Manuals / Motorola / Computer Equipment / Network Router

Motorola 7.7.4 manual Set security ipsec tunnels name 123 xauth enable off on, 259

Models: 7.7.4

1 351

Download 351 pages 50.78 Kb

Page 259

CONFIG Commands

set security ipsec tunnels name "123" IKE-mode PFS-enable { off on }

See page 94 for details about SafeHarbour IPsec tunnel capability.

set security ipsec tunnels name "123" IKE-mode invalid-spi-recovery { off on }

Enables the Gateway to re-establish the tunnel if either the Motorola Netopia® Gateway or the peer gateway is rebooted.

set security ipsec tunnels name "123" xauth enable {off on }

Enables or disables Xauth extensions to IPsec, when IKE-modeneg-methodis set to

aggressive. Default is off.

set security ipsec tunnels name "123" xauth username username

Sets the Xauth username, if Xauth is enabled.

set security ipsec tunnels name "123" xauth password password

Sets the Xauth password, if Xauth is enabled.

set security ipsec tunnels name "123" nat-enable { on off }

Enables or disables NAT on the speciﬁed IPsec tunnel. The default is off.

set security ipsec tunnels name "123" nat-pat-address ip-address

Speciﬁes the NAT port address translation IP address for the speciﬁed IPsec tunnel.

set security ipsec tunnels name "123" local-id-type { IP-address Subnet Hostname ASCII }

Speciﬁes the NAT local ID type for the speciﬁed IPsec tunnel, when Aggressive Mode is set.

259

Image 259

Motorola 7.7.4 manual Set security ipsec tunnels name 123 xauth enable off on, 259

Contents

Administrator’s Handbook Copyright Table of Contents Advanced Setup Index Table of Contents Introduction Organization Documentation Conventions Bold terminal type User-entered text face Overview of Major Capabilities Instant-On PPP PPPoE/PPPoA Point-to-Point Protocol over Ethernet/ATMWide Area Network Termination DNS Proxy Dhcp Dynamic Host Conﬁguration Protocol ServerUPnP Embedded Web Server DiagnosticsManagement Password Protection Remote Access ControlNetwork Address Translation NAT Motorola Netopia Gateway NATCombination NAT Bypass Conﬁguration Motorola Netopia Advanced Features for NATDefault Server Internal ServersVPN IPSec Pass Through IP-PassthroughVPN IPSec Tunnel Termination Dynamic DNS Stateful Inspection Firewall Page Basic Mode Setup Important Safety Instructions Set up the Motorola Netopia Gateway Microsoft Windows Set up the Motorola Netopia Gateway Macintosh MacOS 9 or higher or Mac OS Conﬁgure the Motorola Netopia Gateway Page Configure the Motorola Netopia Gateway Motorola Netopia Gateway Status Indicator Lights Accessing the Web User Interface Links Bar Home Page Information HomeHome Page Links Wireless ID Ssid Enable WirelessPrivacy Advanced Conﬁguration Options optional Operating ModeDefault Channel About Closed System Mode and Wireless Encryption Privacy Radius Server authentication Page WPA-PSK WEP-Manual Examples Enable Multiple Wireless IDs Home Page WiFi Multimedia Page Wireless MAC Authorization optional Page Home Link Gaming Supported Games and Software Http Deﬁne Custom Service Page Static NAT Page Link Advanced Setup Link Status ATM LAN Wireless supported models only User List Link Diagnostics Link Help Open the Web Connection Advanced SetupPage Home Page Advanced Setup Summary Information Advanced Setup Conﬁgure Link Conﬁgure Link Connection Select the IP Type Links Bar Link Dhcp Server Additional IP Subnets Page Link IP Passthrough Click Enable Link NAT Page Supported Games and Software Nntp Deﬁne Custom Service Page Static NAT IPSec VPN Link IPSecConﬁguring an IPSec VPN Tunnel Parameter Motorola Netopia Peer Gateway Tunnel Conﬁguration page appears Click the Submit button Links Bar Parameter Descriptions 100PAT Address 101Soft MBytes 102103 104 Link Router Password105 Link Time Zone106 Overview107 Ethernet Switching/Policy Setup108 109 110 111 112 113 Multiple Wireless IDs on114 115 116 117 Example 118119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 Link Status145 Ethernet146 Wireless147 Logs148 User List149 Result Meaning 150151 Link Remote Access152 From a Server153 Link Reset Router154 Link Restart Router155 156 Help157 Basic Troubleshooting158 Status Indicator Lights159 LED Function Summary MatrixThicker than the standard telephone cable 160161 Rear View162 163 Command Line Interface164 165 Overview166 167 Config Commands168 LoggingEnding a CLI Session Saving Settings169 Shell Prompt Shell Command Shortcuts170 Common Commands 172 Download serveraddress ﬁlename conﬁrmLoglevel level License key173 Netstat -r Netstat174 Reset crash Reset arpReset atm Reset cdmodeReset security-log Reset heartbeatReset ipmap Reset logShow bridge interfaces Show backupRestart seconds Show all-info178 Show diffservShow dslf device-association Show enet allShow ip arp Show featuresShow etheroam ah Show group-mgmtShow ip ﬁrewall Show ip igmpShow ip interfaces Show ip ipsecShow rtsp Show logShow memory all Show pppoe182 Show vlan183 Show wireless clients MACaddress Show wireless all184 Who WAN CommandsUpload serveraddress ﬁlename conﬁrm View conﬁgReset ppp vccn Reset dhcp client release vcc-idReset dhcp client renew vcc-id Reset dslStart ppp vccn Config Mode PromptNavigating the Config Hierarchy Show ppp stats lcp ipcpSet ip ethernet a ipaddress Entering Commands in Config Mode188 189 Guidelines Config CommandsDisplaying Current Gateway Settings Step Mode a CLI Conﬁguration Technique190 Validating Your ConﬁgurationRemote ATA Conﬁguration Commands Set ata proﬁle 0.. ata-static-wan-gateway ipaddr Set ata proﬁle 0.. ata-dhcpc-vid stringSet ata proﬁle 0.. ata-static-wan-ip ipaddr Set ata proﬁle 0.. ata-static-wan-subnet-mask subnetmaskSet ata proﬁle 0.. ata-user-name string Set ata proﬁle 0.. ata-user-password stringSet ata proﬁle 0.. ata-outproxy-port port Set ata proﬁle 0.. ata-auth-id valueSet atm vcc n option on off DSL CommandsSet atm vcc n qos service-class cbr ubr vbr Set atm option on offSet atm vcc n vci 0 Set atm vcc n qos sustained-cell-rate 1 ...nSet atm vcc n qos max-burst-size 1 ...n Set atm vcc n vpi 0Set bridge concurrent-bridging-routing on off Bridging SettingsSet atm vccn pppoe-sessions 1 Set bridge sys-bridge on off197 Set bridge table-timeout 30Set bridge ethernet option on off Set bridge dsl vccn option on offDhcp Settings Set dhcp range 2.. end-address ipaddress Set dhcp default-option-group nameSet dhcp server-address ipaddress Set dhcp range 2.. start-address ipaddressSet dhcp gen-option option 1 Set dhcp gen-option name name200 Option Data Format Data Size Can Bytes Conﬁgure 201202 Set dhcp gen-option data data Set dhcp gen-option data-type ascii hex dotted-decimal203 Set dhcp ﬁlterset name string rule n absent-action Set dhcp ﬁlterset name string rule n dhcp-option 0204 Set dhcp ﬁlterset name string rule n absent-pool ipaddress Pass discard continueSet dhcp ﬁlterset name string rule n match-str matchstring Set dhcp ﬁlterset name string rule n match-pool ipaddress206 Set dhcp assigned-ﬁlterset stringSet dmt dsl-annex-support off on DMT SettingsSet dmt dmt dying-gasp default off on Set dmt wiringMode auto tipring AA1Set dns domain-name domain-name Set dmt metallic-termination auto disabled alwaysonDomain Name System Settings Set dns proxy-enableSet dns conﬁgured-dns-priority 0 Set dns secondary-address ipaddress209 210 211 Igmp Settings212 Set igmp query-response-intvl value Set igmp snooping off onSet igmp robustness value Set igmp query-intvl valueSet igmp last-member-query-intvl value Set igmp wireless-m2u on offSet igmp log-enable on off Set igmp version 1 2Set ip dsl vccn address ipaddress IP SettingsSet ip arp-timeout 60 Set ip option on offSet ip dsl vccn addr-mapping on off Set ip dsl vccn restrictions admin-disabled noneSet ip dsl vccn broadcast broadcastaddress Set ip dsl vccn netmask netmaskSet ip dsl vccn rip-send off v1 v2 v1-compat v2-MD5 Set ip dsl vccn mcast-fwd on offSet ip dsl vccn igmp-null-source-addr on off Set ip dsl vccn unnumbered on offSet ip ethernet a broadcast broadcastaddress Set ip dsl vccn rip-receive Off v1 v2 v1-compat v2-MD5Set ip ethernet a option on off Set ip ethernet a address ipaddress219 Set ip ethernet a restrictions none admin-disabledSet ip ethernet a netmask netmask Set ip ethernet a rip-send Off v1 v2 v1-compat v2-MD5Set ip ethernet a subnet n netmask netmask Set ip ethernet a rip-receive off v1 v2 v1-compat v2-MD5Set ip ethernet a subnet 2 .. option on off Set ip ethernet a subnet n address ipaddress221 Set ip ip-ppp vccn option on offSet ip ip-ppp vccn address ipaddress Set ip ip-ppp vccn peer-address ipaddressSet ip ip-ppp vccn rip-send off v1 v2 v1-compat v2-MD5 Set ip ip-ppp vccn restrictions admin-disabled noneSet ip ip-ppp vccn addr-mapping on off Set ip ip-ppp vccn auto-sensing off dhcp/pppoe pppoe/pppoaSet ip ip-ppp vccn unnumbered on off Set ip ip-ppp vccn rip-receive off v1 v2 v1-compat v2-MD5Set ip ip-ppp vccn igmp-null-source-addr on off Set ip ip-ppp vccn mcast-fwd on off224 Set ip ip-ppp vccn dns acquired-dns-priority 0225 Set ip static-arp ip-addressipaddressSet ip igmp-forwarding off on Set ip ipsec-passthrough off on226 Set ip prioritize off onSet diffserv lohi-ratio 60 100 percent Set diffserv option off on227 228 Qos off assure expedite network-control229 Set diffserv qos dscp-map default custom230 By default, the following settings are used in custom mode231 Queue Conﬁguration232 233 Set queue name wfq weight-type bps234 235 Set queue name priorityqueuename default-inputqueuename236 Rate-limiting weighted fair queue to 100Kbps237 Set ip sip-passthrough on offSet ip ethernet B rtsp-passthrough off on Set ip static-routes destination-networknetaddress238 Set ip-maps name name external-ip ip address IPMaps SettingsDelete ip static-routes destination-network netaddress Set ip-maps name name internal-ip ip addressNetwork Address Translation NAT Pinhole Settings Network Address Translation NAT Default SettingsSet pinhole name name external-port-end 0 Set pinhole name nameSet pinhole name name protocol-select tcp udp Set pinhole name name external-port-start 0PPPoE /PPPoA Settings Set ppp module vccn lost-echoes-max integer Set ppp module vccn protocol-compression on offSet ppp module vccn lcp-echo-requests on off Set ppp module vccn echo-period integerSet ppp module vccn time-out integer Set ppp module vccn restart-timer integerSet ppp module vccn terminate-max integer Set ppp module vccn connection-type instant-on always-onSet ppp module vccn port-authentication password password Set ppp module vccn port-authentication username username245 Set wan-over-ether ipoe-sessions 1 PPPoE with IPoE SettingsSet wan-over-ether pppoe on off Set wan-over-ether pppoe-with-ipoe on off247 Set atm vcc n encap pppoe-llc248 Ethernet Port SettingsSet ip ip-ppp vcc1 mcast-fwd on off Set ip ip-ppp vcc1 igmp-null-source-addr off onSet ethernet oam ah pass-through off on 802.3ah Ethernet OAM SettingsSet ethernet oam ah mode active passive Set ethernet oam ah option off on250 Set ethernet oam ah discovery-timer 1Set ethernet oam ah keepalive-timer 5 Etheroam ah ping251 Command Line Interface Preference SettingsSet preference verbose on off Set preference more lines252 Port Renumbering SettingsSet servers web-http 1 Set servers telnet-tcp 1253 Security SettingsApplication Select this Level Other Considerations 254Port Session Type Port State 255256 Set security ipsec option off on offSet security ipsec tunnels name Set security ipsec tunnels name 123 tun-enable on on off257 258 Set security ipsec tunnels name 123 IKE-mode DH-group 1 1 2Set security ipsec tunnels name 123 xauth username username Set security ipsec tunnels name 123 xauth enable off onSet security ipsec tunnels name 123 xauth password password Set security ipsec tunnels name 123 nat-enable on offSet security ipsec tunnels name 123 remote-id idvalue Set security ipsec tunnels name 123 local-id idvalue260 261 262 Set security state-insp tcp-timeout 30Set security state-insp xposed-addr Set security state-insp udp-timeout 30Set security state-insp dos-detect off on Set security state-insp xposed-addr exposed-address# n264 Exposed-address# n protocol tcp udp both anySnmp Settings Set snmp notify type v1-trap v2-trap inform Set snmp v3 enable off on266 Set snmp v3 ro-account security-model none auth auth+priv Set snmp v3 ro-account auth-passwordSet snmp v3 ro-account priv-password Set snmp v3 ro-account security-name stringSet snmp v3 rw-account security-model none auth auth+priv Set snmp v3 rw-account auth-passwordSet snmp v3 rw-account priv-password Set snmp v3 rw-account security-name string269 System SettingsShow snmp v3 engine-id Set system name name270 Set system log-size 10240 Set system idle-timeout telnet 1...120 http 1Set system username administrator name user name Set system ftp-server option off onSleep Contact-email string@domainname location string Set system password admin user272 Set system zerotouch redirect-url redirection-URL Set system zerotouch option on off273 Syslog 275 Default syslog installation procedure276 Type saveWireless Settings supported models Set wireless multi-ssid option on off Set wireless mode both-b-and-g b-only g-only278 279 Set wireless tx-power full medium fair low minimal Set wireless no-bridging off on280 281 Set wireless wmm option off on282 283 Set wireless network-id privacy default-keyid Set wireless network-id privacy pre-shared-key string284 285 Set wireless mac-auth option on off286 Set radius alt-radius-secret sharedsecret Set radius radius-name servernamestringSet radius radius-secret sharedsecret Set radius alt-radius-name servernamestringVlan Settings Set vlan name name ports port port-pbits 0 Set vlan name name ports port tag off onSet vlan name name ports port priority off on Set vlan name name ports port promote off onAssign an IP interface 290291 An example of a Triple-Play setupSet vlan name PPPoE11 id 292293 Set voip phone 0 1 sip-proxy-server-domain domainname VoIP settingsSet voip phone 0 1 sip-option off on Set voip phone 0 1 sip-proxy-server servername ipaddressSet voip phone 0 1 sip-user-display-name name Set voip phone 0 1 sip-registrar-setting sip-expires-time 0Set voip phone 0 1 sip-user-password password Set voip phone 0 1 sip-out-proxy-serverSet voip phone 0 1 codec G72624 priority 1 2 3 4 5 6 7 none 3 4 5 6 7 noneSet voip phone 0 1 codec G729A priority 1 2 3 4 5 6 7 none Set voip phone 0 1 codec G72616 priority 1 2 3 4 5 6 7 none297 298 Set voip phone 0 1 sip-advanced-setting dsp-settings299 Echo-max-attenuation 0300 Set upnp read-only off on UPnP settingsSet upnp option on off Set upnp log off onSet dslf-lanmgmt option off on DSL Forum settings302 303 Set backup ping-host 1 2 name address Backup IP Gateway SettingsSet backup option disabled manual automatic Set backup failure-timeout 1Set ip backup-gateway interface ip-address Set backup auto-recovery off onSet backup recovery-timeout 1 Set ip backup-gateway option on off306 Vdsl Settings307 Vdsl Parameter DefaultsVdsl Parameters Accepted Values 308Parameter 309Etsi M2 CAB 310311 312 313 314 315 Glossary316 317 318 319 320 321 Ethernet crossover cable. See crossover cable322 323 324 325 326 327 328 329 330 331 332 333 DescriptionSoftware and protocols 334335 Agency approvals336 Manufacturer’s Declaration of ConformanceDeclaration for Canadian users 337338 Important Safety Instructions339 CFR Part 68 Information340 Electrical Safety Advisory341 Copyright Acknowledgments342 343 344 Index DSL 66 248 NTP VPI/VCI 350