Manuals / Motorola / Computer Equipment / Network Router

Motorola 3397GP manual 206, Packet Filtering Settings

Models: 3397GP

1 262

Download 262 pages 31.83 Kb

Page 206

Administrator’s Handbook

Packet Filtering Settings

Packet Filtering has two parts:

❑Create/Edit/Delete Filter Sets, create/edit/delete rules to a Filter Set.

❑Associate a created Filter Set with a WAN or LAN interface

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index forward [ on off ]

Creates or edits a ﬁlter rule, specifying whether packets will be forwarded or not.

☛NOTE:

If this is the ﬁrst rule, it will create the ﬁlter-set called ﬁlterset-name, otherwise it will edit the ﬁlterset.

If the index is not consecutive, the system will select the next consecutive index. If the index does not exist, a rule will be created. If a rule exists, the rule will be edited.

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index idle-reset [ on off ]

Turns idle reset on or off for the speciﬁed ﬁlter rule. A match on this rule resets idle-timeout status and keeps the WAN connection alive. The default is off. For idle-resetto be displayed, forward must be enabled on a ﬁlter rule.

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index frc-rte [ on off ]

Turns forced routing on or off for the speciﬁed ﬁlter rule. A match on this rule will force a route for pack- ets. The default is off. For frc-rteto be displayed, forward must be enabled on a ﬁlter rule.

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index gateway ip_addr

Speciﬁes the gateway IP address for forced routed packets, if forced routing is enabled.

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index src-ip ip_addr

Speciﬁes the source IP address to match packets (where the packet was sent from).

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index src-mask mask

Speciﬁes the source IP mask to match packets (where the packet was sent from).

206

Image 206

Motorola 3397GP manual 206, Packet Filtering Settings

Contents

Administrator’s Handbook Part Number Table of Contents Home Page Expert Mode 127 Index Setting up Your Motorola Netopia Gateway What’s New Important Safety Instructions Power Supply InstallationBewahren Sie diese Anweisungen auf Wichtige SicherheitshinweiseAchtung Set up your Gateway Conﬁgure Your PC for Dynamic Addressing Microsoft WindowsPage Select Built-in Ethernet Select Conﬁgure Using Dhcp Motorola Netopia Gateway Quickstart Select your language from the pull-down menu and click NextClick OK PPPoE QuickstartPage Administrator’s Handbook Basic Mode Features Connection Information HomeHome Page Information Router Information Local NetworkMore Buttons Links Bar Firewall Firewall BackgroundFirewall Setting Off Low/Medium High DhcpGateway LAN Side Wireless Protected Setup Page Wireless ID Ssid WirelessEnable Wireless Enable Wireless Protected Setup WPSEnable Wireless Scheduler PrivacyOperating Mode Advanced Conﬁguration Options optionalAutoChannel Setting Enable Wireless Scheduler Enable Wireless Protected Setup WPSPrivacy Radius Server authentication WPA-PSK WEP-Manual Examples WEP-Automatic Enable Multiple Wireless IDs Administrator’s Handbook Page WiFi Multimedia Page Wireless MAC Authorization optional Page Once you choose a software service or game, click Enable GamingList of Supported Games and Software FTPNntp Deﬁne Custom Service Static NAT Expert Mode Troubleshoot Diagnostics Result MeaningStatistics Downstream and Upstream statisticsIP interfaces EthernetGeneral Network Routing Table and Host Routing TableDhcp Server Status May be On or Off WirelessLogs Devices on LANHelp Administrator’s Handbook Expert Mode Home Page Expert Mode Gateway Information Local NetworkMore Buttons Help LAN/WAN Conﬁgure Connection Administrator’s Handbook LAN/WAN Dhcp Server Page IP Passthrough RestrictionNAT List of Supported Games and Software Nntp Deﬁne Custom Service Static NAT Router Password Time Zone Vlan OverviewEthernet Switching/Policy Setup Administrator’s Handbook Vlan Port Conﬁguration screen appears Administrator’s Handbook Page Administrator’s Handbook VoIP SIP Line Entry Call Features Settings Digit MapAdministrator’s Handbook Wireless Enable Wireless Scheduler Operating Mode Default ChannelAbout Closed System Mode and Wireless Encryption AutoChannel SettingEnable Closed System Mode Block Wireless Bridging PrivacyRadius Server authentication WPA-PSK WEP-Manual Examples WEP-Automatic Enable Multiple Wireless IDs 100 101 102 103 104 105 Statistics 106107 108 Diagnostics 109Remote Access 110From your PC Update RouterFrom a Server 111Reset Router 112Restart Router 113Basic Mode 114Basic Troubleshooting 115116 Status Indicator LightsPower EthernetModel 2241N only 117Action 118 Ethernet 1, 2, 3Wireless 119Line Phone 1, Phone Power Ethernet 1, 2, 3 Wireless Internet120 Wireless Ethernet 1, 2, 3 121Models only Ethernet 1, 2, 3 122DSL 1 & 2 ADSL2+ 123 LED Function Summary Matrix 124125 2241N 3347-02 Factory Reset SwitchSeries2240N 2246NCommand Line Interface 127Config Commands 128Overview 129Keywords Command Verbs Status and/or Description130 Starting and Ending a CLI Session Using the CLI Help FacilitySaving Settings LoggingShell Prompt About Shell CommandsShell Command Shortcuts 132Shell Commands Common Commands134 License keyLoglevel level Netstat -r Reset arpNetstat QuitReset crash Reset atmReset cdmode Reset dhcp serverReset wepkeys Reset wan-users all ip-addressReset wan Show backupShow dhcp server leases Show daylight-savingsShow dhcp agent Show diffservShow group-mgmt Show featuresShow etheroam ah Show ip arpShow ip state-insp Show ip lan-discoveryShow ip routes Show ipmap141 Show summaryShow vlan 142 Show voip Show wireless allShow wireless clients MACaddress Voip rtpstatsWAN Commands Navigating the Config Hierarchy About Config CommandsConfig Mode Prompt Show ppp stats lcp ipcpDisplaying Current Gateway Settings Entering Commands in Config ModeGuidelines Config Commands Set ip ethernet a ipaddress147 Step Mode a CLI Conﬁguration TechniqueValidating Your Conﬁguration Config Commands Remote ATA Conﬁguration CommandsSet ata proﬁle 0.. ata-proxy-server ipaddr Set ata proﬁle 0.. ata-user-password stringSet ata proﬁle 0.. ata-static-wan-gateway ipaddr Set ata proﬁle 0.. ata-proxy-port portDSL Commands Set atm vccn pppoe-sessions 1 Bridging SettingsSet atm vcc n vci 0 Set bridge sys-bridge on offSet bridge dhcp-ﬁlterset string Set bridge table-timeout 30Set bridge concurrent-bridging-routing on off Set bridge ethernet option on offDhcp Settings Set dhcp gen-option name name Set dhcp range 2.. start-address ipaddressSet dhcp range 2.. end-address ipaddress Set dhcp gen-option option 1155 Option Data Format Data Size Can Bytes Conﬁgure156 Set dhcp gen-option data-type ascii hex dotted-decimalSet dhcp gen-option data data 157 Set dhcp ﬁlterset name string rule n dhcp-option 0Set dhcp ﬁlterset name string rule n match-str matchstring Set dhcp assigned-ﬁlterset string Set dhcp ﬁlterset name string rule n match-pool ipaddressSet dhcp ﬁlterset name string rule n absent-pool ipaddress 158DMT Settings Domain Name System Settings 161 Igmp Version 3 supports Igmp Settings162 Set igmp query-intvl value Set igmp snooping off onSet igmp robustness value Set igmp query-response-intvl valueIP Settings Set ip dsl vccn address ipaddress Set ip arp-timeout 60Set ip dsl vccn restrictions admin-disabled none Set ip dsl vccn broadcast broadcastaddressSet ip dsl vccn unnumbered on off Set ip dsl vccn mcast-fwd on offSet ip dsl vccn igmp-null-source-addr on off Set ip dsl vccn dns acquired-dns-priority 0Set ip ethernet a address ipaddress Set ip ethernet a restrictions none admin-disabledSet ip ethernet a option on off Set ip ethernet a broadcast broadcastaddressSet ip ethernet a subnet n address ipaddress Set ip ethernet a rip-receive off v1 v2 v1-compat v2-MD5Set ip ethernet a subnet 2 .. option on off Set ip ethernet a subnet n netmask netmaskSet ip ip-ppp vccn address ipaddress Set ip ip-ppp vccn restrictions admin-disabled noneSet ip ip-ppp vccn option on off Set ip ip-ppp vccn peer-address ipaddressSet ip ip-ppp vccn igmp-null-source-addr on off Set ip ip-ppp vccn rip-send off v1 v2 v1-compat v2-MD5Set ip ip-ppp vccn rip-receive off v1 v2 v1-compat v2-MD5 Set ip ip-ppp vccn mcast-fwd on offSet ip ipsec-passthrough off on Set ip static-arp ip-addressipaddressSet ip igmp-forwarding off on 171Set ip prioritize off on Set ip sip-passthrough on offSet ip rtsp-passthrough off on 172173 Set diffserv option off onSet diffserv lohi-ratio 60 100 percent 174 QoS Setting TOS Bit Value BehaviorQos off assure expedite network-control Set diffserv qos dscp-map default custom 175176 Set diffserv qos dscp-map-23 expediteQueue Conﬁguration 177178 Set queue name wfq weight-type bps 179180 Set queue name priorityqueuename default-inputqueuename 181Rate-limiting weighted fair queue to 100Kbps 182183 Set ip static-routes destination-networknetaddressDelete ip static-routes destination-network netaddress Set ip-maps name name external-ip ipaddress IPMaps SettingsSet ip-maps name name internal-ip ipaddress 184Set nat-default dhcp-enable on off Network Address Translation NAT Default SettingsSet nat-default mode off default-server ip-passthrough Set nat-default address ipaddressNetwork Address Translation NAT Pinhole Settings PPPoE /PPPoA Settings Set ppp module vccn lost-echoes-max integer Set ppp module vccn restart-timer integerSet ppp module vccn port-authentication Set ppp module vccn failures-max integerOption off on pap-only chap-only Set ppp module vccn port-authentication username usernameSet ppp module vccn port-authentication password password 189Set wan-over-ether pppoe-with-ipoe on off PPPoE with IPoE SettingsSet wan-over-ether pppoe on off Set wan-over-ether ipoe-sessions 1Set ip ip-ppp vcc1 mcast-fwd on off Ethernet Port SettingsSet atm vcc n encap pppoe-llc Set ip ip-ppp vcc1 igmp-null-source-addr off on802.3ah Ethernet OAM Settings Set preference more lines Command Line Interface Preference SettingsSet preference verbose on off 193Set servers telnet-tcp 1 Port Renumbering SettingsSet servers web-http 1 194Set security ﬁrewall option high medium low off Security SettingsSet security ipsec tunnels name 123 tun-enable on off Set security ipsec option off on offSet security ipsec tunnels name 123 IKE-mode DH-group 1 2 196Set security ipsec tunnels name 123 nat-enable on off Set security ipsec tunnels name 123 xauth enable off onSet security ipsec tunnels name 123 xauth password password Set security ipsec tunnels name 123 xauth username username198 Set security ipsec tunnels name 123 local-id idvalueSet security ipsec tunnels name 123 remote-id idvalue 199 200 Parameter Motorola Netopia Peer Gateway201 Field DescriptionPFS Enable 202203 Set security state-insp dos-detect off on Set security state-insp tcp-timeout 30Set security state-insp udp-timeout 30 Set security state-insp xposed-addr exposed-address# n205 Packet Filtering Settings 206207 Operator208 Snmp Settings 210 System SettingsSet system name name Set system password admin user Set system idle-timeout telnet 1...120 http 1Set system username administrator name user name Set system ftp-server option off onSleep Contact-email string@domainname location string 212213 Set system zerotouch option on offSet system zerotouch redirect-url redirection-URL Syslog Default syslog installation procedure 215Wireless Settings supported models 217 Set wireless scheduler end-time hhminSet wireless multi-ssid option on off 218 Set wireless no-bridging off onSet wireless tx-power full medium fair low minimal Set wireless wmm option off on 219220 Set wireless network-id privacy default-keyid Set wireless network-id wps off onSet wireless network-id privacy pre-shared-key string 221Example 40bit key 02468ACE02 Set wireless mac-auth option on off222 Set radius alt-radius-name servernamestring Set radius radius-name servernamestringSet radius radius-secret sharedsecret Set radius alt-radius-secret sharedsecretVlan Settings 225 Set vlan name name ports port port-pbits 0Set vlan name name ip-interface ipinterface 226 Assign an IP interface227 Set vlan name PPPoE11 id228 Set voip phone 1 2 sip-option off on VoIP settings supported modelsSet voip phone 1 2 sip-registrar-setting sip-expires-time 0 Set voip phone 1 2 sip-proxy-server servername ipaddressSet voip phone 1 2 sip-user-name username Set voip phone 1 2 sip-user-password passwordSet voip phone 1 2 sip-user-display-name name Set voip phone 1 2 auth-id stringSet voip phone 1 2 sip-advanced-setting rtp-qos-tos-value 0 Set voip phone 1 2 sip-advanced-setting sip-q-value 0Set voip phone 1 2 sip-advanced-setting sip-qos-tos-value 0 Set voip phone 1 2 codec G72632 priority 1 2 3 4 5 6 7 none232 233 Set voip phone 1 sip-advanced-setting sip-dtmf-mode rfc2833 234UPnP settings DSL Forum settings236 TR-069Remote Management settings Set backup failure-timeout 1 Backup IP Gateway SettingsSet backup option disabled manual automatic Set backup auto-recovery off onSet ip backup-gateway default ipaddress Set ip backup-gateway option on offSet ip backup-gateway interface ip-address ppp-vccn 239Vdsl Settings 240241 242 Vdsl Parameters Accepted Values243 Parameter244 Accepted Values245 246 Technical Specifications and Safety Information DescriptionInternational Agency approvalsNorth America Declaration for Canadian users Manufacturer’s Declaration of Conformance247 Telecommunication installation cautions Important Safety InstructionsAustralian Safety Information 248CFR Part 68 Information 249250 Electrical Safety AdvisoryWarranty Information Limited Warranty 251Copyright Acknowledgments 252253 Caring for the Environment by Recycling 254Reciclagem do seu equipamento Motorola 255Uw Motorola-materiaal recycleren Återvinning av din Motorola-utrustning256 Index 258 Shell 260