ifOutQLen on page 640
• telindus1421Router/lanInterface/h2Performance on page 641
• telindus1421Router/lanInterface/h24Performance on page 641
• telindus1421Router/lanInterface/ifOutPQLen on page 641
• telindus1421Router/lanInterface/ifDropLevelExceeded on page 641
telindus1421Router/lanInterface/ifInOctets
This attribute displays the number of octets (bytes) received on this interface.
telindus1421Router/lanInterface/ifInUcastPkts
This attribute displays the number of unicast packets received on this interface and delivered to a higher-
layer protocol. Unicast packets are all non-multicast and non-broadcast packets.
telindus1421Router/lanInterface/ifInNUcastPkts
This attribute displays the number of non-unicast packets received on this interface and delivered to a
higher-layer protocol. Non-unicast packets are all the multicast and broadcast packets.
telindus1421Router/lanInterface/ifInDiscards
This attribute displays the number of incoming packets that were discarded, to prevent their deliverance
to a higher-layer protocol. This even though no errors were detected in these packets.
telindus1421Router/lanInterface/ifInErrors
This attribute displays the number of incoming packets that could not be delivered to a higher-layer pro-
tocol because they contained errors.
telindus1421Router/lanInterface/ifInUnknownProtos
This attribute displays the number of incoming packets that were discarded because they contained an
unknown or unsupported protocol.
telindus1421Router/lanInterface/ifOutOctets
This attribute displays the total number of octets (bytes) transmitted by the interface, including framing
characters.
telindus1421Router/lanInterface/ifOutUcastPkts
This attribute displays the total number of packets that higher-level protocols requested to be transmitted
to a unicast address, including those that were discarded or not sent.
telindus1421Router/lanInterface/ifOutNUcastPkts
This attribute displays the number of non-unicast packets that higher-level protocols requested to be
transmitted to a non-unicast (i.e. a broadcast or multicast) address, including those that were discarded
or not sent.
telindus1421Router/lanInterface/ifOutDiscards
This attribute displays the number of outgoing packets that were discarded, to prevent they are transmit-
ted by the interface. This could be due to, for instance, the presence of an access list.
telindus1421Router/lanInterface/ifOutErrors
This attribute displays the number of outgoing packets that could not be transmitted by the interface
because they contained errors. On the LAN interface ifOutErrors are also generated in case of extensive
collisions.
telindus1421Router/lanInterface/ifOutQLen
This attribute displays the length, expressed in packets, of the output packet queue on the interface.
telindus1421Router/lanInterface/h2Performance
This attribute displays the 2 hours performance summary of the LAN interface.
The h2Performance table contains the following elements:
Element For the corresponding period, this element displays …
sysUpTime the elapsed time since the last cold boot.
ifUpTime the time during which the interface was up.
ifStatusChanges the number of times the ifOperStatus value of the interface changed (from up to down
or vice versa).
ifInOctets the number of octets (bytes) received on this interface.
ifInPackets the number of packets received on this interface.
ifInErrors the number of packets received on this interface that could not be delivered to a
higher-layer protocol because they contained errors.
ifOutOctets the number of octets (bytes) transmitted by the interface, including framing char-
acters.
ifOutPackets the number of packets transmitted by the interface.
ifOutDiscards the number of outgoing packets that were discarded, to prevent they were trans-
mitted by the interface. This could be due to, for instance, the presence of an
access list.
ifOutErrors the number of packets that could not be transmitted by the interface because they
contained errors.
telindus1421Router/lanInterface/h24Performance
This attribute displays the 24 hours performance summary of the LAN interface. The h24Performance table
contains the same elements as the telindus1421Router/lanInterface/h2Performance table.
telindus1421Router/lanInterface/ifOutPQLen
In case an overload condition occurs and priority queuing is activated, then this attribute displays how
many packets the different queues contain.
Refer to 7.8.1 - Introducing traffic and priority policy on page 201 for more information on the priority
queues.
telindus1421Router/lanInterface/ifDropLevelExceeded
This attribute displays how many times the drop levels of the user configurable queues have been
exceeded (and hence packets have been dropped).
Refer to telindus1421Router/router/trafficPolicy[ ]/dropLevels on page 470 for more information on the drop levels.
telindus1421Router/lanInterface/vlan
This attribute displays the SNMP MIB2 performance parameters of the VLANs that are present on the
LAN interface.
Element Description
name This element displays the name of the VLAN as you configured it.
vlan This element displays the VLAN ID.
mibCounters This element displays the SNMP MIB2 performance parameters of the VLAN.
Refer to 13.3 - LAN interface performance attributes on page 638 for an explana-
tion of the individual SNMP MIB2 performance parameters.
13.4 WAN interface performance attributes
All performance attributes of the WAN interface are the same as on the LAN interface. Therefore, they
are not explained here again. Refer to 13.3 - LAN interface performance attributes on page 638 for a
complete description of these attributes.
13.5 Encapsulation performance attributes
This section discusses the performance attributes of the encapsulation protocols that can be used on
• 13.5.1 - ATM performance attributes on page 645
• 13.5.2 - Frame Relay performance attributes on page 650
• 13.5.3 - Error test performance attributes on page 654
13.5.1 ATM performance attributes

• telindus1421Router/wanInterface/atm/unknownCells on page 649
telindus1421Router/wanInterface/atm/pvcTable
This attribute lists the complete performance information of all known PVCs.
The pvcTable table contains the following elements:
Element Description
name This is the name of the PVC as you configured it.
mibCounters This displays the SNMP MIB2 parameters of the PVC.

These are the same as the SNMP MIB2 parameters on the LAN interface. Refer
to 13.3 - LAN interface performance attributes on page 638.
priorityQLengths In case an overload condition occurs and priority queuing is activated, then this
elements displays how many packets the different queues contain.
Refer to 7.8.1 - Introducing traffic and priority policy on page 201 for more informa-
tion on the priority queues.
atm This displays the specific ATM related performance information of the PVC.
description of the atm structure
telindus1421Router/wanInterface/atm/pvcTable/atm
The atm structure in the pvcTable displays the specific ATM related performance information of the PVC.
Element Description
vpi This displays the Virtual Path Identifier (VPI).
vci This displays the Virtual Channel Identifier (VCI).

The VPI in conjunction with the VCI identifies the next destination of a cell as it
passes through a series of ATM switches on the way to its destination.
oamF5 This displays the performance information of the OAM F5 loopback cells.
The oamF5 structure contains the following elements:
• rxLoopback. This displays the number of received loopback cells.
• txLoopback. This displays the number of transmitted loopback cells.
• rxCC. This displays the number of received continuity check cells.
• txCC. This displays the number of transmitted continuity check cells.
• rxAD. This displays the number of received and accepted continuity check acti-
vator/deactivator cells.
• rxADdrop. This displays the number of received continuity check activator/deac-
tivator cells that were dropped (e.g. because the correlation tag was wrong).
• txAD. This displays the number of transmitted continuity check activator/deacti-
vator cells.
• rxSegAis. This displays the number of received segment Alarm Indication Sig-
nals.
• txSegAis. This displays the number of transmitted segment Alarm Indication Sig-
nals.
• rxSegRdi. This displays the number of received segment Remote Defect Indica-
tions.
• txSegRdi. This displays the number of transmitted segment Remote Defect Indi-
cations.
• rxEteAis. This displays the number of received end-to-end Alarm Indication Sig-
nals.
• txEteAis. This displays the number of transmitted end-to-end Alarm Indication
Signals.
• rxEteRdi. This displays the number of received end-to-end Remote Defect Indi-
cations.
• txEteRdi. This displays the number of transmitted end-to-end Remote Defect
Indications.
Element Description
What is OAM segment/end-to-end VP/VC AIS and RDI?
OAM VP/VC AIS (Alarm Indication Signal) and RDI (Remote Defect Indication) are
cells that are used for identifying and reporting VP/VC defects on a segment/end-
to-end level. When a physical link or interface failure occurs, intermediate nodes
insert AIS cells into all the downstream VP/VCs affected by the failure. Upon
receiving an AIS cell on a VP/VC, the router marks the logical interface down and
sends an RDI cell on the same VP/VC to let the remote end know the error status.
When an RDI cell is received on a VP/VC, the router sets the logical interface sta-
tus to down.
telindus1421Router/wanInterface/atm/unknownCells
This attribute displays the number of received cells that are not in-band for a certain PVC.
Example
Suppose router A sends OAM F4 loopback cells on VPI 5. On router B no VPI 5 is configured or no OAM
F4 loopback cells are configured for VPI 5. In that case, the unknownCells value on router B will increase.
telindus1421Router/wanInterface/atm/vp
Whereas the atm structure in the pvcTable displays the OAM F5 loopback cell performance information for
each Virtual Channel, the vp table displays the OAM F4 loopback cell performance information of a com-
plete Virtual Path.
Element Description
vpi This is the Virtual Path Identifier (VPI).
oamF4 This displays the performance information of the OAM F4 loopback cells.
The oamF4 structure contains the following elements:
• rxLoopback. This displays the number of received OAM F4 loopback cells.
• txLoopback. This displays the number of transmitted OAM F4 loopback cells.
13.5.2 Frame Relay performance attributes

• telindus1421Router/wanInterface/frameRelay/cllmInFrames on page 653
telindus1421Router/wanInterface/frameRelay/dlciTable
This attribute lists the complete performance information of all known DLCIs.
The dlciTable table contains the following elements:
Element Description
name This is the name of the DLCI as you configured it.
mibCounters This displays the SNMP MIB2 parameters of the DLCI.

frameRelay This displays the specific Frame Relay related performance information of the
DLCI.
Refer to telindus1421Router/wanInterface/frameRelay/dlciTable/frameRelay on page 652 for a
telindus1421Router/wanInterface/frameRelay/dlciTable/frameRelay
The frameRelay structure in the dlciTable displays the specific Frame Relay related performance information
of the DLCI.
Element Description
dlci This is the DLCI identification number.
inFecn This is the number of frames received from the network indicating forward conges-
tion and this since the virtual circuit was created.
inBecn This is the number of frames received from the network indicating backward con-
gestion and this since the virtual circuit was created.
inDe This is the number of frames received with the Discard Eligibility bit set.
inOctets This is the number of octets received over this virtual circuit since it was created.
inFrames This is the number of frames received over this virtual circuit since it was created.
outFecn This is the number of frames sent to the network indicating forward congestion and
this since the virtual circuit was created.
outBecn This is the number of frames sent to the network indicating backward congestion
and this since the virtual circuit was created.
outDe This is the number of frames sent to the network with the Discard Eligibility bit set.
outOctets This is the number of octets sent over this virtual circuit since it was created.
outFrames This is the number of frames sent over this virtual circuit since it was created.
telindus1421Router/wanInterface/frameRelay/lmi
This attribute gives a complete LMI performance overview.

Element Description
inStatusEnquiry This is the number of Status Enquiries received from the network.
inStatus This is the number of Status Reports received from the network.
inStatusUpdate This is the number of unsolicited Status Updates received from the network.
outStatusEnquiry This is the number of Status Enquiries sent to the network.
outStatus This is the number of Status Reports sent to the network.
outStatusUpdate This is the number of unsolicited Status Updates sent to the network.
netPollNotRcvd This is the number of times the expectedPollInterval expired without an incoming sta-
tus enquiry.
userNoResponse- This is the number of times a response was not received.

Rcvd
userBadResponses- This is the number of times an invalid response was received.

Rcvd
telindus1421Router/wanInterface/frameRelay/cllmInFrames
This attribute displays the total number of received CLLM (Consolidated Link Layer Management)
frames.
13.5.3 Error test performance attributes

• telindus1421Router/wanInterface/errorTest/status on page 655
• telindus1421Router/wanInterface/errorTest/duration on page 655
• telindus1421Router/wanInterface/errorTest/ifUpTime on page 655
• telindus1421Router/wanInterface/errorTest/ifDownCount on page 655
• telindus1421Router/wanInterface/errorTest/rxBitErrors on page 655
• telindus1421Router/wanInterface/errorTest/rxBlockErrors on page 655
• telindus1421Router/wanInterface/errorTest/rxBlocks on page 655
• telindus1421Router/wanInterface/errorTest/rxAllOneBlocks on page 655
• telindus1421Router/wanInterface/errorTest/rxAllZeroBlocks on page 655
• telindus1421Router/wanInterface/errorTest/rxPatternSlip on page 655
• telindus1421Router/wanInterface/errorTest/rxShiftCount on page 655
• telindus1421Router/wanInterface/errorTest/rxSyncLoss on page 655
• telindus1421Router/wanInterface/errorTest/txBlocks on page 656
• telindus1421Router/wanInterface/errorTest/txInjectErrors on page 656
• telindus1421Router/wanInterface/errorTest/startTest on page 656
• telindus1421Router/wanInterface/errorTest/stopTest on page 656
• telindus1421Router/wanInterface/errorTest/injectError on page 656
• telindus1421Router/wanInterface/errorTest/clearCounters on page 656
telindus1421Router/wanInterface/errorTest/status
This attribute displays the status of the error test.
telindus1421Router/wanInterface/errorTest/duration
This attribute displays the duration of the error test.
telindus1421Router/wanInterface/errorTest/ifUpTime
This attribute displays the time during which the interface was up, since the start of the error test.
telindus1421Router/wanInterface/errorTest/ifDownCount
This attribute displays the amount of times the interface went down, since the start of the error test.
telindus1421Router/wanInterface/errorTest/rxBitErrors
This attribute displays the amount of received bit errors.
telindus1421Router/wanInterface/errorTest/rxBlockErrors
This attribute displays the amount of received block errors.
telindus1421Router/wanInterface/errorTest/rxBlocks
This attribute displays the amount of received test blocks.
telindus1421Router/wanInterface/errorTest/rxAllOneBlocks
This attribute displays the amount of received blocks in which all bits were set to “1”.
telindus1421Router/wanInterface/errorTest/rxAllZeroBlocks
This attribute displays the amount of received blocks in which all bits were set to “0”.
telindus1421Router/wanInterface/errorTest/rxPatternSlip
This attribute displays the amount of received pattern slips.
telindus1421Router/wanInterface/errorTest/rxShiftCount
This attribute displays the amount of received shifts.
telindus1421Router/wanInterface/errorTest/rxSyncLoss
This attribute displays the amount of received synchronisation losses.

telindus1421Router/wanInterface/errorTest/txBlocks
This attribute displays the amount of transmitted test blocks.
telindus1421Router/wanInterface/errorTest/txInjectErrors
This attribute displays the amount of transmitted errors that were injected using the injectError action.
telindus1421Router/wanInterface/errorTest/startTest
Use this action to start an error test.

telindus1421Router/wanInterface/errorTest/stopTest
Use this action to stop an error test.
telindus1421Router/wanInterface/errorTest/injectError
Use this action to inject an error.
telindus1421Router/wanInterface/errorTest/clearCounters
Use this action to clear the counters.

13.6 SHDSL line performance attributes
This section describes the following line performance attributes:

• telindus1421Router/wanInterface/line/h2Line on page 658
• telindus1421Router/wanInterface/line/h24Line on page 658
• telindus1421Router/wanInterface/line/d7Line on page 658
• telindus1421Router/wanInterface/line/line on page 658
This section describes the following line pair performance attributes:
• telindus1421Router/wanInterface/line/linePair[ ]/h2LineParameters on page 659
• telindus1421Router/wanInterface/line/linePair[ ]/h24LineParameters on page 659
• telindus1421Router/wanInterface/line/linePair[ ]/d7LineParameters on page 659
• telindus1421Router/wanInterface/line/linePair[ ]/lineParameters on page 659
• telindus1421Router/wanInterface/line/linePair[ ]/h2Performance on page 660
• telindus1421Router/wanInterface/line/linePair[ ]/h24Performance on page 660
• telindus1421Router/wanInterface/line/linePair[ ]/d7Performance on page 660
• telindus1421Router/wanInterface/line/linePair[ ]/performance on page 660
• telindus1421Router/wanInterface/line/retrain on page 658
telindus1421Router/wanInterface/line/h2Line
This attribute displays the 2 hours performance information summary of the line.
The h2Line table contains the following elements:
linkDownCount the number of times the link went down.
linkDownTime the total amount of time the link was down.
telindus1421Router/wanInterface/line/h24Line
This attribute displays the 24 hours performance information summary of the line. The h24Line table con-
tains the same elements as the telindus1421Router/wanInterface/line/h2Line table.
telindus1421Router/wanInterface/line/d7Line
This attribute displays the 7 days performance information summary of the line. The d7Line table contains
the same elements as the telindus1421Router/wanInterface/line/h2Line table.
telindus1421Router/wanInterface/line/line
This attribute displays the performance information summary of the line since the last cold boot. Except
for the sysUpTime, the line structure contains the same elements as the telindus1421Router/wanInterface/line/
h2Line table.
telindus1421Router/wanInterface/line/retrain
Use this action to force a retrain on the line.

telindus1421Router/wanInterface/line/linePair[ ]/h2LineParameters
This attribute displays the 2 hours line parameter summary.

The h2LineParameters table contains the following elements:
lineAttenuationMin the minimum line attenuation that was measured.
lineAttenuationAvrg the average line attenuation that was calculated
lineAttenuationMax the maximum line attenuation that was measured.
signalNoiseMin the minimum signal to noise ratio that was measured.
signalNoiseAvrg the average signal to noise ratio that was calculated.
signalNoiseMax the maximum signal to noise ratio that was measured.
telindus1421Router/wanInterface/line/linePair[ ]/h24LineParameters
This attribute displays the 24 hours line parameter summary. The h24LineParameters table contains the
same elements as the telindus1421Router/wanInterface/line/linePair[ ]/h2LineParameters table.
telindus1421Router/wanInterface/line/linePair[ ]/d7LineParameters
This attribute displays the 7 days line parameter summary. The d7LineParameters table contains the same
elements as the telindus1421Router/wanInterface/line/linePair[ ]/h2LineParameters table.
telindus1421Router/wanInterface/line/linePair[ ]/lineParameters
This attribute displays the line parameter summary since the last cold boot. Except for the sysUpTime, the
lineParameters table contains the same elements as the telindus1421Router/wanInterface/line/linePair[ ]/
h2LineParameters table.
telindus1421Router/wanInterface/line/linePair[ ]/h2Performance
This attribute displays the 2 hours performance summary of the line.

The h2Performance table contains the following elements:
codeViolations the number of line errors that was counted.
errSec the number of erroneous seconds that was counted.
sevErrSec the number of severely erroneous seconds that was counted.
unavailSec the number of unavailable seconds that was counted.
loswSec the number of lost synchronisation words seconds that was counted.
moniSec the number of monitored seconds.
• Errors are counted based on the SHDSL frame CRC.

• For the correct and unambiguous definition of code violations, errored and severely errored seconds,
unavailability and lost synchronisation words seconds, refer to the recommendation G.826.
telindus1421Router/wanInterface/line/linePair[ ]/h24Performance
This attribute displays the 24 hours performance summary of the line. The h24Performance table contains
the same elements as the telindus1421Router/wanInterface/line/linePair[ ]/h2Performance table.
telindus1421Router/wanInterface/line/linePair[ ]/d7Performance
This attribute displays the 7 days performance summary of the line. The d7Performance table contains the
same elements as the telindus1421Router/wanInterface/line/linePair[ ]/h2Performance table.
telindus1421Router/wanInterface/line/linePair[ ]/performance
This attribute displays the performance summary of the line since the last cold boot. Except for the sysUp-
Time, the performance table contains the same elements as the telindus1421Router/wanInterface/line/linePair[ ]/
h2Performance table.
13.7 End and repeater performance attributes
Exactly which information is retrieved from the remote SHDSL device(s) through the EOC channel
depends on the setting of the eocHandling attribute. Refer to 5.4.4 - none or passiveWhich standard EOC
information is retrieved? on page 70 for an overview.
The performance information of the line pairs of the repeater and end device is only retrieved in case the
eocHandling attribute is set to info or alarmConfiguration. Other than that, the repeater[ ]/linePair[ ] and end/linePair[
] objects contain the same performance attributes as the line/linePair[ ] object. Refer to 13.6 - SHDSL line
performance attributes on page 657 for more information on these attributes.
Note that the sysUpTime in the performance attributes of the repeater[ ]/linePair[ ] and end/linePair[ ] objects is
not the elapsed time since the last cold boot, but the elapsed time since the creation of the repeater[ ] or
end object.
13.8 Bundle performance attributes
This section describes the performance attributes of the different bundles that can be set up on the Tel-
indus 1421 SHDSL Router. The following gives an overview of this section:
• 13.8.1 - PPP bundle performance attributes on page 663
13.8.1 PPP bundle performance attributes
All performance attributes, except one, of the PPP bundle are the same as those of the LAN interface.
Therefore, they are not explained here again. Refer to 13.3 - LAN interface performance attributes on
page 638 for a complete description of these attributes.
However, the following attribute is only present in the PPP bundle object and therefore explained in this
section:
• telindus1421Router/bundle/pppBundle[ ]/multiclassinterfaces on page 664
telindus1421Router/bundle/pppBundle[ ]/multiclassinterfaces
This attribute displays the performance of the different multiclass PPP links in the PPP bundle.
The multiclassinterfaces table contains following elements:
Element Description
name This element displays the name of the multiclass PPP link as you defined it in the
multiclassInterfaces configuration attribute.
mibCounters This element displays the SNMP MIB2 parameters of the multiclass PPP link.
These are the same as the SNMP MIB2 parameters of the LAN interface. Refer to
13.3 - LAN interface performance attributes on page 638.
13.9 Router performance attributes
This section discusses the performance attributes concerned with routing. First it describes the general
routing performance attributes. Then it explains the performance attributes of the extra features as there
are NAT, filtering, L2TP tunnelling, etc…
• 13.9.1 - General router performance attributes on page 666
• 13.9.2 - NAT performance attributes on page 673
• 13.9.3 - L2TP tunnel performance attributes on page 676
• 13.9.4 - Manual SA performance attributes on page 678
• 13.9.5 - Traffic policy performance attributes on page 680
13.9.1 General router performance attributes

• telindus1421Router/router/radiusAuth on page 668
• telindus1421Router/router/radiusAcct on page 668
• telindus1421Router/router/pingResults on page 669
• telindus1421Router/router/tracertResults on page 669
• telindus1421Router/router/startPing on page 670
• telindus1421Router/router/stopPing on page 670
• telindus1421Router/router/startTracert on page 671
• telindus1421Router/router/stopTracert on page 672
• telindus1421Router/router/clearTracert on page 672
telindus1421Router/router/routingTable
This attribute lists all known routes and how many times they are used.
The routingTable contains the following elements:
Element Description
network This element displays the IP address of the destination network.
mask This element displays the network mask of the destination network.
gateway This element displays the IP address of the next router on the path to the destina-
tion network.
interface This element displays the interface through which the destination network can be
reached. Possible values are:
• internal. The own protocol stack is used.
• <name>. The destination network can be reached through this particular inter-
face. The <name> of the interface is the name as you configured it.
Note that the “interface” can also be a DLCI, an ATM PVC, a tunnel, etc.
uses This element displays how many times the route has been used since it is listed in
the routing table.
For each IP packet that matches this route, the attribute value is incremented by
one. RIP routes may disappear from the routing table, and re-appear afterwards.
The attribute value is reset when a RIP route disappears from the routing table.
telindus1421Router/router/radiusAuth
This attribute lists the RADIUS authentication server performance information.

The radiusAuth table contains the following elements:
Element Description
server This element displays the IP address of the authentication server.
requests This element displays the number of access requests that is sent to the authenti-
cation server.
accepts This element displays the number of access accepts that is received from the
authentication server.
rejects This element displays the number of access rejects that is received from the
challenges This element displays the number of access challenges that is received from the
badAuthenticators This element displays the total number of packets that contained invalid Message-
Authenticator attributes.
timeOuts This element displays the authentication time-out.
droppedPackets This element displays the number of incoming packets dropped for reasons other
than being malformed, bad authenticators, or unknown types.
telindus1421Router/router/radiusAcct
This attribute lists the RADIUS accounting server performance information.

The radiusAcct structure contains the following elements:
Element Description
server This element displays the IP address of the accounting server.
requests This element displays the number of accounting requests that is sent to the
accounting server.
responses This element displays the number of accounting responses that is received from
the accounting server.
badAuthenticators This element displays the number of packets that contained invalid Signature
attributes.
timeOuts This element displays the accounting time-out.
droppedPackets This element displays the number of incoming packets dropped for reasons other
than being malformed, bad authenticators, or unknown types.
telindus1421Router/router/pingResults
This attribute displays the results of a ping to an IP address started with the startPing action.
The pingResults structure contains the following elements:
Element Description
ipAddress This element displays the IP address of the host that is being pinged.
numOfTxPackets This element displays the number of transmitted pings.
numOfRxPackets This element displays the number of correct answers on the transmitted pings.
minReplyTime This element displays the lowest reply time of all correct answers.
maxReplyTime This element displays the highest reply time of all correct answers.
avrgReplyTime This element displays the average reply time of all correct answers.
telindus1421Router/router/tracertResults
This attribute displays the results of a traceroute to an IP address/host started with the startTracert action.
The tracertResults table contains the following elements:
Element Description
ttl This element displays the Time To Live.
ipAddress This element displays the IP address of the hop that has been passed.
hostName This element displays the hostname of the hop that has been passed. Note that
this only displays
nrTx This element displays the number of traceroute queries that have been transmitted
to the hop.
nrRx This element displays the number of correct answers on the transmitted traceroute
queries that have been received from the hop.
minRtt This element displays the minimum Round-Trip Time that has been measured.
maxRtt This element displays the maximum Round-Trip Time that has been measured.
avrgRtt This element displays the average Round-Trip Time that has been calculated.
successRate This element displays the success rate. It is the ratio of nrRx/nrTx expressed in per-
cents.
comment This element displays some comments. E.g. Destination reached, Maximum number of
hops reached, etc.
telindus1421Router/router/startPing
Use this action to start transmitting pings to an IP address or host. The result of the ping can be seen in
the pingResults attribute. Refer to telindus1421Router/router/pingResults on page 669.
The argument value structure of the startPing action contains the following elements:
Argument Description
ipAddress Use this element to specify the IP address of the host Default:0.0.0.0
you want to ping. Range: up to 255.255.255.255
If you fill in the ipAddress element you may omit the hostName element.
hostName Use this element to specify the hostname of the host Default:<empty>
you want to ping. Range: 0 … 255 characters
If you fill in the hostName element you may omit the ipAddress element.
sourceIp Use this element to specify the source IP address. Default:0.0.0.0

This can be used to force the source address to be Range: up to 255.255.255.255
something other than the IP address of the interface on which the traceroute query
is sent. If this IP address is not one of the Telindus 1421 SHDSL Router interface
addresses, then nothing is sent.
iterations Use this element to specify the number of pings. Default:5

If you set the iterations element to 0, then the host is Range: 0 …
pinged an indefinite number of times. The only way to stop the ping session is by
executing the stopPing action.
interval Use this element to specify the interval, in seconds, Default:1

between consecutive pings. Range: 0 … 100
dataLength Use this element to specify the length, in bytes, of the Default:31
data transmitted in a ping. Range: 0 … 1300
timeOut Use this element to specify the time-out period. Default:00000d 00h 00m 05s
If a ping is sent, the Telindus 1421 SHDSL Router Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
waits during this time-out period on the answer. If the
answer is received …
• within this time-out period, then ping is considered successful.
• outside this time-out period, then the ping is considered unsuccessful.
telindus1421Router/router/stopPing
Use this action to stop pending pings.

telindus1421Router/router/startTracert
Use this action to start a traceroute to an IP address or host. The result of the traceroute can be seen in
the tracertResults attribute. Refer to telindus1421Router/router/tracertResults on page 669.
The argument value structure of the startTracert action contains the following elements:
ipAddress Use this element to specify the IP address of the host Default:0.0.0.0
you want to trace. Range: up to 255.255.255.255
If you fill in the ipAddress element you may omit the hostName element.
hostName Use this element to specify the hostname of the host Default:<empty>
you want to trace. Range: 0 … 255 characters
If you fill in the hostName element you may omit the ipAddress element.
sourceIp Use this element to specify the source IP address. Default:0.0.0.0

This can be used to force the source address to be Range: up to 255.255.255.255
something other than the IP address of the interface on which the traceroute query
is sent. If this IP address is not one of the Telindus 1421 SHDSL Router interface
addresses, then nothing is sent.
startTtl Use this element to specify from which TTL onwards Default:1
you want to see the traceroute results. Range: 1 … 255
For example, if you set the startTtl element to 5, then the traceroute result displayed
in the tracertResult attribute starts from TTL number 5. 1 up to 4 is not displayed.
maxHops Use this element to specify the maximum number of Default:30

hops. Range: 1 … 255
If the maximum number of hops is reached but the destination host is still not
reached, then the last traceroute result displays the comment “Maximum number of
hops reached“.
The default of 30 hops is the same default used for TCP connections.
queriesPerHop Use this element to specify how many traceroute que- Default:3
ries have to be sent to each hop. Range: 1 … 65536
resolveHosts Use this element to enable or disable the resolving of Default:enabled

hop IP addresses to hostnames. Range: enabled / disabled
If you set the resolveHosts elements to …
• enabled (default), then the hostName element in the tracertResults attribute displays
the hostname of the hop.
• disabled, then the hostName element in the tracertResults attribute remains empty.
dnsTimeOut Use this element to set the DNS time-out. Default:00000d 00h 00m 03s
When hop IP addresses are resolved to hostnames, Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
then the DNS replies are expected within this time-out
period. Else they are no longer accepted.
icmpTimeOut Use this element to set the ICMP time-out. Default:00000d 00h 00m 03s
When a hop is queried, then the ICMP replies are Range: 00000d 00h 00m 00s -
24855d 03h 14m 07s
expected within this time-out period. Else they are no
longer accepted.
tos Use this element to set the Type Of Service in the Default:0
traceroute query. Range: 0 … 255
This can be used to investigate whether different service types result in different
paths. Useful values are 16 (low delay) and 8 (high throughput).
packetLength Use this element to set the traceroute query datagram Default:32
length in bytes. Range: 32 … 1300
telindus1421Router/router/stopTracert
Use this action to stop pending traceroute queries.
telindus1421Router/router/clearTracert
Use this action to clear the tracertResults table.

13.9.2 NAT performance attributes

• telindus1421Router/router/defaultNat/socketsFree on page 674
• telindus1421Router/router/defaultNat/allocFails on page 674
• telindus1421Router/router/defaultNat/discards on page 674
• telindus1421Router/router/defaultNat/addressesAvailable on page 674
• telindus1421Router/router/defaultNat/tcpSocketsUsed on page 674
• telindus1421Router/router/defaultNat/udpSocketsUsed on page 674
• telindus1421Router/router/defaultNat/icmpSocketsUsed on page 674
• telindus1421Router/router/defaultNat/tcpAllocs on page 675
• telindus1421Router/router/defaultNat/udpAllocs on page 675
• telindus1421Router/router/defaultNat/icmpAllocs on page 675
• telindus1421Router/router/defaultNat/reset on page 675
telindus1421Router/router/defaultNat/socketsFree
This attribute shows the remaining number of new connections (i.e. sockets) that can be initiated. A
socket is a set of source and destination IP addresses and port numbers.
Initially, 2048 simultaneous sockets can be initiated. Sockets are freed using a garbage mechanism.
This means that every five minutes all sockets are checked. If a socket has been released by PAT or
NAT, then this socket is returned to the pool of free sockets.
ICMP and UDP sockets are released when they have no data traffic during five minutes. TCP sockets
are released after the TCP session has been closed or when the session has been idle for 24 hours.
telindus1421Router/router/defaultNat/allocFails
If no sockets are available anymore but an attempt to set up a new connection is being made, then the
natAllocFails attribute value is incremented by 1.
Because the sockets are distributed using a hashing function, it is possible that natAllocFails increases
even though natSocketsFree still indicates free sockets.
ICMP requires a new socket for each transmitted packet. This implies that, for instance, a permanent
ping or trace-route command may eventually use all free sockets.
telindus1421Router/router/defaultNat/discards
This attribute indicates how many times a packet has been discarded for reasons other than a lack of
free sockets. This could be, for instance, because an attempt was made to connect from the Internet to
a service that was not present in the servicesAvailable table.
telindus1421Router/router/defaultNat/addressesAvailable
This attribute displays the number of NAT addresses that are currently free.
telindus1421Router/router/defaultNat/tcpSocketsUsed
This attribute displays the number of sockets currently in use by PAT and NAT for TCP applications.
telindus1421Router/router/defaultNat/udpSocketsUsed
This attribute displays the number of sockets currently in use by PAT and NAT for UDP applications.
telindus1421Router/router/defaultNat/icmpSocketsUsed
This attribute displays the number of sockets currently in use by PAT and NAT for ICMP applications.
telindus1421Router/router/defaultNat/tcpAllocs
This attribute indicates how many TCP sockets have been allocated since cold boot. Together with the
performance attributes natUdpAllocs and natIcmpAllocs it gives an indication of the type of traffic that is being
routed.
telindus1421Router/router/defaultNat/udpAllocs
This attribute indicates how many UDP sockets have been allocated since cold boot. Together with the
performance attributes natTcpAllocs and natIcmpAllocs it gives an indication of the type of traffic that is being
routed.
telindus1421Router/router/defaultNat/icmpAllocs
This attribute indicates how many ICMP sockets have been allocated since cold boot. Together with the
performance attributes natTcpAllocs and natUdpAllocs it gives an indication of the type of traffic that is being
routed.
telindus1421Router/router/defaultNat/reset
Use this action to release all sockets currently in use and return them to the free socket pool.
In other words, executing this action resets all NAT/PAT sessions that are currently established. It also
releases all official IP addresses that are dynamically assigned to a private IP address. If any TCP ses-
sions are still active, these sessions will be aborted.
Take care when using this action! All TCP information is lost when the sockets are released with this
action. Any TCP sessions in use at the time of the reset will go into a hang-up state. These applications
will need to restart.
13.9.3 L2TP tunnel performance attributes

telindus1421Router/router/tunnels/l2tpTunnels
This attribute displays the performance information of the L2TP tunnels.

Element Description
name This is the name of the tunnel as you configured it.
mibCounters This displays the SNMP MIB2 parameters of the tunnel.

telindus1421Router/router/tunnels/ipsecL2tpTunnels
This attribute displays the performance information of the L2TP tunnels.

The ipsecL2tpTunnels table contains the same elements as the l2tpTunnels table. Refer to telindus1421Router/
router/tunnels/l2tpTunnels on page 677.
13.9.4 Manual SA performance attributes

• telindus1421Router/router/manualSA[ ]/inPackets on page 679
• telindus1421Router/router/manualSA[ ]/outPackets on page 679
• telindus1421Router/router/manualSA[ ]/espDecryptionFailure on page 679
• telindus1421Router/router/manualSA[ ]/espAuthenticationFailure on page 679
• telindus1421Router/router/manualSA[ ]/espSequenceNrReplay on page 679
• telindus1421Router/router/manualSA[ ]/espDroppedFrames on page 679
telindus1421Router/router/manualSA[ ]/inPackets
Upon receipt of a (reassembled) packet containing an ESP Header, the receiver determines the appro-
priate SA, based on the destination IP address, security protocol (ESP), and the SPI. Once the appro-
priate SA is determined, the inPackets attribute is incremented for this SA.
telindus1421Router/router/manualSA[ ]/outPackets
ESP is applied to an outbound packet only after it is determined that the packet is associated with an SA
that calls for ESP processing. Once the appropriate SA is determined, the outPackets attribute is incre-
mented for this SA.
telindus1421Router/router/manualSA[ ]/espDecryptionFailure
This attribute displays the number of times the decryption of an incoming ESP packet failed.
telindus1421Router/router/manualSA[ ]/espAuthenticationFailure
This attribute displays the number of times the authentication of an incoming ESP packet failed.
telindus1421Router/router/manualSA[ ]/espSequenceNrReplay
For each incoming ESP packet, the receiver verifies that the packet contains a sequence number that
does not duplicate the sequence number of any other packets received during the life of this SA. Should
this be the case, then these packets are dropped and the espSequenceNrReplay attribute is incremented for
this SA.
telindus1421Router/router/manualSA[ ]/espDroppedFrames
This attribute displays the number of ESP packets that were successfully decrypted and authenticated,
but that could not be delivered to the L2TP tunnel (e.g. because the tunnel was down) and had to be
dropped.
13.9.5 Traffic policy performance attributes

• telindus1421Router/router/trafficPolicy[ ]/discards on page 681
• telindus1421Router/router/trafficPolicy[ ]/trafficShaping on page 681
telindus1421Router/router/trafficPolicy[ ]/discards
This attribute indicates how many packets have been discarded based on the criteria that are defined by
the IP traffic policy.
telindus1421Router/router/trafficPolicy[ ]/trafficShaping
This attribute shows the usage of each line in the traffic shaping table.
The trafficShaping table contains the following elements:
Element Description
name This is the name of the line in the traffic shaping table as you configured it.
uses This is the number of times this line in the traffic shaping table is used.
sourceIpStart- This is the IP source address range as you configured it.

Address
sourceIpEnd-
Address
destinationIpStart- This is the IP destination address range as you configured it.

Address
destinationIpEnd-
Address
tosStartValue This is the TOS range as you configured it.
tosEndValue Packets that fall within the specified range are forwarded and queued if applicable.
ipProtocol This is the protocol field as you configured it.

Packets that have the specified protocol field are forwarded and queued if applica-
ble.
sourcePortStart This is the source port range as you configured it.
sourcePortEnd Packets that fall within the specified range are forwarded and queued if applicable.
destinationPortStart This is the destination port range as you configured it.
destinationPortEnd Packets that fall within the specified range are forwarded and queued if applicable.
newTosValue This is the new TOS value as you configured it.
priority This is the destination queue as you configured it.

In case an overload condition occurs, then a packet that matches an entry in the
trafficShaping table is sent to the specified queue.
13.10 Bridge performance attributes
This section discusses the performance attributes concerned with bridging. First it describes the general
bridging performance attributes. Then it explains the performance attributes of the extra features as
there are access listing, etc…
• 13.10.1 - Bridge group performance attributes on page 683
• 13.10.2 - Bridge access list performance attributes on page 686
13.10.1 Bridge group performance attributes

• telindus1421Router/bridge/bridgeGroup/bridgeDiscards on page 684
• telindus1421Router/bridge/bridgeGroup/bridgeFloods on page 684
• telindus1421Router/bridge/bridgeGroup/multiVlans on page 684
telindus1421Router/bridge/bridgeGroup/bridgeCache
When a port of the bridge enters the learning state, it stores the MAC addresses of the stations situated
on the network that is connected to this port. The MAC addresses are stored in a MAC address database
or bridge cache. The bridgeCache attribute visualises this address database. Refer to What is the bridge
cache? on page 485 for more information.
The bridgeCache table contains the following elements:
Element Description
interface This is the interface through which the station can be reached.
macAddress This is the MAC address of the station situated on the network connected to the
interface.
rxCount This is the number of frames received from the corresponding MAC address.
txCount This is the number of frames forwarded to the corresponding MAC address.
telindus1421Router/bridge/bridgeGroup/bridgeDiscards
This attribute displays the number of times a frame was discarded because …
• it was received on the same interface as the one through which the destination address can be
reached.
• it was received on an interface that is not in the forwarding state.
telindus1421Router/bridge/bridgeGroup/bridgeFloods
This attribute displays the number of times a frame was flooded on all interfaces because …
• it was a broadcast / multicast.
• the position of the station with the destination MAC address was not known (yet).
telindus1421Router/bridge/bridgeGroup/multiVlans
This attribute displays the SNMP MIB2 performance parameters of the VLANs that are present on the
bridge group.
The multiVlans table contains the following elements:
Element Description
name This element displays the name of the VLAN as you configured it.
vlan This element displays the VLAN ID.
mibCounters This element displays the SNMP MIB2 performance parameters of the VLAN.
Refer to 13.3 - LAN interface performance attributes on page 638 for an explana-
tion of the individual SNMP MIB2 performance parameters.
telindus1421Router/bridge/bridgeGroup/vlanSwitching
This attribute displays the performance information of the VLAN switching process.
The vlanSwitching table contains the following elements:
Element Description
sourceIntf This element displays the name of the source interface.
sourceVlan This element displays the VLAN ID of the source VLAN.
destinationIntf This element displays the name of the destination interface.
destinationVlan This element displays the VLAN ID of the destination VLAN.
uses This element displays the number of packets that have been switched.
13.10.2 Bridge access list performance attributes

• telindus1421Router/bridge/accessList[ ]/bridgeAccessList on page 687
telindus1421Router/bridge/accessList[ ]/bridgeAccessList
This attribute shows information on the use of the bridge access list.
The bridgeAccessList table contains the following elements:
Element Description
macAddress This is the MAC address as configured in the configuration attribute

telindus1421Router/bridge/accessList[ ]/bridgeAccessList.
uses This indicates the number of times a packet has been discarded for the corre-
sponding MAC address.
13.11 Management performance attributes

• telindus1421Router/management/cms2SessionCount on page 689
• telindus1421Router/management/cliSessionCount on page 689
• telindus1421Router/management/tftpSessionCount on page 690
• telindus1421Router/management/tcpSessionCount on page 690
• telindus1421Router/management/ipStackEvents on page 690
telindus1421Router/management/cms2SessionCount
This attribute displays the number of CMS2 sessions that are currently active on the Telindus 1421
SHDSL Router.
There are always minimum two fixed sessions active. Connecting with TMA, TMA CLI, Telnet, etc. opens
additional sessions. This is explained in the following table:
Session count Purpose
1 fixed session A fixed session for SNMP.
1 fixed session A fixed session for O10.
+ 2 sessions When connecting with TMA.
+ 1 session When connecting with TMA for HP OpenView or the Alarm Manager.
+ 1 session When connecting with TMA CLI.
+ 2 sessions When downloading a config.cli or config.cms file.
+ 1 session When connecting with Telnet.
+ 1 session When downloading software.
+ 1 session When connecting with the Web Interface.
telindus1421Router/management/cliSessionCount
This attribute displays the number of CLI sessions that are currently active on the Telindus 1421 SHDSL
Router.
There are always minimum two fixed sessions active. Connecting with TMA CLI, the Web Interface, etc.
opens additional sessions. This is explained in the following table:
1 fixed session A fixed session for the control port.
1 fixed session A fixed session for Web Interface.
+ 1 session When connecting with TMA CLI or starting a CLI session.

telindus1421Router/management/tftpSessionCount
This attribute displays the number of TFTP sessions that are currently active on the Telindus 1421
SHDSL Router.
telindus1421Router/management/tcpSessionCount
This attribute displays the number of TCP sessions that are currently active on the Telindus 1421 SHDSL
Router. The following table shows when a TCP session opens:
+ 1 session When connecting with Telnet.
telindus1421Router/management/ipStackEvents
This attribute gives an indication of the internal load of the protocol stack.
13.12 Operating system performance attributes

• telindus1421Router/operatingSystem/currUsedProcPower on page 692
• telindus1421Router/operatingSystem/usedProcPower on page 692
• telindus1421Router/operatingSystem/freeDataBuffers on page 692
• telindus1421Router/operatingSystem/totalDataBuffers on page 692
• telindus1421Router/operatingSystem/largestFreeBlockSize on page 692
• telindus1421Router/operatingSystem/freeBlockCount on page 692
• telindus1421Router/operatingSystem/freeMemory on page 693
• telindus1421Router/operatingSystem/totalMemory on page 693
• telindus1421Router/operatingSystem/taskInfo on page 693
telindus1421Router/operatingSystem/currUsedProcPower
This attribute displays the amount of processing power used during the last 650 milliseconds, expressed
as a percentage of the total available processing power.
telindus1421Router/operatingSystem/usedProcPower
This attribute lists the used processing power for the 11 most recent 30 seconds intervals. The process-
ing power is expressed as a percentage of the total processing power.
The usedProcPower table contains the following elements:
Element Description
sysUpTime This is the elapsed time since the last cold boot. The next values are for the 30
seconds period before this relative time stamp.
min This is the minimum percentage of processing power in use during the last 30 sec-
onds.
average This is the average percentage of processing power in use during the last 30 sec-
onds.
max This is the maximum percentage of processing power in use during the last 30 sec-
onds.
telindus1421Router/operatingSystem/freeDataBuffers
The processor uses buffers for storing the packets during processing and/or queuing. Each buffer has a
256 byte size, headers included. This attribute is the number of data buffers currently not in use and
available for e.g. incoming data.
telindus1421Router/operatingSystem/totalDataBuffers
This attribute displays the total number of available data buffers.
telindus1421Router/operatingSystem/largestFreeBlockSize
The processor uses RAM memory for storing internal information and buffering. The different tasks allo-
cate RAM memory on request. Tasks may also free memory again. In this way the total RAM memory
becomes fragmented. This attribute gives the size of the largest contiguous free memory block
expressed in bytes.
telindus1421Router/operatingSystem/freeBlockCount
This attribute displays the number of free contiguous memory blocks.

telindus1421Router/operatingSystem/freeMemory
This attribute displays the total free memory expressed in bytes.
telindus1421Router/operatingSystem/totalMemory
This attribute displays the total RAM memory expressed in bytes.
telindus1421Router/operatingSystem/taskInfo
This attribute contains status information concerning the different tasks running on the processor. It is a
table grouping up to 31 task slots, which is the maximum number of parallel tasks running on the proc-
essor's operating system.
This attribute contains the same elements as the status attribute telindus1421Router/operatingSystem/taskInfo
on page 628.
User manual Alarm attributes
14 Alarm attributes
This chapter discusses the alarm attributes of the Telindus 1421 SHDSL Router. The following gives an
overview of this chapter:
• 14.1 - Alarm attributes overview on page 696
• 14.2 - Introducing the alarm attributes on page 698
• 14.3 - General alarms on page 701
• 14.4 - LAN interface alarms on page 703
• 14.5 - WAN interface alarms on page 704
• 14.6 - SHDSL line alarms on page 705
• 14.7 - SHDSL line pair alarms on page 706
• 14.8 - End and repeater alarms on page 708
• 14.9 - Bundle alarms on page 710
• 14.10 - Router alarms on page 711
14.1 Alarm attributes overview
totalAlarmLevel
alarmInfo
notResponding
alarmSyncLoss
configChanged
access
unknownStatus
coldBoot
warmBoot
codeConsistencyFail
configConsistencyFail
>> lanInterface
alarmInfo
linkDown
>> wanInterface
alarmInfo
linkDown
>>> line
alarmInfo
linkDown
invalidNumRepeaters
>>>> linePair[ ]
alarmInfo
linkDown
lineAttenuation
signalNoise
errSecExceeded
sevErrSecExceeded
>>> repeater[ ]
alarmInfo
lineAttenuation
signalNoise
errSecExceeded
sevErrSecExceeded
alarmInfo
lineAttenuation
signalNoise
errSecExceeded
sevErrSecExceeded
>>> end
>>>> linePair[ ]
alarmInfo
lineAttenuation
signalNoise
errSecExceeded
sevErrSecExceeded
>> bundle
>>> pppBundle
alarmInfo
linkDown
>> router
alarmInfo
pingActive
14.2 Introducing the alarm attributes
Before discussing the alarm attributes of the Telindus 1421 SHDSL Router in detail, some general infor-
mation on the alarm attributes of the Telindus 1421 SHDSL Router is given.
• 14.2.1 - Configuration alarm attributes on page 699
• 14.2.2 - General alarm attributes on page 700
14.2.1 Configuration alarm attributes
This section describes the following alarm attributes:

• telindus1421Router/…/alarmMask
• telindus1421Router/…/alarmLevel
telindus1421Router/…/alarmMask
Use this attribute to mask or unmask the alarms of an object. This determines whether an active alarm
is forwarded to the central management system (e.g. HP OpenView) or not.
The alarms in the alarmMask attribute have the following values:
Value Is the active alarm being forwarded to the central management system?
enabled Yes. So the alarm is unmasked.
disabled No. So the alarm is masked.
Alarms are always seen in the alarmInfo alarm attribute of an object, regardless of the masking of the
alarm. I.e. even if an alarm is set to disabled in the alarmMask of an object, if the alarm condition is fulfilled
then the alarm will be set to on in the alarmInfo of that object. However, because this alarm is disabled it
will not be sent to the central management system (e.g. HP OpenView).
Only the most important alarms are unmasked (i.e. enabled) by default. All other alarms are masked (i.e.
disabled).
telindus1421Router/…/alarmLevel
Use this attribute to assign a priority level to each alarm of the corresponding object. The alarm level
range goes from 0 to 254, where 0 is the lowest and 254 is the highest priority level.
The alarmLevel of an unmasked, active alarm is sent to the totalAlarmLevel alarm attribute of the top object
telindus1421Router.
14.2.2 General alarm attributes
This section describes the following alarm attributes:

• telindus1421Router/totalAlarmLevel
• telindus1421Router/…/alarmInfo
telindus1421Router/totalAlarmLevel
This attribute is only present in the top object of the containment tree of the Telindus 1421 SHDSL
Router, being telindus1421Router.
It displays the priority level of an unmasked, active alarm. When several alarms are generated at the
same time, the highest priority level is shown. If the alarm levels are set in a structured manner, one look
at the totalAlarmLevel attribute enables the operator to make a quick estimation of the problem.
The value of the totalAlarmLevel attribute is also communicated to the central management system (e.g.
HP OpenView) where it determines the colour of the icon. This colour is an indication of the severity of
the alarm.
telindus1421Router/…/alarmInfo
This attribute contains the actual alarm information of the corresponding object.
The alarmInfo structure contains the following elements:
Element This element displays for the corresponding object …
discriminator the total alarm count since the last cold boot.
currentAlarms the current alarms.
previousAlarms the second most recent alarms.
alarmMask the alarmMask as you configured it.
alarmLevel the alarmLevel as you configured it.

14.3 General alarms
This section describes the alarms of the alarm attribute telindus1421Router/alarmInfo.
Refer to 14.2 - Introducing the alarm attributes on page 698 for general information on the alarm
attributes.
telindus1421Router/alarmInfo
The different alarms related to the telindus1421Router object together with their explanation and default
alarmMask and alarmLevel value are given in the following table:
The alarm … is generated … Default value
alarmMask alarmLevel
notResponding by the management concentrator when the Telindus enabled 4

1421 SHDSL Router does not respond on its polling ses-
sion.
alarmSyncLoss when the internal alarm buffer overflows. enabled 4
configChanged when the local configuration has been changed. disabled 1
access when a management session is started on the Telindus disabled 1

1421 SHDSL Router itself. This alarm is not activated
when the management session is established through a
management concentrator.
Example
The alarm is activated in case of …

• a TMA, TMA CLI, terminal (CLI or ATWIN) or Easy-
Connect session via the control connector of the Tel-
• a TMA, TMA CLI, TMA for HP OpenView, Telnet (CLI
or ATWIN), HTTP (Web Interface) or TFTP session
using the LAN / WAN IP address of the Telindus
1421 SHDSL Router.
The alarm is not activated in case of …

• any management session (TMA, terminal, Telnet,
HTTP, etc.) established through a management con-
centrator on the Telindus 1421 SHDSL Router.
• SNMP management.
unknownState each time a new Telindus 1421 SHDSL Router is added disabled 0
to the network and before the management concentrator
has completed a first successful polling session.
coldBoot each time the Telindus 1421 SHDSL Router performs a disabled 1
cold boot.
warmBoot each time the Telindus 1421 SHDSL Router performs a disabled 1
warm boot.
codeConsistency- when the software consistency imposed by the manage- disabled 1

Fail ment concentrator on the Telindus 1421 SHDSL Router
fails. For example, because of a loss of contact.
In the management concentrator that manages the Tel-
indus 1421 SHDSL Router (e.g. the Orchid 1003 LAN,
Telindus 1035 Orchid, etc.), check the status attribute
nmsgroup/softConsistencyStatus to determine the problem.
configConsistency- when the configuration consistency imposed by the disabled 1

Fail management concentrator on the Telindus 1421 SHDSL
Router fails. For example, because of a loss of contact.
In the management concentrator that manages the Tel-
indus 1421 SHDSL Router (e.g. the Orchid 1003 LAN,
Telindus 1035 Orchid, etc.), check the status attribute
status attributes nmsgroup/objectTable/configState and config-
Diag to determine the problem.
14.4 LAN interface alarms
This section describes the alarms of the alarm attribute telindus1421Router/lanInterface/alarmInfo.
attributes.
telindus1421Router/lanInterface/alarmInfo
The alarm related to the lanInterface object together with its explanation and default alarmMask and
alarmLevel value is given in the following table:
linkDown when no valid LAN data is detected. I.e. when the con- enabled 3
nection between the interface and the LAN is down.
14.5 WAN interface alarms
This section describes the alarms of the alarm attribute telindus1421Router/wanInterface/alarmInfo.
attributes.
telindus1421Router/wanInterface/alarmInfo
The alarm related to the wanInterface object together with its explanation and default alarmMask and
linkDown when an error situation is detected in the encapsulation enabled 3

protocol.
For instance, no ATM synchronisation, a failed PPP
authentication, …
14.6 SHDSL line alarms
This section describes the alarms of the alarm attribute telindus1421Router/wanInterface/line/alarmInfo.
attributes.
telindus1421Router/wanInterface/line/alarmInfo
The alarms related to the line object together with their explanation and default alarmMask and alarmLevel
value are given in the following table:
linkDown when the line is down. I.e. no data can be transmitted enabled 3
over the line.
invalidNum- if the number of repeaters you entered in the disabled 1

Repeaters telindus1421Router/wanInterface/line/numExpectedRepeaters
attribute does not match the actual number of repeaters
discovered by the Telindus 1421 SHDSL Router.
The actual number of repeaters discovered by the Telin-
dus 1421 SHDSL Router can be seen in the
telindus1421Router/wanInterface/line/numDiscoveredRepeaters
attribute.
14.7 SHDSL line pair alarms
This section describes the alarms of the alarm attribute telindus1421Router/wanInterface/line/linePair[ ]/alarmInfo.
attributes.
telindus1421Router/wanInterface/line/linePair[ ]/alarmInfo
The alarms related to the linePair[ ] object together with their explanation and default alarmMask and
alarmLevel value are given in the following table:
linkDown when the line pair is down. I.e. no data can be transmit- disabled 3
ted over the line pair.
lineAttenuation when the line attenuation exceeds the value configured disabled 1
in the telindus1421Router/wanInterface/line/linkAlarmThresholds
for at least 10 seconds. The alarm is cleared when the
line attenuation drops below this value for at least 10
seconds.
Note that in case the telindus1421Router/wanInterface/line/
eocHandling attribute is set to alarmConfiguration, the central
SHDSL device forces the remote SHDSL device to use
the linkAlarmThresholds/lineAttenuation as configured on the
central device.
• 5.4.3 - Controlling the standard EOC message
exchange on page 68
• 5.4.4 - none or passiveWhich standard EOC informa-
tion is retrieved? on page 70
signalNoise when the signal noise exceeds the value configured in disabled 1
the telindus1421Router/wanInterface/line/linkAlarmThresholds for
at least 10 seconds. The alarm is cleared when the sig-
nal noise drops below this value for at least 10 seconds.
Note that in case the telindus1421Router/wanInterface/line/
eocHandling attribute is set to alarmConfiguration, the central
SHDSL device forces the remote SHDSL device to use
the linkAlarmThresholds/signalNoise as configured on the
central device.
exchange on page 68
errSecExceeded when the amount of erroneous seconds exceeds the disabled 1

value configured in the telindus1421Router/wanInterface/line/
linkAlarmThresholds within a 15 minutes period1. The alarm
is cleared when the amount of erroneous seconds drops
below this value within a 15 minutes period.
sevErrSecExceeded when the amount of severely erroneous seconds disabled 2

exceeds the value configured in the telindus1421Router/
wanInterface/line/linkAlarmThresholds within a 15 minutes
period1. The alarm is cleared when the amount of
severely erroneous seconds drops below this value
within a 15 minutes period.
14.8 End and repeater alarms
This section describes the alarms of the alarm attribute telindus1421Router/wanInterface/end/linePair[ ]/alarmInfo.
The repeater[ ] and end objects contain the same attributes, therefore only the alarms of the end object are
described.
attributes.
telindus1421Router/wanInterface/end/linePair[ ]/alarmInfo
The alarm related to the end/linePair[ ] object together with its explanation and default alarmMask and
lineAttenuation when the lineAttenuation value configured in the disabled 1

telindus1421Router/wanInterface/line/linkAlarmThresholds of the
local device is exceeded for at least 10 seconds. The
alarm is cleared when the line attenuation drops below
this value for at least 10 seconds.
Note however that in case the telindus1421Router/wanInter-
face/line/eocHandling attribute is set to alarmConfiguration, the
central SHDSL device forces the remote SHDSL device
to use the linkAlarmThresholds/lineAttenuation as configured
on the central device.
exchange on page 68
signalNoise when the signalNoise value configured in the disabled 1

local device is exceeded for at least 10 seconds. The
alarm is cleared when the signal noise drops below this
value for at least 10 seconds.
Note however that in case the telindus1421Router/wanInter-
face/line/eocHandling attribute is set to alarmConfiguration, the
central SHDSL device forces the remote SHDSL device
to use the linkAlarmThresholds/signalNoise as configured on
the central device.
exchange on page 68
errSecExceeded when the errSecOn value configured in the disabled 1

local device is exceeded within a 15 minutes period1.
The alarm is cleared when the amount of erroneous sec-
onds drops below this value within a 15 minutes period.
sevErrSecExceeded when the sevErrSecOn value configured in the disabled 2

local device is exceeded within a 15 minutes period1.
The alarm is cleared when the amount of severely erro-
neous seconds drops below this value within a 15 min-
utes period.
14.9 Bundle alarms
This section describes the alarms of the alarm attribute telindus1421Router/bundle/xxxBundle[ ]/alarmInfo.
attributes.
telindus1421Router/bundle/xxxBundle[ ]/alarmInfo
The alarm related to the xxxBundle[ ] object together with its explanation and default alarmMask and
linkDown when all the bundle links in the bundle are down. enabled 3
14.10 Router alarms
This section describes the alarms of the alarm attribute telindus1421Router/router/alarmInfo.
attributes.
telindus1421Router/router/alarmInfo
The alarm related to the router object together with its explanation and default alarmMask and alarmLevel
value is given in the following table:
pingActive when a ping is pending (for example, an indefinite ping). enabled 3

This notification is necessary because you can only
transmit one ping at a time. Furthermore, there is no pro-
tection when a new ping is started before the previous is
stopped.
User manual TMA sub-system picture
15 TMA sub-system picture

The sub-system picture is a TMA tool that visualises the status information of the Telindus 1421 SHDSL
Router. This chapter explains how to display the sub-system picture, and how to interpret the visual indi-
cations.
How to display the sub-system picture?
To display the sub-system picture of the Telindus 1421 SHDSL Router, click on the sub-system picture
button located in the TMA toolbar: .
Structure of the sub-system picture
This paragraph displays and labels the different elements of the sub-system picture. It also explains how
the visual indications should be interpreted.
Below, the Telindus 1421 SHDSL Router sub-system picture is displayed:
The following table gives an overview of the sub-system picture elements and what they indicate:
Element Description
LEDs These reflect the actual status of the device.

The LED indication on the sub-system picture corresponds with the LED indication
on the Telindus 1421 SHDSL Router itself. Refer to 2.7 - The front panel LED indi-
cators on page 20 for more information on the interpretation of the LEDs.
LAN This reflects the status of the LAN interface. The possible indications are:
• green. There is no alarm active in the corresponding lanInterface object.
• red. An alarm is active in the corresponding lanInterface object.
The colour of the LAN interface only changes if the alarms related to the
lanInterface object are set to enabled in the alarmMask.
User manual TMA sub-system picture
Element Description
LINE This reflects the status of the WAN interface and of the line pair(s). The possible
indications are:
• green outside. There is no alarm active in the corresponding
wanInterface object.
• red outside. An alarm is active in the corresponding wanInterface
object.
• green inside, left. There is no alarm active in the corresponding linePair[1] object.
• red inside, left. An alarm is active in the corresponding linePair[1] object.
• green inside, right. There is no alarm active in the corresponding linePair[2]
object.
• red inside, right. An alarm is active in the corresponding linePair[2] object.
The colours of the WAN interface / line pair(s) only change if the alarms
related to the wanInterface / linePair[ ] objects are set to enabled in the alarm-
Mask.
User manual Auto installing the Telindus 1421 SHDSL Router
16 Auto installing the Telindus 1421 SHDSL Router

Auto-install includes a number of features that allow you to partially or completely configure the Telindus
1421 SHDSL Router without on-site intervention. This is shown in this chapter.
• 16.1 - Introducing the auto-install protocols on page 716
• 16.2 - Auto-install on the LAN interface on page 718
• 16.3 - Auto-install on the WAN interface on page 723
• 16.4 - Creating a configuration file on page 730
• 16.5 - Restoring a configuration file on page 737
16.1 Introducing the auto-install protocols
The Telindus 1421 SHDSL Router uses several protocols during its auto-install sequence. These are
introduced below.
What is BootP?
BootP (RFC 951) is used by IP devices that have no IP address to obtain one.
The client IP device sends a limited broadcast request on its interfaces requesting an IP address. The
request contains the client its MAC address, which is a unique identifier (refer to What is the ARP cache?
on page 359 for more information).
A workstation with a BootP server interprets incoming BootP requests. You can configure a file on the
server with MAC address and IP address/subnet mask pairs for all devices in the network you want to
service. If the MAC address in the BootP request matches a MAC address in this file, the BootP server
replies with the corresponding IP address and subnet mask.
Assigning an IP address in this way is done through a simple request - response handshake.
The Telindus 1421 SHDSL Router, being a router, always requests a static IP address.
What is DHCP?
DHCP (RFC 2131 and RFC 2132) is used by IP devices that have no IP address to obtain one.
The client IP device sends a limited broadcast request on its interfaces requesting an IP address. The
request contains the client its MAC address, which is a unique identifier (refer to What is the ARP cache?
on page 359 for more information).
A workstation with a DHCP server works in a similar way as with a BootP server. The difference with
BootP is that you can additionally configure a list of IP addresses on the server. These IP addresses are
dynamically assigned to the IP devices requesting an IP address, independently of their MAC address.
Those address assignments are limited in time.
Assigning an IP address in this way is done through a 4-way handshake and with regular renewals.
The Telindus 1421 SHDSL Router, being a router, always requests a static IP address.
What is DNS?
The Domain Name Service (DNS) is an Internet service that translates domain names into IP addresses.
Because domain names are alphabetic, they are easier to remember. The Internet however, is really
based on IP addresses. Therefore, every time you use a domain name, a DNS service must translate
the name into the corresponding IP address. For example, the domain name www.mywebsite.com might
translate to 198.105.232.4.
The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular
domain name, it asks another one, and so on, until the correct IP address is returned.
What is TFTP?
Trivial File Transfer Protocol (TFTP) is an Internet software utility for transferring files that is simpler to
use than the File Transfer Protocol (FTP) but less capable. It is used where user authentication and
directory visibility are not required. TFTP uses the User Datagram Protocol (UDP) rather than the Trans-
mission Control Protocol (TCP). TFTP is described formally in Request for Comments (RFC) 1350.
TFTP is typically used in combination with BootP or DHCP to obtain the configuration of a device from
a TFTP server. The configuration file on this TFTP can be in a binary or an ASCII (CLI) format. How to
build such files is explained in 16.4 - Creating a configuration file on page 730.
The Telindus 1421 SHDSL Router as relay agent
Being broadcast packets, BootP, DHCP, DNS and TFTP requests can cross a router using IP helper
addresses. The Telindus 1421 SHDSL Router is a relay agent for these protocols. This means it adds
additional information to the request packets allowing servers on distant networks to send back the
answer.
16.2 Auto-install on the LAN interface
This section shows the auto-install sequence on the Telindus 1421 SHDSL Router its LAN interface.
• 16.2.1 - Set-up for auto-install on the LAN interface on page 719
• 16.2.2 - Auto-install in case of Ethernet on page 720
• 16.2.3 - Example of auto-install on the LAN interface on page 721
16.2.1 Set-up for auto-install on the LAN interface
The following figure shows the set-up for auto-install on the LAN interface:
16.2.2 Auto-install in case of Ethernet

16.2.3 Example of auto-install on the LAN interface
Suppose you have the following situation:

• The Telindus 1421 SHDSL Router is still in its default configuration (absolutely nothing is configured).
This means that the LAN interface …
- is in bridging mode.
- no IP address is configured on the LAN interface.
- no IP address is configured on the bridge group.
⇒This means that if an IP address is obtained through BootP/DHCP, then it will be assigned to the
bridge group, not to the LAN interface itself (since it is in bridging mode)!
• A BootP server is present on the LAN, containing the Telindus 1421 SHDSL Router MAC address
(00:C0:89:00:94:6F) and a corresponding IP address (192.168.47.1).
• A DNS server is present on the LAN, containing the Telindus 1421 SHDSL Router its hostname
“TlsRouter“.
• A TFTP server is present on the LAN, containing the Telindus 1421 SHDSL Router its binary config-
uration file “TlsRouter.cms”.
• The Telindus 1421 SHDSL Router is plugged on to the LAN.
The following shows how the Telindus 1421 SHDSL Router obtains an IP address and its configuration
file:
Note again that the obtained IP address is assigned to the bridge group, not to the LAN interface itself
(since it is in bridging mode)! So if you check the status of the bridge group, you will see the IP address
there:
16.3 Auto-install on the WAN interface
This section shows the auto-install sequence on the Telindus 1421 SHDSL Router its WAN interface.
• 16.3.1 - Set-up for auto-install on the WAN interface on page 724
• 16.3.2 - Auto-install in case of ATM on page 725
• 16.3.3 - Auto-install in case of Frame-Relay on page 726
• 16.3.4 - Example of auto-install on the WAN interface running ATM on page 727
16.3.1 Set-up for auto-install on the WAN interface
The following figure shows the set-up for auto-install on the WAN interface:
16.3.2 Auto-install in case of ATM

16.3.3 Auto-install in case of Frame-Relay

16.3.4 Example of auto-install on the WAN interface running ATM
Suppose you have the following situation:

• On the local Telindus Router you add an ATM PVC to the atm/pvcTable. For this ATM PVC you specify
the VPI/VCI values 1/100. All other elements of the ATM PVC remain at their default value.
• On the central Telindus Router you also add an ATM PVC to the atm/pvcTable. For this ATM PVC you
specify …
- the VPI/VCI values 1/100.
- the helper IP addresses 192.168.47.251 (DHCP server) and 192.168.47.252 (TFTP server).
- the helper protocols DHCP (68) and TFTP (69).
• A DHCP server is present on the remote network, containing the Telindus 1421 SHDSL Router MAC
address (00:C0:89:00:94:6F), a corresponding IP address (192.168.100.1) and a corresponding con-
figuration filename “TlsRouterConfig.cms”.
• A TFTP server is present on the remote network, containing the Telindus 1421 SHDSL Router its
binary configuration file “TlsRouterConfig.cms”.
• The Telindus Router is plugged on to the WAN.
So the initial configuration on the local Telindus Router is as shown below:

In order for the auto-install of the local Telindus Router to be successful, the following must be configured
on the central Telindus Router:
The following shows how the local Telindus Router obtains an IP address and its configuration file:
16.4 Creating a configuration file
In 16.2 - Auto-install on the LAN interface on page 718 and 16.3 - Auto-install on the WAN interface on
page 723, you can see how the configuration file is retrieved using TFTP during the auto-install
sequence. This section explains which two configuration file formats can be used for this purpose and
how to create such a configuration file.
• 16.4.1 - The different configuration file formats on page 731
• 16.4.2 - Creating a binary file using TMA on page 732
• 16.4.3 - Creating an ASCII CLI file using TMA on page 733
• 16.4.4 - Creating an ASCII CLI file using TFTP on page 735
• 16.4.5 - Creating an ASCII CLI file using Telnet on page 736
16.4.1 The different configuration file formats
sequence. The two possible configuration file formats used for this purpose are:
File type Extension How to create the configuration file
binary .cms Use the TMA export utility and choose the CMS file type. This
is the most compact format.
Refer to 16.4.2 - Creating a binary file using TMA on page 732.
ASCII CLI .cli • Use the TMA export utility and choose the CLI file type.
• Use the TFTP get command.
• Use the CLI get command.
Refer to …
• 16.4.3 - Creating an ASCII CLI file using TMA on page 733
• 16.4.4 - Creating an ASCII CLI file using TFTP on page 735
• 16.4.5 - Creating an ASCII CLI file using Telnet on
page 736
When you download an ASCII CLI (*.cli) configuration

file to the Telindus 1421 SHDSL Router, make sure that
each line in this file contains no more than 500 charac-
ters.
16.4.2 Creating a binary file using TMA
To create a configuration file in binary (*.cms) format using TMA, proceed as follows:
Step Action
1 Start a TMA session on the Telindus 1421 SHDSL Router.
2 Make changes to its configuration (if necessary) in order to obtain the desired configura-
tion.
3 Click on the Export data to file button: .
4 In the Export configuration parameters window, select the following:

• Choose a directory where to save the file.
• Enter a name for the file.
• Make sure the file type is CMS.
• Make sure the Full configuration option is selected.
5 Click on the Save button.

The edited configuration of the Telindus 1421 SHDSL Router is stored on the PC in
binary format. The file contains the complete configuration including the Activate Config-
uration command. As a result, the configuration is immediately activated if you download
it to the device again.
16.4.3 Creating an ASCII CLI file using TMA
To create a configuration file in ASCII CLI (*.cli) format using TMA, proceed as follows:
Step Action
2 Make changes to its configuration (if necessary) in order to obtain the desired configura-
tion.
3 Click on the Export data to file button: .
4 In the Export configuration parameters window, select the following:

• Choose a directory where to save the file.
• Enter a name for the file.
• Make sure the file type is CLI.
• Make sure the Full configuration option is selected.
Do not select the file extension for ASCII text (*.txt)! This is for documentation pur-
poses only, not for configuration purposes.
Step Action
5 Click on the Save button.

⇒The edited configuration of the Telindus 1421 SHDSL Router is stored on the PC
in ASCII CLI format. The file contains the configuration attributes that differ from
their default value including the Load Default Configuration command at the begin-
ning of the file and the Activate Configuration command at the end of the file. As a
result, the configuration is immediately activated if you download it to the device
again.
16.4.4 Creating an ASCII CLI file using TFTP
To create a configuration file in ASCII CLI (*.cli) format using TFTP, proceed as follows:
Step Action
1 Start a TFTP session on the Telindus 1421 SHDSL Router.

For example by typing tftp 10.0.11.1 at the command prompt of your workstation,
where 10.0.11.1 is the IP address of the Telindus 1421 SHDSL Router.
2 Get the configuration file of the Telindus 1421 SHDSL Router.
Example
tftp> get CONFIG.CLI dest_file.cli

Where …
• get is the TFTP command to retrieve a file.
• CONFIG.CLI (in capitals!) is the source file (i.e. the Telindus 1421 SHDSL Router con-
figuration file).
• dest_file.cli is the destination file.
3 When the file transfer is finished, close the TFTP session.
Note that the procedure described above does not work with FTP.
16.4.5 Creating an ASCII CLI file using Telnet
To create a configuration file in ASCII CLI (*.cli) format using Telnet logging and the CLI get command,
proceed as follows:
Step Action
1 Start a Telnet session on the Telindus 1421 SHDSL Router. You are automatically in CLI
mode.
2 You are automatically located in the top object (telindus1421Router) and in the "Edit Config-
uration" group. Check to make sure (just press the Enter key).
3 Log the CLI output to a file. Refer to the documentation of your Telnet software how to
do so.
4 Execute the get -r -d command.

>get -r -d
5 Stop the logging.
6 The log file you now obtained, modify it as follows:

• At the beginning of the log file …
- remove all logging before the get -r -d command.
- remove the get -r -d command itself.
- change the string GET into SET.
- type the string action “Load Default Configuration” (case sensitive!) on the line
above the SET command.
• At the end of the log file…
- remove all logging until the last character is a closing curled bracket “}”.
- type the string action “Activate Configuration” (case sensitive!) on the line below
the closing curled bracket “}”.
7 Save this file to a file with an extension *.cli.

16.5 Restoring a configuration file
sequence. It is, however, also possible to restore previously saved configuration files by downloading
them yourself to the Telindus 1421 SHDSL Router. You can do this by using various applications. This
is explained in this section.
• 16.5.1 - Downloading a configuration file using TMA on page 738
• 16.5.2 - Downloading a configuration file using (T)FTP on page 739
• 16.5.3 - Downloading a configuration file using Telnet on page 740
16.5.1 Downloading a configuration file using TMA
To download a configuration file using TMA, proceed as follows:
Step Action
2 Click on the Import data from file button: .
3 In the Import configuration window, select the following:

• Select the directory where the configuration file is located.
• Select which type of configuration file you want to import: CMS or CLI.
• Select the configuration file you want to import.
4 Click on the Open button.

⇒The configuration is downloaded to the Telindus 1421 SHDSL Router.
16.5.2 Downloading a configuration file using (T)FTP
To download a configuration file using (T)FTP, proceed as follows:
Step Action
1 Start a (T)FTP session on the Telindus 1421 SHDSL Router.

For example by typing (t)ftp 10.0.11.1 at the command prompt of your computer,
where 10.0.11.1 is the IP address of the Telindus 1421 SHDSL Router. If a write access
password is configured on the Telindus 1421 SHDSL Router, then enter it as well.
2 Set the transfer mode to binary (octet) format. The syntax to do this is typically binary or
octet.
3 Type the following command:

(t)ftp> put source_file.cli CONFIG.CLI
or
(t)ftp> put source_file.cms CONFIG.CMS
Where …
• put is the (T)FTP command to send a file.
• source_file.* is the source file. This may either be a CLI or CMS file1.
• CONFIG.* (in capitals!) is the destination file (i.e. the Telindus 1421 SHDSL Router
configuration file). This may either be a CLI or CMS file1.
4 When the file transfer is finished, close the (T)FTP session.
1. However, make sure that source and destination file format are both the same!
16.5.3 Downloading a configuration file using Telnet
To download a configuration file using Telnet, proceed as follows:
Step Action
1 Start a Telnet session on the Telindus 1421 SHDSL Router. You are automatically in CLI
mode.
2 You are automatically located in the top object (telindus1421Router) and in the "Edit Config-
uration" group. Check to make sure (just press the Enter key).
3 Use the “send” feature of your Telnet software to send the ASCII CLI configuration file to
the Telindus 1421 SHDSL Router. Refer to the documentation of your Telnet software
how to do so.
User manual Downloading software
17 Downloading software
This chapter explains how to download loader and application software to the Telindus 1421 SHDSL
Router. It also shows how to download any other file to the file system of the Telindus 1421 SHDSL
Router. But first it explains the difference between boot, loader and application software.
• 17.1 - What is boot, loader and application software? on page 742
• 17.2 - Downloading application software using TMA on page 744
• 17.3 - Downloading application software using TFTP on page 745
• 17.4 - Downloading application or loader software using TML on page 746
• 17.5 - Downloading application software using FTP on page 747
• 17.6 - Downloading application or loader software in loader mode on page 748
• 17.7 - Downloading files to the file system on page 749
17.1 What is boot, loader and application software?
What is boot software?
The boot software takes care of the initial phase in the start-up sequence of the Telindus 1421 SHDSL
Router. It is located on the lowest software level. If the Telindus 1421 SHDSL Router only loads its boot
software, then we say that the Telindus 1421 SHDSL Router runs in boot mode.
The Telindus 1421 SHDSL Router …
• runs in boot mode if no loader or application software is present.
• cannot be forced to run in boot mode by using a DIP switch.
• can temporarily be forced to run in boot mode by using the -b option of the TML command. Refer to
17.4 - Downloading application or loader software using TML on page 746.
In boot mode …
• you can download loader software (using TML).
• you cannot download application software.
• you cannot establish a TMA session. You can only use TML to download loader software.
What is loader software?
The loader software takes care of the second phase in the start-up sequence of the Telindus 1421
SHDSL Router. It is located on the middle software level. If the Telindus 1421 SHDSL Router loads its
boot and loader software, then we say that the Telindus 1421 SHDSL Router runs in loader mode.
The Telindus 1421 SHDSL Router …
• runs in loader mode if no application software is present.
• can be forced to loader mode by using a DIP switch. This may be necessary in case a software down-
load failed or a flash memory error occurred making the Telindus 1421 SHDSL Router inaccessible
or even inoperative. Refer to 17.6 - Downloading application or loader software in loader mode on
page 748.
In loader mode …
• you can download loader software provided you use the -b option of the TML command, temporarily
forcing the Telindus 1421 SHDSL Router to run in boot mode. Refer to 17.4 - Downloading applica-
tion or loader software using TML on page 746.
• you can download application software (using TML).
• you cannot establish a TMA session. You can only use TML to download loader and application soft-
ware.
What is application software
The application software, also called control software or firmware, completely controls the Telindus 1421
SHDSL Router. It is located on the highest software level. If the Telindus 1421 SHDSL Router loads its
boot, loader and application software, then we say that the Telindus 1421 SHDSL Router runs in appli-
cation mode.
In application mode …
• you can download loader software provided you use the -b option of the TML command, temporarily
forcing the Telindus 1421 SHDSL Router to run in boot mode (refer to 17.4 - Downloading application
or loader software using TML on page 746).
• you can download application software (using TMA, TFTP or TML).
• you can establish a TMA session.
17.2 Downloading application software using TMA
To download application software to the Telindus 1421 SHDSL Router using TMA, proceed as follows:
Step Action
1 Establish a link between TMA and the Telindus 1421 SHDSL Router either over a serial
or an IP connection. Refer to 4 - Maintaining the Telindus 1421 SHDSL Router on
page 29.
2 In the TMA window select Tools → Download…
3 In case you made …

• an IP connection, skip this step.
• a serial connection, select the Options tab in
the TMA - Download window. Then set the
following:
- Set the initial transfer speed to 9600 bps.
- Select a maximum transfer speed. If you
select e.g. 57600 bps, then the actual
transfer speed will be negotiated between
9600 bps and 57600 bps.
4 In the TMA - Download window, select the Configuration tab and click on Add…
5 In the Remote filename window, do the

following:
1. Select the file you want to download
(e.g. T1234001.00).
2. Type CONTROL in the Remote file
field.
3. Click on Open.
6 If you are currently connected to the Telindus 1421 SHDSL Router without write access,
then you can enter a password in the Password tab which gives you write access. Else
leave the Password tab blank.
7 When the TMA - Download window reappears,

click on OK.
⇒A window opens and shows the download
progress.
17.3 Downloading application software using TFTP
When downloading with TMA over an IP connection, you actually evoke TFTP (Trivial File Transfer Pro-
tocol) through TMA. You can also use TFTP without opening TMA.
To download application software to the Telindus 1421 SHDSL Router using TFTP, proceed as follows:
Step Action
1 Start a TFTP session on the Telindus 1421 SHDSL Router.

For example by typing tftp 10.0.11.1 at the command prompt of your computer, where
10.0.11.1 is the LAN IP address of the Telindus 1421 SHDSL Router. If a write access
password is configured on the Telindus 1421 SHDSL Router, you can either enter it now
or when you actually download the application software (see step 3).
2 Set the following TFTP parameters:

• Set the retransmission time-out to at least 20 seconds. The syntax to do this is typi-
cally rexmt 20.
• Set the total TFTP time-out sufficiently large (e.g. 40 seconds). The syntax to do this
is typically timeout 40.
• Set the transfer mode to binary (octet) format. The syntax to do this is typically binary
or octet.

tftp> put Txxxxxxx.00 CONTROL?my_pwd
Where …
• put is the TFTP command to send a file.
• Txxxxxxx.00 is the application software file (e.g. T1234001.00).
• CONTROL (in capitals!) specifies that the file being downloaded is an application soft-
ware file.
• ?my_pwd is the write access password as configured in the Telindus 1421 SHDSL
Router. If no password has been configured or if you already entered one when start-
ing the TFTP session (see step 1), you may omit the ? and the password.
4 When the file transfer is finished, close the TFTP session.

17.4 Downloading application or loader software using TML
When downloading with TMA over a serial connection, you actually evoke TML (Telindus Memory
Loader) through TMA. You can also use TML without opening TMA.
To download application or loader software to the Telindus 1421 SHDSL Router using TML, proceed as
follows:
Step Action
1 Connect a serial port of your com-

puter (e.g. COM1) through a
straight DB9 male - female cable
with the control connector of the
2 Open a DOS window on your computer.
3 Go to the directory where the TML executable is located. Typically this is

C:\Program Files\TMA.
4 Place the software file you want to download in this directory.
5 Type the following command to download …

• application software: tml -c1 -v -fTxxxxxxx.00@CONTROL?my_pwd
• loader software: tml -c1 -v -b -fTxxxxxxx.00@CONTROL?my_pwd
where …
• tml is the executable (Telindus Memory Loader) to download files to the Telindus
devices through their control port.
• -c1 specifies the COM port of the computer connected to the Telindus 1421 SHDSL
Router (in this example COM1).
• -v returns graphical information on the download status.
• -b puts the Telindus 1421 SHDSL Router in boot mode. This is only necessary when
you want to download loader software.
• -fTxxxxxxx.00 is the software file you want to download (e.g. T1234001.00).
• CONTROL (in capitals!) specifies that the file being downloaded is an application or
loader software file.
Router. If no password has been configured, you may omit the ? and the password.
To see a list of all the possible TML options: type TML in your DOS windows and press
the ENTER key.
6 If you press the ENTER key, the software download begins.

If you used the -v option together with the TML command, a graphical bar shows the
download progress.
17.5 Downloading application software using FTP
To download application software to the Telindus 1421 SHDSL Router using FTP, proceed as follows:
Step Action
1 Start an FTP session on the Telindus 1421 SHDSL Router.

For example by typing ftp 10.0.11.1 at the command prompt of your computer, where
10.0.11.1 is the LAN IP address of the Telindus 1421 SHDSL Router. If a write access
password is configured on the Telindus 1421 SHDSL Router, you can either enter it now
or when you actually download the application software (see step 3).
2 Make sure the transfer mode is set to binary (octet) format. The syntax to do this is typi-
cally binary.

ftp> put Txxxxxxx.00 CONTROL?my_pwd
Where …
• put is the FTP command to send a file.
• Txxxxxxx.00 is the application software file (e.g. T1234001.00).
• CONTROL (in capitals!) specifies that the file being downloaded is an application soft-
ware file.
Router. If no password has been configured or if you already entered one when start-
ing the FTP session (see step 1), you may omit the ? and the password.
4 When the file transfer is finished, close the FTP session.

17.6 Downloading application or loader software in loader mode
When a software download failed or when a flash memory error occurs, it may be possible that the Tel-
indus 1421 SHDSL Router becomes inaccessible or even inoperative. In that case, new software can
still be downloaded by forcing the Telindus 1421 SHDSL Router in loader mode. Do this by means of the
Loader mode DIP switch. Refer to 3.2 - DIP switches of the Telindus 1421 SHDSL Router on page 27.
To download loader or application software to a Telindus 1421 SHDSL Router in loader mode, proceed
as follows:
Step Action
1 Disconnect the power supply and open the housing as described in 3.3 - Opening and
closing the housing on page 28.
2 Set the Loader mode DIP switch to off.

Refer to 3.1 - The Telindus 1421 SHDSL Router motherboard on page 26 to locate this
DIP switch.
3 Replace the cover without fastening the screws and reconnect the power supply.
⇒The Telindus 1421 SHDSL Router reboots in loader mode.
4 Now proceed as explained in the previous section, 17.4 - Downloading application or
loader software using TML on page 746.
5 When the software download is finished, again disconnect the power supply and open
the housing.
6 Reset the Loader mode DIP switch to on.
7 Properly replace the cover as described in 3.3 - Opening and closing the housing on
page 28 and reconnect the power supply.
17.7 Downloading files to the file system
You might want to download other files than the firmware files only. In fact, any file can be downloaded
to the file system of the Telindus 1421 SHDSL Router. You can do this using the same tools you use to
download application software. These tools are:
• TMA (refer to 17.2 - Downloading application software using TMA on page 744).
• TFTP (refer to 17.3 - Downloading application software using TFTP on page 745).
• TML (refer to 17.4 - Downloading application or loader software using TML on page 746).
• FTP (refer to 17.5 - Downloading application software using FTP on page 747).
The major difference is that instead of specifying CONTROL as target filename for the application software,
you now can specify any filename as target filename.
Tool Example
TMA In the Remote filename window,

do the following:
1. Select the file you want to
download (e.g. sdsltt.mod).
2. Type the target filename in the
Remote file field (e.g.
sdsltt.mod).
3. Click on Open.
(T)FTP and TML • tftp> put filename1.ext filename2.ext?my_pwd

• ftp> put filename1.ext filename2.ext?my_pwd
• tml -c1 -v [email protected]?my_pwd
Where …
• filename1.ext is the source filename. This is a file on your computer.
• filename2.ext is the target filename. This is the filename the source file will
get when it is placed on the file system. Source and target filename may be the
same, but if wanted, you may specify a different target filename.
Example:
• tftp> put models.nms models.nms?pwd123
• tml -c1 -v [email protected]?pwd123
User manual Technical specifications
18 Technical specifications
This chapter gives the technical specifications of the Telindus 1421 SHDSL Router. The following gives
an overview of this chapter:
• 18.1 - SHDSL line specifications on page 752
• 18.2 - LAN interface specifications on page 754
• 18.3 - Control connector specifications on page 755
• 18.4 - IP address assignment and auto-provisioning on page 756
• 18.5 - ATM encapsulation specifications on page 757
• 18.6 - Frame Relay encapsulation specifications on page 758
• 18.7 - PPP encapsulation specifications on page 758
• 18.8 - Other WAN encapsulation specifications on page 758
• 18.9 - IP routing specifications on page 759
• 18.10 - Bridging specifications on page 761
• 18.11 - Network address translation specifications on page 762
• 18.12 - Tunnelling and VPN specifications on page 763
• 18.13 - Priority and traffic policy specifications on page 764
• 18.14 - Routing and bridging performance specifications on page 766
• 18.15 - Access security specifications on page 767
• 18.16 - Maintenance and management specifications on page 767
• 18.17 - Memory specifications on page 768
• 18.18 - Power requirements on page 768
• 18.19 - Dimensions on page 768
• 18.20 - Safety compliance on page 769
• 18.21 - Over-voltage and over-current protection compliance on page 769
• 18.22 - EMC compliance on page 769
• 18.23 - Environmental compliance on page 769
18.1 SHDSL line specifications
• Single pair or dual pair line access

• Connector: RJ12
• Impedance: 135 ohm
• Cable to be used: 2*2*CAT5E twisted pair
• Coding: TC PAM, compliant to ITU-T G.991.2 (G.SHDSL)
• Line speeds:
- Single pair: N x 64 kbps (N = 1 … 36)
- Two pair: N x 128 kbps (N = 1 … 36)
• Handshaking: compliant G.994.1 (automatic speed negotiation) or fixed speed
• Performance monitoring: compliant G.826 (errored seconds, severely errored seconds, unavailability
seconds)
• Encapsulation: ATM, Frame Relay, PPP, HDLC
The line connector lay-out
The following table shows the connector layout of the RJ12 line connector:
Pin Signal Figure
1 not used
2 line 21
3 line 1
4 line 1
5 line 21
6 not used
1. For a Telindus 1421 SHDSL Router 2 pair version only.

Maximum covered distance
The following table gives the maximum covered distance over a noise-free line:
Covered distance (km)
Line speed (kbps) Wire diameter (mm)
1 Pair 2 Pair 0.4 0.5 0.6 0.8 1.0 1.2
64 128 11,0 15,1 21,5 27,2 38,2 42,4
128 256 8,0 11,0 15,6 19,8 27,8 30,8
256 512 8,2 11,3 16,0 20,3 28,5 31,6
512 1024 7,2 9,9 14,0 17,8 25,0 27,7
1024 2048 5,5 7,6 10,7 13,6 19,1 21,2
1536 3072 4,0 5,5 7,8 9,9 13,9 15,4
2048 4096 4,2 5,8 8,2 10,4 14,6 16,2
2304 4608 4,0 5,5 7,8 9,9 13,9 15,4
• These values are valid starting from PCB revision 0.1 and firmware revision T2852/00900 and higher.
Also note that these values are only valid when using the correct, properly twisted cable.
• A Signal to Noise ratio of 23dB matches a Noise Margin of 0dB. A Noise Margin of minimum 2dB is
considered a minimum for an Error Ratio that matches at least 10E-7 (= a Signal to Noise ratio of
25dB). In performance tests with noise, usually a noise margin of 6dB is taken (= a Signal to Noise
ratio of 29dB). Tests show that a Signal to Noise ratio of 27dB gives no errors and that at a Signal to
Noise ratio of 25dB errors are rare.
18.2 LAN interface specifications
• Connector: RJ45 (EIA/TIA 568B)

• Cable to be used: 4*2*CAT5E unshielded twisted pair
• Applicable standards: IEEE 802.3 (10Mbps Ethernet), IEEE 802.3u (100Mbps Ethernet)
• Speed: 10 / 100 Mbps auto-sense
• VLAN support (up to 12 VLANs)
The following table shows the connector layout of the RJ45 Ethernet LAN interface connector:
Pin Signal I/O Figure
1 transmit (+) output
2 transmit (-) output
3 receive (+) input
4 not used -
5 not used -
6 receive (-) input
7 not used -
8 not used -
18.3 Control connector specifications
• Connector: female DB9 labelled CTRL

• Applicable standards: ITU-T V.24, V.28, EIA/TIA 574
• Data:
- asynchronous
- 9600 bps
- 8 data bits
- no parity
- 1 stop bit
- no flow control
The control connector has the following pin layout:
Pin Signal DCE Figure
1 not used - -
2 Receive Data RxD output
3 Transmit Data TxD input
4 not used - -
5 GND GND -
6 not used - -
7 not used - -
8 not used - -
9 not used - -
18.4 IP address assignment and auto-provisioning
• BOOTP/DHCP server (RFC 2131, RFC 2132) with static or dynamic address assignment
• DHCP server major features:
- IP address ranges are configurable per interface
- If no gateway is configured in the DHCP server, the router gives its own address
- The DHCP server collects the DNS names of all DHCP clients and acts as a local DNS server for
these names
• DHCP relay agent (RFC 2131, RFC 2132)
• DNS proxy
• Static IP address assignment
• Possible assignment of secondary IP address on the LAN interface
• Numbered or unnumbered mode on WAN interfaces
• Automatic IP address assignment through:
- BootP client (RFC 951)
- DHCP client (RFC 2131, RFC 2132)
- IPCP
• Automatic IP gateway assignment through Inverse ARP (RFC 2390, in Frame-Relay and ATM)
• Automatic default route assignment on remotely learned IP address in PPP
• Automatic configuration file upload through DHCP client
• DHCP client requests are transmitted if an interface is in routing mode and has no IP address yet
• DHCP client requests can be blocked from being transmitted on the LAN interface and bridge groups
18.5 ATM encapsulation specifications
• ATM cell format ITU-T I.311, I.321, I.361, I.432

• ATM forum UNI 3.1/4.0 PVCs
• ATM forum ILMI 3.1/4.0
• OAM F4/F5 LB and CC support (ITU-T I.610)
• Inverse ARP for automatic gateway configuration
• ATM Forum Traffic Management 4.0 service type UBR
• PCR configurable per ATM PVC
• Support of up to 31 ATM PVCs
• ATM VPI range 0 - 255
• ATM VCI range 32 - 10000
• Supported higher layer protocols:
- Classical IP (RFC 1577)
- Ethernet (RFC 2684)
- PPPoA (RFC 2364)
- PPPoE (RFC 2516)
• Multi-protocol encapsulation:
- LLC
- VC
18.6 Frame Relay encapsulation specifications
• Encapsulation compliant with RFC 1490, RFC 2427

• LMI (revision 1 LMI, ANSI T1.617 D, ITU-T Q.933 Annex A and FRF 1&2)
• CIR configurable per DLCI
• EIR configurable per DLCI
• Inverse ARP for automatic gateway configuration
• Support of up to 40 Frame Relay PVCs (DLCIs)
• Frame Relay DLCI range 16 - 1022
• Multi-link Frame Relay (FRF.16)
• Frame Relay fragmentation (FRF.12)
18.7 PPP encapsulation specifications
• Encapsulation compliant with RFC 1661, RFC 1662

• LCP
• IPCP (RFC 1332)
• BCP (RFC 2878)
• CCP (RFC 1962) with Predictor compression algorithm (RFC 1978)
• PAP authentication (RFC 1334), unidirectional or bi-directional authentication
• CHAP authentication with MD5 hashing (RFC 1994), unidirectional or bi-directional authentication
• MS-CHAP1 (RFC 2433) and MS-CHAP2 (RFC 2759) CHAP authentication protocol extension
• MLPPP (RFC 1990)
• MLPPP bundle name exchange
• PPP fragmentation (RFC 1990), enabled to fixed size of 200 bytes or disabled
• MCPPP (RFC 2686)
18.8 Other WAN encapsulation specifications
• HDLC encapsulation in bridging mode (not interoperable with Cisco HDLC encapsulation)
• Error test encapsulation for end-to-end error tests over TDM networks between Telindus devices
18.9 IP routing specifications
The Telindus 1421 SHDSL Router complies to the router requirements as stated in RFC 1812 and sup-
ports the routing of standard IP packets (RFC 791) between the different interfaces of the Telindus 1421
SHDSL Router according to the routing protocols listed below.
Static routing
• Routing is based on destination IP address

• Routing is based on static routing entries in the routing table
• Alternate routing is possible through the use of different preferences for different routes to the same
destination
Policy based routing
• Routing is based on additional higher layer information

• Traffic is routed to a certain interface or gateway based on one or more of the following parameters:
- Source IP address range
- Destination IP address range
- Type Of Service (TOS) value range (8 bits in the IP header, also called DSCP bits)
- IP protocol (examples are any (0), ICMP (1), IGMP (2), TCP (6), UDP (17))
- Source port range for UDP / TCP packets
- Destination port range for UDP / TCP packets
RIP
• RIP1 compliant with RFC 1058

• RIP2 compliant with RFC 2453
• Split horizon and selective router updates per interface
• Broadcasting of selective RIP updates limited to information on specific network subnets
• RIP2 authentication with MD5 hashing or clear text
OSPF
• Compliant with RFC 2328 (OSPF version 2)

• Import of statically configured routes
• Route summarisation and route suppression through range definitions on areas
• Encryption through simple password or MD5 encryption chains
ICMP
Support of ICMP messages (RFC 792):

• TTL exceeded
• Destination unreachable
Multicasting and broadcasting
The Telindus 1421 SHDSL Router supports the handling of broadcasts and multicasts and includes the
following related functionalities:
• IGMPv2 (Internet Group Management protocol, RFC 2236), as the standard for IP multicasting
• IGMP proxy function
• Forwarding of directed broadcasts can be enabled or disabled per interface
• Helper address can be configured for broadcasts
Filtering
• Filtering of outgoing traffic on all interfaces based on extended access lists

• Filtering of incoming traffic on all interfaces based on extended access lists
• Filtering of incoming traffic on the IP protocol stack based on an extended access list
• IP extended access lists filter on the following parameters:
IP MTU
• The IP MTU can be configured on the WAN and LAN interfaces (between 500 and 1650 bytes)
VRRP
• Support of VRRP (RFC 2338)

18.10 Bridging specifications
• Bridging can be enabled or disabled per interface

• Bridging can be combined with routing on the same interface
Bridging protocols
• Self-learning bridging can be enabled or disabled

• Cache of at least 10,000 MAC addresses
• Support of Spanning Tree protocol (IEEE 802.1D)
Bridge groups
• Multiple bridge groups possible

• IP address assignment per bridge group (for management purposes)
• Secondary IP addresses can be configured per bridge group
• MAC address configurable per bridge group
• Routing between different bridge groups possible
VLANs
• Support of VLANs (IEEE 802.1Q)

• Up to 255 VLANs per LAN interface
• Support of VLAN priority tagging (IEEE 802.1P)
• Multiple VLANs within a bridge group towards the IP router possible
• IP TOS to 802.1P COS mapping and COS to TOS mapping are available on the LAN interface to
maintain priority information when changing from IP to VLAN or vice versa
• IP TOS to 802.1P COS mapping and COS to TOS mapping are available on the data sent between
a bridge group and the IP router to maintain priority information when changing from IP to VLAN or
vice versa
• MIB2 performance counters are available per VLAN
VLAN switching
• Bridge group can be configured as VLAN switch

• Q in Q as defined in IEEE 802.1ad possible
• No practical limit on the number of VLANs in VLAN switching mode
• VLAN switching mode can be combined with bridging mode for packets on the same interface
Filtering
• Filtering of outgoing bridged traffic on all interfaces based on access lists

• Bridge access lists filter on source MAC address
• Limit broadcasts in a bridge group per interface
• Proxy ARP cache
18.11 Network address translation specifications
• Compliant with RFC 3022

• NAT mode for one-to-one private to public IP address translation
• PAT mode for many-to-one private to public IP address translation
• NAT/PAT configurable on any interface (the interface with the public address(es))
• Up to 5 NAT/PAT interfaces
• Static and dynamic assignment of NAT official addresses
• List of UDP/TCP port numbers that should not be translated
• List of incoming UDP/TCP port numbers destined for a server
• Easy NAT: CPE learns official IP address via PPP
• Application Layer Gateway (ALG) support including:
- General: FTP, ICMP (Echo, Echo Response, Destination Unreachable, Time Exceed & Source
Quench), SQLNet
- Microsoft Games
- Video / Streaming applications: RTSP, QuickTime, Real Player (Real Audio / Real Video), H.323
(ASN1 PER encoding and decoding included), NetMeeting, Intel Video Phone, CuseeMe 5.0, SIP
Audio
- Communication: Internet Chat, IRC, MIRC, AOL Instant Messenger, AOL enhanced chat,
ICQ2000b, Net2Phone, Microsoft Messenger
- Security Related: PPTP, IPSec ESP (IPSec client from internal network), IKE, L2TP
18.12 Tunnelling and VPN specifications
L2TP tunnelling
• Compliant with RFC 2661

• Up to 10 L2TP tunnels
• Available on LAN and WAN interfaces
• Static and dynamic tunnels
• Tunnel authentication
• Available for IP and bridged PDUs
• One L2TP tunnel between each pair of IP addresses
• One PPP session per L2TP tunnel
• L2TP tunnels can be set up from an interface running NAT/PAT
• L2TP backup tunnels
• RIP snapshot routing on L2TP tunnels
IPSEC security
• Compliant with RFC 2401 up to RFC 2406

• L2TP transport mode (RFC 3193)
• Up to 10 IPSEC tunnels (independently of the number of L2TP tunnels)
• ESP (RFC 2406)
• DES (56 bits; RFC 2405), 3DES (3 * 56 bits; RFC 2451) and NULL (RFC 2410) encryption
• HMAC based on MD5 (RFC 2403) and SHA-1 (RFC 2404) for integrity and authentication
• Manual SAs
18.13 Priority and traffic policy specifications
This section gives the specifications of the priority and traffic policies that are available on the Telindus
1421 SHDSL Router. The following gives an overview of this section:
• 18.13.1 - Priority policy on page 765
• 18.13.2 - IP traffic policy on page 765
• 18.13.3 - Bridge traffic policy on page 765
18.13.1 Priority policy
• 7 forwarding queues per interface:

- 5 standard, configurable queues
- 1 low delay queue
- 1 system queue
• Quotum and weight configurable per standard queue
• Supported algorithms to empty the standard queues:
- FIFO
- Round robin
- Absolute priority
- Weighted fair queueing
- Low delay weighted fair queueing
• CIR configurable per standard queue
18.13.2 IP traffic policy
Supported IP traffic policies:
Traffic shaping
• Traffic is forwarded to a certain priority queue based on the following parameters:

• TOS value can be changed during traffic shaping
• Configurable maximum queue length
• Performance information on classified traffic
TosDiffServ
• Traffic is forwarded to a certain priority queue based on DiffServ (RFCs 2474, 2475) regarding class
and drop precedence
TosMapped
• Traffic is forwarded to a certain priority queue based on a user-defined range of the TOS field
• Configurable maximum queue length
18.13.3 Bridge traffic policy
• Traffic is forwarded to a certain priority queue based on the 802.1P tag of VLAN tagged Ethernet traf-
fic
18.14 Routing and bridging performance specifications
• Routing performance:1
- without IPSEC, without HWA: 40.000 pps
- with IPSEC, with HWA: 4.000 pps
• Bridging performance: 30.000 pps
1. In case you enable encryption in IPSEC, then the routing performance decreases.
18.15 Access security specifications
• Password protected
• Several access levels possible:
- Read access
- Write access
- Security access
- File system access
• Radius client (RFC 2865)
• Management access can be enabled or disabled per interface
• Overall management access can be prohibited (Telnet, HTTP, SNMP, FTP, TFP)
18.16 Maintenance and management specifications
• Local console (Command Line Interface or ATWIN) via serial control port
• TELNET (Command Line Interface or ATWIN) (RFC 854)
• HTTP web interface1 (RFC 2616)
• Easy Configurator (customisable JAVA based web interface)
• TMA (Telindus Maintenance Application) via serial control port or IP connection (UDP port 1728)
• TMA CLI2
• TMA Element Management2
• TMA for HP OpenView2
• TML (Telindus Memory Loader) for configuration and software download via serial control port
• FTP configuration and software download (RFC 414)
• TFTP configuration and software download (RFC 1350)
• PING (RFC 792)
• SNMP (RFC 1157)
• SNMP MIB2 (RFC 1213), private MIB
• SNMP traps (RFC 1215)
• SYSLOG event logging (RFC 3164)
• SNTP (RFC 2030)
• IP loopback address
1. HTTP interfaces are available on both port 80 and port 8080. This allows connecting to the
HTTP interfaces in case a NAT service is defined on port 80.
2. Not included.
18.17 Memory specifications
• Flash memory: 8 Mb
• RAM: 8 Mb
18.18 Power requirements
• Power adapter to be used:

- 7.5 Vdc, 750 mA (1Pair version)
- 9 Vdc, 1000 mA (1Pair 3DES version and 2Pair version)
• Maximum power consumption:
- 1Pair version: 5 W
- 2Pair version: 6.5 W
18.19 Dimensions
• Height: 45 mm
• Width: 220 mm
• Depth: 210 mm
• Weight: 700 g
18.20 Safety compliance
• EN60950-1
• Class 1 equipment for Table Tops with 115/230 Vac internal power supply.
• Class 3 equipment for …
- Table Tops with 115/230 Vac external power supply adapter
- Table Tops with -48 Vdc internal power supply
- Card Versions.
18.21 Over-voltage and over-current protection compliance
The over-voltage and over-current protection complies with ITU-T K.44 and ETSI ETS 300 386-2 recom-
mendations.
18.22 EMC compliance
• EN55022 B Emissions
• EN55024 Immunity
• EN61000-3-2 Harmonics
• EN61000-3-3 Voltage fluctuations and flicker
• EN61000-4-2 ESD
• EN61000-4-3 Radiated immunity
• EN61000-4-4 EFT/burst
• EN61000-4-5 Surge
• EN61000-4-6 Conducted immunity
• EN61000-4-8 Power magnetic field immunity
• EN61000-4-11 Voltage dips & drops
• ENV50204 Radiated immunity against digital radio telephone
18.23 Environmental compliance
• Storage conditions: ETSI ETS 300 019-1-1 Class 1.1. In addition, the storage temperature has to be
between -25 to +70°C
• Transport conditions: ETSI ETS 300 019-1-2 Class 2.3
• Stationary use conditions: ETSI ETS 300 019-1-3 Class 3.2. In addition, a relative humidity between
0 to 95% non-condensing and an ambient operational temperature between -10 to 50°C is supported.
• Maximum altitude: 3000m
• International protection (IP) class of protection against solid and liquids: IP40
Annex
Annex
Annex
Telindus 1421 SHDSL Router Annex A: 773
Annex common TCP and UDP numbers
Annex A: common TCP and UDP numbers

The following table shows the port numbers for a number of common protocols using TCP and UDP as
transport protocol. As far as possible, the same port numbers are used for TCP as for UDP. A complete
list can be found on http://www.iana.org/assignments/port-numbers.
Port No Protocol UDP/TCP Description
20 ftp-data TCP File Transfer (Default Data)
21 ftp TCP File Transfer (Control)
23 telnet TCP Telnet
25 smtp TCP Simple Mail Transfer Protocol
37 time UDP/TCP Time Server
42 nameserver UDP Host Name Server
53 domain UDP/TCP Domain Name Server
65 tacacs-ds UDP/TCP TACACS-Database Service
67 bootps UDP Bootstrap Protocol Server
68 bootpc UDP Bootstrap Protocol Client
69 tftp UDP Trivial File Transfer
80 www-http TCP World Wide Web HTTP
119 nntp TCP Network News Transfer Protocol
137 netbios-ns UDP NETBIOS Name Service
138 netbios-dgm UDP NETBIOS Datagram Service
139 netbios-ssn UDP NETBIOS Session Service
161 snmp UDP SNMP
162 snmptrap UDP SNMPTRAP
1728 telindus UDP Telindus Protocol used by TMA

774 Telindus 1421 SHDSL Router Annex A:
Annex common TCP and UDP numbers
Telindus 1421 SHDSL Router Annex B: 775
Annex product information
Annex B: product information

The following table displays the product information of the Telindus 1421 SHDSL Router:
Sales code Product name Description

177446 TELINDUS 1421 SHDSL ROUTER 230VAC IP router and bridge with a 10/100Mbit/s Ethernet
interface and a 1 pair SHDSL line interface. ATM, Frame
Relay and PPP WAN encapsulation. Includes European
AC power adapter.
177450 TELINDUS 1421 SHDSL ROUTER NPWR IP router and bridge with a 10/100Mbit/s Ethernet
interface and a 1 pair SHDSL line interface. ATM, Frame
Relay and PPP WAN encapsulation. Delivered without
power adapter.
177452 TELINDUS 1421 SHDSL ROUTER 2P IP router and bridge with a 10/100Mbit/s Ethernet
230VAC interface and a 2 pair SHDSL line interface. ATM, Frame
Relay and PPP WAN encapsulation. Includes European
AC power adapter.
177454 TELINDUS 1421 SHDSL ROUTER 2P IP router and bridge with a 10/100Mbit/s Ethernet
NPWR interface and a 2 pair SHDSL line interface. ATM, Frame
Relay and PPP WAN encapsulation. Delivered without
power adapter.
177638 TELINDUS 1421 SHDSL ROUTER 3DES IP router / bridge desktop unit. 10/100Mbit/s auto-sense
230VAC Ethernet interface & VLAN interconnect support. Includes
IPSec. Encapsulation ATM, Frame Relay and PPP. WAN
interface: a 1 pair SHDSL line interface. Includes
European 230VAC power adapter.
177639 TELINDUS 1421 SHDSL ROUTER 3DES IP router / bridge desktop unit. 10/100Mbit/s auto-sense
NPWR Ethernet interface & VLAN interconnect support. Includes
IPSec. Encapsulation ATM, Frame Relay and PPP. WAN
interface: a 1 pair SHDSL line interface. Delivered without
power adapter.
171302 PWR-PLUG (EURO-VERSION) 230VAC- Wallplug power module European type, 230Vac -> 7,5Vdc
>7,5VDC for Desktop units delivered without power adapter. (xxx
NPWR).
173720 PWR-PLUG (UK VERSION) 230VAC- Wallplug power module UK type, 230Vac -> 7,5Vdc for
>7,5VDC Desktop units delivered without power adapter. (xxx
NPWR).
175590 PWR-PLUG (EUR VERSION)230VAC Wallplug power module European type, 230Vac -> 9Vdc
>9VDC for Desktop units delivered without power adapter. (xxx
NPWR).
175592 PWR-PLUG (UK VERSION) 230VAC->9VDC Wallplug power module UK type, 230Vac -> 9Vdc for
Desktop units delivered without power adapter. (xxx
NPWR).
191706 PWR-PLUG +/-48/24VDC FOR 7,5/9VDC Wallplug power module with input range: 18 to 72Vdc and
CPE DEVICES output: 7,5 / 9Vdc for Desktop units delivered without
power adapter. (xxx NPWR). Fully isolated input. Suitable
for + & - DC voltages.
776 Telindus 1421 SHDSL Router Annex B:
Annex product information
Telindus 1421 SHDSL Router Index 777
Annex
Index AF PHB, what is 203

alarm attributes 695
configuration 699
Symbols
general 700
<Struct>, what is 38 introduction 698
<Table>, what is 38 overview 696
alarms
Numerics bundle 710
3DES chip end 708
identifying the 3DES version 297 general 701
standard versus 3DES version 297 LAN interface 703
status 297 line 705
line pair 706
A MLPPP 710
absolute and relative addressing 505 repeater 708
router 711
access list WAN interface 704
basic configuration 258
application mode, what is 743
overview 259
application software
access restriction
downloading
on bridge interface 260
using FTP 747
on IP interface 259
using TFTP 745
on protocol stack 261
using TMA 744
overview 259
using TML 746
access security what is 743
specifications 767
ARP cache
action, what is 39 how works the 359
activating the configuration 78 proxy ARP 360
time-out 360
adding an object to the containment tree 42 what is 359
how 44
in (TMA) CLI 44 ATM
in ATWIN 45 ATM over G703 106
in the Web Interface 45 basic configuration 85
in TMA 44 bridged/routed Ethernet/IP over ATM (RFC
referring to the added object 46 2684), configuring 102
when 43 Classical IP (IPoA), configuring 103
which objects 43 configuration attributes 370
why 43 introducing 86
IP addresses
additional features automatically obtaining 95
basic configuration 251 configuring 96
address translation performance attributes 645
basic configuration 182 PPPoA, configuring 104
introducing 183 PPPoE, configuring 105
NAT, adding multiple NAT objects 193 PVCs, configuring 93
NAT, easy NAT 197 specifications 757
NAT, enabling on an interface 191 status attributes 536
NAT, how works 195 UBR, configuring 98
PAT and NAT, combining 197 VPI and VCI, configuring 97
PAT, enabling on an interface 185 what is 86
PAT, how works 187 ATM Adaptation Layers (AAL), what are 87
PAT, limitations and work-around 190
what is 183 ATM layers, what are 87
why use 183 ATM over G703
addressing, relative and absolute 505 configuring 106
ATM PVC
778 Telindus 1421 SHDSL Router Index
Annex
bandwidth redistribution 99 top object 354

configuring 93 WAN interface object 367
what is 86 alarmMask
end object 409
ATM service categories
LAN interface object 365
traffic parameters 88
line object 407
what are 88
line pair object 407
attribute PPP bundle object 414
overview 47 repeater object 409
what is 38 router object 433
attribute - action top object 354
Activate Configuration 355 WAN interface object 367
clearArpCache 531, 618 algorithm 474
clearBridgeCache 618 alternativeRoutes 419
clearCounters 656 areaId 456
clearTracert 672 arp 359, 484
Cold Boot 356 atm 377
Delete File 626 atwinGraphics 509
injectError 656 authenPeriod 391
Load Default Configuration 355 authentication 391
Load Preconfiguration 355 bandwidth 477
Load Saved Configuration 356 blockSize 396
loopbackActivation 566 bootFromFlash 352
maximumSpeedSearch 561 bridgeCache 485
Rename File 626 bridgeTimeOut 486
reset 675 bridging 358, 388, 394, 412
resetAllCounters 637 channel 398
resetCounters 637 cms2Address 505
retrain 658 compression 389
Set Date 523 consoleNoTrafficTimeOut 508
Set Time 523 countingPolicy 476
startPing 670 criticals 480
startTest 557, 656 ctrlPortProtocol 511
startTracert 671 defaultRoute 417
stopPing 670 delayOptimisation 386, 388
stopTest 557, 656 dhcpCheckAddress 430
stopTracert 672 dhcpDynamic 428
unBlacklist 583 dhcpStatic 426
dlciTable 380
attribute - alarm dmzHost 437
alarmInfo 700 dns 433
alarmLevel 699 dropLevels 470, 498
alarmMask 699 dualPairMode 403
totalAlarmLevel 700 encapsulation 367
attribute - configuration eocHandling 406
accessList 506 espAuthenticationAlgorithm 449
accessPolicy 507 espAuthenticationKey 449
adapter 360 espEncryptionAlgorithm 447
addresses 436 espEncryptionKey 448
advertiseInterval 481 filter 464
alarmFilter 508 fragmentation 386, 413
alarmLevel ftp 507
end object 409 gateway 437
LAN interface object 365 helperProtocols 423
line object 407 importMetrics 453, 454
line pair object 407 interfaces 480
PPP bundle object 414 ip 358, 379, 388, 412, 484
repeater object 409 ipAddress (loopback) 511
router object 433 ipAddresses 479
Annex
ipNetMask (loopback) 511 sysContact 352

ipsecL2tpTunnels 444 sysLocation 352
keyChains 452 sysLog 502
l2tpTunnels 439 sysName 352
linkAlarmThresholds 405 sysSecret 422
linkMonitoring 390 tcpSockets 437
lmi 383 tcpSocketTimeOut 437
localAccess 487 telnet 507
loginControl 510 testType 396
lowdelayQuotum 476 tftp 507
macAddress 488, 496 timedStatsAvailability 508
management 406 timeServer 504
maxFifoQLen 367 timeZone 504
maxSpeed 402 timingMode 399
maxSpeed2P 403 tos2QueueMapping 472
members 412 trafficShaping 467
method 466 trapDestinations 500
mib2Traps 500 udpSockets 437
minSpeed 402 udpSocketTimeOut 437
minSpeed2P 403 virtualLinks 460
mode 358, 388, 403, 412 vlan 361, 489
modeLearnedDlci 386 vlanPriorityMap 498
mru 386, 388, 394 vlanSwitching 493
multiclassInterfaces 413 vp 376
multiVlans 491 vrId 479
name 358, 367, 484
attribute - performance
networks 457
addressesAvailable 674
numExpectedRepeaters 406
allocFails 674
patAddress 435
bridgeAccessList 687
portTranslations 435
bridgeCache 684
pppSecretTable 422
bridgeDiscards 684
preemptMode 481
bridgeFloods 684
priorityPolicy 359, 367
cliSessionCount 689
programmablePattern 396
cllmInFrames 653
pvcTable 371
cms2SessionCount 689
queueConfigurations 476
currUsedProcPower 692
radius 431
d7Line 658
ranges 462
d7LineParameters 659
refBandwidth 452
d7Performance 660
region 398
discards 674, 681
retrain 400 dlciTable 651
ripHoldDownTime 420 duration 655
ripUpdateInterval 419 espAuthenticationFailure 679
ripv2SecretTable 421 espDecryptionFailure 679
routerId 452 espDroppedFrames 679
routingProtocol 419 espSequenceNrReplay 679
routingTable 418 freeBlockCount 692
security 353 freeDataBuffers 692
sendAdminUnreachable 425 freeMemory 693
sendPortUnreachable 425 h24Line 658
sendTtlExceeded 424 h24LineParameters 659
servicesAvailable 436 h24Performance 641, 660
sessionName 392
h2Line 658
sessionSecret 392
h2LineParameters 659
snmp 507
h2Performance 641, 660
spanningTree 486
icmpAllocs 675
spi 449
icmpSocketsUsed 674
startupMargin 402
ifDownCount 655
stub 456
Annex
ifDropLevelExceeded 641 attribute - status

ifInDiscards 639 abrs 603
ifInErrors 639 accessLog 621
ifInNUcastPkts 639 activeFlash 522
ifInOctets 639 actualBitRate 562
ifInUcastPkts 639 adapter 530
ifInUnknownProtos 639 addresses 586
ifOutDiscards 640 alarmLog 620
ifOutErrors 640 arpCache 527, 614
ifOutNUcastPkts 640 asbrLsas 608
ifOutOctets 640 asExtLsas 597
ifOutPQLen 641 atmSync 537
ifOutQLen 640 bcpHisOptions 551, 572
ifOutUcastPkts 640 bcpMyOptions 551, 572
ifUpTime 655 bcpState 548, 572
inPackets 679 blockSize 557
ipStackEvents 690 bootVersion 522
l2tpTunnels 677 bridgeCache 615
largestFreeBlockSize 692 bridging 528, 547, 555, 572, 616
line 658 ccpHisOptions 552
lineParameters 659 ccpMyOptions 552
lmi 653 cllmLastCongestionCause 545
multiclassinterfaces 664 cms2Address 620
multiVlans 684 configurationSaving 523
outPackets 679 corruptBlocks 625
performance 660 criticals 611
pingResults 669 date 523
pvcTable 646 deviceId 523
radiusAcct 668 dhcpBinding 581
radiusAuth 668 dhcpBlackList 582
routingTable 667 dhcpStatistics 581, 582
rxAllOneBlocks 655 dlciTable 542
rxAllZeroBlocks 655 dns 583
rxBitErrors 655 dnsServers 583
rxBlockErrors 655 duration 557
rxBlocks 655 eocAlarmThresholds 560, 565
rxPatternSlip 655 eocSoftVersion 564
rxShiftCount 655 eocState 565
rxSyncLoss 655 externalRoutes 596
socketsFree 674 fileList 625
status 655 flash1Version 521
taskInfo 693 flash2Version 521
tcpAllocs 675 flashVersions 522
tcpSessionCount 690 freeSpace 625
tcpSocketsUsed 674 hisAuthenticationStatus 553
tftpSessionCount 690 hisCompressionRatio 552
totalDataBuffers 692 hosts 601
totalMemory 693 ifDescr 525, 533, 559, 569, 613, 623
tracertResults 669 ifLastChange 525, 533
trafficShaping 681 ifMtu 525, 533, 613, 623
txBlocks 656 ifOperStatus 525, 533, 559, 562, 569, 613,
txInjectErrors 656 623
udpAllocs 675 ifSpeed 525, 533, 559, 562, 569
udpSocketsUsed 674 ifType 525, 533, 559, 569, 613, 623
unknownCells 649 igmpTable 579
usedProcPower 692 interfaces 599, 611
vlan 642 ip 526, 542, 547, 570, 613
vlanSwitching 685 ipAddress 623
vp 649 ipAdEntBcastAddr 531
Annex
ipAdEntReasmMaxSize 531 example 721

ipcpHisOptions 550, 571 in case of Ethernet 720
ipcpMyOptions 550, 571 set-up 719
ipcpState 548, 570 on the WAN interface 723
ipsecL2tpTunnels 589 example 727
l2tpTunnels 588 in case of ATM 725
lcpHisOptions 549 in case of Frame-Relay 726
lcpMyOptions 549 setup 724
lcpState 548 protocols, introducing 716
lineAttenuation 562, 565 specifications 756
lmi 544
loaderVersion 522 B
macAddress 526, 611, 613 basic configuration 49
mask 623 access list 258
maxSpeedResult 559, 560 additional features 251
maxSpeedSearch 559 address translation 182
members 569 ATM 85
messages 522 bridging 225
multiclassInterfaces 573 CIR and EIR 119
myAuthenticationStatus 553 DHCP 252
myCompressionRatio 552 encapsulation 83
neighbors 601 error test 147
networkLsas 606 Frame Relay 107
nssaLsas 609 HDLC 145, 146
numDiscoveredRepeaters 560 IP address on the LAN interface 60
programmablePattern 557 IP addresses 51
pvcTable 537 IPSEC 290
radius 583 L2TP tunnel 280
receiveSample 557 line 62
region 559 major features of the device 80
routerLsas 604 OSPF 173
routes 595 passwords 74
routingTable 576 policies, traffic and priority
shdslVersion 564 on the bridge 247
signalNoise 562, 565 policy based routing 160
spanningTree 616 PPP 122
startSysUpTime 557 QoS 308
status 557, 562, 625 RADIUS 298
summLsas 607 RIP 165
sysDescr 521 routing 149
sysObjectID 521 static routing 152
sysServices 521 traffic and priority policy
sysUpTime 521 on the router 200
taskInfo 628 VLAN 270
tdreVersion 522 VRRP 218
time 523
timeServer 620 BC
timeSinceLastRetrain 562 what is 109
type 557, 594 BCP, what is 123
vendorId 564
BE
vendorModel 564
what is 109
vendorSerial 564
vendorSoftVersion 564 BE PHB, what is 203
vlan 530 BECN
vp 540 what is 110
attribute string, reading an viii bit string, what is 38
auto-install 715 boot mode, what is 742
on the LAN interface 718
Annex
boot software, what is 742 bundle

alarms 710
BootP
configuration attributes 410
what is 716
performance attributes 662
bridge status attributes 567
general configuration attributes 483 C
performance attributes 682 CCP, what is 123
specifications 761
status attributes 612 CHAP
authentication in both directions 137
bridge access list
authentication in one direction 136
configuring 135
how works 136
bridge cache use sysName/sysSecret or sessionName/
time-out 486 sessionSecret? 138
what is 485 what is 124
bridge filtering child object, what is 38
specifications 761
CIR
bridge group basic configuration 119
adding 239 what is 109
bridge priority, setting 238
Classical IP (IPoA), configuring 103
bridging protocol, selecting 238
configuration attributes 483 CLP, what is? 92
configuring 238 common TCP and UDP numbers 773
IP address, configuring 238
multiple bridge groups, what are 237 compatibility with other SHDSL devices 65
performance attributes 683 complex value, what is 38
specifications 761
configuration
what is 237
activating the 78
bridge port loading the default
state transition diagram 231 using the action 78
states 231 using the DIP switch 78
bridged/routed Ethernet/IP over ATM (RFC loading the preconfiguration 79
2684) configuration action
configuring 102 executing 76
bridging what is 77
basic configuration 225 configuration alarm attributes 699
bridge group, adding 239
bridge group, configuring 238
ATM 370
bridging attributes, introducing 237
bridge 482
configuring 236
bridge access list 495
configuring on an interface 242
bridge group 483
enabling on an interface 241
bundle 410
explaining the bridging structure 243
encapsulation 369
introducing 226
end 408
versus routing 150
error test 395
what is 227
Frame Relay 378
bridging and routing in a network, a configuration general 351
example 339 HDLC 393
bridging structure L2TP tunnel 438
explanation 243 LAN interface 357
where to find 242 line 397
line pair 397
broadcasting management 501
specifications 760 manual SA 446
Annex
MLPPP 410 copyright notice ii

NAT 434
COS, what is 204
OSPF 450
OSPF area 455 creating passwords in the security table 75
OSPF, general 451 CS PHB, what is 203
overview 344
PPP 387 D
PPP bundle 411
DE
priority policy 473
what is 110
repeater 408
router 415 default queue
router, general 416 configuring 215
routing filter 463 versus traffic policy profile 215
SNMP 499 what is 215
traffic policy default route
bridge 497 configuring 154
router 465 what is 153
VRRP 478
WAN interface 366 DES and 3DES, what is 293
configuration examples 319 DHCP

configuration file combining static and dynamic tables 253
creating 730 DHCP server reaction on a BootP request
creating a binary file using TMA 732 253
creating an ASCII CLI file dynamic IP addresses, assigning 255
using Telnet 736 introducing 253
using TFTP 735 relay agent
using TMA 733 configuring the Telindus device as 257
downloading 737 what is 253
using (T)FTP 739 releasing IP addresses, DHCP versus BootP
using Telnet 740 253
using TMA 738 static IP addresses, assigning 254
formats 731 what is 253, 716
restoring 737
Diff-Serv
configuration type PHB, what is 202
active 77
default 77 DiffServ
explaining the 77 AF PHB, what is 203
non-active 77 BE PHB, what is 203
what is 77 CS PHB, what is 203
DSCP, what is 202
connecting the device 16 EF PHB, what is 203
an example 19 IP Precedence, what is 202
connecting the different parts of the device 18 TOS byte, what is 202
what is 202
connecting with TMA
over an IP network 34 dimensions of the device 768
through the control connector 32 DIP switch table, reading a viii
connection precautions 15 DIP switches 25
containment tree opening and closing the housing 28
adding an object 42 overview 27
of the device 40 position on the motherboard 26
terminology 38 directed broadcast, what is 58
what is 38
DLCI
control connector specifications 755 what is 108
conventions in this manual DMZ
graphical vii what is 437
typographical vi
Annex
DNS selecting an 84
what is 433, 716
end
DNS proxy alarms 708
what is 433 configuration attributes 408
document
conventions status attributes 563
graphical vii environmental compliance 769
typographical vi
environmental information iv
copyright notice ii
documentation set v EOC message exchange
environmental information iv discovering devices on the SHDSL line 69
intended audience ix enabling 66
organisation v proprietary
properties ii controlling 67
statements iii retrieved standard EOC information 70
TDRE version described in this ix standard
your feedback ix controlling 68
standard versus proprietary 67
documentation set v
error test
downloading a configuration file 737
using (T)FTP 739
using Telnet 740
using TMA 738
status attributes 556
downloading application software
example
in loader mode 748
bridge group, adding multiple 240
using FTP 747 default queue, configuring 216
using TFTP 745 default route, configuring 154
using TMA 744 extended access list, configuring 267
using TML 746 L2TP tunnel, configuring 285
downloading files to the file system 749 multiclass PPP, configuring 144
NAT, configuring 196
downloading loader software
PAT, configuring 186
in loader mode 748
policy based routing, configuring 163
using TML 746
priority policy on the router, configuring 213
downloading software 741 priority policy, applying on an interface 212
DSCP, what is 202 priority policy, creating 211
RIP, configuring 168
E static route (WAN IP address not present),
configuring 157
easy NAT
static route (WAN IP address present), con-
example 198
figuring 156
what are the conditions 197
traffic policy on the router, configuring 213
what does 197
traffic policy, applying on an interface of the
what is 197
bridge 250
EF PHB, what is 203 traffic policy, applying on an interface of the
EFCI, what is 92 router 209
traffic policy, creating on the router 208
EIR VLAN switching, configuring 279
basic configuration 119 VRRP master/backup with owner, configuring
what is 109 222
element, what is 39 VRRP master/backup without owner, config-
uring 224
EMC compliance 769
examples 319
encapsulation
combining bridging and routing in a network
339
connecting a LAN to the Internet using NAT
performance attributes 644 and PAT 334
Annex
LAN extension over a Frame Relay network basic configuration 145, 146
332 configuration attributes 393
LAN extension over a PDH/SDH network 330 introducing 146
LAN extension over ATM, step-by-step 320 status attributes 554
using PAT with a minimum of official IP ad-
HMAC MD5 and SHA-1, what is 293
dresses 336
housing, opening and closing 28
executing configuration actions 76
HWA chip 297
extended access list
introducing 262 I
remarks 269
setting up 263 ICMP
tuning 265 specifications 759
what is 262 ICMP message
communication prohibited 425
F port unreachable 425
FECN TTL exceeded 424
what is 110 ICMP redirect, what is 58
feedback ix IEEE 802.1P, what is 204
file system IGMP
downloading files to 749 topology 579
status attributes 624 what is 579
Frame Relay index name, what is 38
configuration attributes 378 index, what is 38
DLCI global IP addresses 116 installing and connecting the device 9
DLCI specific IP addresses 117
instance name, what is 38
DLCIs, configuring 112
fragmentation, enabling 121 instance value, what is 38
introduction 108 interface
IP addresses what is 50
automatically obtaining 114
configuring 115 introducing
LMI, configuring 118 address translation 183
performance attributes 650 alarm attributes 698
specifications 758 ATM 86
status attributes 541 bridging 226
what is 108 DHCP 253
extended access list 262
Frame Relay DLCI Frame Relay 108
configuring 112 HDLC 146
Frame Relay fragmentation IPSEC 291
enabling 121 L2TP tunnel 281
end-to-end fragmentation, what is 111 maintenance and management tools 6
interface fragmentation, what is 110 management terminology 36
OSPF 174
G policies, traffic and priority 201
general policy based routing 161
alarm attributes 700 PPP 123
alarms 701 QoS 309
configuration attributes 351 RADIUS 299
performance attributes 636 RIP 166
status attributes 520 router applications 5
routing 150
group, what is 39 static routing 153
the device 4
H
VLAN 271
HDLC VRRP 219
Annex
introduction 3 L2TP tunnel

IP addresses
encapsulation 282
in ATM 95
how works 286
in Frame Relay 114
introducing 281
in PPP 127
setting up 283
configuring
setting up a main and back-up tunnel 287
in ATM 96
specifications 763
in Frame Relay 115
in PPP 129
terminology 281
on the LAN interface 60
what is 281
explaining the IP structure 54
imposing on the remote in PPP 130 LAC, what is 281
private range 183
LAN extension over a Frame Relay network, a
specifications 756 configuration example 332
where to find the IP parameters 53
LAN extension over a PDH/SDH network, a con-
IP filtering figuration example 330
specifications 760
LAN extension over ATM, a step-by-step config-
IP MTU
uration example 320
specifications 760
LAN interface
IP Precedence, what is 202
alarms 703
IP security configuration attributes 357
performance attributes 678 performance attributes 638
specifications 754
IP structure
explanation 54 status attributes 524
where to find 53 LAN to Internet connection using NAT and PAT,
a configuration example 334
IPCP, what is 123
LCP, what is 123
IPSEC
AH, what is 292 LED indicators 20
authentication 293 introduction 21
basic configuration 290 LAN LED 22
compatibility 291 line data LED 22
encryption 293 line link LED 22
ESP, what is 292 power LED 22
HWA chip 297 states 21
introducing 291
line
manual SA, what is 293
alarms 705
modes 291
auto speed 64
protocols (ESP and AH) 291
SA, what is 293
compatibility with other SHDSL devices 65
setting up an IPSEC secured L2TP tunnel
using a manual SA 295
essential configuration attributes 63
specifications 763
fall-back speed 64
SPI, what is 293
performance attributes
transport mode, what is 291
performance attributes
tunnel mode, what is 291
what is 291
line pair 657
power back-off, what is 64
L retrain criteria 400
selecting a fixed speed 64
L2TP status selecting a speed (range) 64
authentication states 591 selecting a speed range 64
call states 590 specifications 752
control states 590 connector lay-out 752
delivery states 591 maximum covered distance 753
Annex
status attributes 558 MPoA

using a repeater 65 what is 90
line pair MRU
alarms 706 what is 386, 388, 394
MS-CHAP
performance attributes 657 version 1, what is 124
status attributes 558 version 2, what is 125
LIP MS-CHAP, what is 124
what is 111
MTU
LMI
what is 56
configuring 118
what is 108 multicasting
specifications 760
LNS, what is 281
multiclass PPP
loader mode, what is 742 setting up 142
loader software what is 126
downloading using TML 746
multi-protocol over ATM
what is 742
encapsulation mechanisms, which are 90
loading the default configuration what is 90
using the action 78
using the DIP switch 78 N
loading the preconfiguration 79 NAT
adding multiple NAT objects 193
M combining with PAT 197
maintaining the device 29 configuration attributes 434
easy NAT 197
with TMA 30
maintenance and management how works 195
connection possibilities 8 performance attributes 673
specifications 767 specifications 762
maintenance and management tools status attributes 585
introducing 6 what is 183
when use 184
major features of the device, basic configuration
of the 80 NAT on the LAN interface, a remark 192
management O
OAM AIS, what is 648
status attributes 619 OAM LoopBack (LB) cells, what are 92
management terminology, introducing 36 OAM RDI, what is 648
manual SA object, what is 38
operating system
MBS, what is 88 status attributes 627
memory organisation of this manual v
specifications 768
OSPF
MLFR activating 179
what is 111 authentication, enabling 180
MLPPP
alarms 710
configuration attributes, general 451
introducing 174
setting up 139
specifications 759
motherboard, position of the DIP switches 26 status attributes 592
Annex
status attributes, general 593 performance attributes 629

what is 174 ATM 645
adjacency 177 bridge 682
area 0 175 bridge access list 686
areas 175 bridge group 683
authentication 178 bundle 662
backbone area 175 encapsulation 644
border routers 175 end 661
cost 177 error test 654
link states 174 Frame Relay 650
neighbours 177 general 636
NSSA 176 IP security 678
stub areas 176 L2TP tunnel 676
virtual links 177 LAN interface 638
line 657
OSPF area
management 688
manual SA 678
NAT 673
other WAN encapsulations operating system 691
specifications 758 overview 630
overview PPP bundle 663
alarm attributes 696 repeater 661
configuration attributes 344 router 665
performance attributes 630 router, general 666
status attributes 514 traffic policy, router 680
WAN interface 643
over-voltage and over-current protection compli-
ance 769 policies on the router
P policies, traffic and priority
PAP configuring on the bridge 248
authentication in both directions 134 configuring on the router 206
authentication in one direction 133 introducing 201
configuring 132 on routed and on bridged data 205
how works 133 on the bridge
use sysName/sysSecret or sessionName/ basic configuration 247
sessionSecret? 138 specifications 764
what is 124 policy based routing
parent object, what is 38 basic configuration 160
introducing 161
parts of the device 18
setting up 162
passwords specifications 759
basic configuration 74 what is 161
creating in the security table 75
power requirements 768
entering in the different management tools 75
remarks on 354 PPP
PAT
CHAP, configuring 135
combining with NAT 197
CHAP, how works 136
how works 187
fragmentation, enabling 141
limitations and work-around 190
handshake 123
specifications 762
introducing 123
what is 183
IP addresses
when use 184
PAT with a minimum of official IP addresses, a configuring 129
configuration example 336 imposing on the remote 130
PCR, what is 88 link monitoring, configuring 131
MLPPP, setting up 139
Annex
multiclass PPP, setting up 142 PPP interface without fragmentation 312

PAP, configuring 132 VLAN 311
PAP, how works 133 VPN tunnel 318
specifications 758 what is 309
what is 123 R
PPP bundle RADIUS
configuration attributes 411 accounting 300
performance attributes 663 accounting, enabling 304
status attributes 568 authentication 300
authorisation 300
PPP fragmentation basic configuration 298
enabling 141
device access authentication, enabling 301
what is 126
introducing 299
PPP link monitoring IP settings
configuring 131 client (calling) 307
what is 123 NAS (called) 307
network access authentication, enabling 303
PPPoA
supported attribute types 305
configuring 104
what is 299
what is 91
reading a
PPPoE
DIP switch table viii
configuring 105
what is 91 reading an
attribute string viii
PPPoE over ATM
what is 91 rear view of the device 17
priority policy referring to an added object
applying on an interface 212 example 46
configuration attributes 473 how to 46
creating 210 what is 46
specifications 765
relative and absolute addressing 505
what is 201
relay agent
priority queuing, what is 201 the Telindus Router as 717
product information 775
remarks on
proxy ARP, what is 360 accessing a proxied device via its IP address
359
Q bridging traffic policy on the LAN interface
QoS 250
ATM IMA interface 317 channel attribute 398
ATM interface 317 CIR 119
basic configuration 308 compression attribute 389
Ethernet interface 311 DHCP requests and access lists 254, 255
Frame Relay fragmentation options 316 dhcpStatistics attribute 581
Frame Relay interface with fragmentation dualPairMode attribute 404
314 error test, RAM limitations 147, 557
Frame Relay interface without fragmentation extended access list 269
314 extended access list on the protocol stack
introducing 309 264, 507
IP 310 filter on port numbers 266
multilink Frame Relay interface with fragmen- HDLC encapsulation 146
tation 316 helperProtocols attribute 423
multilink Frame Relay interface without frag- host routes to local interface IP address 578
mentation 315 ifOperStatus of the WAN interface 534
multilink PPP interface with fragmentation IP address on the LAN interface in case of
313 bridging 53, 151, 241, 242, 358, 484
PPP interface with fragmentation 312 L2TP tunnels, auto element 441
L2TP tunnels, type element 441
Annex
l2tpTunnels configuration attribute 284 routing

loopbackActivation action 566 basic activities 150
maximumSpeedSearch action 561 basic configuration 149
messages attribute 522 determining the optimal path 150
NAT in the ip structure versus NAT in the fire- enabling on an interface 151
wall 59 specifications 759
natAddresses attribute 192 static versus dynamic 153
passwords 354 transporting packets 150
power input (7.5 / 9 VDC) 18 versus bridging 150
PPP fragmentation 141, 142 what is 150
rerouting principle 159
routing and bridging performance specifications
resetNat action 675
766
rip2Authentication attribute 171
ripv2SecretTable attribute 421 routing filter
routing update filter 464 configuration attributes 463
selecting a speed range on the 2 pair version routing table
64 configuring 155
telnet attribute 507 rules of thumb when configuring 158
timingMode attribute 399 what is 153
trafficShaping table 467
tunnels, main and back-up 288 S
VLAN ID 0 273, 362
safety
vlanSwitching attribute 278
compliance 769
repeater instructions 10
alarms 708 requirements ii
sales codes 775
status attributes 563 SCR, what is 88
rerouting principle, what is 159 selecting a site 12
restoring a configuration file 737 selecting an encapsulation 84
RIP self-learning bridge, what is 228
authentication, enabling on an interface 172 SNMP
basic configuration 165 configuration attributes 499
explaining the RIP structure 169 SNTP, what is 504
how works 166 software
introducing 166 downloading 741
specifications 759 what is boot, loader and application 742
support 166
Spanning Tree
what is 166
behaviour 233
RIP authentication bridge failure 233
enabling on an interface 172 bridging loops 233
what is 166 network extension 233
RIP hold-down timer, what is 420 BPDU 232
propagation of 232
RIP structure, explanation 169 what is 232
router bridge port states 231
alarms 711 bridge priority, what is 234
configuration attributes 415 path cost, what is 234
general configuration attributes 416 port priority, what is 234
general performance attributes 666 priority and cost 234
general status attributes 575 root bridge 229
introduction 150 how selected 229
performance attributes 665 what is 229
status attributes 574 topology 230
router applications, introducing 5 specifications
Annex
access security 767 bundle 567

ATM encapsulation 757 end 563
auto-install 756 error test 556
bridge group 761 file system 624
bridging 761 Frame Relay 541
broadcasting 760 general 520
control connector 755 HDLC 554
dimensions 768 L2TP tunnel 587
EMC compliance 769 LAN interface 524
environmental compliance 769 line 558
Frame Relay encapsulation 758 line pair 558
ICMP 759 management 619
IP filtering 760 NAT 585
IP MTU 760 operating system 627
IPaddresses 756 OSPF 592
IPSEC 763 OSPF area 598
L2TP tunnel 763 OSPF, general 593
LAN interface 754 overview 514
line 752 PPP 546
connector lay-out 752 PPP bundle 568
maximum covered distance 753 repeater 563
maintenance and management 767 router 574
memory 768 router, general 575
multicasting 760 VRRP 610
NAT 762 WAN interface 532
OSPF 759
structured value, what is 38
other WAN encapsulations 758
over-voltage and over-current protection syslog, what is 502
compliance 769
PAT 762 T
policies, traffic and priority 764 target margin, what is 402
policy based routing 759
TC
power requirements 768
what is 109
PPP encapsulation 758
priority policy 765 TDRE
RIP 759 version ix
routing 759 what is ix
routing and bridging performance 766 technical specifications 751
safety compliance 769
static routing 759 Telindus 1421 SHDSL Router, what is 4
traffic policy on the bridge 765 TFTP
traffic policy on the router 765 what is 717
tunnelling 763
Time To Live (TTL), what is 424
VLAN 761
VLAN switching 761 TMA
VPN 763 connecting over an IP network 34
VRRP 760 connecting through the control connector 32
statements iii how to connect 31
maintaining the device with 30
static routing what is 31
default route, configuring 154 TMA sub-system picture 713
introducing 153 how to display 713
routing table, configuring 155 structure 713
specifications 759 TOS
TOS field, what is 204
ATM 536 traffic policy
bridge 612 applying on an interface of the bridge 250
Annex
applying on an interface of the router 209 IP address owner, what is 219

configuration attributes of the bridge 497 master virtual router
configuration attributes of the router 465 how is it elected 220
creating on the bridge 249 what is 219
creating on the router 207 primary IP address, what is 219
default queue, configuring 215 setting up 221
performance attributes of the router 680 specifications 760
specifications of the bridge 765 status attributes 610
specifications of the router 765 virtual router, what is 219
what is 201 VRRP router, what is 219
what is 219
traffic policy profile
versus default queue 215
W
Transparent Spanning Tree bridge, what is 228 wall mounting 13
troubleshooting
WAN interface
the device 81
alarms 704
tunnelling configuration attributes 366
specifications 763 performance attributes 643
U
warning
UBR EMC 15
configuring 98 ESD 15
what is 88 important safety instructions 10
unpacking 11 safety 10
selecting a site 12
UTC, what is 504
V
value, what is 38
VCI
configuring 97
what is 86
VLAN
introducing 271
local or global tag significance 365
setting up on the bridge group 274
setting up on the LAN interface 272
specifications 761
what is 271
VLAN switching
configuring 277
specifications 761
stripping the VLAN tag 493
VLAN tag, what is 271
VPI
configuring 97
what is 86
VPN
specifications 763
VRRP
backup virtual router, what is 219
introducing 219

Telindus 1421 SHDSL Router

Uploaded by

Copyright:

Available Formats

Telindus 1421 SHDSL Router

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Telindus 1421 SHDSL Router

Uploaded by

Copyright:

Available Formats

Telindus 1421 SHDSL Router

Telindus 1421 SHDSL Router

User and reference manual

Version: 2.3 - 201601

Subject Telindus 1421 SHDSL Router

Manual type User and reference manual

Modification date 26 December 2005 ©Telindus

www.telindusproducts.com → Telindus Access Solutions → Products → Choose a product → Down-

Organisation of this manual

This manual contains the following main parts:

Part This part …

Annex gives additional information, such as product sales codes.

The following typographical conventions are used in this manual:

The format … indicates …

Normal normal text.

Italic • new or emphasised words

Blue references to other parts in the manual.

Blue underline • a hyperlink to a web site. E.g. www.telindus.com

The following icons are used in this manual:

Icon Name This icon indicates …

Remark remarks or useful tips.

Caution text to be read carefully in order to avoid damage to the device.

Warning text to be read carefully in order to avoid injury.

DIP switch a DIP switch or strap table.

Action an action in the containment tree of the Telindus 1421 SHDSL

Reading a DIP switch table

Number This position displays …

1 the DIP switch icon.

2 the DIP switch name.

3 the DIP switch position on the DIP switch bank.

5 the function associated with the corresponding DIP switch setting.

Reading an attribute string

The following table explains the attribute string layout:

Number This position displays …

2 the attribute name and its position in the containment tree.

3 the default value of a configuration attribute.

2 Installing and connecting the Telindus 1421 SHDSL Router...........................9

3 DIP switches of the Telindus 1421 SHDSL Router .........................................25

4 Maintaining the Telindus 1421 SHDSL Router ................................................29

5 Basic configuration ...........................................................................................49

6 Configuring the encapsulation protocols........................................................83

7 Configuring routing .........................................................................................149

8 Configuring bridging .......................................................................................225

9 Configuring the additional features ...............................................................251

10 Configuration examples ..................................................................................319

Reference manual .............................................................................. 341

12 Status attributes ..............................................................................................513

13 Performance attributes ...................................................................................629

14 Alarm attributes ...............................................................................................695

15 TMA sub-system picture .................................................................................713

16 Auto installing the Telindus 1421 SHDSL Router .........................................715

17 Downloading software ....................................................................................741

18 Technical specifications .................................................................................751

Annex .................................................................................................. 771

Annex B:product information ...............................................................................775

Index .................................................................................................... 777

1 Introducing the Telindus 1421 SHDSL Router

1.1 What is the Telindus 1421 SHDSL Router?

1.2 Telindus 1421 SHDSL Router applications