0% found this document useful (0 votes)

540 views152 pages

DRGOS 1.14.3 Tutorial A

This document provides a tutorial for the DRGOS 1.14.3 software. It includes an introduction that describes the supported platforms, purpose of the manual, intended audience, related documentation and terminology. The bulk of the document contains examples of common deployment scenarios for configuring the system at layers 2 and 3 of the OSI model. It also includes sections about configuring specific elements of the system like interfaces, VLANs, routing and services.

Uploaded by

dbreznjak1

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

540 views152 pages

DRGOS 1.14.3 Tutorial A

Uploaded by

dbreznjak1

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 152

Tutorial

DRGOS 1.14.3 Tutorial

DRGOS 1.14.3 Tutorial Rev. A
GEN-DOC-DRGOS_1143-TUTORIAL. Published March 14, 2016.

Copyright and Legal Notice

Copyright © 2016 Genexis B.V. All rights reserved.

Genexis B.V., Genexis Holding B.V. and subsidiaries herein collectively known as Genexis.

DRGOS, DRG, HRG, Hybrid, GAPS, program models and other software content and this documentation ("the Intellectual Property
Rights") are protected by the Dutch Copyright Act ('Auteurswet') and Genexis declares that it is the author and claims copyright
('Auteursrecht') for the Intellectual Property Rights. Reproduction and distribution without authorization by Genexis B.V. is prohibited.
The prohibition includes every form of reproduction and distribution.

Every effort has been made to ensure that the information in this document is complete and accurate at the time of printing.
However, information is subject to change without notice. Genexis assumes no liability for damages incurred directly or indirectly
from errors, omissions or discrepancies between the software and this document.

Genexis, FiberXport and DRG are trademarks of Genexis.

All other trademarks, service marks and trade names are the property of their respective owners.

Purchasers, licensees and users accept and acknowledge that the products contain components (including components carrying
certain firmware) and combinations of components that constitute trade secrets protected by Genexis or its partners. Purchasers,
licensees and users warrant that the delivered products will not be opened or dismantled, copied, altered or in any other way
modified. Furthermore, purchasers, licensees and users agree not to attempt to reverse engineer, disassemble, modify, translate,
create derivate works, rent, lease, loan, or without written permission distribute or sublicense the software, in whole or in part.

The products and its hardware, firmware and software, including technical data, may be subject to EU and U.S export control laws,
including the U.S Export Administration Act and its associated regulations and the International Traffic in Arms Regulations admin-
istered by the US Department of State, and may be subject to export or import regulations in other countries. Purchasers and
licensees agree to comply strictly with all such regulations and acknowledges that it has the responsibility to obtain licenses to
export, re-export, or import hardware, firmware and software.

Purchasers and licensees are not entitled to, and Genexis is not in any event liable to pay, compensation for damages which
delivered products or software has caused to other property or to persons or any other consequential damages, including but not
limited to loss of profit, loss of production or any other indirect damages.
Contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Supported Platforms and Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About This Manual. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Who Should Read This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
What You Will Know after Reading This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Related Manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Typing Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Examples of Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Default Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Layer 2 Basic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Layer 2 Basic with Bridged WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Layer 2 VLAN per Service or Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Layer 2 VLAN per Customer and One MAC per Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Layer 3 Basic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Layer 3 Basic with DHCPv6 Prefix Delegation and IPv6 Routing. . . . . . . . . . . . . . . . . . . . . . . . . 25
Layer 3 VLAN per Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Layer 3 VLAN per Service and Internet over PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Layer 3 VLAN per Service with Multiple NATs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Layer 3 VLAN per Customer and One MAC per Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Layer 2/Layer 3 Hybrid VLAN per Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Layer 2/Layer 3 Hybrid VLAN per Service with Tagged Management VLAN . . . . . . . . . . . . . . . . 39
Layer 2/Layer 3 Hybrid VLAN per Service with LAN Ports in Hybrid Mode . . . . . . . . . . . . . . . . . 42
Limitations in Configuring “One VLAN per Customer and One MAC per Service” Scenarios . . . . . 45
Configuring the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Configuring WAN Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Default Configuration of WAN Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configuring Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configuring VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configuring Layer 3 Attributes on VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configuring LAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Default Configuration of LAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Setting IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuring Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuring VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuring NAT External Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuring VPN Passthrough . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring NTP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring NTP Source Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Contents

Setting System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Specifying Logging Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Configuring Operator Identity in GUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Configuring Reference Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Configuring Logo Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Configuring Reference Link and Logo Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Configuring IPv4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Configuring NAT Port Forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Configuring DMZ Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Configuring Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Default Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Default VLAN Access Control Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Default Access Control Rules for Voice VLAN Configured via GAPS . . . . . . . . . . . . . . . . . . 58
Default LAN Access Control Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Basics of ACL Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Permitting Traffic on Essential Ports in All ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Configuring an ACL for Management Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Configuring an ACL for VoIP Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Configuring an ACL for Internet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Allowing Access to GUI from WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Allowing Access to SSH from LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Disabling or Enabling ICMP Echo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
IPv6 Implementation in DRGOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
IPv6 Prefix Delegation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
IPv6 Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Stateless Address AutoConfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
DHCPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Router Advertisement on LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
IPv6 Unicast Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
IPv6 Over PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
IPv6 Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
DualStack Lite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6rd and 6to4 on IPv4 Infrastructures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Stateful IPv6 Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Configuring IPv6 Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Verifying IPv6 Connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Configuring Static IPv6 Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Configuring Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Default Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Default VLAN Access Control Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Default LAN Access Control Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Basics of ACL Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Permitting Traffic on Essential Ports in All ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Forwarding Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Configuring DualStack Lite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuring 6rd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuring 6to4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Configuring WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Overview of WLAN Support in DRGOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuring WLAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuring Physical Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuring WLAN SSID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Setting WLAN SSID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Disabling or Enabling WLAN SSID Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Configuring WLAN Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

4
Contents

Configuring Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Setting WLAN Access Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Disabling or Enabling WPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Configuring VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Important Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Strict Parsing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
ACL Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Basic VoIP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Configuring SIP Keepalive for NAT Traversal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring Codec. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Defining Codecs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Defining Codec Preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Enabling or Disabling T.38 Fax Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Configuring DTMF Relay Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Configuring DTMF Relay Mode to “SIP INFO” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
DTMF Relay Contents in text/plain Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
DTMF Relay Contents in application/dtmfrelay Format . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Configuring DTMF Relay Mode to “RFC2833” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Configuring DTMF Relay Mode to “inband” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Configuring Hookflash Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Configuring CountrySpecific Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Configuring a Dial Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Dial Plan and Digit Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Standard Syntax of Digit Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Extensions to Standard Syntax of Digit Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Substring Substitution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
How DRGOS Handles Input Digits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Configuring Dial Plan and Timer T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Configuring Quick Dial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring Internal Class 5 Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring External Class 5 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Use Cases for Class 5 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Suspending and Resuming a Call. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Swapping Held and Active Calls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Inviting a Third Party to a Call InProgress (Conference Call) . . . . . . . . . . . . . . . . . . . . . . . . 100
Method 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Method 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Dropping a Participant in a Conference Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Configuring Call Waiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Call Waiting Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Configuring VoIP Separation and QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Disabling or Enabling a Voice Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Configuring IPTV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Configuring Layer 2 IPTV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Configuring IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
IGMP Snooping Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Default IGMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Using Hybrid Ports for IPTV and Internet Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Configuring Layer 3 IPTV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Configuring IGMP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Configuring IGMP Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Video on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Configuring CATV. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

5
Contents

Configuring DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Configuring DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Configuring a Static Lease for a DHCP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Configuring DHCP Option Inheritance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Configuring DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
DNS Implementation in DRGOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Examples for Configuring DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Configuring DNS Domain Using DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Configuring Static DNS Domain for Learned DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Configuring Static DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Viewing DNS Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Configuring Hostname Resolution Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Configuring UPnP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
UPnP Implementation in DRGOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Configuring UPnP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Configuring QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
QoS Implementation in DRGOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Egress Traffic Prioritization and Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
IEEE 802.1p CoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Queue Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Egress Rate Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Ingress Rate Limiting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuring Egress Traffic Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuring 802.1p CoS Values for Data Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuring 802.1p CoS Values for VoIP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuring Queueing and Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Configuring Egress Rate Shaping and Ingress Rate Limiting. . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Checking Basic Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Troubleshooting System Administration Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Checking DHCP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Checking Firewall Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Appendix A – Open Source Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

6
Introduction

The software preinstalled on Genexis Residential Gateway (RGs) is referred to as

“DRGOS”.

Supported Platforms and Models

DRGOS supports multiple products, which can be logically grouped into software
platforms. DRGOS firmware releases include firmware images for each supported
platform. The firmware image name includes the platform name, in the form of 
drgos<platformname><version><releaselevel>.img, e.g. drgosdrg7001.9.1R.img and
drgoshrg10001.10.0R.img.
The product platform is identified in information provided by the devices, e.g. in the
DHCP vendor class identifier and TR069 information. The correct firmware must be
used for each product, and to ensure this, devices will only upgrade to firmware for the
correct platform.
DRGOS currently supports the following platforms: drg700, hrg1000, and tundra.
The details of which products are supported in each platform are shown in Table 1.

Table 1 Supported platforms and models

Platform Model

hrg1000 • Titanium42, 44, 48, 52, 54

• Platinum4210, 4410, 4810, 4220, 4420, 4820, 4240, 4440, 4840, 4480, 6810, 6820,
6840, 6880
• DRG711v2, DRG712v2, DRG714v2, DRG716v2, DRG717v2, DRG718v2, DRG719v2, DRG726v2,
DRG727v2, DRG729v2, DRG736v2, DRG737v2, DRG739v2

drg700 DRG701, DRG702, DRG703, DRG711, DRG712, DRG714, DRG716, DRG717, DRG718, DRG719
(DRG700v1)

tundra Titanium22, 24

About This Manual

The purpose of this guide is to describe the use cases for configuring DRGOS in
different deployment scenarios. The configuration examples are presented in
Command Line Interface (CLI) syntax. They can also be written into a configuration

7
Introduction

file that is downloaded by the DRGOS using other methods, such as, Dynamic Host
Configuration Protocol (DHCP), Simple Network Management Protocol (SNMP),
and CPE WAN Management Protocol (CWMP).
Some examples are provided at the beginning to show how DRGOS is configured in
different deployment scenarios (see “Examples of Deployment Scenarios” on
page 12).
Typical use cases for configuring the network interfaces and specific functions are
described in:
• “Configuring the System” on page 46
• “Configuring IPv4” on page 55
• “Configuring IPv6” on page 64
• “Configuring WLAN” on page 77
• “Configuring VoIP” on page 83
• “Configuring CATV” on page 110
• “Configuring DHCP” on page 111
• “Configuring DNS” on page 114
• “Configuring UPnP” on page 119
• “Configuring QoS” on page 121
• “Troubleshooting” on page 126

Who Should Read This Manual

This guide is for operators responsible for configuring DRGOS. The following
qualifications are required for the operator:
• familiar with at least one configuration method as described in DRGOS
Configuration Guide
• an expert knowledge of broadband networking, especially Ethernet networking
• an expert knowledge of data communication protocols, such as, DHCP, SNMP,
CWMP, SIP

What You Will Know after Reading This Manual

After reading this manual, you will be able to configure DRGOS within a reallife
network environment.

Related Manuals
The following documents are related to the RG products:

Document Content

DRGOS Release Notes It describes the new features, fixed issues, and known
issues in a release.

DRGOS Command Reference It describes the syntax and usage of each CLI command.

8
Introduction

Document Content

DRGOS Configuration Guide It describes the basics of different methods for

configuring DRGOS (including CLI, DHCP, SNMP, CWMP,
and GAPS).

DRGOS GUI User Guide It provides home users with instructions on configuring
the RG through GUI.

Typing Conventions
Typing conventions in this manual:

Table 2 Typing conventions used in this manual

Typeface Description

drgos# show version Indicates texts displayed in the CLI

tar Indicates a CLI command

R0 Indicates a key stroke on the keyboard of a computer or on the keypad of

a telephone handset

C:\Program Files Indicates a directory

helloworld.elf Indicates a filename

DRGOS Configuration Reference to chapter, other document, or other reference

Guide
http://www.example.com/ Indicates a Uniform Resource Locator (URL) address, or an Email address

Note A note indicates neutral or positive information that emphasizes or

supplements important points of the main text.

Caution A caution advises users that failure to take or avoid a specified action
could result in loss of data.

Terminology
The following terms and abbreviations are used in this manual:

Table 3 Terms and abbreviations

Terminology Description

ACL Access Control List, a list of access control entries applied on an interface

ACS AutoConfiguration Server, from which an operator can manage DRGOS using CWMP

CATV cable television, a system through which television services are delivered using radio frequency
(RF) signals transmitted to televisions through coaxial cables or digital light pulses through fixed
optical fibers located on the subscriber's property

CLI Command Line Interface, a method to manage DRGOS

CPE Customer Premises Equipment, usually a switch, router or access point device for broadband
networks

9
Introduction

Terminology Description

CWMP CPE WAN Management Protocol, also known as TR069, is an industry standard remote
management protocol for broadband networks.

DHCP Dynamic Host Configuration Protocol is an autoconfiguration protocol used on IP networks.

DNS Domain Name System

DRG Digital Residential Gateway, the name for a type of Genexis CPE device

DRGOS DRG Operating System, firmware for Genexis residential gateways

DSCP Differentiated Services Code Point, a six bit field in an IP packet that is used to classify packets for
different QoS

DTMF DualTone Multifrequency

GAPS Genexis Automatic Provisioning System, a proprietary management and provisioning system that
provides centralized management for Genexis CPEs in a FTTH network

HRG Hybrid Residential Gateway, the name for a type of Genexis CPE device

IGMP Internet Group Management Protocol

internal Class 5 a subset of Class 5 services provided by DRGOS and without needing the support from a proxy
services server

IP Internet Protocol

IPTV Internet Protocol television, a system through which television services are delivered using the
Internet protocol suite over a packetswitched network, such as the Internet

LAN Local Area Network

MIB Management Information Bases. An MIB is a group of managed objects within a network and a
core component used by SNMP for remote management.

NAT Network Address Translation, the process of modifying network address information in IP headers
for the purpose of remapping one IP address space into another

NAT port a feature which allows specific traffic to be transferred even when the conversation originates from
forwarding the external network

NNI NetworktoNetwork Interface

NTP Network Time Protocol

PPPoE PointtoPoint Protocol over Ethernet, a network protocol for encapsulating PointtoPoint Protocol
(PPP) frames inside Ethernet frames.

QoS Quality of Service. In DRGOS, QoS management is separated for VoIP and other services.

RG Residential Gateway, the general name for the Genexis CPE products, including DRG 700, DRG
800, HRG 1000, and so on

RPC Remote Procedure Call, a set of methods defined in TR069 to manage CPEs

SIP Session Initiation Protocol, the IETF protocol for VoIP. See RFC 3261.

SNMP Simple Network Management Protocol, an applicationlayer protocol that provides a

communication mechanism between SNMP managers and agents

SSH Secure Shell

SSID Service Set Identifier, a network name shared among all points in a wireless network

VLAN Virtual LAN, a group of hosts with a common set of requirements that communicate as if they were
attached to the same broadcast domain, regardless of their physical location

UPnP Universal Plug and Play

UTC Coordinated Universal Time

10
Introduction

Terminology Description

VoIP Voice over IP

WAN Wide Area Network

WLAN Wireless Local Area Network

11
Examples of Deployment Scenarios

This chapter describes the typical deployment scenarios for DRGOS. DRGOS is
distributed with a default configuration which suits most common deployment
scenarios (see “Default Configuration” on page 13).
The deployment scenarios are described in the following sections:
• “Layer 2 Basic” on page 14
• “Layer 2 Basic with Bridged WLAN” on page 16
• “Layer 2 VLAN per Service or Port” on page 18
• “Layer 2 VLAN per Customer and One MAC per Service” on page 21
• “Layer 3 Basic” on page 23
• “Layer 3 Basic with DHCPv6 Prefix Delegation and IPv6 Routing” on page 25
• “Layer 3 VLAN per Service” on page 27
• “Layer 3 VLAN per Service and Internet over PPPoE” on page 29
• “Layer 3 VLAN per Service with Multiple NATs” on page 31
• “Layer 3 VLAN per Customer and One MAC per Service” on page 33
• “Layer 2/Layer 3 Hybrid VLAN per Service” on page 36
• “Layer 2/Layer 3 Hybrid VLAN per Service with Tagged Management VLAN”
on page 39
• “Layer 2/Layer 3 Hybrid VLAN per Service with LAN Ports in Hybrid Mode” on
page 42
There are limitations for configurations in the “Layer 2 VLAN per customer and one
MAC per service” and “Layer 3 VLAN per customer and one MAC per service”
scenarios. For details, see “Limitations in Configuring “One VLAN per Customer and
One MAC per Service” Scenarios” on page 45.
Note: In the following examples, default configurations are marked with “!”.

12
Examples of Deployment Scenarios

Default Configuration
DRGOS is configured as follows by default:
interface wan

!vlan member 1

!vlan untagged 1

interface vlan1

!ip address dhcp

!ipv6 address auto

interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

interface lan/ethernet1

interface lan/ethernet2

interface lan/ethernet3

interface lan/ethernet4

!management source-interface vlan1

Note: By default the routed LAN traffic is not forwarded upstream until an external
interface is defined. To defined an external interface, see “Layer 3 Basic” on
page 23.

13
Examples of Deployment Scenarios

Layer 2 Basic
This is the scenario for the Layer 2 basic configuration.

Figure 1 Layer 2 basic configuration

VoIP

MAC1 MGMT

NAT ROUTER WLAN

SWITCH

LAN1 LAN2 LAN3 LAN4

VLAN1 untagged
Internal

In this scenario, DRGOS can be configured as follows:

The WAN definition includes a list of VLANs to which the NetworktoNetwork
Interface (NNI) belongs. One VLAN may be untagged. This instance uses the default
configuration: one VLAN “vlan1” is defined.
interface wan

!vlan member 1

!vlan untagged 1

This VLAN is assigned an IP address to permit IP access to the RG.

interface vlan1

!ip address dhcp

!ipv6 address auto

service mgmt

By default traffic from the WLAN is routed. To forward the WLAN traffic to
upstream, an external interface must be explicitly defined.
interface lan

!ip address 192.168.1.254/24

14
Examples of Deployment Scenarios

!ipv6 address auto

ip nat external-interface vlan1

To direct LAN traffic to WAN through the switch, each LAN port should be a member
of at least one VLAN.
interface lan/ethernet1

vlan member 1

vlan untagged 1

interface lan/ethernet2

vlan member 1

vlan untagged 1

interface lan/ethernet3

vlan member 1

vlan untagged 1

interface lan/ethernet4

vlan member 1

vlan untagged 1

By default all local source traffic uses “vlan1” as the source interface. This is defined
explicitly here for clarity.
!management source-interface vlan1

voice

!voip signaling source-interface vlan1

!voip media source-interface vlan1

15
Examples of Deployment Scenarios

Layer 2 Basic with Bridged WLAN

This is the scenario for the Layer 2 basic configuration with bridged WLAN.

Figure 2 Layer 2 basic configuration with bridged WLAN

VoIP

WLAN1
MAC1 MGMT
WLAN2

NAT ROUTER
WLAN3

WLAN4
SWITCH

LAN1 LAN2 LAN3 LAN4

VLAN1 untagged
Internal

In this scenario, DRGOS can be configured as follows:

!vlan member 1

!vlan untagged 1

This VLAN is assigned an IP address to permit IP access to the RG.

interface vlan1

!ip address dhcp

!ipv6 address auto

By default traffic from the WLAN is forwarded to the CPE router. To forward the
WLAN traffic to upstream, an external interface must be explicitly defined. Here traffic
from WLAN1 (the WLAN enabled by default) is forwarded through CPE router.
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

ip nat external-interface vlan1

16
Examples of Deployment Scenarios

To direct LAN traffic to WAN through the switch, each LAN port should be a member
of at least one VLAN.
interface lan/ethernet1

vlan member 1

vlan untagged 1

interface lan/ethernet2

vlan member 1

vlan untagged 1

interface lan/ethernet3

vlan member 1

vlan untagged 1

interface lan/ethernet4

vlan member 1

vlan untagged 1

By default only WLAN1 is enabled. To use a WLAN other than WLAN1, you need to
enable the WLAN interface. Additionally, to bridge a WLAN interface with the WAN
interface, add a VLAN to the WLAN.
interface wlan3

vlan member 1

vlan untagged 1

no shutdown

interface wlan4

vlan member 1

vlan untagged 1

no shutdown

Note: A WLAN interface only supports one VLAN member—the untagged VLAN.
On WLAN interfaces priority is ignored and has no effect.

By default all local source traffic uses “vlan1” as the source interface. This is defined
explicitly here for clarity.
!management source-interface vlan1

voice

!voip signaling source-interface vlan1

!voip media source-interface vlan1

17
Examples of Deployment Scenarios

Layer 2 VLAN per Service or Port

This scenario shows a typical VLAN per service or port in a Layer 2 environment.

Figure 3 Layer 2 VLAN per service or port configuration

In this scenario, DRGOS can be configured as follows:

Multiple VLANs may be defined—one per service allows easy separation of traffic. One
untagged VLAN may be defined.
interface wan

vlan member 1,100,200,300

!vlan untagged 1

Each of the Layer 2 LAN ports must be a member of at least one VLAN. In each of
these definitions, the IP connectivity mechanism must be defined, such as, DHCP,
static or PPPoE.
interface vlan1

!ip address dhcp

!ipv6 address auto

service mgmt

interface vlan100

ip address dhcp

service voip

interface vlan200

18
Examples of Deployment Scenarios

ip address dhcp

service internet

In this example, no IP connectivity is defined for vlan300 since there is no IPTV entity
in the RG.
interface vlan300

service iptv

Since there are multiple interfaces, it is important to define which interface is used for
which service. Here management traffic is bound to vlan1 by default.
!management source-interface vlan1

By default traffic from the WLAN is routed. To forward the WLAN traffic to
upstream, an external interface must be explicitly defined. The external interface
should be dedicated to the data service—here vlan200 is used.
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

ip nat external-interface vlan200

Each of the Layer 2 LAN ports must be a member of at least one VLAN. You may use
separate VLANs for Internet service and IPTV service.
interface lan/ethernet1

vlan member 200

vlan untagged 200

interface lan/ethernet2

vlan member 200

vlan untagged 200

interface lan/ethernet3

vlan member 300

vlan untagged 300

interface lan/ethernet4

vlan member 300

vlan untagged 300

Voice signalling and media traffic may be assigned to a unique interface, or can be
assigned to separate interfaces. Here both are bound to vlan100.

19
Examples of Deployment Scenarios

voice

voip signaling source-interface vlan100

voip media source-interface vlan100

20
Examples of Deployment Scenarios

Layer 2 VLAN per Customer and One MAC per Service

This is a typical scenario for one VLAN per customer and one MAC address per service
in a Layer 2 environment.

Figure 4 Layer 2 VLAN per customer and one MAC per service configuration

In this scenario, DRGOS can be configured as follows:

One untagged VLAN is defined on the WAN interface by default.
interface wan

!vlan member 1

!vlan untagged 1

An interface may be divided into subinterfaces, thus allowing one VLAN to be used
for several services. This allows service separation, while only using one VLAN per
customer. In this case, it is important to use a service statement for the subinterface to
allow the DHCP server to use this information as a key to define which IP address pool
to use for the service.
Ensure that highspeed traffic is assigned to the native interface and not a subinterface.
interface vlan1

!ip address dhcp

!ipv6 address auto

service nat

interface vlan1/1

ip address dhcp

service mgmt

interface vlan1/2

ip address dhcp

21
Examples of Deployment Scenarios

service voip

By default traffic from the WLAN is routed. To forward the WLAN traffic to
upstream, an external interface must be explicitly defined.
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

ip nat external-interface vlan1

Each of the Layer 2 LAN ports must be a member of at least one VLAN.
interface lan/ethernet1

vlan member 1

vlan untagged 1

interface lan/ethernet2

vlan member 1

vlan untagged 1

interface lan/ethernet3

vlan member 1

vlan untagged 1

interface lan/ethernet4

vlan member 1

vlan untagged 1

Ensure that management traffic is bound to the VLANx/1 subinterface.

management source-interface vlan1/1

snmp agent source-interface vlan1/1

cwmp source-interface vlan1/1

Voice signalling and media traffic may be assigned to a unique interface, or can be
assigned to separate interfaces. Here they are bound to the same subinterface.
voice

voip signaling source-interface vlan1/2

voip media source-interface vlan1/2

Note: For more information about the limitations in configuring DRGOS, see
“Limitations in Configuring “One VLAN per Customer and One MAC per
Service” Scenarios” on page 45.

22
Examples of Deployment Scenarios

Layer 3 Basic
This scenario is based on the default configuration (with a few changes). This scenario
is common for operators replacing or augmenting an xDSL network.
Since only one upstream interface is defined, there are no opportunities for providing
different levels of service on a per service basis. All traffic is subject to a single overall
level of service.

Figure 5 Layer 3 basic configuration

In this scenario, DRGOS can be configured as follows:

interface wan

!vlan member 1

!vlan untagged 1

interface vlan1

!ip address dhcp

!ipv6 address auto

By default the routed LAN traffic is not forwarded upstream until an external interface
is defined.
interface lan

!ip address 192.168.1.254/24

23
Examples of Deployment Scenarios

!ipv6 address auto

ip nat external-interface vlan1

interface lan/ethernet1

interface lan/ethernet2

interface lan/ethernet3

interface lan/ethernet4

The management sourceinterface is set to “vlan1” by default.

!management source-interface vlan1

24
Examples of Deployment Scenarios

Layer 3 Basic with DHCPv6 Prefix Delegation and IPv6 Routing

This scenario applies configuration for IPv6 routing on top of the “Layer 3 Basic”
configuration. IPv6 traffic can be routed between LAN and WAN.
Since only one upstream interface is defined, there are no opportunities for providing
different levels of service on a per service basis. All traffic is subject to a single overall
level of service.

Figure 6 Layer 3 basic with IPv6 routing configuration

In this scenario, DRGOS can be configured as follows:

interface wan

!vlan member 1

!vlan untagged 1

interface vlan1

!ip address dhcp

!ipv6 address auto

By default, IPv6 is enabled on vlan1 and is disabled on all other VLANs. When IPv6
is enabled on a VLAN, a global address is automatically acquired.
To enabled IPv6 on a VLAN, apply ipv6 address auto.

By default the routed LAN traffic is not forwarded upstream until an external interface
is defined. Therefore an external interface must be explicitly defined for IPv6 and IPv4

25
Examples of Deployment Scenarios

traffic.
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

ip nat external-interface vlan1

ipv6 external-interface vlan1

interface lan/ethernet1

interface lan/ethernet2

interface lan/ethernet3

interface lan/ethernet4

By default the management sourceinterface is set to “vlan1”.

!management source-interface vlan1

26
Examples of Deployment Scenarios

Layer 3 VLAN per Service

This is a typical scenario for L3 services using a separate VLAN per service, such as,
management, VoIP, and so on. Each service gets its own IP address from the pool
defined by the DHCP server. Since each VLAN can be the subject of a separate service
policy, it is possible to control and police individual services in the access network. For
example, VoIP can have low latency and low loss, management traffic can be
prioritized, and general traffic is subject to best effort.

Figure 7 Layer 3 VLAN per service configuration

In this scenario, DRGOS can be configured as follows:

The WAN interface shall be a member of all VLANs required on NNI. One untagged
VLAN may be defined.
interface wan

vlan member 1,100,200

!vlan untagged 1

Each service interface should have a VLAN interface definition. In each definition, the
IP connectivity mechanism must be defined, such as, DHCP, static or PPPoE. Since
there are multiple interfaces, it is important to define which interface is used for which
service.
interface vlan1

!ip address dhcp

!ipv6 address auto

service mgmt

interface vlan100

27
Examples of Deployment Scenarios

ip address dhcp

service voip

interface vlan200

ip address dhcp

service nat

By default the routed LAN traffic is not forwarded upstream until an external interface
is defined. Here routed traffic is bound to vlan200.
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

ip nat external-interface vlan200

You can enable the IGMP proxy for routed multicast traffic (e.g. for IPTV service).
The IGMP proxy aggregates and responds to all requests (e.g. Join/Leave requests)
from the downstream hosts; additionally, it responds to Queries from the upstream
router. You can also configure other IGMP functions (e.g. IGMP immediateleave and
IGMP robustness).
(interface lan)

ip igmp proxy vlan200

ip igmp immediate-leave

interface lan/ethernet1

interface lan/ethernet2

interface lan/ethernet3

interface lan/ethernet4

Here management traffic is bound to vlan1.

!management source-interface vlan1

Voice signalling and media traffic may be assigned to a unique interface, or can be
assigned to separate interfaces. Here both are bound to vlan100.
voice

voip signaling source-interface vlan100

voip media source-interface vlan100

28
Examples of Deployment Scenarios

Layer 3 VLAN per Service and Internet over PPPoE

This is a specific case of the scenario for L3 VLAN per service. It involves PPPoE
service.

Figure 8 Layer 3 VLAN per service and Internet over PPPoE configuration

In this scenario, DRGOS can be configured as follows:

The WAN interface shall be a member of all VLANs required on NNI. One untagged
VLAN may be defined.
interface wan

vlan member 1,100,200

!vlan untagged 1

Each service interface should have a VLAN interface definition. In each of these
definitions, the IP connectivity mechanism must be defined, such as, DHCP, static or
PPPoE. Since there are multiple interfaces, it is important to define which interface is
used for which service.
interface vlan1

!ip address dhcp

29
Examples of Deployment Scenarios

!ipv6 address auto

service mgmt

interface vlan100

ip address dhcp

service voip

It is optional to define the service and access concentrator (AC) name.

interface vlan200

ip address pppoe

pppoe username foo password bar

pppoe service myservice

pppoe acname myac

By default the routed LAN traffic is not forwarded upstream until an external interface
is defined. Here routed traffic is bound to vlan200.
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

ip nat external-interface vlan200

interface lan/ethernet1

interface lan/ethernet2

interface lan/ethernet3

interface lan/ethernet4

Here management traffic is bound to vlan1.

!management source-interface vlan1

Voice signalling and media traffic may be assigned to a unique interface, or can be
assigned to separate interfaces. Here both are bound to vlan100.
voice

voip signaling source-interface vlan100

voip media source-interface vlan100

30
Examples of Deployment Scenarios

Layer 3 VLAN per Service with Multiple NATs

This scenario is an enhancement of “Layer 3 VLAN per Service”. Figure 13 shows an
example of this scenario. Different NATs are used for different types of traffic:
• The Internet traffic goes through NAT1.
• The VoD traffic goes through NAT2, where the service provider delivers its specific
service (e.g. VoD) to end users.

Figure 9 Layer 3 VLAN per service with multiple NATs

VoIP

Internet MGMT

MAC1
NAT1

VoD server ROUTER WLAN

NAT2

SWITCH

LAN1 LAN2 LAN3 LAN4

Mgmt: VLAN 1 untagged

VoIP: VLAN100 tagged
Internet: VLAN200 tagged
VoD: VLAN300 tagged
Internal

In this scenario, DRGOS can be configured as follows:

The WAN interface shall be a member of all VLANs required on NetworktoNetwork
Interface (NNI). One untagged VLAN may be defined.
interface wan
vlan member 1,100,200,300
!vlan untagged 1

Each service interface should have a VLAN interface definition. In each of these
definitions, the IP connectivity mechanism must be defined, such as, DHCP, static, or
PPPoE.
interface vlan1

!ip address dhcp

31
Examples of Deployment Scenarios

!ipv6 address auto

service mgmt

interface vlan100

ip address dhcp

service voip

interface vlan200

ip address dhcp

ipv6 address auto

service nat

interface vlan300

ip address dhcp

service vod

Two NAT external interfaces are defined on the upstream interface: vlan200 and
vlan300. Internet traffic is sent over NAT1 to vlan200 and VoD traffic (that is destined
for 10.0.100.0/24 network) is sent over NAT2 to vlan300. Additional NAT external
interface rules can be defined if traffic must be routed to multiple networks.
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

ip nat external-interface vlan200

ip nat external-interface vlan300 10.0.100.0/24

ipv6 external-interface vlan200

interface lan/ethernet1

interface lan/ethernet2

interface lan/ethernet3

interface lan/ethernet4

Here management traffic is bound to vlan1.

!management source-interface vlan1

Voice signalling and media traffic may be assigned to a unique interface, or can be
assigned to separate interfaces. Here both are bound to vlan100.
voice

voip signaling source-interface vlan100

voip media source-interface vlan100

32
Examples of Deployment Scenarios

Layer 3 VLAN per Customer and One MAC per Service

This is a typical scenario for one VLAN per customer in a Layer 3 environment. In this
case, each service (such as, VoIP, management, NAT) has a unique MAC address and
thus has a unique IP address in separate or common Layer 3 domains.
This scenario is deployed using the VLAN subinterface mechanism. Interface
VLANx/y is a subinterface of VLAN x. There can be up to four subinterfaces on a per
service basis. When a VLAN subinterface is used, the default MAC address is
overridden by the MAC address of the subinterface on the upstream interface of the
RG. This ensures that the DHCP server provides a unique IP address for each sub
interface. Then the RG can have multiple uplinks on the same VLAN.
The service CLI command allows you to define a specific string to the Vendor Class
Identifier (VCI), also referred to as “DHCP Option 60”. This can be used by the
DHCP server to define specific IP address pools per service provider.

Figure 10 Layer 3 VLAN per customer configuration

In this scenario, DRGOS can be configured as follows:

The WAN interface shall be a member of all VLANs required on NNI. One untagged
VLAN may be defined.
interface wan

!vlan member 1

!vlan untagged 1

33
Examples of Deployment Scenarios

to use for the service.

Highspeed traffic service, e.g. Internet, should be assigned to the native interface and
not a subinterface.
interface vlan1

!ip address dhcp

!ipv6 address auto

service nat

interface vlan1/1

ip address dhcp

service mgmt

interface vlan1/2

ip address dhcp

service voip

By default the routed LAN traffic is not forwarded upstream until an external interface
is defined. Here routed traffic is bound to vlan1.
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

ip nat external-interface vlan1

interface lan/ethernet1

interface lan/ethernet2

interface lan/ethernet3

interface lan/ethernet4

Ensure that management traffic is bound to the VLANx/1 subinterface.

management source-interface vlan1/1

snmp agent source-interface vlan1/1

cwmp source-interface vlan1/1

Voice signalling and media traffic may be assigned to a unique interface, or can be
assigned to separate interfaces. Here they are bound to the same subinterface.
voice

voip signaling source-interface vlan1/2

voip media source-interface vlan1/2

34
Examples of Deployment Scenarios

Note: For more information about the limitations in configuring DRGOS, see
“Limitations in Configuring “One VLAN per Customer and One MAC per
Service” Scenarios” on page 45.

35
Examples of Deployment Scenarios

Layer 2/Layer 3 Hybrid VLAN per Service

Hybrid Layer 2 and Layer 3 configuration can be used by operators who wish to offer
some services on Layer 2 (for example, IPTV) while offering other services on Layer 3
(for example, general Internet access).
This allows the operator to leverage the advantages of a specific network architecture
on a per service basis.

Figure 11 Layer 2/Layer 3 hybrid VLAN per service configuration

In this scenario, DRGOS can be configured as follows:

The WAN interface shall be a member of all VLANs required on NNI. One untagged
VLAN may be defined.
interface wan

vlan member 1,100,200,300

!vlan untagged 1

!ip address dhcp

36
Examples of Deployment Scenarios

!ipv6 address auto

service mgmt

interface vlan100

ip address dhcp

service voip

interface vlan200

ip address dhcp

service nat

interface vlan300

service iptv

By default the routed LAN traffic is not forwarded upstream until an external interface
is defined. Here routed traffic is bound to vlan200.
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

ip nat external-interface vlan200

Each of the Layer 2 LAN ports must be a member of at least one VLAN so that traffic
may pass from the WAN interface to the LAN interface.
interface lan/ethernet1

vlan member 300

vlan untagged 300

interface lan/ethernet2

vlan member 300

vlan untagged 300

interface lan/ethernet3

interface lan/ethernet4

Here management traffic is bound to vlan1.

!management source-interface vlan1

!snmp agent source-interface vlan1

!cwmp source-interface vlan1

Voice signalling and media traffic may be assigned to a unique interface, or can be

37
Examples of Deployment Scenarios

assigned to separate interfaces. Here they are both bound to vlan100.

voice

voip signaling source-interface vlan100

voip media source-interface vlan100

38
Examples of Deployment Scenarios

Layer 2/Layer 3 Hybrid VLAN per Service with Tagged Management

VLAN
In this scenario, the management interface is not the default interface vlan1. The
operator can assign a tagged VLAN for management traffic. This scenario is a specific
situation of “Layer 2/Layer 3 Hybrid VLAN per Service”.

Figure 12 Layer 2/Layer 3 hybrid VLAN per service with tagged management VLAN

In this scenario, DRGOS can be configured as follows:

The WAN interface shall be a member of all VLANs required on NNI.
interface wan

vlan member 100,200,300,400

As the default interface vlan1 is not used in this scenario, shut down vlan1:
interface vlan1

shutdown

39
Examples of Deployment Scenarios

used for which service.

interface vlan100

ip address dhcp

service mgmt

interface vlan200

ip address dhcp

service voip

interface vlan300

ip address dhcp

service nat

interface vlan400

service iptv

By default the routed LAN traffic is not forwarded upstream until an external interface
is defined. Here routed traffic is bound to vlan300.
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

ip nat external-interface vlan300

Each of the Layer 2 LAN ports must be a member of at least one VLAN so that traffic
may pass from the WAN interface to the LAN interface.
interface lan/ethernet1

vlan member 400

vlan untagged 400

interface lan/ethernet2

vlan member 400

vlan untagged 400

interface lan/ethernet3

interface lan/ethernet4

Here management traffic is bound to vlan100.

management source-interface vlan100

snmp agent source-interface vlan100

cwmp source-interface vlan100

40
Examples of Deployment Scenarios

Voice signalling and media traffic may be assigned to a unique interface, or can be
assigned to separate interfaces. Here they are both bound to vlan200.
voice

voip signaling source-interface vlan200

voip media source-interface vlan200

41
Examples of Deployment Scenarios

Layer 2/Layer 3 Hybrid VLAN per Service with LAN Ports in Hybrid
Mode
This scenario is an enhancement of “Layer 2/Layer 3 Hybrid VLAN per Service”. A
LAN port is configured as a member of two VLANs: one tagged VLAN on the WAN
side and one untagged VLAN on the LAN side, where this port operates in hybrid
mode.
This permits a settop box (STB) to support separate interfaces for services, e.g.
• a bridged tagged VLAN for IPTV service
• an untagged VLAN for High Speed Internet (HSI) service, such as TVbased web
browsing, software upgrades, electronic program guide, and so on
If the STB has a Personal Video Recorder (PVR) capability, the untagged VLAN also
allows local hosts to access recordings on the STB.
Figure 13 shows an example of this scenario, where two LAN ports are operating in
hybrid mode.

Figure 13 Layer 3 VLAN per service with LAN ports in hybrid mode

VoIP

MAC1 MGMT

NAT ROUTER WLAN

SWITCH

LAN1 LAN2 LAN3 LAN4

Mgmt: VLAN 1 untagged

VoIP: VLAN100 tagged
Internet: VLAN200 tagged
IPTV: VLAN300 tagged
Internal: VLAN2000 untagged

In this scenario, DRGOS can be configured as follows:

The WAN interface shall be a member of all VLANs required on NetworktoNetwork
Interface (NNI). One untagged VLAN may be defined.
interface wan
vlan member 1,100,200,300
!vlan untagged 1

Each service interface should have a VLAN interface definition. In each of these
definitions, the IP connectivity mechanism must be defined, such as, DHCP, static, or
PPPoE. No IP connectivity is defined for vlan300 since there is no Layer 3 IPTV entity

42
Examples of Deployment Scenarios

in the RG.
As STB IPTV joins use IGMP in the normal way on the tagged VLAN, IGMP
snooping should be enabled on vlan300.
interface vlan1

!ip address dhcp

!ipv6 address auto

service mgmt

interface vlan100

ip address dhcp

service voip

interface vlan200

ip address dhcp

ipv6 address auto

service nat

interface vlan300

service iptv

ip igmp snooping

A VLAN interface can be declared as a downstream interface. A downstream interface

substitutes the logical LAN interface when DRGOS operates in the hybrid mode. Only
one downstream interface is supported.
interface vlan2000

downstream

ipv6 address auto

ip nat external-interface vlan200

ipv6 external-interface vlan200

Note: Once configured as a downstream interface, the VLAN interface is automatically

configured with: ip address 192.168.1.254/24. IPv6 is disabled by default
and the operator needs to configure IPv6 if required. The original LAN interface
becomes invalid.

When a downstream interface is configured, you should leave the LAN interface with
the default configuration:
interface lan

!ip address 192.168.1.254/24

43
Examples of Deployment Scenarios

!ipv6 address auto

On the ethernet1 and ethernet2 LAN ports, two VLANs are defined: vlan300 and
vlan2000. Tagged traffic is directly sent to WAN over vlan300 and untagged traffic is
sent through the router over vlan2000.
Note: LAN ports that are not in hybrid mode MUST be defined to use the routed
VLAN.
interface lan/ethernet1

vlan member 300, 2000

vlan untagged 2000

interface lan/ethernet2

vlan member 300, 2000

vlan untagged 2000

interface lan/ethernet3

vlan member 2000

vlan untagged 2000

interface lan/ethernet4

vlan member 2000

vlan untagged 2000

Here management traffic is bound to vlan1.

!management source-interface vlan1

Voice signalling and media traffic may be assigned to a unique interface, or can be
assigned to separate interfaces. Here both are bound to vlan100.
voice

voip signaling source-interface vlan100

voip media source-interface vlan100

44
Examples of Deployment Scenarios

Limitations in Configuring “One VLAN per Customer and One MAC

per Service” Scenarios
When you configure DRGOS in the “Layer 2 VLAN per customer and one MAC per
service” and “Layer 3 VLAN per customer and one MAC per service” scenarios, the
following rules should be complied with:
• Configure only one VLAN. When subinterfaces (VLANx/y) are configured, only
one main interface (VLANx) is supported.
• Always assign the NAT service to the main interface (VLANx), not to a sub
interface (VLANx/y). For example,
interface vlan1
!ip address dhcp
service nat
This rule is to ensure optimum performance of highspeed traffic as subinterfaces
do not operate at wirespeed.
• Always assign the management traffic to the VLANx/1 subinterface. For example,
management source-interface vlan1/1
snmp agent source-interface vlan1/1
cwmp source-interface vlan1/1
The MAC address of VLANx/1 subinterface is the unit’s base MAC address, which
is used by management systems to identify the RG. To ensure that the base MAC
address is exposed to the management systems, the management traffic should be
bound to the VLANx/1 interface.
• Up to four subinterfaces can be defined for a VLAN interface.

45
Configuring the System

You can do the following configurations for the DRGOS system:

• Configuring WAN Interface
• Configuring LAN Interfaces
• Configuring VPN Passthrough
• Configuring NTP
• Setting System Clock
• Specifying Logging Server
• Configuring Operator Identity in GUI

46
Configuring the System

Configuring WAN Interface

You can set Layer 2 attributes on the WAN interface and assign Layer 3 attributes to
upstream VLAN interfaces.
From DRGOS 1.6.1, it is no longer possible to configure the WAN interface with
Layer 3 attributes. Instead add an upstream VLAN membership in the WAN interface
context and configure Layer 3 attributes on the VLAN interface.

Default Configuration of WAN Interface

The default configuration of the WAN interface is as follows:
interface wan

!vlan member 1

!vlan untagged 1

interface vlan1

!ip address dhcp

!ipv6 address auto

By default vlan1 is used as the source interface for the following traffic: management,
SNMP, CWMP, UPnP, VoIP media, and VoIP signaling.

Configuring Flow Control

Flow control manages the data transmission between two network nodes to prevent a
fast sender from overwhelming a slow receiver. Flow control can only be negotiated and
cannot be used with fixed speed or duplex mode.
To enable flow control on the WAN interface:
drgos(config)# interface wan

drgos(config-if-wan)# media auto flow-control

Configuring VLAN
You can add one or more VLAN members to the WAN interface, one of which can be
untagged.
Example 1 Configuring the VLANs
drgos(config)# interface wan

drgos(config-if-wan)# vlan member 2,3,90-100

drgos(config-if-wan)# vlan untagged 100

Configuring Layer 3 Attributes on VLAN

You can configure Layer 3 attributes on a VLAN interface.

47
Configuring the System

Example 2 Configuring static IP on Layer 3 VLAN interface

drgos(config)# interface vlan100

drgos(config-if-vlan)# ip address 10.195.3.101/24

Example 3 Configuring dynamic IP on Layer 3 VLAN interface
drgos(config)# interface vlan100

drgos(config-if-vlan)# ip address dhcp

Example 4 Configuring PPPoE on Layer 3 VLAN interface
drgos(config)# interface vlan100

drgos(config-if-vlan)# ip address pppoe

In deployments where enduser bandwidth limits are applied, it may be beneficial to

drop the Internet connection during idle periods. To permit this, the operator can
enable PPPoE ondemand mode. In this mode, the network connection will be
dropped after a specified idle period. To enable the PPPoE ondemand mode and set
the idle period, use the following command:
drgos(config-if-vlan)# pppoe on-demand idle 60

In this example, the network connection will be dropped after 60 seconds. To disable
the PPPoE ondemand mode, use the following command:
drgos(config-if-vlan)# no pppoe on-demand

or
drgos(config-if-vlan)# pppoe on-demand idle 0

Configuring LAN Interfaces

DRGOS has four or eight physical LAN interfaces (the number of LAN interfaces is
dependent on the hardware). In CLI, these interfaces are presented as 
lan/ethernet<x>.

In addition, the logical LAN interface, i.e. the LANside interface of the CPE router,
is also configurable. In CLI, the logical LAN interface is presented as lan.

Default Configuration of LAN Interfaces

The default configuration of the LAN interfaces is as follows:
interface lan

!ip address 192.168.1.254/24

!ipv6 address auto

interface lan/ethernet1

interface lan/ethernet2

interface lan/ethernet3

interface lan/ethernet4

48
Configuring the System

Setting IP Address
The IP address and netmask on the LAN interface can be set using the ip address
command.
Example 5 Setting the IP address of LAN interface
drgos(config)# interface lan

drgos(config-if-lan)# ip address 10.195.3.101/24

Configuring Flow Control

drgos(config-if-lan-eth)# media auto flow-control

Configuring VLAN
A physical LAN interface can be a member of one or more VLANs, among which one
VLAN can be untagged:
Example 6 Configuring the VLANs
drgos(config)# interface lan/ethernet1

drgos(config-if-lan-eth)# vlan member 2,3,90-100

drgos(config-if-lan-eth)# vlan untagged 100

Configuring NAT External Interface

When LAN traffic is forwarded to the Internet through an external (upstream)
interface, the LAN IP address is mapped to an external IP address. This process is called
Network Address Translation (NAT).
By default, no NAT external interface is defined and LAN traffic is not forwarded to
the Internet. To forward LAN traffic, you need to define an external interface. For
example:
drgos(config)# interface lan

drgos(config-if-lan)# ip nat external-interface vlan3

In some cases, you may want to send traffic through different external interfaces—e.g.
one for Internet traffic and one for video on demand (VoD) traffic. You can configure
an external interface for traffic that targets the VoD server’s IP addresses. For example,
add this line on top of the NAT configuration above:
drgos(config-if-lan)# ip nat external-interface vlan90 10.0.100.0/24

Traffic that targets an IP address in range of 10.0.100.0/24 is forwarded through

49
Configuring the System

vlan90. All other traffic is forwarded through the default external interface—vlan3.
To forward IPv6 LAN traffic, you need to define an IPv6 external interface:
drgos(config)# interface lan

drgos(config-if-lan)# ipv6 external-interface vlan100

Configuring VPN Passthrough

A virtual private network (VPN) is a pointtopoint connection across a private or
public network (Internet). VPN passthrough allows the VPN traffic to pass through
the RG. DRGOS supports the following types of VPN passthrough:
• PPP over Ethernet (PPPoE) passthrough
• PointtoPoint Tunneling Protocol (PPTP) passthrough
PPPoE passthrough allows PPPoE clients on LAN hosts to establish sessions with
PPPoE servers on the WAN side. DRGOS supports simultaneous PPPoE sessions for
different services including Internet.
PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP
packets. DRGOS supports one simultaneous PPTP tunnel.
By default VPN passthrough is enabled. No action is required to configure VPN
passthrough.

Configuring NTP
Network Time Protocol (NTP) is a protocol for synchronizing devices’ system clocks
in a network. NTP servers are used as the reference time sources. The following
commands can be used to configure NTP on DRGOS:

Command Description

ntp server Configures the NTP servers

ntp sourceinterface Configures the source interface for NTPrelated traffic

Configuring NTP Servers

You can specify the NTP servers’ locations using CLI command or DHCP option 42.
If any NTP server is configured using CLI, then all addresses learned through DHCP
option 42 are ignored. Multiple servers can be defined using multiple commands.
The following examples show how to configure an NTP server using CLI:
Example 7 Configuring an NTP server using the hostname
drgos(config)# ntp server 0.europe.pool.ntp.org

drgos(config)# ntp server ntp2.example.com

50
Configuring the System

Example 8 Configuring an NTP server using the IP address

drgos(config)# ntp server 172.19.33.8 port 123

Configuring NTP Source Interface

By default the management source interface is used as the source interface for the NTP
related traffic. The NTP source interface is used for the following purposes:
• If no NTP server is configured using the ntp server command, DRGOS learns the
NTP servers from DHCP option 42 only through the NTP source interface.
• DRGOS communicates with the configured or learned NTP servers only through
the NTP source interface.
Optionally, you can specify a different source interface. For example:
drgos(config)# ntp source-interface vlan100

Setting System Clock

The DRGOS system clock is synchronized with the NTP servers and is adjusted with
the time zone setting. The default time zone is UTC.
You can set a different time zone using the clock timezone command. The time zone
can be set by a named time zone, by a geographical location, or with an offset in hours
relative to the Coordinated Universal Time (UTC).

Example 9 Setting system time zone by a named time zone

You can indicate the standard name for the time zone in the command:
drgos(config)# clock timezone CET

Example 10 Setting system time zone by a geographical location

To set the system time zone by a geographical location, perform the following steps:

1. See the list of supported time zones:

drgos(config)# clock timezone ?

2. Select one of the supported locations in the list. For example:

drgos(config)# clock timezone Europe/Stockholm

Example 11 Setting system time zone with an offset

You can indicate with an offset in hours relative to the UTC:
drgos(config)# clock timezone -2

Daylight saving is automatically managed for configured time zone. For example, when
Central European Time (CET) is configured, in summer, the RG automatically

51
Configuring the System

changes to Central European Summer Time (CEST), i.e. UTC +2.

To view the system clock, use the show clock command, e.g.
drgos# show clock

Mon Jun 06 13:20:01 2011 CEST

Specifying Logging Server

By default DRGOS stores system logs locally. You can configure DRGOS to send
system logs to a remote server in addition to the local storing. For example,
drgos(config)# logging server syslog.example.com

The default port of the remote logging server is the standard syslog port—UDP 514.
Alternatively, you can specify a different UDP port. For example,
drgos(config)# logging server 192.168.1.2 port 1000

Configuring Operator Identity in GUI

You can configure DRGOS to display the operator or service provider identity in GUI
pages, including the company name, the website, and the logo.

Configuring Reference Link

You can set the company name and the website by configuring the reference link.
Figure 14 shows the effect when the reference link is configured. When the end user
clicks the text description (normally the company name), the browser directs the user
to the reference link.

Figure 14 Reference link displayed in GUI

1. the reference link (e.g. the company website)

52
Configuring the System

2. description about the reference link (e.g. the company name)

To set the reference link and its description, use the http logo reference command.
For example:
drgos(config)# http logo reference http://www.example.com title
CompanyName

Configuring Logo Image

To optimally display the logo image with most screen resolutions, you can use an image
with a height of approximately 50 pixels.
Figure 15 shows the effect when the logo image is configured.

Figure 15 Logo image displayed in GU

To set the location of the logo image, use the http logo location command:
drgos(config)# http logo location http://www.example.com/logo.png
title CompanyLogo

Configuring Reference Link and Logo Image

To optimally display the logo image with most screen resolutions, you can use an image
with a height of approximately 50 pixels.
Figure 16 shows the effect when both the company logo and the reference link are
configured. When the end user clicks the logo image, the browser directs the user to
the reference link.

53
Configuring the System

Figure 16 Company logo and reference link displayed in GUI

1. the logo image

2. the reference link
To configure the logo image and the reference link:
drgos(config)# http logo reference http://www.example.com title
CompanyName

drgos(config)# http logo location http://www.example.com/logo.png

title CompanyLogo

54
Configuring IPv4

For the information about configuring basic IPv4 connectivity, see “Configuring WAN
Interface” on page 47 and “Configuring LAN Interfaces” on page 48. The following
sections describe how to configure other IPv4related functions:
• “Configuring NAT Port Forwarding” on page 55
• “Configuring DMZ Host” on page 57
• “Configuring Access Control Lists” on page 58

Configuring NAT Port Forwarding

You can configure Network address translation (NAT) port forwarding in DRGOS to
allow traffic to be transferred even when the conversation originates from the external
network.
NAT port forwarding can be used when a server (e.g. web server, game console, FTP
server, mail server, etc.) is running within the private network and external access to the
server is permitted.
Note: NAT port forwarding rules only affect routed traffic; they have no effect on
traffic that is targeted to the RG itself.
To configure NAT port forwarding, the operator needs to map the ports on the
external interface to the corresponding ports of the destination host on the internal
network. The port mapping can be done with the ip nat forward command.
The following examples show the usage of this command:

Example 12 Setting NAT port forwarding for FTP access

To allow external hosts on port 21 to access the FTP server (with IP address
“192.168.1.183”) in the private LAN, use the following configuration:
drgos(config)# ip nat forward seq 10 protocol tcp port 21
destination-host 192.168.1.183 name ftp

Note: When no destination ports are specified, the ports are mapped to the same ports
on the destination host.

Example 13 Setting NAT port forwarding for a web server (without port remapping)
To allow external hosts on ports 80, 8000, 8080 to visit the web server (with IP address

55
Configuring IPv4

“192.168.1.181”) in the private LAN, use the following configuration:

drgos(config)# ip nat forward seq 40 protocol tcp port 80,8000,8080
destination-host 192.168.1.181 name webserver

Example 14 Setting NAT port forwarding for a web server (with port remapping)
To allow external hosts to visit the web server with the IP address “192.168.1.181” in
the private LAN, with ports “10080, 18000, 18080” remapped to ports “80, 8000,
8080”, use the following configuration:
drgos(config)# ip nat forward seq 60 protocol tcp port
10080,18000,18080 destination-host 192.168.1.181 destination-port
80,8000,8080 name webserver

Example 15 Setting NAT port forwarding for games (consoles or PCs)

To allow external hosts to visit the game console on the private LAN, use the following
configuration:
drgos(config)# ip nat forward seq 70 protocol both port 2300-2400
destination-host 192.168.1.182 name game1

“Both” means that both TCP and UDP packets are forwarded.
Note: Port ranges may only be used when port remapping is not being used.
For “port” and “destinationport”, you can define a port list, a port range, or a
combination of both, such as, “80,30003007,8800”.

56
Configuring IPv4

Configuring DMZ Host

The Demilitarized Zone (DMZ) host is a computer in the private network. It can be
accessed from the Internet regardless of firewall protection.
DRGOS supports configuration of a DMZ host in the LAN. All IP traffic (or traffic of
the specified IP protocol) using any port is forwarded to the corresponding port of the
DMZ host.
Note: DMZ host configuration only affects routed traffic; it has no effect on traffic that
is targeted to the RG itself. In addition, management traffic (e.g. SNMP and TR
069) is not affected.
When firmware upgrades or configuration updates are performed using TFTP,
an enduser DMZ host rule can disrupt operation of the router TFTP client due
to the operational nature of TFTP. As a result, when TFTP operations are being
performed, any DMZ host rule using UDP traffic will be temporarily suspended.
Since the duration of TFTP operations is generally a few seconds, and most
DMZ servers use TCP, this should not cause significant impact to the enduser
services.
To configure the DMZ host in the LAN, use the ip nat forward command. For
example:
drgos(config)# ip nat forward seq 999 protocol any destination-host

192.168.1.2 name dmz-host

57
Configuring IPv4

Configuring Access Control Lists

An access control list (ACL) is a list of access control entries. Each entry is a rule to be
applied on the packets on an interface. An ACL entry defines some criteria for the
packets and specifies an action performed on the matching packets.
An ACL is used to limit access to specific interfaces by protocol, source, and/or
destination address. It can be defined for any interface, whether default or userdefined.
Note: IPv4 ACLs only affect traffic that is targeted to the RG itself; they have no effect
on routed or bridged traffic.

Default Access Control Lists

By default, some access control rules are defined for the default and userdefined
interfaces. This ensures secure, but open access to DRGOS for all relevant services. If
any operatorconfigured ACL is applied to an interface, then all default rules become
inactive on that interface.
Note: The default access control rules are not shown in runningconfiguration
information.

Default VLAN Access Control Rules

By default, some incoming traffic is permitted on specific ports on the default and user
defined VLAN interfaces.

Table 4 Permitted incoming traffic on upstream interfaces by default

Protocol Port or protocol

TCP Port 22 (SSH), 5060–5061 (SIP), 8082 (request for TR069 connection)

IP Protocol 41 (6rd and 6to4)

UDP Port 5060–5061 (SIP), 68 (BOOTP/DHCP), 161 (SNMP), 1024–65535

(RTP), 9115 (GAPS)

ICMP all

Default Access Control Rules for Voice VLAN Configured via GAPS
When GAPS is used to configure the voice service, an ACL is automatically created and
applied to the voice VLAN.

Table 5 Permitted incoming traffic on voice VLAN by default

Protocol Port or protocol

TCP Port 5060–5061 (SIP)

UDP Port 5060–5061 (SIP), 80008015 (RTP)a, 68 (BOOTP/DHCP)

ICMP echo

a. If the local RTP port is defined (through GAPS parameter local_rtp_port), the port range should be
[local_rtp_port]–[local_rtp_port+15]. For example, if the local RTP port is configured as
1000, then traffic through ports 1000–1015 is permitted.

58
Configuring IPv4

Default LAN Access Control Rules

By default, some incoming traffic is permitted on specific ports on the LAN interface.

Table 6 Permitted incoming LAN traffic by default

Protocol Port

TCP 80 (HTTP), 5000 (UPnP)

UDP 67 (BOOTP/DHCP), 53 (DNS), 1900 (UPnP)

ICMP all

Basics of ACL Configuration

Note: Apply an ACL to all interfaces consistent with their use, e.g. only permit access
to the management interface from hosts in the Network Operation Center
(NOC), and only allow known SIP proxies to access the VoIP interface.
The following CLI commands are used to configure the access control lists:

Table 7 CLI commands for ACL

Command Description

accesslist This command creates an access control list and brings the operator into the
context of the list. In the context of the list, the operator can configure each
access control entry.

ip accessgroup This command applies an existing access control list to the incoming or
outgoing packets on a specified interface.

show accesslist This command displays the existing accesslists in the system. For each entry
in the list, the number of packets that have matched the entry is also
displayed.

accesslist clearcounters This command clears the counters (numbers of hits) for all entries in the
specified accesslist.

The following simple examples show how to configure an access control list using ACL
commands.
Example 16 Configuring an access control list
To create an access control list my-acl with specific rules:
drgos(config)# access-list my-acl
drgos(config-acl)# seq 10 permit tcp source any destination any 80
drgos(config-acl)# seq 20 deny ip destination 192.168.1.0/24
drgos(config-acl)# seq 30 permit udp source any range 8000 8999
drgos(config-acl)# seq 50 permit udp source any destination any 68
drgos(config-acl)# seq 70 permit tcp source any destination any 22
drgos(config-acl)# seq 90 permit udp source any destination any 161

To delete the entry with sequence number 20 in the access control list my-acl:
drgos(config)# access-list my-acl

59
Configuring IPv4

drgos(config-acl)# no seq 20

To view the entries in the access control list my-acl:

drgos# show access-list my-acl
Access-list my-acl (3 entries, 5 implicit denies)
access-list seq 10 permit tcp source any destination any 80 (2 hits)
access-list seq 30 permit udp source any range 8000 8999 (2 hits)
access-list seq 50 permit udp source any destination any 68 (2 hits)
access-list seq 70 permit tcp source any destination any 22 (2 hits)
access-list seq 90 permit udp source any destination any 161 (2 hits)
In the first line of the result, the number of entries and the number of hits of the
implicit denies are displayed. For each entry, the number of packets that have matched
the entry is displayed.

Example 17 Applying access control lists to interface

To apply the lists to the corresponding interfaces:
drgos(config-if-vlan)# ip access-group my-acl in

Example 18 Deleting an access control list

To delete the access control list my-acl:
drgos(config)# no access-list my-acl

Permitting Traffic on Essential Ports in All ACLs

All ACLs have a default action which drops all packets—this does not need to be
explicitly defined. That is, a packet will be dropped in the following cases:
• an operatorconfigured ACL is applied and the packet does not match the criteria
of the operatorconfigured ACL rules
• no operatorconfigured ACL is applied and the packet does not match the criteria
of the default ACL rules
As some ports are vital for basic connectivity and management traffic, the operator
needs to add the following ACL rules when defining an ACL:

Use..., To allow...

• for incoming packets: DHCP traffic for IP management

permit udp source any destination any 68
• for outgoing packets:
permit udp source any destination any 67

permit tcp source any destination any 22 SSH access from WAN

permit udp source any destination any 161 SNMP access from WAN

Note: If Universal Plug and Play (UPnP) traffic is allowed on the WAN interface, the
RG may expose vulnerabilities to the Internet. Therefore ensure that packets on
UDP port 1900 (used for UPnP) are blocked in ACL on the WAN interface. By

60
Configuring IPv4

default the packets are blocked.

Configuring an ACL for Management Interface

The management interface should be configured as only accessible from specific hosts
or networks. This prevents other hosts from accessing the RG management.
To create an access control list my-mgmt-acl for the management interface:
drgos(config)# access-list my-mgmt-acl
drgos(config-acl)# seq 10 permit ip source 172.19.10.0/28
drgos(config-acl)# seq 20 permit ip source host 172.19.10.111
drgos(config-acl)# seq 30 permit icmp source 172.19.10.0/24
drgos(config-acl)# seq 40 permit udp source any destination any 68
drgos(config-acl)# seq 50 permit tcp source any destination any 22
drgos(config-acl)# seq 60 permit udp source any destination any 161

To apply the list my-mgmt-acl to the management interface (vlan1 in this

example):
drgos(config)# interface vlan1
drgos(config-if-vlan)# ip access-group my-mgmt-acl in

In this example, IP access is given to hosts in range 172.19.10.0–15 and host

172.19.10.111. Hosts in range 172.19.10.0–255 can use ICMP. DHCP access using
UDP port 68, SSH access using TCP port 22, and SNMP access using UDP port 161
are permitted for all hosts.

Configuring an ACL for VoIP Interface

The VoIP interface may have access restricted such that only the known proxies are able
to communicate with the RG. This ensures that malicious messages cannot be injected,
which can be used for creating ghost calls, inducing call termination and other denial
or service attacks.
To create an access control list my-voip-acl for the VoIP interface:
drgos(config)# access-list my-voip-acl
drgos(config-acl)# seq 10 permit udp source 10.20.0.0/26 range 5060 5061
drgos(config-acl)# seq 20 permit tcp source 10.20.0.0/26 range 5060 5061
drgos(config-acl)# seq 30 permit icmp source 10.20.0.0/26
drgos(config-acl)# seq 40 permit udp source any destination any range 8000
8015
drgos(config-acl)# seq 50 permit udp source any destination any 68

To apply the list my-voip-acl to the VoIP interface (vlan100 in this example):
drgos(config)# interface vlan100
drgos(config-if-vlan)# ip access-group my-voip-acl in

Configuring an ACL for Internet Interface

The Internet service interface would typically not be restricted in any way, unless policy
or legal enforcement requires it. However, it would be considered better to implement
these restrictions elsewhere, e.g. the access layer. An example is provided here just to

61
Configuring IPv4

demonstrate how access control lists may be used.

To create access control lists for Internet interfaces:
drgos(config)# access-list my-internet-acl-in
drgos(config-acl)# seq 10 permit tcp source any range 6881 6889
drgos(config-acl)# seq 20 permit udp source any destination any 68
drgos(config-acl)# seq 30 permit icmp

When 6rd is used on the interface, to allow IPv6 encapsulated traffic to go through the
IPv4 firewall, include the following rule:
drgos(config-acl)# seq 40 permit ip protocol 41

To apply the lists to the Internet interface (vlan200 in this example):

drgos(config)# interface vlan200
drgos(config-if-vlan)# ip access-group my-internet-acl-in in

Allowing Access to GUI from WAN

In some cases, an operator may want to access the GUI of an RG in addition to SSH,
for example to view changes made by an end user.
To create an access control list for the management interface:
drgos(config-acl)# seq 10 permit tcp source 100.0.0/24 destination any 22
drgos(config-acl)# seq 20 permit tcp source 100.0.0/24 destination any 80
drgos(config-acl)# seq 30 permit udp source any destination any 68

To apply the list my-gui-acl to the management interface (vlan1 in this example):
drgos(config)# interface vlan1
drgos(config-if-vlan)# ip access-group my-gui-acl in

Note: For security reason, limit the access only to the hosts which require it, e.g. the
Network Operations Center (NOC).

Allowing Access to SSH from LAN

In some cases, an operator may wish to access CLI of an RG from the LAN. This can
be used by a local administrator.
To create an access control list for the LAN interface:
drgos(config)# access-list my-lan-acl
drgos(config-acl)# seq 10 permit tcp source any destination any 22
drgos(config-acl)# seq 20 permit tcp source any destination any 80
drgos(config-acl)# seq 30 permit tcp source any destination any 5000
drgos(config-acl)# seq 40 permit udp source any destination any 67
drgos(config-acl)# seq 50 permit udp source any destination any 161
drgos(config-acl)# seq 60 permit udp source any destination any 53
drgos(config-acl)# seq 70 permit udp source any destination any 1900
drgos(config-acl)# seq 80 permit icmp source any

To apply the list my-lan-acl to the LAN interface:

drgos(config)# interface lan
drgos(config-if-lan)# ip access-group my-lan-acl in

62
Configuring IPv4

Disabling or Enabling ICMP Echo

ICMP echo is usually used by the utilities “ping” or “traceroute” to test the network
connectivity and routes. On receiving an ICMP echo message, DRGOS responds with
an ICMP echo reply. By default ICMP echo and ICMP echo reply are enabled.
The following examples show how to configure ICMP echo on the WAN side. The
same mechanism works on the LAN side in this respect.
Example 19 Disabling or enabling ICMP echo
To reject all incoming ICMP echo messages from an upstream router and allow IP
connections, configure the following ACL:
drgos(config)# access-list wan-acl-in
drgos(config-acl)# deny icmp echo
drgos(config-acl)# permit ip

To allow DRGOS to receive ICMP echo messages and turn off IP connections,
configure the following ACL:
drgos(config)# access-list wan-acl-in
drgos(config-acl)# permit icmp echo
drgos(config-acl)# deny ip

Apply the ACL to the incoming traffic on the upstream VLAN:

drgos(config)# interface vlan1
drgos(config-if-vlan)# ip access-group wan-acl-in in

63
Configuring IPv6

This chapter describes the following:

• “IPv6 Implementation in DRGOS” on page 65
• “Configuring IPv6 Connectivity” on page 69
• “Verifying IPv6 Connectivity” on page 69
• “Configuring Access Control Lists” on page 71
• “Configuring DualStack Lite” on page 74
• “Configuring 6rd” on page 74
• “Configuring 6to4” on page 75

64
Configuring IPv6

IPv6 Implementation in DRGOS

DRGOS supports the following IPv6 features:
• Prefix Delegation
• IPv6 addressing, including Stateless Address AutoConfiguration (SLAAC) and
DHCPv6
• Router Advertisement on LAN
• IPv6 unicast routing
• IPv6 over PPPoE
• IPv6 forwarding
• DualStack Lite
• 6rd and 6to4 on IPv4 infrastructures
• Stateful IPv6 firewall
These IPv6 features are implemented in accordance with RFC6204 and other related
RFC standards.

IPv6 Prefix Delegation

IPv6 Prefix Delegation (PD) is a mechanism that is used to automate the delegation of
IPv6 prefixes. In the network architecture where prefix delegation is used, DRGOS
works as a Customer Edge (CE) router (see Figure 17).

Figure 17 Network Architecture

On the WAN side, DRGOS requests prefix delegation from the Provider Edge (PE)
router. On the LAN side, DRGOS advertises the delegated prefixes to the enduser
sites through Stateless Address AutoConfiguration (SLAAC).

IPv6 Addressing
IPv6 addresses are 128bits long (compared to 32 bits for IPv4). But IPv6 is not simply
an extended address size compared to IPv4. There are significant changes to the address
architecture. For more details on the IPv6 addressing architecture, see RFC4291.
DRGOS supports the following types of IPv6 addresses on an upstream VLAN
interface:
• linklocal address, which is used only between hosts on the same link

65
Configuring IPv6

• global address, which is needed to communicate on the Internet and has the
following address types:
– stateless address
– stateful address
– static address
Each interface should have one linklocal address and may have one or more global
addresses. The following table shows how different types of IPv6 addresses are
acquired.

Type How the address is acquired

linklocal address automatically generated when the link is up

stateless address acquired using Stateless Address AutoConfiguration (SLAAC) during the autoaddressing
process

stateful address acquired using DHCPv6 during the autoaddressing process

static address manually configured by the operator

If autoaddressing is configured, the interface listens for Router Advertisement (RA)

messages. If RA contains the prefix options, a stateless address is assigned to the
interface. If the M flag (Managed Address Configuration Flag) in the RA message is set,
the interface will also solicit a stateful address using DHCPv6.

Stateless Address AutoConfiguration

Stateless Address AutoConfiguration (SLAAC) is a mechanism within IPv6 that
allows hosts to select and configure their IP address without manual or DHCP server
intervention. SLAAC only depends on information from Router Advertisement
messages (prefix information) and information already available to the host itself. By
combining the announced prefixes with a selfgenerated interface ID, a complete IPv6
address is formed.
SLAAC is defined in RFC4862.

DHCPv6
DHCPv6 is a client/server protocol for stateful (address) autoconfiguration of IPv6.
DHCPv6 is defined in RFC3315.
Currently, both DHCPv6 server and client are implemented in DRGOS.
The DHCPv6 client supports:
• If the M flag is set in RA, DRGOS solicits a stateful address using DHCPv6.
• DRGOS obtains DNS information (including DNS servers and the domain search
list) on the WAN port.
• DRGOS acquires the IPv6 prefix for its LAN hosts through prefix delegation. In
the delegated prefix, DRGOS sets its LAN IPv6 address to its extended unique
identifier (EUI) address.
The DHCPv6 server only supports advertisement of DNS information to LAN hosts.
Note: Due to interoperability issues, the DNS learned from the DHCPv6 server does
not work on Windows XP.

66
Configuring IPv6

Router Advertisement on LAN

If a prefix is delegated, when DRGOS receives a Router Solication from a LAN host,
DRGOS sends a router advertisement (RA) to the LAN host and advertises itself as the
default router through SLAAC. DRGOS RA is implemented according to RFC 4861.

IPv6 Unicast Routing

Unicast IPv6 traffic is forwarded between a VLAN interface and the LAN interface.
DRGOS forwards all established unicast traffic initiated from WAN and all unicast
traffic initiated from LAN.
To route the outbound IPv6 traffic from LAN to WAN, the operator needs to specify
a VLAN interface as the external interface.

IPv6 Over PPPoE

When the PPPoE link is established, DRGOS gets one linklocal address based on the
interface identifier from the PPPoE server and a global address through SLAAC or
DHCPv6.

IPv6 Forwarding
DRGOS uses access control lists (ACLs) to control IPv6 traffic forwarding. IPv6 ACLs
are similar to IPv4 ACLs but with one major difference. IPv4 ACLs do not provide
control over forwarded traffic (this is controlled by NAT forwarding instead).
In case of IPv6, ACLs control traffic that is forwarded by the RG in addition to traffic
that is directed to the RG itself.

DualStack Lite
DualStack Lite (DSLite) is a technology for deploying IPv6 with continued support
for IPv4 services. DSLite provides an IPv6 tunnel for sending and receiving IPv4
packets while transmits IPv6 packets directly through IPv6 networks.
DSLite mainly uses two technologies: IPv4inIPv6 tunnel and Network Address
Translation (NAT).
To deploy DSLite, two elements are implemented in the service provider’s networks:
the Basic Bridging BroadBand (B4) element and the Address Family Transition Router
(AFTR).
• The B4 element creates an IPv4inIPv6 tunnel towards AFTR. It is typically a
home gateway capable of both IPv4 and IPv6.
• AFTR terminates the IPv4inIPv6 tunnel and performs NAT for IPv4 addresses.
It is typically a Carrier Grade NAT (CGN).
As shown in Figure 18, the RG can operate as a DSLite B4 element.

67
Configuring IPv6

Figure 18 DSLite deployment with RG

The RG learns the location of the AFTR from DHCPv6 option 64

(OPTION_AFTR_NAME). As the AFTR element performs IPv4IPv4 NAT, no
NAT is performed on the RG for IPv4 traffic.
For more information about DSLite, see RFC 6333 and RFC 6334.

6rd and 6to4 on IPv4 Infrastructures

DRGOS supports IPv6 rapid deployment (6rd), which allows service providers (SPs)
to rapidly deploy IPv6 to enduser sites via an IPv4 network.
A 6rd domain physically consists of 6rd Customer Edge (CE) routers and one or more
6rd Border Relays (BRs):
• The CE router is located on the edge of the SP’s IPv4 access network and provides
IPv6 connectivity to the end user’s network.
• The BR provides connectivity between the CE routers and the public IPv6
network.
The CE routers provide a range of 6rd delegated prefixes to their enduser sites. The
6rd delegated prefix is used in the same manner as the DHCPv6 delegated prefix.
DRGOS works as a CE router in a 6rd domain. In DRGOS, 6rd is implemented
according to RFC 5969. DRGOS supports one 6rd domain. The operator can
configure the following parameters for the 6rd prefix in CLI or in DHCP option 212:
IPv4MaskLen, 6rdPrefixLen, 6rdPrefix, and 6rdBRIPv4Address.
Since 6to4 is a subset of 6rd, DRGOS also supports 6to4. The main difference is that
a 6to4 prefix is always 2002::/16 while a 6rd prefix can be defined by the service
provider.

Stateful IPv6 Firewall

A firewall is implemented to protect DRGOS from access via IPv6. Besides the IPv6
forwarding rules (see “IPv6 Unicast Routing” on page 67), this IPv6 firewall has the
following behaviors or features:
• Any inbound traffic other than ICMPv6, DHCPv6, and HTTP is blocked on
LAN.
• Any inbound traffic other than ICMPv6 and DHCPv6 is blocked on WAN.

68
Configuring IPv6

Configuring IPv6 Connectivity

You can use the following commands to configure IPv6 connectivity:

Command Description

ipv6 address Configures IPv6 addressing on this interface by enabling/disabling autoconfiguration and/
or assigning a static IPv6 address

ipv6 externalinterface Specifies an interface to route IPv6 traffic

Perform the following steps:

1. For an interface to acquire a global IPv6 address, you need to configure IPv6
addressing on this interface.
For example, to autoconfigure IPv6 addresses on vlan2:
drgos(config)# interface vlan2
drgos(config-if-vlan)# ipv6 address auto
To configure a static IPv6 address on vlan2:
drgos(config-if-vlan)# ipv6 address 2000::/32 eui-64
To configure IPv6 over PPPoE on vlan2:
drgos(config-if-vlan)# ip address pppoe
drgos(config-if-vlan)# ipv6 address pppoe
Note: To enable IPv6 over PPPoE, the IPv4 address configuration should also be
PPPoE.

2. Specify an interface to route IPv6 traffic:

drgos(config)# interface lan
drgos(config-if-lan)# ipv6 external-interface vlan100

Verifying IPv6 Connectivity

You can use the following commands to diagnose IPv6:

Command Description

ping6 Tests the IPv6 connectivity between DRGOS and a remote host by sending ICMPv6 echo
requests to the host

show ipv6 neighbors Displays the information of IPv6 neighbors

show ipv6 route Displays the system IPv6 routing table

To verify whether DRGOS is able to forward IPv6 traffic, perform the following steps:

1. Diagnose the basic IPv6 connectivity on DRGOS:

a) On DRGOS, ping the upstream router using ping6.
b) On DRGOS, ping a host on the LAN side using ping6.

69
Configuring IPv6

c) On the LAN host, ping the upstream router of DRGOS.

The following table shows what the output of ping6 indicates:
If the output is..., it indicates that...

drgos# ping6 2000:199::511e:f0ab:b13c:7931 IPv6 connection between DRGOS and the

PING 2000:199::511e:f0ab:b13c:7931 (2000:199::511e:f0ab:b13c:7931): 56 data bytes pinged router or host has been established.
64 bytes from 2000:199::511e:f0ab:b13c:7931: seq=0 ttl=64 time=1.217 ms
64 bytes from 2000:199::511e:f0ab:b13c:7931: seq=1 ttl=64 time=0.424 ms
64 bytes from 2000:199::511e:f0ab:b13c:7931: seq=2 ttl=64 time=0.452 ms
64 bytes from 2000:199::511e:f0ab:b13c:7931: seq=3 ttl=64 time=0.435 ms
64 bytes from 2000:199::511e:f0ab:b13c:7931: seq=4 ttl=64 time=0.425 ms

2000:199::511e:f0ab:b13c:7931 ping statistics

5 packets transmitted, 5 packets received, 0% packet loss
roundtrip min/avg/max = 0.424/0.590/1.217 ms

drgos# ping6 4000:2000::1 IPv6 connection between DRGOS and the

PING 4000:2000::1 (4000:2000::1): 56 data bytes pinged router or host has some problems. As
ICMPv6 messages may be filtered by firewalls
ping6: sendto: Network is unreachable and other network devices, the cause might be
something other than a broken network
connection or router.
Find the root cause, fix it, and ping again.

2. Display the information of IPv6 neighbors using show ipv6 neighbors:

drgos# show ipv6 neighbors
Kernel IPv6 neighbours table
IPv6 address Interface HW address R/H
Status
fe80::217:a4ff:fee2:1fa0 vlan1 00:17:a4:e2:1f:a0 router
REACHABLE
fe80::2422:98b7:9743:aae2 vlan1 00:26:b9:d9:76:ab host
REACHABLE

3. Display the IPv6 routing table using show ipv6 route:

drgos# show ipv6 route
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2000:199::511e:f0ab:b13c:7931/128:: U 256 0 0 vlan199
3000:199::/64 :: U 256 0 0 lan
fe80::/64 :: U 256 0 0 lan
fe80::/64 :: U 256 0 0 wlan1
fe80::/64 :: U 256 0 0 vlan199
fe80::/64 :: U 256 0 0 vlan299
fe80::/64 :: U 256 0 0 vlan1
ff00::/8 :: U 256 0 0 lan
ff00::/8 :: U 256 0 0 wlan1
ff00::/8 :: U 256 0 0 vlan199
ff00::/8 :: U 256 0 0 vlan299
ff00::/8 :: U 256 0 0 vlan1

70
Configuring IPv6

Configuring Static IPv6 Routes

DRGOS sends packets to networks based on information in the routing table. The
directlyconnected networks are automatically included in the routing table.
To send packets to networks that are not directly connected on the WAN side,
DRGOS needs to know the path to the target network. In this case, you can manually
add routes for these networks in the routing table.
To configure a target network and the nexthop gateway:
drgos(config)# ipv6 route 1000:199::/32
1000:199:ac13:2188:20f:5dff:fea0:90

Optionally, you can restrict the routed traffic to a VLAN interface:

drgos(config)# ipv6 route 1000:199::/32
1000:199:ac13:2188:20f:5dff:fea0:90 interface vlan200

To view all IPv6 routes including the static routes, use the show ipv6 route command.

Configuring Access Control Lists

IPv6 ACLs control traffic that is targeted to the RG itself and that is forwarded by the
RG (between WAN and LAN).

Default Access Control Lists

Default VLAN Access Control Rules

By default, some incoming traffic is permitted on specific ports on the default and user
defined VLAN interfaces.

Table 8 Permitted incoming traffic on upstream interfaces by default

Protocol Port or protocol

TCP Port 22 (SSH), 5060–5061 (SIP), 8082 (request for TR069 connection)

UDP Port 5060–5061 (SIP), 546 (DHCPv6), 161 (SNMP), 1024–65535 (RTP),
9115 (GAPS)

ICMPv6 all

71
Configuring IPv6

Default LAN Access Control Rules

By default, some incoming traffic is permitted on specific ports on the LAN interface.

Table 9 Permitted incoming LAN traffic by default

Protocol Port

TCP 80 (HTTP), 5000 (UPnP)

UDP 547 (DHCPv6), 53 (DNS), 1900 (UPnP)

ICMPv6 all

Basics of ACL Configuration

Table 10 CLI commands for ACL

Command Description

ipv6 accesslist This command creates an access control list and brings the operator into the
context of the list. In the context of the list, the operator can configure each
access control entry.

ipv6 accessgroup This command applies an existing access control list to the incoming or
outgoing packets on a specified interface.

show ipv6 accesslist This command displays the existing accesslists in the system. For each entry
in the list, the number of packets that have matched the entry is also
displayed.

clear counter ipv6 accesslist This command clears the counters (numbers of hits) for all entries in the
specified accesslist.

The following simple examples show how to configure an access control list using ACL
commands.
Example 20 Configuring an access control list
To create an access control list my-acl with specific rules:
drgos(config)# ipv6 access-list my-acl
drgos(config-acl)# seq 10 permit tcp source any destination any 80
drgos(config-acl)# seq 20 deny ipv6 destination fd30::/7
drgos(config-acl)# seq 30 permit udp source any range 8000 8999
drgos(config-acl)# seq 50 permit udp source any destination any 546
drgos(config-acl)# seq 70 permit tcp source any destination any 22
drgos(config-acl)# seq 90 permit udp source any destination any 161

To delete the entry with sequence number 20 in the access control list my-acl:
drgos(config)# ipv6 access-list my-acl

72
Configuring IPv6

drgos(config-acl)# no seq 20

To view the entries in the access control list my-acl:

drgos# show ipv6 access-list my-acl
IPv6 access-list my-acl (3 entries, 5 implicit denies)
seq 10 permit tcp source any destination any 80 (2 hits)
seq 30 permit udp source any range 8000 8999 (2 hits)
seq 50 permit udp source any destination any 546 (2 hits)
seq 70 permit tcp source any destination any 22 (2 hits)
seq 90 permit udp source any destination any 161 (2 hits)
In the first line of the result, the number of entries and the number of hits of the
implicit denies are displayed. For each entry, the number of packets that have matched
the entry is displayed.

Example 21 Applying access control lists to interface

To apply the lists to the corresponding interfaces:
drgos(config-if-vlan)# ipv6 access-group my-acl in

Example 22 Deleting an access control list

To delete the access control list my-acl:
drgos(config)# no ipv6 access-list my-acl

Permitting Traffic on Essential Ports in All ACLs

Use..., To allow...

• for incoming packets: DHCP traffic for IP management

permit udp source any destination any 546
• for outgoing packets:
permit udp source any destination any 547

permit tcp source any destination any 22 SSH access from WAN

permit udp source any destination any 161 SNMP access from WAN

Forwarding Traffic
The following examples describe how to configure IPv6 ACLs for filtering forwarded

73
Configuring IPv6

traffic between WAN and LAN.

Example 23 Allowing WAN hosts to access a web server in LAN
To allow external hosts to visit the web server with the IP address
“2000:199:1321:cc11::50” in the private LAN, use the following configuration:
drgos(config)# ipv6 access-list my-acl-wan2lan
drgos(config-acl)# seq 10 permit tcp source any destination host
2000:199:1321:cc11::50 80
drgos(config-acl)# seq 20 permit tcp source any destination host
2000:199:1321:cc11::50 8000
drgos(config-acl)# seq 30 permit tcp source any destination host
2000:199:1321:cc11::50 8080

drgos(config)# interface vlan2

drgos(config-if-vlan1)# ipv6 access-group my-acl-wan2lan forward

Note: Unlike IPv4 port forwarding, because IPv6 addresses are globally routable, it is
not necessary to define external public ports when forwarding IPv6 traffic
between WAN and LAN.

Configuring DualStack Lite

To configure DSLite, perform the following steps:

1. Configure the fully qualified domain name (FQDN) of the AFTR via DHCP
option 64 on the DHCP server. For example:
option aftr-name "aftr.example.com"

2. Configure the IPv4inIPv6 tunnel for IPv4 traffic. For example:

drgos(config)# interface tunnel1
drgos(config-if-tunnel1)# tunnel mode ds-lite
drgos(config-if-tunnel1)# tunnel ds-lite interface vlan100

3. Configure the IPv4inIPv6 tunnel as the external interface for nonNAT traffic
from the LAN. For example:
drgos(config)# interface lan
drgos(config-if-lan)# ip external-interface tunnel1

4. Configure the external interface for IPv6 traffic. For example:

drgos(config)# interface lan
drgos(config-if-lan)# ipv6 external-interface vlan200

Configuring 6rd
You can use the following CLI commands to configure 6rd:

Command Description

tunnel mode Configures the mode of the tunnel interface to 6rd

74
Configuring IPv6

Command Description

tunnel 6rd interface Configures the sourceinterface for 6rd tunnels

tunnel 6rd ipv4masklength Configures the number of highorder bits that are identical across all CE IPv4 addresses
within a given 6rd domain

tunnel 6rd prefix Configures the 6rd IPv6 prefix and the length of the 6rd IPv6 prefix for the given 6rd
domain

tunnel 6rd borderrouter Configures the IPv4 address or hostname of the 6rd Border Relay for a given 6rd domain

Note: To operate correctly on the Internet using 6rd, the RG must have a public IPv4
address or a private IPv4 address within the same IPv4 space as the Border Relay.
Example 24 shows how to configure 6rd in a service provider’s network for customer
IPv6 networks.
Example 24 Configuring 6rd for customer IPv6 networks
interface tunnel1
tunnel mode 6rd
tunnel 6rd interface vlan1
tunnel 6rd prefix 3000:1::/32
tunnel 6rd ipv4-mask-length 8
tunnel 6rd border-router 172.19.33.136

interface lan
ipv6 external-interface tunnel1

In this example, the length of IPv4 netmask in a 6rd domain is 8, so 24 bits of the IPv4
address are used. The length of the 6rd delegated prefix is: 32+24=56.

Configuring 6to4
Note: To operate correctly on the Internet using 6to4, the RG must have a public IPv4
address.
Example 25 shows how to configure 6to4. Always set the 6to4 prefix to 2002::/16 and
the IPv4 mask length to 0. By default the IPv4 mask length is 0 and it is explicitly
defined here for clarity.

75
Configuring IPv6

Example 25 Configuring 6to4

interface tunnel1
tunnel mode 6rd
tunnel 6rd interface vlan1
tunnel 6rd prefix 2002::/16
tunnel 6rd ipv4-mask-length 0
tunnel 6rd border-router 192.88.99.1

interface lan

ipv6 external-interface tunnel1

76
Configuring WLAN

WLAN configuration includes:

• “Configuring WLAN Interfaces” on page 78
• “Configuring Physical Characteristics” on page 78
• “Configuring WLAN SSID” on page 79
• “Configuring WLAN Security” on page 80

77
Configuring WLAN

Overview of WLAN Support in DRGOS

Each radio interface of the RG supports up to four WLAN interfaces: wlan14 (on 2.4
GHz band) or wlan58 (on 5 GHz band). By default, only the first WLAN interface of
each radio interface, i.e. wlan1 or wlan5, is enabled. All other WLAN interfaces are
disabled.
The following table shows which WLAN interfaces are enabled or disabled by default
for single or dualband models:

Models WLAN interfaces enabled by WLAN interfaces disabled by

default default

Single band (2.4 GHz) wlan1 wlan24

Dual band (2.4 GHz and 5 GHz) wlan1, wlan5 wlan24, wlan68

The operator can enable a WLAN interface via CLI, configuration file, SNMP, or
CWMP. Only WLAN interfaces enabled by default are visible in GUI and can be
configured by end users.
Note: Only 2.4 GHz interfaces (wlan14) can be managed via SNMP MIB.
Management of 5 GHz interfaces (wlan58) in SNMP MIB is not currently
supported.

Configuring WLAN Interfaces

To enable a WLAN interface (e.g. wlan2), use the following commands:
interface wlan2

no shutdown

If the NAT external interface is defined, the default behavior is to route the WLAN
traffic to the WAN interface. To bridge a WLAN interface with the WAN interface,
you need to add a VLAN to the WLAN interface. For example:
interface wlan2

vlan member 1

vlan untagged 1

Note: A WLAN interface only supports one VLAN member—the untagged VLAN.
On WLAN interfaces, IEEE802.1p priority is ignored and has no effect.

Configuring Physical Characteristics

The basic settings define the key operational characteristics for the WLAN. These
settings are common for all WLAN interfaces.

78
Configuring WLAN

Table 11 Commands Physical Characteristics for WLAN

Command Description

wlan mode Configures the operational mode (802.11 a/b/g/n/ac) for the WLAN

wlan country Configures the available wireless channels and the maximum allowed power
levels within these channel ranges

wlan channel Configures the preferred wireless channel

wlan txpower Configures the transmission power

wlan bandwidth Configures the bandwidth of each channel

Configuring WLAN SSID

You can use the following commands to configure the WLAN SSID:

Table 12 Commands for configuring WLAN SSID

Command Description

wlan ssid Configures the SSID

wlan ssid broadcast Enables or disables the SSID broadcast

Setting WLAN SSID

The service set identifier (SSID) is a network name shared among all points in a wireless
network. The SSID must be identical for all devices in the wireless network. It is case
sensitive and must not exceed 32 characters. Make sure that this setting is the same for
all points in your wireless network. For the sake of security, you should change the
default SSID to a unique name. For example,
drgos(config)# interface wlan1

drgos(config-if-wlan)# wlan ssid MyNetwork

To include space characters in the SSID, place the SSID inside the quotation marks.
For example,
drgos(config-if-wlan)# wlan ssid “My Network”

Disabling or Enabling WLAN SSID Broadcast

If you do not want to broadcast the SSID to the wireless clients, you can disable SSID
broadcast. When it is disabled, the wireless clients cannot search out the SSID when
scanning the local area for wireless networks. Only the clients know the SSID in
advance can access the WLAN with the SSID.
To disable WLAN SSID broadcast, type the following command:
drgos(config-if-wlan)# no wlan ssid broadcast

79
Configuring WLAN

Configuring WLAN Security

Table 13 WLAN commands

Command Description

wlan security authentication Configures the WEP authentication method

wlan security passphrase Configures the passphrase

wlan security key Configures the security key

wlan accesspolicy Specifies the access policy applied to the specified clients: allow or reject

wlan accesscontrol Specifies the MAC addresses of the clients that are controlled by the access
policy

wlan wps enable Enables or disables WPS

Configuring Authentication Methods

To secure the WLAN from unauthorized access, DRGOS supports different
authentication and data encryption methods.
• Wired Equivalent Privacy (WEP): WEP encryption uses the Ron's Code 4 (RC4)
Stream Cipher with 40 or 104bit keys and a 24bit initialization vector (IV).
WEP encryption operates in two modes:
– Open (recommended)—This mode of authentication is essentially a null
operation. All clients are allowed to authenticate.
– Shared Key—This mode allows the RG to send the client a challenge text, which
the client encrypts and returns to the RG. If the RG successfully decrypts the
challenge text, the client is authenticated.
• WiFi Protected Access (WPA): WPA addresses all known WEP vulnerabilities.
WPA uses 128bit encryption keys and dynamic session keys to ensure the wireless
network’s privacy and security.
WPA supports the following security specifications for data encryption:
– Temporal Key Integrity Protocol (TKIP)
– Advanced Encryption Standard (AES)
– TKIP+AES
• WiFi Protected Access 2 (WPA2): A more advanced and secure version of WPA.
WPA2 supports the following security specifications for data encryption:
– Temporal Key Integrity Protocol (TKIP)
– Advanced Encryption Standard (AES)
– TKIP+AES
• WPAEnterprise: WPA authentication via an external RADIUS server.
WPAEnterprise supports the following security specifications for data encryption:
– Temporal Key Integrity Protocol (TKIP)
– Advanced Encryption Standard (AES)
– TKIP+AES
• WPA2Enterprise: WPA2 authentication via an external RADIUS server.
WPA2Enterprise supports the following security specifications for data encryption:

80
Configuring WLAN

– Temporal Key Integrity Protocol (TKIP)

– Advanced Encryption Standard (AES)
– TKIP+AES
• WPAWPA2Enterprise: The mixed mode that enables both WPAEnterprise and
WPA2Enterprise authentication methods via an external RADIUS server.
WPAWPA2 Enterprise supports the following security specifications for data
encryption:
– Temporal Key Integrity Protocol (TKIP)
– Advanced Encryption Standard (AES)
– TKIP+AES
By default, DRGOS uses WPA2 for authentication and AES for encryption. The
default encryption key is devicespecific and can be found on the RG label or the CD
label. For security reasons, it is recommended to change the key used.
Use the wlan security authentication command to configure the authentication
methods as shown in the following examples.
Example 26 Configuring WPA2 for WLAN security
drgos(config)# interface wlan1
drgos(config-if-wlan)# wlan security authentication wpa2 aes
drgos(config-if-wlan)# wlan security passphrase "passphrase1"

Example 27 Configuring WPA2Enterprise for WLAN security

drgos(config)# interface wlan1
drgos(config-if-wlan)# wlan security authentication wpa2-enterprise
aes
drgos(config-if-wlan)# wlan security aaa server radius.example.com
secret "my secret"

Example 28 Configuring WEP for WLAN security

You can configure a pass phrase and generate the WEP key from the pass phrase.
drgos(config)# interface wlan1
drgos(config-if-wlan)# wlan security authentication wep open
drgos(config-if-wlan)# wlan security passphrase "passphrase2"

Alternatively, you can define up to four keys and select one key to use in a WLAN. The
key should be 10 or 26 hex digits.
drgos(config)# interface wlan1

drgos(config-if-wlan)# wlan security key 1 hex 8f58765dfe

drgos(config-if-wlan)# wlan security authentication wep open key 1

Normally, you should configure an authentication method. If no authentication is

used, it is recommended to restrict wireless access with WLAN access policy (see
“Setting WLAN Access Policy” on page 82).

81
Configuring WLAN

drgos(config)# interface wlan1

drgos(config-if-wlan)# wlan security authentication none

Setting WLAN Access Policy

If no authentication is set, you can restrict access to the WLAN by filtering the MAC
addresses of the wireless devices.
The wlan accesspolicy command specifies the policy for filtering wireless users by
MAC address: allow or reject.
• If set to allow, only the clients with the MAC addresses in the accesslist are
permitted to access the wireless network.
• If set to reject, only the clients in the accesslist are prevented from accessing the
wireless network.
The following example only allows the client whose MAC address is 1102.0203.0506
to access the network:
drgos(config-if-wlan)# wlan access-policy allow

drgos(config-if-wlan)# wlan access-control 1102.0203.0506

To disable the MAC address filter, use no wlan accesspolicy.

Disabling or Enabling WPS

WiFi Protected Setup (WPS) supports methods (e.g. pushing a button or entering a
PIN into a wizardtype application) that are familiar to most consumers to configure a
network and enable security. However, a major security flaw has been identified for
WPS—unauthorized parties are allowed to gain access to the network using a brute
force attack to determine the WPS pincode and therefore determine the authentication
details for the network. To defend against these bruteforce attacks, the operator can
disable WPS as a workaround.
By default, WPS is enabled. You can execute the no wlan wps enable command to
disable WPS. For example,
drgos(config)# interface wlan1

drgos(config-if-wlan)# no wlan wps enable

82
Configuring VoIP

There is no default Voice over IP (VoIP) configuration. Some VoIP commands are
generic for the entire device, while some commands are configured for each line
independently. The generic and linespecific commands are entered in the voice and
voice-line-x contexts respectively.

VoIP configuration includes:

• “Important Notes” on page 84
• “Basic VoIP Configuration” on page 84
• “Configuring SIP Keepalive for NAT Traversal” on page 85
• “Configuring Codec” on page 87
• “Configuring DTMF Relay Mode” on page 89
• “Configuring Hookflash Relay” on page 92
• “Configuring CountrySpecific Settings” on page 92
• “Configuring a Dial Plan” on page 93
• “Configuring Internal Class 5 Services” on page 97
• “Configuring External Class 5 Services” on page 99
• “Use Cases for Class 5 Services” on page 99
• “Configuring Call Waiting” on page 102
• “Configuring VoIP Separation and QoS” on page 103
• “Disabling or Enabling a Voice Line” on page 105

83
Configuring VoIP

Important Notes
Use strict parsing and ACL protection to eliminate ghost calls on the voice service.

Strict Parsing
Many SIP proxies are not strictly compliant with relevant standards. To achieve
interoperability with the broadest range of proxies, DRGOS checks SIP URI loosely
against standards. It is possible to make DRGOS operate in a strict compliant manner
by enabling strict parsing, e.g.
drgos(config-voice)# sip parse strict

When strict parsing is enabled, only wellformed connection requests are processed.

ACL Protection
It is strongly recommended to include an ACL to limit the source of all SIP messages
to the known proxy locations. If the voice service is operated on a publicly accessible
network, i.e. the Internet, it is mandatory to implement ACL protection for the voice
service. For details about configuring ACL, see “Configuring Access Control Lists” on
page 58 (for IPv4) and “Configuring Access Control Lists” on page 71 (for IPv6).

Basic VoIP Configuration

Minimal VoIP configuration is straightforward and requires a minimal subset of
commands.
The following commands are used to configure VoIP interfaces at minimum:

Table 14 Basic VoIP commands

Command Description

voice Configures all voice lines on an interface

voice line [x] Configures a voice line

sip proxy Configures the SIP proxy server for a voice line by specifying the IP address or
hostname of the SIP proxy
Note: If the DNS server supports Name Authority Pointer (NAPTR) and Service
(SRV) records for SIP, you can merely specify the domain name of the SIP proxy.
DRGOS automatically performs lookup of NAPTR and SRV records for SIP
requests to determine the protocol, the port, and the hostname of the SIP proxy.

sip domain Configures the SIP domain for a voice line

sip phonenumber Configures the user identifier for a voice line which is registered with the proxy

sip displayname Configures the SIP display name for a voice line

sip username Configures the VoIP authentication for a voice line

The following example shows a typical minimal configuration of a line—it identifies

84
Configuring VoIP

the SIP proxy, SIP domain, and phone number:

drgos(config)# voice line 1

drgos(config-voice-line)# sip proxy 172.19.41.252

drgos(config-voice-line)# sip domain 172.19.41.252

drgos(config-voice-line)# sip phone-number 2001

drgos(config-voice-line)# sip display-name bob

drgos(config-voice-line)# end

The user identifier configured using the sip phonenumber command typically
consists of a telephone number, but counterintuitively, an operator may use any legal
identifier, e.g. a text string, an Email address, and so on.
Configuration which requires SIP authentication will require that the user and
password are defined. An example is shown below:
drgos(config-voice-line)# sip username user2001 password pass2001

The configuration snippet below shows the output after configuring line 1 and line 2:
drgos# show running-config

voice line 1

sip proxy 172.19.41.252

sip domain 172.19.41.252

sip phone-number 2001

sip username user2001 password pass2001

voice line 2

sip proxy 172.19.41.252

sip domain 172.19.41.252

sip phone-number 2002

sip username user2001 password pass2002

If the configuration is correct, the SIP agent will register with the SIP proxy and the
corresponding telephony LED will be illuminated.

Configuring SIP Keepalive for NAT Traversal

In some cases, the service provider may deploy a Network Address Translation (NAT)
device between the RGs and the SIP proxy. Figure 19 shows an example scenario in
which RGs are deployed in a private VoIP network behind a NAT device. The Soft
Switch works as the SIP registrar and the SIP proxy server.

85
Configuring VoIP

Figure 19 Private VoIP network behind NAT

In this kind of deployment, the RG creates a pinhole in the NAT device during
registration and the RG’s SIP service port is mapped to the pinhole. When the NAT
pinhole times out, the inbound traffic from the SIP proxy is blocked and the SIP proxy
may fail to set up a call with the RG.
To unblock the inbound traffic, you need to enable SIP keepalive. With SIP keepalive
enabled, the RG periodically sends keepalive messages to the SIP proxy to keep the
RG’s NAT binding alive. Then the SIP proxy can communicate with the RGs through
the NAT device.
By default, SIP keepalive is disabled. You can use the sip keepalive command to enable
this feature. Currently only NOTIFY messages are supported. You can optionally
specify the session interval in seconds. For example:
drgos(config)# voice line 1

drgos(config-voice-line)# sip keepalive notify interval 40

Example 29 shows an example of a SIP keepalive message sent to the SIP proxy by
DRGOS. The Event: keepalive header indicates that it is a SIP keepalive message.
Example 29 SIP keepalive message—NOTIFY
NOTIFY sip: example.no SIP/2.0
From: <sip:[email protected]>
;tag=100723c8-c0a800bc-13c4-252456-503eb-45ed8206-503eb
To: <sip:[email protected]>
Call-ID: [email protected]
CSeq: 544 NOTIFY
Via: SIP/2.0/UDP 192.168.0.188:5060
;branch=z9hG4bK-503eb-13974ef4-5b456fe0;rport
Contact: sip:[email protected]
Max-Forwards: 70
Event: keep-alive
Content-Length: 0

86
Configuring VoIP

Configuring Codec
On making or receiving voice or fax calls, DRGOS negotiates with the remote party
about which codec to use and selects a predefined codec (see Table 15) or a operator
configured codec.

Table 15 Predefined codecs

Codec Description

g711a G.711 Alaw codec with disabled Silence Suppression, enabled Echo Cancellation and 20 ms
packetization time.

g711u G.711 μlaw codec with disabled Silence Suppression, enabled Echo Cancellation and 20 ms packetization
time.

g729 G.729 codec with disabled Silence Suppression, enabled Echo Cancellation and 20 ms packetization time.

t38 T.38 codec with the following characteristics: maximum bitrate of 14400 bps, training confirmation
determined by network negotiation, error correction provided by UDP redundancy, with no redundant T.38
data packets and three redundant T.30 indicator packets.
By default T.38 fax is disabled.

For voice calls, DRGOS selects a codec from the codec preference list in the specified
order. Table 16 shows the default preference order. In case of fax calls, DRGOS uses
T.38 if T.38 is enabled and uses G.711 if T.38 is disabled.

Table 16 Default codecs preference list

Default pref Codec

erence order

1 g711a

2 g711u

3 g729

In some environments, it may be necessary to define further codecs and redefine the
codec preference for each line.

Defining Codecs
Enter the voice context and customize some codecs:
drgos(config)# voice

drgos(config-voice)# codec alaw g711a 30 silence-suppression echo-

cancellation

drgos(config-voice)# codec ulaw g711u

drgos(config-voice)# codec g729ss g729 40 silence-suppression

drgos(config-voice)# codec myt38 t38 bitrate 12000 redun-data 1

The result is as follows:

voice

87
Configuring VoIP

codec alaw g711a 30 silence-suppression echo-cancellation

codec ulaw g711u 30

codec g729ss g729 40 silence-suppression echo-cancellation

codec myt38 t38 bitrate 12000 redun-data 1

Defining Codec Preference

Define the codec preference on a per line basis:
drgos(config)# voice line 1

drgos(config-voice-line)# codec preference g729ss alaw

drgos(config-voice-line)# exit

drgos(config)# voice line 2

drgos(config-voice-line)# codec preference alaw g729ss

The result is as follows:

voice line 1

codec preference g729ss alaw

sip proxy 172.19.41.252

sip username user2001 password2001

sip domain 172.19.41.252

sip phone-number 2001

voice line 2

codec preference alaw g729ss

sip proxy 172.19.41.252

sip domain 172.19.41.252

sip phone-number 2002

Enabling or Disabling T.38 Fax Call

DRGOS has a predefined codec t38 for T.38 fax calls. By default, T.38 fax is disabled
and fax is transmitted using G.711. When T.38 is enabled, DRGOS always uses T.38
for fax calls.
To enable T.38 fax call, configure DRGOS as follows (for example):
drgos(config)# voice line 1

drgos(config-voice-line)# codec preference g729ss alaw myt38

Note: The configuration in this example simply enables a T.38 codec. The T.38 codec

88
Configuring VoIP

is not preferentially treated as other codecs.

To disable T.38 fax:
drgos(config)# voice line 1

drgos(config-voice-line)# codec preference g729ss alaw

Configuring DTMF Relay Mode

DualTone Multifrequency (DTMF) tones may be transmitted using one of the
following methods:
• Inband (the default value)
• SIP INFO
• RFC2833
In VoIP systems inband transmission of DTMF tones is known to be subject to issues
unless using G.711 codecs, and may not be recognized reliably under some
circumstances. It is therefore recommended to use an alternative method for DTMF
transmission to ensure good reception of DTMF tones. Use of inband transmission
should be restricted to scenarios where G.711 codecs are used.
You can define the DTMF relay mode for a specific voice line using the dtmf relay
command.

Configuring DTMF Relay Mode to “SIP INFO”

When the “SIP INFO” method is used, the DTMF relay contents are sent within SIP
messages. The specified DTMF tones are generated by the gateway on the telephony
end of the call. The SIP message contents may be in one of the following formats:
• text/plain (the default value)
• application/dtmfrelay, which contains signal and duration information

DTMF Relay Contents in text/plain Format

When the DTMF relay mode is set to “SIP INFO” using the text/plain format, the
contents in the “SIP INFO” message body are in the following format (e.g. digit “8”):

Figure 20 DTMF relay contents for digit “8” using text/plain format
INFO sip:[email protected]:5061 SIP/2.0
Call-ID: [email protected]
From: "1016" <sip:[email protected]>;tag=e0cd0-6feffa
To: <sip:[email protected]>;tag=4df78C
Seq: 101 INFO
Via: SIP/2.0/UDP 172.19.33.187:5060;branch=z9hG4bK-
65ab001309727518347f2522001a7bad
Contact: "1016" <sip:[email protected]:5060>
Max-Forwards: 70
Route: <sip:172.19.33.114;lr=on;ftag=e0cd0-6feffa>
User-Agent: drgos-drg700-1.4.1
Supported: timer
Content-Type: text/plain
Content-Length: 7

89
Configuring VoIP

DTMF 8

If hookflash relay is also enabled, two SIP INFO messages in different formats are sent
out for a single hookflash event. One is in the text/plain format, and the other is in the
application/broadsoft format. Both formats are shown in Figure 21. The purpose for
sending both messages is to make it compatible with both the nonBroadsoft and
Broadsoft softswitches.

Figure 21 DTMF relay contents for hookflash event using text/plain and application/
broadsoft format
INFO sip:[email protected]:5061 SIP/2.0
Call-ID: [email protected]
From: "1016" <sip:[email protected]>;tag=e0cd0-6feffa
To: <sip:[email protected]>;tag=4df78C
Seq: 102 INFO
Via: SIP/2.0/UDP 172.19.33.187:5060;branch=z9hG4bK-
2fa178074ebc659b7072731b3638de81
Contact: "1016" <sip:[email protected]:5060>
Max-Forwards: 70
Route: <sip:172.19.33.114;lr=on;ftag=e0cd0-6feffa>
User-Agent: drgos-drg700-1.4.1
Supported: timer
Content-Type: text/plain
Content-Length: 5
FLASH

INFO sip:[email protected]:5061 SIP/2.0

Call-ID: [email protected]
From: "1016" <sip:[email protected]>;tag=e0cd0-6feffa
To: <sip:[email protected]>;tag=4df78CSeq: 103 INFO
Via: SIP/2.0/UDP 172.19.33.187:5060;branch=z9hG4bK-
3a19815d711eb7f4151e2a67776d43c4
Contact: "1016" <sip:[email protected]:5060>
Max-Forwards: 70
Route: <sip:172.19.33.114;lr=on;ftag=e0cd0-6feffa>
User-Agent: drgos-drg700-1.4.1
Supported: timer
Content-Type: application/broadsoft
Content-Length: 17
event flashhook

DTMF Relay Contents in application/dtmfrelay Format

When the DTMF relay mode is set to “SIP INFO” using dtmfrelay format, the
duration of a digit is detected. The digit information is transmitted immediately when
the tone ends. If the duration is longer than 5 seconds, the digit information is sent
when its duration reaches 5 seconds, and the rest of the tone duration is ignored.
In this mode, the contents in the “SIP INFO” message body are in the following format
(e.g. digit “8”):

Figure 22 DTMF relay contents for digit “8” using application/dtmfrelay format
INFO sip:[email protected]:5061 SIP/2.0
Call-ID: [email protected]
From: "1016" <sip:[email protected]>;tag=e1580-fffffff6
To: <sip:[email protected]>;tag=4df00C
Seq: 101 INFO
Via: SIP/2.0/UDP 172.19.33.153:5060;branch=z9hG4bK-
5d62bf991218d898207125976ce652ce
Contact: "1016" <sip:[email protected]:5060>
Max-Forwards: 70Route: <sip:172.19.33.114;lr=on;ftag=e1580-fffffff6>

90
Configuring VoIP

User-Agent: drgos-drg700-1.4.1
Supported: timer
Content-Type: application/dtmf-relay
Content-Length: 24
Signal=8
Duration=100

If hookflash relay is also enabled, the contents in the “SIP INFO” message body are in
the following format:

Figure 23 DTMF relay contents for hookflash event using application/dtmfrelay format
INFO sip:[email protected]:5061 SIP/2.0
Call-ID: [email protected]
From: "1016" <sip:[email protected]>;tag=e1580-fffffff6
To: <sip:[email protected]>;tag=4df00C
Seq: 102 INFO
Via: SIP/2.0/UDP 172.19.33.153:5060;branch=z9hG4bK-
5e09bc546379ad0c009ebf8a21c4623e
Contact: "1016" <sip:[email protected]:5060>
Max-Forwards: 70
Route: <sip:172.19.33.114;lr=on;ftag=e1580-fffffff6>
User-Agent: drgos-drg700-1.4.1
Supported: timer
Content-Type: application/dtmf-relay
Content-Length: 25
Signal=16
Duration=660

Configurations
The following examples show how to configure DTMF relay mode to “SIP INFO”
using different formats.
To configure the DTMF relay mode of Line 1 to “SIP INFO” using the text/plain
format for messages:
drgos(config)# voice line 1

drgos(config-voice-line)# dtmf relay sip-info

To configure the DTMF relay mode of Line 1 to “SIP INFO” using the “dtmfrelay”
format for messages:
drgos(config)# voice line 1

drgos(config-voice-line)# dtmf relay sip-info method dtmf-relay

Configuring DTMF Relay Mode to “RFC2833”

When “RFC2833” is used, the DTMF tones are sent in the Realtime Transport
Protocol (RTP) stream.
To configure the DTMF relay mode of Line 1 to “RFC2833”:
drgos(config)# voice line 1

drgos(config-voice-line)# dtmf relay rfc2833

When the DTMF relay mode is set to RFC2833, the RTP payload type can be altered

91
Configuring VoIP

on a global basis using the following command:

drgos(config)# voice

drgos(config-voice)# dtmf rfc2833-payload 97

Configuring DTMF Relay Mode to “inband”

When “inband” is used, the DTMF tones are sent in the voice stream. This mode is
the default behavior. This transmission method should be used only with the G.711
codec.
To send DTMF tones inband on Line 1, use the following command:
drgos(config)# voice line 1

drgos(config-voice-line)# dtmf relay inband

Alternatively, you can use the no dtmf relay command. For example, if the DTMF
relay mode is set to RFC2833 as in “Configuring DTMF Relay Mode to “RFC2833””
on page 91, use the following command:
drgos(config)# voice line 1

drgos(config-voice-line)# no dtmf relay rfc2833

Configuring Hookflash Relay

For a specific voice line, the hookflash relay function can be enabled using the voip
relay hookflash command. This command works in conjunction with the dtmf relay
command. When the hookflash relay function is enabled and the DTMF relay mode
on the same voice line is “SIP INFO” or “RFC2833”, hookflash events will be
transmitted using the same method (i.e. “SIP INFO” or “RFC2833”) as that for the
DTMF tones.
Figure 24 shows how to enable the hookflash relay function on voice line 1 using the
“RFC2833” relay mode.

Figure 24 Configuring hookflash relay

drgos# configure terminal

drgos(config)# voice line 1

drgos(config-voice-line)# voip relay hookflash

drgos(config-voice-line)# dtmf relay rfc2833

Configuring CountrySpecific Settings

If a country is specified for voice services using the country command, a set of country

92
Configuring VoIP

specific VoIP attributes with default values are used for all voice lines. For example:
drgos(config)# voice

drgos(config-voice)# country us

The values for the United States are used for the countryspecific VoIP attributes on all
voice lines. Sweden (se) is the default country.
You can use CLI commands to customize some attributes (see Table 17). The
customized values will overwrite the default values.

Table 17 Countryspecific VoIP attributes

CLI command Description

clip country Calling line identification presentation (CLIP) type for a voice line

impedance The impedance for a voice line

ringsignal voltage The ring voltage for a voice line

ringsignal frequency The ring frequency for a voice line

ringsignal cadence Ring cadences for a voice line

tone Callprogress tones (such as, dial tone, busy tone, call waiting tone, and so
on) on all voice lines

voip timer clear The call clear timer for all voice lines

sip timer suspendresume The call suspendresume timer for a voice line

voip timer hookflash The hookflash timer for all voice lines

The CLIP function can be enabled on a per line basis. This function is disabled by
default. To enable it, use the following command:
drgos(config)# voice line 1

drgos(config-voice-line)# clip enable

To disable the CLIP function:

drgos(config-voice-line)# no clip enable

Configuring a Dial Plan

Dial Plan and Digit Map

A dial plan establishes the expected number and pattern of digits for an endpoint. This

93
Configuring VoIP

includes country codes, access codes, area codes and all combinations of digits dialed.
Table 18 shows an example of the dial plan for a desk phone.

Table 18 Example of a dial plan

Pattern Meaning

xxxx Internal extensions

90 + digits Long distance numbers

900 + digits International numbers

9 + 8 digits Local fixedline numbers

913 + digits Local mobile numbers

SIP proxies can ask DRGOS to collect dialed digits from the endpoints. To reduce the
number of interactions between the SIP proxy and the endpoint, DRGOS accumulates
the dialed numbers in a buffer and transmits them in a single message to the proxy.
To help DRGOS predict how many numbers it needs to accumulate before
transmission, DRGOS should be configured with a digit map that corresponds to the
dial plan. For example, the following digit map corresponds to the dial plan in Table
18:
([0-8]xxx|90[1-9]x.T|900x.T|9[2-9]xxxxxxx|91[0-24-9]xxxxxx|913x.T)

Standard Syntax of Digit Map

The syntax for the digit map in DRGOS is derived from RFC3435 (http://tools.ietf.org/
html//rfc3435). RFC3435 is specific to the MGCP standard. The syntax for the digit
map in RG is slightly different with that in RFC3435:
DigitMap = DigitString / "(" DigitStringList ")"
DigitStringList = DigitString 0*( "|" DigitString )
DigitString = 1*(DigitStringElement)
DigitStringElement = DigitPosition ["."]
DigitPosition = DigitMapLetter / DigitMapRange
; NOTE "X" is now included
DigitMapLetter = DIGIT / "#" / "*" / "A" / "B" / "C" / "D" / "T"
/ "X"
DigitMapRange = "[" 1*DigitLetter "]"
DigitLetter = *((DIGIT "-" DIGIT) / DigitMapLetter)

Note: RFC3435 defines another syntax element, ExtensionDigitMapLetter,

which is specific to the MGCP standard. However, it is not used in DRGOS.
A digit map, according to this syntax, is defined either by a “string” or by a list of
strings. Each string in the list is an alternative numbering scheme, specified either as a
set of digits or timers, or as an expression that DRGOS uses to find the shortest possible

94
Configuring VoIP

match.
Table 19 shows the possible constructs used in a numbering scheme.

Table 19 Definitions of numbering scheme constructs

Construct Description

Digit A digit from "0" to "9".

Timer The symbol "T" matching a timer expiry. A timer is only allowed if it appears at the last position of a
string, e.g. 12T3 is not valid.

Letter A digit, a timer, or one of the symbols "A", "B", "C", "D", "#", or "*"

Wildcard The symbol "x" which matches any digit ("0" to "9")

Range One or more DTMF symbols enclosed between square brackets ("[" and "]")

Subrange Two digits separated by hyphen ("") which matches any digit between and including the two. The
subrange construct can only be used inside a range construct, i.e., between "[" and "]"

Position A period (".") which matches an arbitrary number, including zero, of occurrences of the preceding
construct

Note: The digit map is caseinsensitive.

Extensions to Standard Syntax of Digit Map

In addition to the standard digit map syntax described above, several useful extensions
are defined in this section.

Substring Substitution
A substring of keys can be automatically replaced with a different substring using angle
bracket notation:
'<' dialed substring ':' transmitted-substring '>'

For example, <8:1860>xxx would match “8123” and transmit “1860123”.

DRGOS also supports a “reverse” substitution from the transmitted string to the dialed
substring. For example, when “1860123” is received as the caller ID, DRGOS looks up
the digit map <8:1860>xxx and display the caller ID as “8123”.
Note: The substitution is limited to prefix only.

How DRGOS Handles Input Digits

When the end user presses digits on the handset, DRGOS first checks if the digits
match any Class 5 services (such as, internal Class 5 services, call waiting), and then
checks if they match the dial plan. When Class 5 services are disabled, all call processing
is passed directly to the dial plan matcher. Figure 25 shows the process how DRGOS
handles input digits.

95
Configuring VoIP

Figure 25 Handling input digits

Input digits

Yes
Class 5 services Match Class 5
enabled? services

Match dial plan

DRGOS compares the current dialed digits against the digit map:
• If the result is underqualified (partial matches more than one entry), then dial
matching continues until a full match is achieved.
• If the result is overqualified (no further digits could possibly produce a match),
then dial matching is aborted and the end user is notified by an audio signal.
• Only a full match will trigger the initiation of a call by sending the dialed
information to the configured SIP proxy.
Timer T is activated when it is all that is required to produce a match. The period of
timer T is 4 seconds by default, and the timer is configurable (see “Configuring Dial
Plan and Timer T” on page 96). For example, a dial plan of (xxxT|xxxxx) will be
matched immediately when 5 digits are entered. The dial plan will also be matched
after a 4 second pause when 3 digits are entered. The digit map is the only standard
compliant way to specify what number and how many dialed digits DRGOS will
collect before it sends the dialed sequence to the SIP proxy.

Configuring Dial Plan and Timer T

The digit map can be configured for all voice lines using the CLI command dial plan.
The default digit map is (xx.#|xx.T). The digit map can be up to 500 characters in
length.
To avoid conflicts when DRGOS resolves a dial map, follow these rules when you
configure a dial plan:
• If you want to include a pound key (#) in the dial plan, you need to disable the
quick dial function (see “Configuring Quick Dial” on page 97). Otherwise, quick
dial will override the digit map.
• Do not use predefined service codes, e.g. *43#, #43#, or *#43# in a dial plan. These
key sequences are used to control supplementary services and will override a dial
plan.
The following is an example of the digit map:

96
Configuring VoIP

Example 30 Configuring digit map

drgos(config)# voice

drgos(config-voice)# dial plan (0T|00T|[1-7]xxx|9xxxxxxxx|xx.#|xx.T)

The timer T can be configured for all voice lines using the CLI command dial timeout.
The default value of timer T is 4 seconds.
The following example shows how to configure the timer T:
Example 31 Configuring timer T
drgos(config)# voice

drgos(config-voice)# dial timeout 10

It is possible to define an alternative dial timeout value which is used before any digits
have been dialed. This may be useful for automated dial systems, e.g. faxes and alarms,
which take longer than the standard dial timeout to dial when the line has been taken
offhook.
Example 32 Configuring timer T and firstdigit timer
drgos(config)# voice

drgos(config-voice)# dial timeout 10 first-digit 30

Configuring Quick Dial

Quick dial allows the end user to skip the timer T after completing the dialing. This is
done by ending the dialed sequence with a pound key (#). The pound key itself is
removed from the dialed sequence before the sequence is sent to the SIP proxy. The
preceding digits can be any letters except pound.
The quick dial function can be enabled or disabled using the dial quickdial
command. This function is enabled by default. For example,
• To disable quick dial, use:
drgos(config)# voice
drgos(config-voice)# no dial quick-dial
• To enable this function, use:
drgos(config)# voice
drgos(config-voice)# dial quick-dial

When the quick dial function is enabled, it overrides the digit map even if the digit map
requires a sequence ending with a pound key (#) to be sent to the proxy.

Configuring Internal Class 5 Services

DRGOS independently provides a simple subset of Class 5 services, which enables
services without needing the support from a SIP proxy. Such services are referred to as
“internal Class 5 services”.
By default, the internal Class 5 services are enabled. The operator can configure the

97
Configuring VoIP

internal Class 5 services using the following commands.

Table 20 Commands for configuring internal Class 5 services

Command Descriptions

no voip class5 internal Disables all internal Class 5 services regardless of the settings for
individual services

voip class5 internal Enables internal Class 5 services

voip timer hookflash Configures the timing of hookflash

sip timer suspendresume Configures the timing to resume a call

End users can activate or deactivate the internal Class 5 services by pressing specific
keypads on the telephone handset. Table 21 lists the keypad sequences and descriptions
for the internal Class 5 services.

Table 21 Internal Class 5 services

Service Key Sequence Description

Drop R0 (hookflash+0) In the case of hold and resume, when the first call is held and the second call has
not been established, pressing the key sequence cancels the second call in the
dial tone phase.
In a conference call, pressing the key sequence drops the first participant.

Drop R1 (hookflash+1) In the case of hold and resume, when the first call is held and the second call has
not been established, pressing the key sequence cancels the second call in the
ringing phase.
In a conference call, pressing the key sequence drops the second participant.

Flash R2 (hookflash+2) If in a call, pressing the key sequence holds the current call or switches to another
call on the same line.

Conference R3 (hookflash+3) Creates a threeway conference call.

Note: R represents a valid hookflash event. It can be simulated by pressing the R,

Recall, or Flash button on the handset. For example, R0 means pressing the
hookflash button and then 0.

98
Configuring VoIP

Configuring External Class 5 Services

In addition to the supported internal Class 5 Services, DRGOS provides support for
Class 5 services implemented on the SIP proxy, e.g. unconditional forwarding, forward
on busy, forward on no answer, message waiting indication.
To use external class 5 services, it is necessary to complete the following steps:

1. Define a suitable dial plan. Typically this dial plan includes key sequences for
required services codes, e.g. (*xx*|*xx#|*xx*x.#), plus normal dial plan
sequences. Service codes are operatorspecific, therefore the precise dial plan to be
used must be carefully designed for your specific services. For details, see
“Configuring a Dial Plan” on page 93.

2. Disable quick dial. This is because using # to force immediate dial string
termination is incompatible with the use of service codes. To disable quick dial, use:
drgos(config)# voice
drgos(config-voice)# no dial quick-dial
For details, see “Configuring Quick Dial” on page 97.

3. Configure the appropriate DTMF relay mode, e.g. SIP INFO or RFC2833. For
example, to configure the mode to SIP INFO, use:
drgos(config)# voice line 1
drgos(config-voice-line)# dtmf relay sip-info
For details, see “Configuring DTMF Relay Mode” on page 89.

4. Optionally, you can disable internal Class 5 services and have these services carried
out on the SIP proxy. To disable internal Class 5 services, use:
drgos(config)# voice line 1
drgos(config-voice-line)# no voip class5 internal
For details, see “Configuring Internal Class 5 Services” on page 97.

Use Cases for Class 5 Services

The following use cases are typical for end users. In the use cases, A, B, and C refer to
different telephone users. A’s handset is connected to the network through an RG.

Suspending and Resuming a Call

If A is in a call initiated by B, and A wants to switch to another handset for the same
call, A can hang up the first handset and pick up another handset on the same line
within a specific period to resume the call. The period is specified by the operator using
the sip timer suspendresume command. For example,
drgos(config)# voice line 1

drgos(config-voice-line)# sip timer suspend-resume 60

The default value for sip timer suspendresume is 90 seconds. The suspendresume
feature can be disabled by setting the suspendresume timer value to 0. Only the callee

99
Configuring VoIP

can suspend and resume the call. Suspend and resume is not a universal feature of the
PSTN networks, e.g. it is supported in some countries, but not others.

Swapping Held and Active Calls

When A and B are in a connected call (Call1), if A wants to initiate another call with
C (Call2), A can press R2 followed by the telephone number of C. When A and C are
connected, A can switch between the two calls by pressing R2.
Figure 26 shows the status change of A in a call swapping process. The initial status of
A is in the first connected call (Call1).

Figure 26 Status change in call swapping process

Hang up or BYE
Idle
Hang up or BYE Terminal state

Press Press Dial plan Active call state

R2 Hold digits Collect matches
Call1 Dial tone Ringing
Call1 digits Hang up
or BYE Transition state
Press R0
Dial plan fails C picks up Partial call state
Press R1 or Busy or NACK

Call1, Call2,
Press R2
Call2 Call1
held held

Note: If not specified, the actions which cause the status change are performed by A.

Inviting a Third Party to a Call InProgress (Conference Call)

If A calls B and wants to invite C to the same call (i.e. A is the conference call initiator),
there two possible methods to do this:

Method 1
The initial status of A is Call1.

1. A presses R3. When the dial tone is heard, A dials the telephone number of C.

2. C answers the call. A, B, and C are now in a conference call.

Figure 27 shows the status change of A in a conference call process.

100
Configuring VoIP

Figure 27 Status change in conference call process 1

Terminal state

Hang up or BYE
Idle
Active call state
Hang up
or BYE
Press Transition state
Press Dial plan
R3 Hold digits Collect matches
Call1 Dial tone Ringing
Call1 digits
Partial call state

C picks up
Press R0
Dial plan fails Conf.
Press R1 or Busy or NACK
Call

Note: If not specified, the actions which cause the status change are performed by A.

Method 2
The initial status of A is “Call2, Call1 held” (see Figure 30).

1. A presses R2. When the dial tone is heard, A dials the telephone number of C. B is
put on hold and A is ringing C.

2. C answers the call. A and C are in a call.

3. A presses R3. A, B, and C are now in a conference call.

Figure 28 shows the status change of A in a conference call process.

Figure 28 Status change in conference call process 2

Idle Terminal state

Active call state

Hang up
or BYE

Call1, Call2,
Conf.
Call2 Press R2 Call1 Press R3
Call
held held

Note: If not specified, the actions which cause the status change are performed by A.

Dropping a Participant in a Conference Call

When three parties are in a conference call, the initiator can drop other participants.
For example, if A calls B and then invites C to the same call, A is the initiator, B is the
first participant and C is the second participant. A can drop B and C out of the
conference call.
If A wants to drop B out of the conference call, A presses R0. A and C are still in a call

101
Configuring VoIP

(Call2).
If A wants to drop C out, A presses R1. A and B are still in a call (Call1).
Figure 29 shows the status change of A in a conference call process. The initial status
of A is in the conference call.

Figure 29 Status change in conference call process for dropping participants

Drop Conf. Drop

Press R0 Press R1
Call1 Call Call2 Terminal state

Hang up
Active call state

Call2 Hang up Idle Hang up Call1

Transition state

Note: If not specified, the actions which cause the status change are performed by A.

Configuring Call Waiting

With this call waiting feature activated on the RG, if the end user is participating in a
voice call when another incoming call occurs, the user can hear a call waiting tone and
can accept the incoming call by putting the previous call on hold. This feature enables
the user to efficiently handle multiple calls on the same voice line.
By default, call waiting is enabled. The operator can configure call waiting using the
following CLI commands:

Command Descriptions

no voip class5 callwaiting Disables call waiting

voip class5 callwaiting Enables call waiting

When call waiting is enabled by the operator, the end user can activate, deactivate, or
check the status of call waiting when not in a call by pressing the following keypad
sequences:

Key Sequence Description

*43# Activates call waiting

#43# Deactivates call waiting

*#43# Checks the current status of call waiting (activated or deactivated)

Call Waiting Process

When A is in a connected call (Call1) and another call comes, if A wants to answer the
incoming call, A can press R2 on the handset. A can also switch between two calls on
the same line by pressing R2.
Figure 30 shows the status change of A in a call waiting process.

102
Configuring VoIP

Figure 30 Status change in call waiting process

Note: If not specified, the actions which cause the status change are performed by A.

Configuring VoIP Separation and QoS

For VoIP, users can transmit the signalling and media using different interfaces. Users
also can add QoS features for both the signalling frame and the media stream.
For Layer 2 QoS, DRGOS uses the priority tag (802.1p) of Ethernet packets.
For Layer 3 QoS, DRGOS uses the Differentiated Services Code Point (DSCP) tag of
IP packets.
DRGOS uses the following CLI commands to implement the VoIP interface
separation and QoS feature:
• voip signaling dscp. This command configures the 6bit DSCP field value in IP
packets of the outgoing signaling frames. The default value is 0.
• voip signaling sourceinterface. This command configures the source interface for
outgoing signaling frames. All the signaling frames will send out from the specified
Layer 3 interface. The default value is wan.
• voip signaling priority. This command configures Ethernet priority (802.1p) tag
for outgoing signaling frames. The default value is 0.
• voip media dscp. This command configures the 6bit DSCP field value in IP
packets of the outgoing media stream. The default value is 0.
• voip media sourceinterface. This command configures the source interface for
outgoing media stream packets. All the media stream will send out from the
specified Layer 3 interface. The default value is wan.
• voip media priority. This command configures ethernet priority (802.1p) tag for

103
Configuring VoIP

outgoing media stream. The default value is 0.

To configure signalling and QoS, do the following:

1. Create the VoIP interfaces in DRGOS using the interface command.

Figure 31 Configuring the VoIP VLAN on WAN interface

drgos# configure terminal

drgos(config)# interface wan

drgos(config-if-wan)# vlan member 2000,200,201

drgos(config-if-wan)# vlan untagged 2000

drgos(config-if-wan)# exit

drgos(config)# interface vlan200

drgos(config-if-vlan)# ip address 200.0.0.100/24

drgos(config-if-vlan)# exit

drgos(config)# interface vlan201

drgos(config-if-vlan)# ip address 201.0.0.100/24

drgos(config-if-vlan)# exit

2. Create the "voice" configuration using the commands shown above for the
interfaces and QoS to the signalling and media.

Figure 32 Configuring QoS on the VoIP interfaces

drgos(config)# voice

drgos(config-voice)# voip signaling dscp 32

drgos(config-voice)# voip signaling source-interface vlan200

drgos(config-voice)# voip signaling priority 5

drgos(config-voice)# voip media dscp 45

drgos(config-voice)# voip media source-interface vlan201

drgos(config-voice)# voip media priority 5

drgos(config-voice)# exit

3. Configure the voice lines:

104
Configuring VoIP

Figure 33 Configuring the voice lines

drgos(config)# voice line 1

drgos(config-voice-line)# sip domain 200.0.0.1

drgos(config-voice-line)# sip proxy 200.0.0.1

drgos(config-voice-line)# sip username user2001 password2001

drgos(config-voice-line)# sip phone-number 1361

drgos(config-voice-line)# exit

drgos(config)# voice line 2

drgos(config-voice-line)# sip domain 200.0.0.1

drgos(config-voice-line)# sip proxy 200.0.0.1

drgos(config-voice-line)# sip username user2002 password2002

drgos(config-voice-line)# sip phone-number 1363

drgos(config-voice-line)# exit

Disabling or Enabling a Voice Line

By default, all the voice lines are enabled. You can administratively disable a voice line
by using shutdown. To disable a voice line and all SIP services on this line:
drgos(config)# voice line 1

drgos(config-voice-line)# shutdown

To enable the voice line again:

drgos(config-voice-line)# no shutdown

105
Configuring IPTV

In an IPbased television (IPTV) network, broadcast television channels are delivered

via IP multicasting. The Internet Group Multicast Protocol (IGMP) is used to control
the delivery of IPv4 multicast traffic to interested and authorized users.
The RG works as an intermediate device between the upstream IGMP router and
IGMP hosts (typically settop boxes).
DRGOS only handles IPv4 multicast traffic. Multicast Listener Discovery (MLD, the
IPv6 equivalent to IGMP) is not currently supported.
Note: IGMP functionality in DRGOS only supports IGMPv2 and IGMPv3 messages.
IGMPv1 messages are silently dropped.

Deployment Scenarios
DRGOS supports the following deployment scenarios involving IPTV service:
• Layer 2 IPTV service, see “Layer 2 VLAN per Service or Port” on page 18
• Layer 3 IPTV service, see “Layer 3 VLAN per Service” on page 27
• simultaneous IPTV and Internet services on the same STB LAN port, see “Layer
2/Layer 3 Hybrid VLAN per Service with LAN Ports in Hybrid Mode” on
page 42
• simultaneous IPTV, VoD, and Internet services on the same STB LAN port, see
“Layer 3 VLAN per Service with Multiple NATs” on page 31

Configuring Layer 2 IPTV

Layer 2 IPTV service is delivered through Layer 2 (bridged) VLAN interfaces.

Configuring IGMP Snooping

IGMP Snooping Functionality

IGMP snooping provides a way to constrain multicast traffic on Layer 2 VLAN
interfaces. By snooping the IGMP membership reports sent by hosts, DRGOS builds
multicast forwarding tables to deliver traffic only to those interfaces with active
receivers of the multicast group. IGMP snooping significantly reduces the volume of
multicast traffic received on other ports.

106
Configuring IPTV

Figure 34 IGMP snooping RG forwards IGMP flow per forwarding table

IGMP IGMP request IGMP request

Client IGMP
RG
(Host) Router
IGMP response IGMP response
interface vlan8
ip igmp snooping

IGMP snooping can work with the some other IGMP functions:
• IGMP aggregation
IGMP aggregation reduces the number of IGMP packets by suppressing IGMP
packets that do no need to be forwarded. IGMP aggregation suppresses Join and
Leave messages except:
– Join messages sent by first reporter that joins the multicast group
– Leave messages sent by the last reporter that leaves the multicast group
• IGMP immediateleave
IGMP immediateleave saves the time required for an STB to leave a multicast
group. In a standard Leave process, after receiving a Leave message, the RG issues a
Membership Query, which results in a 2–3 second delay before the multicast stream
is terminated. In a immediate leave process, the RG terminates the multicast stream
immediately on receiving the initial Leave request.
• IGMP robustness
The IGMP robustness value indicates the susceptibility level of a subnet to packet
loss and allows for specified loss of IGMP messages before acting.

Default IGMP Settings

The following table shows the default IGMP settings in DRGOS:

Feature Default Value

IGMP snooping Disabled on all VLANs

IGMP aggregation Enabled on all VLANs

IGMP immediateleave Disabled on all VLANs

IGMP robustness 2

Configuration
The following example shows how to enable IGMP snooping and configure IGMP
related functions on a Layer 2 VLAN interface:
drgos(config)# interface vlan8

drgos(config-if-vlan)# ip igmp snooping

drgos(config-if-vlan)# ip igmp immediate-leave

drgos(config-if-vlan)# ip igmp robustness 3

107
Configuring IPTV

Using Hybrid Ports for IPTV and Internet Services

To support Internet service in addition to IPTV service on the settop box (STB),
DRGOS supports scenarios where the following VLANs are defined on the same LAN
port:
• a bridged tagged VLAN for IPTV service
• an untagged VLAN for High Speed Internet (HSI) service, such as TVbased web
browsing, software upgrades, electronic program guide, and so on
For details about the deployment scenario and the configuration, see “Layer 2/Layer 3
Hybrid VLAN per Service with LAN Ports in Hybrid Mode” on page 42.

Configuring Layer 3 IPTV

Layer 3 IPTV service is delivered through Layer 3 (routed) VLAN interfaces.

Configuring IGMP Proxy

The IGMP proxy terminates all upstream or downstream IGMP flows. It aggregates
and responds to all requests (e.g. Join/Leave requests) from the downstream hosts;
additionally, it responds to Queries from the upstream router. When the RG must
forward an incoming IGMP flow, it recreates the flow and uses its own IP address as
the source (see the figure below).

Figure 35 IGMP proxy RG Intercepts IGMP flow and forwards it when necessary

IGMP request IGMP request

(Source IP=IGMP Client) (Source IP=RG)
IGMP IGMP
Client RG Router
(Host)
IGMP response IGMP response
(Dest. IP=IGMP Client) (Dest. IP=RG)
interface lan
ip igmp proxy vlan1

As a result, multicast traffic is only delivered to interfaces with active receivers,

significantly reducing the volume of multicast traffic. In addition, as the IGMP proxy
hides downstream clients from the upstream router, the upstream router’s scalability is
potentially increased.
Similar to IGMP snooping, IGMP proxy can work with the following IGMP
functions: IGMP immediateleave and IGMP robustness.
IGMP proxy is disabled by default. The following example shows how to enable IGMP
proxy and configure related IGMP functions:
drgos(config)# interface lan

drgos(config-if-lan)# ip igmp proxy vlan1

drgos(config-if-lan)# ip igmp immediate-leave

drgos(config-if-lan)# ip igmp robustness 3

108
Configuring IPTV

Configuring IGMP Translation

In some circumstances, the upstream network is not able to handle IGMPv3 messages
from clients. In this case, you can use IGMP translation to translate IGMPv3 client
messages to IGMPv2 messages before they are forwarded upstream. The reverse
translation occurs in the downstream direction.

Figure 36 IGMP translation RG translates different versions of IGMP messages

IGMP request IGMP request
(IGMPv2) (IGMPv3)
IGMP
IGMP
Client RG
Router
(Host)
IGMP response IGMP response
(IGMPv2) interface vlan 1
(IGMPv3)
ip igmp version 2

IGMP translation is disabled by default. To enable IGMP translation on the upstream

VLAN interface, use the following command:
drgos(config)# interface vlan1

drgos(config-if-vlan)# ip igmp version 2

Video on Demand
DRGOS provides a RealTime Streaming Protocol (RTSP) proxy to deliver Video on
Demand (VoD) service to RTSP clients. Unlike IPTV, VoD typically uses unicast
traffic to deliver content.
It is not necessary to configure the RTSP proxy. It operates on all LAN traffic and uses
routing rules to reach the service provider’s VoD server. As a result, it may be necessary
to use a specific VLAN to connect to the VoD server. In this case separate NATs are
used for VoD traffic and Internet traffic. For details about the scenario of multiple
NATs, see “Layer 3 VLAN per Service with Multiple NATs” on page 31.

109
Configuring CATV

By default, the Cable TV (CATV) functionality is disabled. This allows the service
provider to activate differentiated services for the end user as and when they subscribe
to services. the following commands are used to configure CATV:

Table 22 CATV configuration commands

Command Description

catv enable Enables the CATV functionality

catv filter Enables the CATV filter.

show catv Shows the CATV configuration and status

The behavior of the show catv command is dependant upon hardware platform.
• For DRG 700 and Platinum models, it is possible to determine whether a CATV
module is present. For example,
– If a CATV module is not present, the command returns:
drgos# show catv
CATV

Administratively enabled
Filter: disabled
CATV module not present
– If a CATV module is present but no valid CATV signal is detected, it returns:
drgos# show catv
CATV

Administratively enabled
Filter: disabled
CATV signal not present
• For Hybrid Titanium, it is not possible to determine whether the CATV module
is present. As a result the command returns “CATV signal not present”
irrespective of the reason for this. For example,
drgos# show catv
CATV

Administratively enabled
Filter: disabled
CATV signal not present

110
Configuring DHCP

The RG can be acting as either a DHCP server or a DHCP client. This section provides
instructions on configuring the RG as a DHCP server, which includes:
• “Configuring DHCP Server” on page 112
• “Configuring a Static Lease for a DHCP Client” on page 112
• “Configuring DHCP Option Inheritance” on page 113

111
Configuring DHCP

Configuring DHCP Server

In the global context, you can define an IP address pool for the DHCP server and the
behavior for DHCP clients, e.g. subnet mask, DNS server, and other DHCP options.
Example 33 Configuring DHCP server for all DHCP clients
drgos(config)# dhcp server pool 64 190
drgos(config)# dhcp server option lease-time 43200
drgos(config)# dhcp server option netmask 255.255.255.0
drgos(config)# dhcp server option dns-server 172.19.33.8

In this example, the address pool is given a leasetime of 43200 seconds (12 hours). The
subnet mask and the DNS server are defined. All other values are per default, e.g. next
server is the IP address of the DHCP server.

The operator may define vendorclassspecific or devicespecific contexts, so that

alternative behavior can be defined for clients that match the specific definitions, e.g.
Example 34 Configuring DHCP server for vendor classspecific clients
drgos(config)# dhcp server class "my stb class"
drgos(config-dhcp-class)# dhcp option lease-time 300
drgos(config-dhcp-class)# dhcp option bootfile-name stb-bootfile-
v1.2.3.img
drgos(config-dhcp-class)# dhcp option tftp-server-name 10.0.1.100
drgos(config-dhcp-class)# next-server 172.19.41.252

In this example, DHCP clients, with a vendor class identifier that contains the string
"my stb class", will receive all of the global context option values, except for the
specified option values. The specified option values are leasetime, bootfile name, tftp
server and nextserver, and these options are not the default values of the global context,
but explicitly defined for this class.

Example 35 Configuring DHCP server for devicespecific clients

drgos(config)# dhcp server client 000f.5d00.0123

drgos(config-dhcp-client)# dhcp option lease-time 3600

In this example, the DHCP client with a MAC address that matches "000f.5d00.0123"
will be given the same information defined for the global context, except that the lease
time is 3600 seconds (1 hour).
In this way, it is possible to provide different option values to specific clients or groups
of clients based on MAC address or vendor class identifier information.
Further details of these options can be found in the DRGOS Command Reference.

Configuring a Static Lease for a DHCP Client

It is possible to statically assign an IP address to a DHCP client identified by its MAC
address or hostname. If the client identifies itself using a host name, the name is

112
Configuring DHCP

included for DNS lookups. An alternative leasetime may also be defined for the client.
Example 36 Configuring a static lease for a DHCP client with MAC address
dhcp server lease 0011.2233.4455 192.168.1.78 3600

In this example, the IP address 192.168.1.78 is assigned to the DHCP client with
MAC address 0011.2233.4455. The leasetime is 3600 seconds.
Example 37 Configuring a static lease for a DHCP client with host name
dhcp server lease myhost 192.168.1.78 3600

In this example, the IP address 192.168.1.78 is assigned to the DHCP client with host
name “myhost”. The leasetime is 3600 seconds. In this case, the host name used by the
DHCP client must be included in the DHCP client request.

Configuring DHCP Option Inheritance

DHCP option inheritance allows an operator to define specific DHCP option values
on a central DHCP server, and to have this information passed to the DHCP clients.
DRGOS can initiate requests for inheriting DHCP options. All values received for
these requests are passed to the RG, and are forcefully provided to all specified DHCP
clients, i.e. the options are provided to a client even if the client does not request the
option.
The dhcp server inherit option command defines which options will be requested
from the upstream DHCP server.
The dhcp server inherit sourceinterface command defines the source interface for
the DHCP inheritance.
The following example shows how to configure DHCP option inheritance:
Example 38 Configuring DHCP option inheritance
drgos(config)# dhcp server inherit option netmask
drgos(config)# dhcp server inherit option ntp-server
drgos(config)# dhcp server inherit source-interface vlan1

In this example, the DHCP clients will inherit the preconfigured values for the subnet
mask and the NTP servers defined for the source interface “vlan1” in their DHCP
options.

113
Configuring DNS

This chapter describes how to configure the Domain Name System (DNS) on
DRGOS in multiservice networks. The following are described
• “DNS Implementation in DRGOS” on page 115
• “Examples for Configuring DNS” on page 116
• “Configuring DNS Domain Using DHCP Options” on page 117
• “Configuring Static DNS Domain for Learned DNS Servers” on page 117
• “Configuring Static DNS Servers” on page 117
• “Viewing DNS Servers” on page 118
• “Configuring Hostname Resolution Rules” on page 118

114
Configuring DNS

DNS Implementation in DRGOS

Normally, DRGOS learns about the DNS servers through DHCP option 6. In a multi
service network (e.g. “Layer 3 VLAN per service” scenario), DHCP is enabled on
multiple VLAN interfaces and each VLAN typically has its own DNS server. As a
result, DRGOS has the information about multiple DNS servers. Therefore DRGOS
needs to know how to send a DNS query to the correct DNS server:
• Queries from management applications should be sent to the DNS servers learned
from the management network. The hostnames in these queries usually belong to a
specific domain.
• Queries from VoIP applications should be sent to the DNS servers learned from the
VoIP service provider. The hostnames in these queries usually belong to a specific
domain.
• Queries from LAN clients should be sent to the DNS servers learned from the
Internet service provider. The hostnames in these queries can belong to any arbitrary
domains.
Two directives, name servers and domain, are used on each interface by DRGOS
to determine where to direct DNS queries. These directives are learned through DHCP
options by default and can be configured using CLI commands. When these directives
are statically configured, the learned values are ignored.

Table 23 DNS directives

Directive Meaning How the directive is CLI commands used to

learned configure the directive

name server The DNS servers used by DHCP option 6 ip nameserver sourceinterface
DRGOS

domain All DNS queries for hosts in this DHCP option 119 domain
domain are directed to the DNS
server.

115
Configuring DNS

Examples for Configuring DNS

In the following configuration examples, DRGOS is presumed to be configured as:
interface vlan1
ip address dhcp
service mgmt
interface vlan2
ip address dhcp
service voip
interface vlan3
ip address dhcp
service nat

management source-interface vlan1

cwmp acs server http://acs.mgmt.example.com

voice
voice signaling source-interface vlan2
voice media source-interface vlan2

voice line 1
sip proxy proxy.voip.example.com
sip domain 172.19.41.252
sip phone-number 2001

interface lan
ip nat external-interface vlan3

DNS should be configured such that DNS queries are handled as follows:
• If a DNS query contains a hostname with the domain name mgmt.example.com,
it is only sent to the DNS servers configured, or learned, on VLAN 1 through the
VLAN 1 interface.
• If a DNS query contains a hostname with the domain name voip.example.com,
the DNS query is only sent to the DNS servers configured, or learned, on VLAN 2
through the VLAN 2 interface.
• If a DNS query contains a hostname without a domain name or with the domain
name other than mgmt.example.com or voip.example.com, the DNS query is
only sent to the DNS servers configured, or learned, on VLAN 3 through the VLAN
3 interface.

116
Configuring DNS

Configuring DNS Domain Using DHCP Options

By default, DRGOS learns about the DNS servers through DHCP option 6, and learns
about the domain name on each interface through DHCP option 119.
In this example,
• DHCP option 119 on VLAN 1 should be mgmt.example.com.
• DHCP option 119 on VLAN 2 should be voip.example.com.
• DHCP option 119 on VLAN 3 should not be configured.

Configuring Static DNS Domain for Learned DNS Servers

You can configure a domain name for the interface where the DNS servers are learned
through DHCP. In this case, the learned domain name is ignored. All DNS queries for
hosts in the configured domain are directed to the DNS server learned on this interface.
int vlan1
ip address dhcp
service mgmt
domain "mgmt.example.com"
int vlan2
ip address dhcp
service voip
domain "voip.example.com"
int vlan3
ip address dhcp
service nat

In this example, domain names for management and VoIP interfaces are configured
while the domain name is not configured for the NAT interface.

Configuring Static DNS Servers

You can statically configure a DNS server and a domain for each VLAN interface. In

117
Configuring DNS

this case, the learned DNS server and the learned domain are ignored. For example:
drgos(config)# ip name-server 1.1.1.1 source-interface vlan1
drgos(config)# ip name-server 2.1.1.1 source-interface vlan2
drgos(config)# ip name-server 3.1.1.1 source-interface vlan3
int vlan1
ip address dhcp
service mgmt
domain "mgmt.example.com"
int vlan2
ip address dhcp
service voip
domain "voip.example.com"

In this example, domain names for management and VoIP interfaces are configured;
domain name is not configured for the NAT interface.

Viewing DNS Servers

To view the current DNS servers and domains on each interface:
drgos# show ip name-server
Interface Name Server Domain
vlan1 1.1.1.1 mgmt.example.com
vlan2 1.1.1.2 voip.example.com
vlan3 1.1.1.3

Configuring Hostname Resolution Rules

You can locally configure hostname and IP address mappings for DNS resolution. You
can configure one IPv4 address and/or one IPv6 address for each hostname or FQDN.
For example,
drgos# ip host foo.example.org 192.168.1.10

drgos# ip host foo.example.org fe80::20f:5dff:fea0:91

118
Configuring UPnP

Universal Plug and Play (UPnP) is a set of networking protocols for primarily
residential networks without expert administrators that permits networked devices,
such as personal computers, printers, Internet gateways, WiFi access points, mobile
device, to seamlessly discover each other’s presence on the network and to establish
functional network services for data sharing, communications, and entertainment. The
UPnP technology is promulgated by the UPnP Forum.
The concept of UPnP is an extension of plugandplay, a technology for dynamically
attaching devices directly to a computer, although UPnP is not directly related to the
earlier plugandplay technology. UPnP devices are "plugandplay" in that when
connected to a network they automatically established working configurations with
other devices.
This chapter describes the following:
• “UPnP Implementation in DRGOS” on page 120
• “Configuring UPnP” on page 120

119
Configuring UPnP

UPnP Implementation in DRGOS

DRGOS implements a standard Internet Gateway Device (IGD) for UPnP
networking.
The IGD encapsulates all subdevices and services for the Internet Gateway Device
Control Protocol (DCP).
The Internet Gateway is an “edge” device that connects between a residential Local
Area Network (LAN) and the Wide Area Network (WAN), to provide connectivity to
the Internet. The gateway may be physically implemented as a dedicated, standalone
device, or modeled as a set of UPnP devices and services on a PC. This version of the
DCP does not cover small business networks. Discovery and access to services from
outside the home network is not recommended, unless adequate authentication,
authorization and access control mechanisms are built into the device. This is not
currently specified within the UPnP architecture framework.

Configuring UPnP
By default, UPnP is disabled on the RG for security considerations. The RG provides
the following commands to configure UPnP:

Table 24 UPnP commands

Command Description

ip upnp Enable or disable UPnP service

ip upnp sourceinterface Define the external interface for UPnP operation

ip upnp laninterface Define the internal interface for UPnP operation

To setup UPnP on the RG, do the following:

drgos(config)# ip upnp lan-interface lan

drgos(config)# interface vlan100

drgos(config-if-vlan)# ip address dhcp

drgos(config)# ip upnp source-interface vlan100

drgos(config)# ip upnp

120
Configuring QoS

The following are described in this chapter:

• “QoS Implementation in DRGOS” on page 122
• “Configuring Egress Traffic Prioritization” on page 123
• “Configuring Queueing and Scheduling” on page 124
• “Configuring Egress Rate Shaping and Ingress Rate Limiting” on page 125

121
Configuring QoS

QoS Implementation in DRGOS

Currently, the Quality of Service (QoS) implementation in DRGOS supports the
following features:
• egress traffic prioritization and scheduling
• egress rate shaping
• ingress rate limiting
These QoS features work on per port basis.

Egress Traffic Prioritization and Scheduling

DRGOS prioritizes the egress traffic by putting the traffic in queues of different
transmitting priorities. In general, traffic in a queue of a higher priority is transmitted
earlier than that in a queue of a lower priority.
Each physical interface has four transmit queues for egress traffic: 0, 1, 2, 3. Queue 3
has the highest transmitting priority while Queue 0 has the lowest transmitting
priority. By default all traffic is put in Queue 0.

IEEE 802.1p CoS

IEEE 802.1p defines a Class of Service (CoS) field in the frame header to classify the
priority of a 802.1p tagged frame. The 3bit CoS field specifies a CoS value between 0
and 7.
Table 25 shows the correspondence between traffic types and priority values as
recommended in IEEE Std 802.1Q2005.

Table 25 IEEE 802.1p priority levels

Priority Traffic characteristics

0 (lowest) Background

1 Best Effort

2 Excellent Effort

3 Critical Applications

4 Video, < 100 ms latency and jitter

5 Voice, < 10 ms latency and jitter

6 Internetwork Control

7 (highest) Network Control

Queue Scheduling
Each physical interface has four transmit queues for egress traffic. Each Layer 2 frame
that needs to be transmitted is enqueued in one of the transmit queues. The transmit
queues are then serviced based on the transmit queue scheduling algorithm.
DRGOS supports the following queue scheduling algorithms:
• Strict Priority (SP): All the frames in the highest priority queue are transmitted
before the frames in the next highest priority queue, and so on until the lowest

122
Configuring QoS

priority queue. When strict priority queuing is used, it is possible for traffic in lower
priority queues to never be transmitted if higher priority traffic is always present.
• Weighted Round Robin (WRR): Traffic in higher priority queues are transmitted
before traffic in lower priority queues based upon a weighting. A number of frames
from the top priority queue are transmitted, followed by some from the next priority
queue and so on to the lowest priority queue. This ensures that even the lower
priority queues are able to transit some frames.
The weighting used for queues 3 to 0 is 8:4:2:1 respectively.
• Hybrid mode: Some lower priority queues operate in WRR while the remainder
operate in SP mode:
– If 2 queues are selected, then queues 0 and 1 operate in WRR mode.
– If 3 queues are selected, then queues 0, 1, and 2 operate in WRR mode.

Egress Rate Shaping

Egress rate shaping is used to limit data bursts that can congest a network. A maximum
limit rate can be set to limit the egress data rate on a port. Before being transmitted, the
frames queued on the port may be stored in a buffer and then sent into the network
with delays inserted between the frames.
Egress rate shaping increases delay and possibly jitter. Some frames may be dropped
because of insufficient buffers.

Ingress Rate Limiting

Ingress rate limiting is used to police the ingress data rates. A maximum limit rate can
be set to limit the data rate of ingress traffic on a port.

Configuring Egress Traffic Prioritization

Configuring 802.1p CoS Values for Data Traffic

You can configure the 802.1p CoS value for untagged ingress data traffic on a per LAN
port basis. The LAN port must be a member of the untagged VLAN. All LAN ports
use a default 802.1p CoS value of zero.
As the data traffic has the lowest priority, in most cases, use the default 802.1p CoS
value (0) on the LAN ports.
To configure another 802.1p CoS value for a LAN port:
drgos(config)# interface lan/ethernet3
drgos(config-if-lan-eth)# vlan member 1000
drgos(config-if-lan-eth)# vlan untagged 1000 priority 2

Configuring 802.1p CoS Values for VoIP Traffic

You can use the following commands to configure 802.1p CoS values for different

123
Configuring QoS

traffic types:

Command Description

voip media priority Configures the 802.1p CoS value for VoIP media traffic

voip signaling priority Configures the 802.1p CoS value for VoIP signaling traffic

Here is an example:
Configure the 802.1p CoS value for the VoIP traffic as recommended in IEEE Std
802.1Q2005:
drgos(config)# voice

drgos(config-voice)# voip media priority 5

drgos(config-voice)# voip signaling priority 5

Configuring Queueing and Scheduling

The following table shows the default configurations:

Feature Default mapping

802.1ptoqueue mapping 802.1p CoS 0 = queue 0

802.1p CoS 1 = queue 0
802.1p CoS 2 = queue 0
802.1p CoS 3 = queue 0
802.1p CoS 4 = queue 0
802.1p CoS 5 = queue 0
802.1p CoS 6 = queue 0
802.1p CoS 7 = queue 0

Queue scheduling algorithm SP for all physical interfaces

You can use the following commands to configure queueing and scheduling:

Command Description

cos map Configures the mapping between the 802.1p CoS values and queues

queuescheduling Configures how queue scheduling algorithm is applied to the transmit queues on a physical
interface

Example 39 shows how to configure queueing and scheduling for egress traffic on the
WAN interface.
Example 39 Configuring queueing and scheduling
Use WRR scheduling on the WAN interface. The purpose is to not totally block the
traffic with low priority.
drgos(config)# interfaces wan

drgos(config-if-wan)# queue-scheduling mode wrr

Assign traffic with 802.1p CoS value 7 to the queue of the highest priority:

124
Configuring QoS

drgos(config)# cos map dot1p 7 queue 3

Assign traffic with 802.1p CoS value 5 to the queue of the second highest priority:
drgos(config)# cos map dot1p 5 queue 2

Traffic of CoS values that have no queue assigned is put in the queue of the lowest
priority, i.e Queue 0. In Example 39, data traffic with CoS values 04 and 6 is put in
Queue 0.

Configuring Egress Rate Shaping and Ingress Rate Limiting

By default, egress rate shaping and ingress rate limiting are disabled. You can enable
these features by specifying a limit rate in kilobits per second (Kbps) in the range of 64
Kbps to 1000 Mbps.
Because of hardware limitations, the supported values may vary between different
hardware platforms.
For the drg700 platform (DRG700v1), the supported values have the following
restrictions:
• from 64 Kbps to 1 Mbps in increments of 64 Kbps
• from 1 Mbps to 100 Mbps in increments of 1 Mbps
• from 100 Mbps to 1000 Mbps in increments of 10 Mbps
For all other platforms, the supported values have the following restrictions: from 64
Kbps to 1000 Mbps in increments of 32 Kbps.
If the operator specifies a value not compliant with these restrictions, DRGOS uses the
best approximation around the specified value.
The following example shows how to configure the egress limit rate and the ingress
limit rate on the WAN interface:
drgos(config)# interface wan
drgos(config-if-wan)# rate-limit ingress 90000
drgos(config-if-wan)# rate-limit egress 30000

The following example shows how to configure the egress limit rate and the ingress
limit rate on a LAN interface:
drgos(config)# interface lan/ethernet2
drgos(config-if-lan-eth)# rate-limit ingress 128
drgos(config-if-lan-eth)# rate-limit egress 64000

125
Troubleshooting

This chapter describes the following:

• “Checking Basic Information” on page 127
• “Troubleshooting System Administration Problems” on page 127
• “Checking DHCP Information” on page 127
• “Checking Firewall Logs” on page 127

126
Troubleshooting

Checking Basic Information

Table 26 shows the commands used for checking basic information about the RG.

Table 26 Commands for checking basic information

To view..., use the command...

the version of the current image, the bootloader, and the bootstrap show version

the hardware platform show version

information about the physical or logical interfaces show interface

Troubleshooting System Administration Problems

Table 27 shows how to view the information used for troubleshooting system
administration problems.

Table 27 Commands for troubleshooting system administration problems

To view..., use the command...

the cause of the last reboot and the uptime show version

the amount of free and used memory in the system show memory

all the current processes show processes

details about the open network sockets show sockets

the CPU load in a past period of time show system load

Checking DHCP Information

After an upstream DHCP server assigns an IP address to the RG, you can use the show
dhcp client lease command to view the DHCP lease information. This information
includes lease status, requested DHCP options, status of updating configuration file
and upgrading firmware, and so on. DHCP options inherited from the DHCP server
are also displayed.
When the RG is acting as a DHCP server, use the following commands to view the
information about the DHCP clients:
• show dhcp server clients, which lists all the DHCP clients and shows the basic
information
• show dhcp server lease, which shows the lease information for the DHCP clients
or a specific DHCP client

Checking Firewall Logs

DRGOS implements a firewall according to TR124. The firewall drops or denies IPv4
access requests from WAN side connections to LAN side devices and to the RG itself
except in direct response to outgoing traffic, or as explicitly permitted through

127
Troubleshooting

configuration of the RG (e.g. for port forwarding or management).

The firewall logs are stored in DRGOS and can be displayed using the show logging
facility local2 command. The log shows all transactions that violate firewall rules and
traffic drops compliant with the firewall rules.
drgos# show logging facility local2
Jan 1 00:02:04 local2.notice ulogd[2435]: Firewall FORWARD:
IN=tap2 OUT=br-v lan100
MAC=00:0f:5d:a0:1e:7a:00:00:00:40:01:00:08:00 SRC=10.195.4.1
DST=10.195.4.104 LEN=48 TOS=00 PREC=0x00 TTL=63 ID=42548 CE
PROTO=ICMP TYPE=8 CODE=0 ID=53474 SEQ=0
Jan 1 00:02:04 local2.notice ulogd[2435]: Firewall FORWARD:
IN=tap1 OUT=br-v lan100
MAC=00:0f:5d:a0:1e:70:00:00:00:40:01:00:08:00 SRC=10.195.4.1
DST=10.195.4.100 LEN=328 TOS=10 PREC=0x00 TTL=127 ID=0 PROTO=UDP
SPT=67 DPT=68 LEN=308

Note: In common with many systems, the logging of firewall events is ratelimited to
prevent a sustained attack from filling the firewall log too swiftly. Frames from
each unique source are all logged, but repeat frames are only logged at a rate of 1
per minute.

128
Appendix A – Open Source Licenses

Open source packages are used to provide some functionality. These packages are
licensed under standard open source licenses, which are shown below for each package.

License for package(s):

libpcap 1.1.1

tcpdump 4.1.1
License: BSD
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. The names of the authors may not be used to endorse or promote
products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

License for package(s):

pcre 8.11
PCRE LICENCE
PCRE is a library of functions to support regular expressions whose syntax
and semantics are as close as possible to those of the Perl 5 language.
Release 8 of PCRE is distributed under the terms of the "BSD" licence, as
specified below. The documentation for PCRE, supplied in the "doc"
directory, is distributed under the same terms as the software itself.
The basic library functions are written in C and are freestanding. Also
included in the distribution is a set of C++ wrapper functions.
THE BASIC LIBRARY FUNCTIONS
---
Written by: Philip Hazel
Email local part: ph10
Email domain: cam.ac.uk
University of Cambridge Computing Service,
Cambridge, England.
Copyright (c) 1997-2010 University of Cambridge
All rights reserved.

129
Open Source Licenses

THE C++ WRAPPER FUNCTIONS

-
Contributed by: Google Inc.
Copyright (c) 2007-2010, Google Inc.
All rights reserved.
THE "BSD" LICENCE
-
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the University of Cambridge nor the name of Google
Inc. nor the names of their contributors may be used to endorse or
promote products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
End

License for package(s):

dropbear 0.51
Dropbear contains a number of components from different sources, hence there
are a few licenses and authors involved. All licenses are fairly
non-restrictive.
The majority of code is written by Matt Johnston, under the license below.
Portions of the client-mode work are (c) 2004 Mihnea Stoenescu, under the
same license:
Copyright (c) 2002-2006 Matt Johnston
Portions copyright (c) 2004 Mihnea Stoenescu
All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to
deal
in the Software without restriction, including without limitation the
rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
=====

130
Open Source Licenses

LibTomCrypt and LibTomMath are written by Tom St Denis, and are Public
Domain.
=====
sshpty.c is taken from OpenSSH 3.5p1,
Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
All rights reserved
"As far as I am concerned, the code I have written for this software
can be used freely for any purpose. Any derived versions of this
software must be clearly marked as such, and if the derived work is
incompatible with the protocol description in the RFC file, it must be
called by a name other than "ssh" or "Secure Shell". "
=====
loginrec.c
loginrec.h
atomicio.h
atomicio.c
and strlcat() (included in util.c) are from OpenSSH 3.6.1p2, and are
licensed
under the 2 point BSD license.
loginrec is written primarily by Andre Lucas, atomicio.c by Theo de Raadt.
strlcat() is (c) Todd C. Miller
=====
Import code in keyimport.c is modified from PuTTY's import.c, licensed as
follows:
PuTTY is copyright 1997-2003 Simon Tatham.
Portions copyright Robert de Bath, Joris van Rantwijk, Delian
Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
Justin Bradford, and CORE SDI S.A.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

License for package(s):

argpstandalone 1.3

basefiles 14

bridgeutils 1.4

busybox 1.11.2

dnsmasq 2.55

e2fsprogs 1.40.11

ethtool 3

131
Open Source Licenses

gdbserver 7.0

gmp 4.2.1

haserl 0.9.29

hotplug2 0.9

iproute2 2.6.39

iptables 1.4.7

libcli 1.9.3

libgdbm 1.8.3

libnetfilter_conntrack 0.0.100

libnetfilter_log 1.0.0

libnetfilter_queue 1.0.0

libnfnetlink 1.0.0

libtool 1.5.24

libupnp 1.6.18

lighttpd 1.4.32

linuxatm 2.4.1

lzo 2.06

mtd 8

mtdutils 1.5.0

ncurses 5.6

ndisc6 1.0.1

netsnmp 5.4.2.1

ntpclient 2007_365

openssl 1.0.0g

ppp 2.4.3

rppppoe 3.8

rtl8192cd 1.2

132
Open Source Licenses

uci 0.7.3

udev 106

ulogd 1.24

watchdog 5.9

wirelesstools 29

zlib 1.2.3
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed

133
Open Source Licenses

under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections

134
Open Source Licenses

1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other

135
Open Source Licenses

circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively

136
Open Source Licenses

convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

License for package(s):

coreutils 7.2
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new

137
Open Source Licenses

free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the

138
Open Source Licenses

work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such

139
Open Source Licenses

measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical

140
Open Source Licenses

medium customarily used for software interchange, for a price no

more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.

141
Open Source Licenses

Corresponding Source conveyed, and Installation Information provided,

in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)

142
Open Source Licenses

provisionally, unless and until the copyright holder explicitly and

finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent

143
Open Source Licenses

(such as an express permission to practice a patent or covenant not to

sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to

144
Open Source Licenses

address new problems or concerns.

Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.

145
Open Source Licenses

Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

License for package(s):

widedhcpv6 20080615
$KAME: COPYRIGHT,v 1.2 2004/07/29 19:02:18 jinmei Exp $
Copyright (C) 1998-2004 WIDE Project.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the project nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.

License for package(s):

miniupnpd 1.4
Copyright (c) 2006-2008, Thomas BERNARD
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* The name of the author may not be used to endorse or promote products

146
Open Source Licenses

derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

License for package(s):

radvd 1.8
The author(s) grant permission for redistribution and use in source and
binary forms, with or without modification, of the software and
documentation
provided that the following conditions are met:
0. If you receive a version of the software that is specifically labelled
as not being for redistribution (check the version message and/or README),
you are not permitted to redistribute that version of the software in any
way or form.
1. All terms of all other applicable copyrights and licenses must be
followed.
2. Redistributions of source code must retain the authors' copyright
notice(s), this list of conditions, and the following disclaimer.
3. Redistributions in binary form must reproduce the authors' copyright
notice(s), this list of conditions, and the following disclaimer in the
documentation and/or other materials provided with the distribution.
4. All advertising materials mentioning features or use of this software
must display the following acknowledgement with the name(s) of the
authors as specified in the copyright notice(s) substituted where
indicated:
This product includes software developed by the authors which are
mentioned at the start of the source files and other contributors.
5. Neither the name(s) of the author(s) nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY ITS AUTHORS AND CONTRIBUTORS ``AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

147
Index

dhcp server lease, 113

dhcp server option, 112
6rd dhcp server pool, 112
configuring, 74 dial plan, 96
6to4 dial quick-dial, 97
configuring, 75 dial timeout, 97
domain, 115
A dtmf relay, 89
impedance, 93
ACL interface, 48
access control list, 58 ip access-group, 59
IPv4 ip address, 48
applying ACL to interface, 60 ip name-server source-interface, 115
commands, 59 ip nat forward, 55, 57
configuring for Internet interface, 61 ip upnp, 120
configuring for management interface, ip upnp lan-interface, 120
61 ip upnp source-interface, 120
configuring for VoIP interface, 61 ipv6 access-group, 72
default rules, 58 ipv6 access-list, 72
IPv6 ipv6 address, 69
applying ACL to interface, 73 ipv6 external-interface, 69
commands, 72 logging server, 52
default rules, 71 next-server, 112
no voip class5 call-waiting, 102
B no voip class5 internal, 98
ntp server, 50
BR ntp source-interface, 50
Border Relay, 68 ping6, 69
queue-scheduling, 124
C rate-limit egress, 125
rate-limit ingress, 125
call waiting, 102
ring-signal cadence, 93
configuring, 102
ring-signal frequency, 93
CATV
ring-signal voltage, 93
configuring, 110
show access-list, 59
CE
show catv, 110
Customer Edge, 68
show clock, 52
CLI
show dhcp client lease, 127
Command Line Interface, 7
show dhcp server clients, 127
CLI command
show dhcp server lease, 127
access-list, 59
show ipv6 access-list, 72
access-list clear-counters, 59
show ipv6 neighbors, 69
catv enable, 110
show ipv6 route, 69
catv filter, 110
show logging facility local2, 128
clear counter ipv6 access-list, 72
sip display-name, 84
clip country, 93
sip domain, 84
clock timezone, 51
sip keepalive, 86
cos map, 124
sip phone-number, 84
country, 92
sip proxy, 84
dhcp option, 112
sip timer suspend-resume, 93, 98
dhcp server class, 112
sip username, 84
dhcp server inherit option, 113
tone, 93
dhcp server inherit source-interface, 113
tunnel 6rd border-router, 75

148
Index

tunnel 6rd interface, 75 layer 2/layer 3 hybrid - VLAN per service,

tunnel 6rd ipv4-mask-length, 75 36
tunnel 6rd prefix, 75 layer 2/layer 3 hybrid - VLAN per service
tunnel mode, 74 with LAN ports in hybrid mode, 42
vlan member, 47 layer 2/layer 3 hybrid - VLAN per service
vlan untagged, 47 with tagged VLAN as management
voice, 84 interface, 39
voice line, 84 layer 3 - basic, 23
voip class5 call-waiting, 102 layer 3 - basic with DHCPv6 prefix
voip class5 internal, 98 delegation and IPv6 routing, 25
voip media dscp, 103 layer 3 - VLAN per customer and one MAC
voip media priority, 103, 124 per service, 33
voip media source-interface, 103 limitation, 45
voip relay hookflash, 92 layer 3 - VLAN per service, 27
voip signaling dscp, 103 layer 3 - VLAN per service and Internet over
voip signaling priority, 103, 124 PPPoE, 29
voip signaling source-interface, 103 layer 3 - VLAN per service with multiple
voip timer clear, 93 NATs, 31
voip timer hookflash, 93, 98 DHCP
wlan access-control, 80 debugging, 127
wlan access-policy, 80 DHCP option inheritance, 113
wlan bandwidth, 79 static lease
wlan channel, 79 configuring, 112
wlan country, 79 DHCP server
wlan mode, 79 configuring, 112
wlan security authentication wep, 80 DHCPv6, 66
wlan security key, 80 dial plan, 93
wlan security passphrase, 80 configuring, 96
wlan ssid, 79 example, 94
wlan ssid broadcast, 79 restriction, 96
wlan txpower, 79 Timer T, 96
wlan wps enable, 80 digit map, 94
CLIP configuring, 97
calling line identification presentation, 93 construct, 95
clock extended syntax, 95
configuring NTP, 50 standard syntax, 94
setting timezone, 51 DMZ
codec Demilitarized Zone, 57
defining, 87 DNS
g711a, 87 configuring using DHCP options, 117
g711u, 87 directive, 115
g729, 87 domain, 115
t38, 87 name servers, 115
codec preference Domain Name System, 114
defining, 88 DNS server
CoS learned DNS server
Class of Service, 122 configuring static DNS domain, 117
static DNS server
D configuring, 117
viewing, 118
DCP DRGOS
Device Control Protocol, 120 Digital Residential Gateway Operating
default configuration, 13 System, 7
deployment scenario DSCP
layer 2 - basic, 14 Differentiated Services Code Point, 103
layer 2 - basic with bridged WLAN, 16 DTMF
layer 2 - VLAN per customer and one MAC Dual-Tone Multifrequency, 89
per service, 21 DTMF relay mode, 89
limitation, 45 inband, 92
layer 2 - VLAN per service or port, 18 RFC2833, 91

149
Index

SIP INFO, 89, 91 system log

application/dtmf-relay format, 90 configuring logging server, 52
text/plain format, 89
N
E
NAT
egress rate shaping, 123 configuring on LAN interface, 49
EUI Network Address Translation, 49
extended unique identifier, 66 NAT port forwarding, 55
external Class 5 services NOC
configuring, 99 Network Operation Center, 59, 72
NTP
F Network Time Protocol, 50
source interface
firewall configuring, 51
debugging, 127 NTP server, 50
configuring, 50
H
O
hookflash, 98
relay open source license, 129
configuring, 92
HSI P
High Speed Internet, 42
hybrid mode, 42 PVR
personal video recorder, 42
I
Q
IEEE 802.1p CoS, 122
IGD QoS
Internet Gateway Device, 120 Quality of Service, 122
ingress rate limiting, 123 voice, 103
internal Class 5 services, 97 queue scheduling, 122
configuring, 97 configuring, 124
IP address quick dial
on LAN interface, 49 configuring, 97
IPTV
configuring, 106 R
IPv6
6rd, 68 RA
configuring connectivity, 69 Router Advertisement, 66
link-local address, 65 RTP payload type configuring, 91
M flag, 66
stateful address, 66 S
stateless address, 66
viewing connectivity, 69 SIP keepalive
configuring, 85
K SP
Strict Priority, 122
key sequence SSID
*#43#, 102 service set identifier, 79
*43#, 102 STB
#43#, 102 set-top box, 42
R0, 98
R1, 98 U
R2, 98
R3, 98 UPnP
configuring, 120
L Universal Plug and Play, 119
UTC
log Coordinated Universal Time, 51

150
Index

V
VCI
Vendor Class Identifier, 33
VLAN
Layer 3 VLAN on WAN interface, 47
on LAN interface, 49
on WAN interface, 47
VoIP, 104
voice
call waiting, 102
codec, 87
country-specific configuration, 92
dial plan, 93
internal Class 5 services, 97
call suspending and resuming, 99
call swapping, 100
conference call, 100
QoS, 103
voice line
configuring SIP domain, 84
configuring SIP proxy, 84
configuring user authentication, 84
configuring user identifier, 84
disabling, 105
DTMF relay mode, 89
enabling, 105

W
WLAN
access policy
setting, 82
SSID
configuring, 79
setting, 79
WRR
Weighted Round Robin, 123

151
www.genexis.eu

Icr 2 0456 00 Configuration Manual 6.5.2 20250303
No ratings yet
Icr 2 0456 00 Configuration Manual 6.5.2 20250303
193 pages
Ocnos DC Vxlan Guide
No ratings yet
Ocnos DC Vxlan Guide
592 pages
Advanced Traffic Management Guide
100% (1)
Advanced Traffic Management Guide
460 pages
Openstage 20
No ratings yet
Openstage 20
258 pages
(Fa-Long Luo) Digital Front-End in Wireless Commun
No ratings yet
(Fa-Long Luo) Digital Front-End in Wireless Commun
790 pages
8024F InstallGuide Ucg
No ratings yet
8024F InstallGuide Ucg
1,266 pages
ARV4518PW User Manual (2007-12-22)
No ratings yet
ARV4518PW User Manual (2007-12-22)
144 pages
Common Powerconnect-M6220 User's Guide En-Us
No ratings yet
Common Powerconnect-M6220 User's Guide En-Us
1,294 pages
(DELL) Networking-n2000-Series Deployment Guide9 En-Us
No ratings yet
(DELL) Networking-n2000-Series Deployment Guide9 En-Us
1,460 pages
Stratix 8000 and Stratix 8300 Ethernet Managed Switches: User Manual
No ratings yet
Stratix 8000 and Stratix 8300 Ethernet Managed Switches: User Manual
170 pages
Networking n1500 Series User's Guide15 en Us
No ratings yet
Networking n1500 Series User's Guide15 en Us
1,794 pages
Microsens Product Manual FW g6
100% (1)
Microsens Product Manual FW g6
515 pages
Powerconnect-7024 User's Guide En-Us
No ratings yet
Powerconnect-7024 User's Guide En-Us
1,270 pages
Presentation Webinar STORDIS Edgecore OpenWiFi 2022-04-14
No ratings yet
Presentation Webinar STORDIS Edgecore OpenWiFi 2022-04-14
23 pages
UCO Operations 2018, UCO Reporter February 2018, Edition Revised, January 27, 2018
No ratings yet
UCO Operations 2018, UCO Reporter February 2018, Edition Revised, January 27, 2018
30 pages
User Guide: AC1200 Wireless Dual Band Router
No ratings yet
User Guide: AC1200 Wireless Dual Band Router
121 pages
Networking Nxxug En-Us
No ratings yet
Networking Nxxug En-Us
1,708 pages
BlueSocket VWLAN Admin Guide
No ratings yet
BlueSocket VWLAN Admin Guide
227 pages
Westermo - MG - Ibex Series v6 10 0 1
No ratings yet
Westermo - MG - Ibex Series v6 10 0 1
670 pages
Oppo A53
No ratings yet
Oppo A53
10 pages
Application Guide: Ibm System Networking Rackswitch G8124/G8124-E
No ratings yet
Application Guide: Ibm System Networking Rackswitch G8124/G8124-E
472 pages
Networking n3000 Series Administrator Guide10 en Us
No ratings yet
Networking n3000 Series Administrator Guide10 en Us
1,782 pages
GT Configuration
No ratings yet
GT Configuration
8 pages
Cyber Security - A Promising Path
No ratings yet
Cyber Security - A Promising Path
12 pages
Poweredge-M1000e User's Guide12 En-Us
No ratings yet
Poweredge-M1000e User's Guide12 En-Us
737 pages
TL-WR841N V13
No ratings yet
TL-WR841N V13
182 pages
Poweredge-M1000e User's Guide10 En-Us
No ratings yet
Poweredge-M1000e User's Guide10 En-Us
1,246 pages
Analysis of Timing Synchronization Techniques in OFDM For SDR Waveform Performance Comparison
No ratings yet
Analysis of Timing Synchronization Techniques in OFDM For SDR Waveform Performance Comparison
6 pages
Motorola AP 5131 Manual
No ratings yet
Motorola AP 5131 Manual
614 pages
01 BuR Hardware General en
No ratings yet
01 BuR Hardware General en
116 pages
User Guide: 300Mbps Wireless N Router TL-WR840N
No ratings yet
User Guide: 300Mbps Wireless N Router TL-WR840N
131 pages
Chapter - 8 Network Security
No ratings yet
Chapter - 8 Network Security
39 pages
Instrukcja Konfiguracji
No ratings yet
Instrukcja Konfiguracji
170 pages
G8316 Ag 7-9 PDF
No ratings yet
G8316 Ag 7-9 PDF
586 pages
TL-WR740N (EU) V7 UG 1474248366966c
No ratings yet
TL-WR740N (EU) V7 UG 1474248366966c
87 pages
IT All Chapters Notes
No ratings yet
IT All Chapters Notes
14 pages
MRX UserManual
No ratings yet
MRX UserManual
254 pages
IDS
No ratings yet
IDS
36 pages
Samsung NP355E4C A04MX Compal La 8868p r1.0 Schematics
100% (2)
Samsung NP355E4C A04MX Compal La 8868p r1.0 Schematics
44 pages
00cg956 PDF
No ratings yet
00cg956 PDF
550 pages
airOS UG
No ratings yet
airOS UG
68 pages
XN020 G3v (BR00) UG
No ratings yet
XN020 G3v (BR00) UG
98 pages
Machine Learning For The Detection and Identification of Internet of Things Devices A Survey
No ratings yet
Machine Learning For The Detection and Identification of Internet of Things Devices A Survey
24 pages
Router Basics
No ratings yet
Router Basics
33 pages
Managed Switch Software User Manual
No ratings yet
Managed Switch Software User Manual
197 pages
AEi Product Catalogue PDF
No ratings yet
AEi Product Catalogue PDF
24 pages
XOS 9.5.4.0 Xos Configuration Guide
No ratings yet
XOS 9.5.4.0 Xos Configuration Guide
306 pages
G8124-E Ag 8-3 PDF
No ratings yet
G8124-E Ag 8-3 PDF
526 pages
Guia de Usuario Routers Tp-link-WR840N (EU) - V5 - UG
No ratings yet
Guia de Usuario Routers Tp-link-WR840N (EU) - V5 - UG
120 pages
Sonicos 6 5 Security Configuration PDF
No ratings yet
Sonicos 6 5 Security Configuration PDF
352 pages
Powerconnect-5316m User's Guide En-Us
No ratings yet
Powerconnect-5316m User's Guide En-Us
334 pages
Wireless Access Point Guide
No ratings yet
Wireless Access Point Guide
706 pages
Si3012 FS Modem
No ratings yet
Si3012 FS Modem
54 pages
Mercusys - Manual Usuario - MR70X - UG - REV1.0.0
No ratings yet
Mercusys - Manual Usuario - MR70X - UG - REV1.0.0
85 pages
Network Deployments r7-3 Revm November2015 0
No ratings yet
Network Deployments r7-3 Revm November2015 0
270 pages
OTN - Advance Testing & Dividing The Network: MT1000A MT1100A MU100010A MU110010A MU110011A MU110012A
No ratings yet
OTN - Advance Testing & Dividing The Network: MT1000A MT1100A MU100010A MU110010A MU110011A MU110012A
6 pages
Administration Manual OpenScape Desk Phone IP OpenScape Voice PDF
No ratings yet
Administration Manual OpenScape Desk Phone IP OpenScape Voice PDF
334 pages
13-Ingles-10-01-02 (Actividad 2 Tercer Periodo)
No ratings yet
13-Ingles-10-01-02 (Actividad 2 Tercer Periodo)
3 pages
700 - 7000 Managed Industrial Ethernet Switches Software Manual
No ratings yet
700 - 7000 Managed Industrial Ethernet Switches Software Manual
153 pages
Configuracion de Netgear
No ratings yet
Configuracion de Netgear
365 pages
Network Storage Router E1200 160 User Guide
No ratings yet
Network Storage Router E1200 160 User Guide
200 pages
NB3700 Manual 3.7.0.101
No ratings yet
NB3700 Manual 3.7.0.101
202 pages
Dell EMC Networking N-Series Configuracion
No ratings yet
Dell EMC Networking N-Series Configuracion
1,766 pages
Cyberlink 2100 Manual
No ratings yet
Cyberlink 2100 Manual
188 pages
Netgear GS108T GS110TP
No ratings yet
Netgear GS108T GS110TP
269 pages
Westermo MG 6623-3210 BRD-MRD
No ratings yet
Westermo MG 6623-3210 BRD-MRD
278 pages
Cisco SBA BN MPLSWANDeploymentGuide-Feb2013
No ratings yet
Cisco SBA BN MPLSWANDeploymentGuide-Feb2013
76 pages
User Guide: 300Mbps Wireless N Router TL-WR841N
No ratings yet
User Guide: 300Mbps Wireless N Router TL-WR841N
184 pages
ASR 9901 - Datasheet-C78-740540
No ratings yet
ASR 9901 - Datasheet-C78-740540
11 pages
Netgear GS752TXS User Manual
No ratings yet
Netgear GS752TXS User Manual
318 pages
Dept. of Electronics and Communication, Govt. Engineering College, Thrissur ECS 10103 Advanced Digital Signal Processing Tutorial Sheet-1
No ratings yet
Dept. of Electronics and Communication, Govt. Engineering College, Thrissur ECS 10103 Advanced Digital Signal Processing Tutorial Sheet-1
1 page
BridgeandRoutingGuide 765-00271 v1.2
No ratings yet
BridgeandRoutingGuide 765-00271 v1.2
45 pages
Vh2402s-Web Management Guide
No ratings yet
Vh2402s-Web Management Guide
68 pages
Archer C6 (EU JP) - UG
No ratings yet
Archer C6 (EU JP) - UG
94 pages
Dovecot Training in English 2024 02
No ratings yet
Dovecot Training in English 2024 02
3 pages
MOP For Bharti MGCF Codec Standardization For VoLTE in Huawei MGCF
No ratings yet
MOP For Bharti MGCF Codec Standardization For VoLTE in Huawei MGCF
10 pages
Transmission Media Notes 2
No ratings yet
Transmission Media Notes 2
3 pages
Railnet Comprises of Two Major Components
No ratings yet
Railnet Comprises of Two Major Components
3 pages
Installation and Management Guide v1.0
No ratings yet
Installation and Management Guide v1.0
211 pages
RRU3929 Description: Huawei Technologies Co., LTD
No ratings yet
RRU3929 Description: Huawei Technologies Co., LTD
18 pages
EIGRP
No ratings yet
EIGRP
13 pages
Camel Prepay
No ratings yet
Camel Prepay
1 page
411 9001 213 - 18.06 - Fundamentals bts9000
No ratings yet
411 9001 213 - 18.06 - Fundamentals bts9000
162 pages
SpaceX Response To RDOF Order (12!12!2023)
No ratings yet
SpaceX Response To RDOF Order (12!12!2023)
3 pages
Tsunami™QB-8100-Series Inst&amp MgmtGuide v2.5 SWv2.3.5
No ratings yet
Tsunami™QB-8100-Series Inst&amp MgmtGuide v2.5 SWv2.3.5
204 pages
DSP Setting Fundamentals PDF
No ratings yet
DSP Setting Fundamentals PDF
14 pages
Gigaset: Se361 Wlan
No ratings yet
Gigaset: Se361 Wlan
0 pages
ChatGPT for Business: Strategies for Success
From Everand
ChatGPT for Business: Strategies for Success
Matthew C. Smith
1/5 (1)
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
From Everand
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
Matthew C. Smith
No ratings yet