FireBrick FB2500 User Manual

This User Manual documents Software version V1.53.000


Table of Contents

Preface
1. Introduction
1.1. The FB2500
1.1.1. Where do I start?
1.1.2. What can it do?
1.1.3. Ethernet port capabilities
1.1.4. Differences between the devices in the FB2x00 series
1.1.5. Software features
1.1.6. Migration from previous FireBrick models
1.2. About this Manual
1.2.1. Version
1.2.2. Intended audience
1.2.3. Technical details
1.2.4. Document style
1.2.5. Document conventions
1.2.6. Comments and feedback
1.3. Additional Resources
1.3.1. Technical Support
1.3.2. IRC Channel
1.3.3. Application Notes
1.3.4. Training Courses
2. Getting Started
2.1. IP addressing
2.2. Accessing the web-based user interface
2.2.1. Setup wizard
2.2.1.1. Login username/password
2.2.1.2. WAN/PPPoE settings
2.2.1.3. LAN settings
2.2.1.4. Initial config
3. Configuration
3.1. The Object Hierarchy
3.2. The Object Model
3.2.1. Formal definition of the object model
3.2.2. Common attributes
3.3. Configuration Methods
3.4. Data types
3.4.1. Sending and receiving values
3.4.2. Lists of values
3.4.3. Set of possible values
3.4.4. Dates, times, and durations
3.4.5. Colours
3.4.6. Passwords and secrets
3.4.7. IP addresses
3.4.7.1. Simple IP addresses
3.4.7.2. Subnets and prefixes
3.4.7.3. Ranges
3.4.7.4. Prefix filters
3.5. Web User Interface Overview
3.5.1. User Interface layout
3.5.1.1. Customising the layout
3.5.2. Config pages and the object hierarchy
3.5.2.1. Configuration categories
3.5.2.2. Object settings
3.5.3. Navigating around the User Interface
3.5.4. Backing up / restoring the configuration
3.6. Configuration using XML
3.6.1. Introduction to XML
3.6.2. The root element - <config>
3.6.3. Viewing or editing XML
3.6.4. Example XML configuration
3.7. Downloading/Uploading the configuration
3.7.1. Download
3.7.2. Upload
4. System Administration
4.1. User Management
4.1.1. Login level
4.1.2. Configuration access level
4.1.3. Login idle timeout
4.1.4. Restricting user logins
4.1.4.1. Restrict by IP address
4.1.4.2. Logged in IP address
4.1.4.3. Restrict by profile
4.1.5. Password change
4.1.6. One Time Password (OTP)
4.2. General System settings
4.2.1. System name (hostname)
4.2.2. Administrative details
4.2.3. System-level event logging control
4.2.4. Home page web links
4.3. Software Upgrades
4.3.1. Software release types
4.3.1.1. Breakpoint releases
4.3.2. Identifying current software version
4.3.3. Internet-based upgrade process
4.3.3.1. Manually initiating upgrades
4.3.3.2. Controlling automatic software updates
4.3.4. Manual upgrade
4.4. Boot Process
4.4.1. LED indications
4.4.1.1. Power LED status indications
4.4.1.2. Port LEDs
5. Event Logging
5.1. Overview
5.1.1. Log targets
5.1.1.1. Logging to Flash memory
5.1.1.2. Logging to the Console
5.2. Enabling logging
5.3. Logging to external destinations
5.3.1. Syslog
5.3.2. Email
5.3.2.1. E-mail process logging
5.4. Factory reset configuration log targets
5.5. Performance
5.6. Viewing logs
5.6.1. Viewing logs in the User Interface
5.6.2. Viewing logs in the CLI environment
5.7. System-event logging
5.8. Using Profiles
6. Interfaces and Subnets
6.1. Relationship between Interfaces and Physical Ports
6.1.1. Port groups
6.1.2. Interfaces
6.2. Defining port groups
6.3. Defining an interface
6.3.1. Defining subnets
6.3.1.1. Source filtering
6.3.1.2. Using DHCP to configure a subnet
6.3.2. Setting up DHCP server parameters
6.3.2.1. Fixed/Static DHCP allocations
6.3.2.2. Restricted allocations
6.3.2.3. Special DHCP options
6.3.3. DHCP Relay Agent
6.4. Physical port settings
6.4.1. Disabling auto-negotiation
6.4.2. Setting port speed
6.4.3. Setting duplex mode
6.4.4. Defining port LED functions
7. Session Handling
7.1. Routing vs. Firewalling
7.2. Session Tracking
7.2.1. Session termination
7.3. Session Rules
7.3.1. Overview
7.3.2. Processing flow
7.3.3. Defining Rule-Sets and Rules
7.3.3.1. Recommended method of implementing firewalling
7.3.3.2. Changes to session traffic
7.3.3.3. Graphing and traffic shaping
7.3.3.4. Configuring session time-outs
7.3.3.5. Load balancing
7.3.3.6. NAT-PMP / PCP (Port Control Protocol)
7.4. Network Address Translation
7.4.1. When to use NAT
7.4.2. NAT ALGs
7.4.3. Setting NAT in rules
7.4.4. What NAT does
7.4.5. NAT with PPPoE
7.4.6. NAT with other types of external routing
7.4.7. Mixing NAT and non NAT
7.4.8. Carrier grade NAT
7.4.9. Using NAT setting on subnets
8. Routing
8.1. Routing logic
8.2. Routing targets
8.2.1. Subnet routes
8.2.2. Routing to an IP address (gateway route)
8.2.3. Special targets
8.3. Dynamic route creation / deletion
8.4. Routing tables
8.5. Bonding
8.6. Route overrides
9. Profiles
9.1. Overview
9.2. Creating/editing profiles
9.2.1. Timing control
9.2.2. Tests
9.2.2.1. General tests
9.2.2.2. Time/date tests
9.2.2.3. Ping tests
9.2.3. Inverting overall test result
9.2.4. Manual override
9.2.5. Scripting
10. Traffic Shaping
10.1. Graphs and Shapers
10.1.1. Graphs
10.1.2. Shapers
10.1.3. Ad hoc shapers
10.1.4. Long term shapers
10.2. Multiple shapers
10.3. Basic principles
11. PPPoE
11.1. Types of DSL line and router in the United Kingdom
11.2. Definining PPPoE links
11.2.1. IPv6
11.2.2. Additional options
11.2.2.1. MTU and TCP fix
11.2.2.2. Service and ac-name
11.2.2.3. Logging
11.2.2.4. Speed and graphs
12. Tunnels
12.1. IPsec (IP Security)
12.1.1. Introduction
12.1.1.1. Integrity checking
12.1.1.2. Encryption
12.1.1.3. Authentication
12.1.1.4. IKE
12.1.1.5. Manual Keying
12.1.1.6. Identities and the Authentication Mechanism
12.1.2. Setting up IPsec connections
12.1.2.1. Global IPsec parameters
12.1.2.2. IKE proposals
12.1.2.3. IKE roaming IP pools
12.1.2.4. IKE connections
12.1.2.4.1. IKE connection mode and type
12.1.2.4.2. IKE and IPsec proposal lists
12.1.2.4.3. Authentication and IKE identities
12.1.2.4.4. IP addresses
12.1.2.4.5. Road Warrior connections
12.1.2.4.6. Routing
12.1.2.4.7. Other parameters
12.1.2.5. Setting up Manual Keying
12.1.2.5.1. IP endpoints
12.1.2.5.2. Algorithms and keys
12.1.2.5.3. Routing
12.1.2.5.4. Mode
12.1.2.5.5. Other parameters
12.1.3. Using EAP with IPsec/IKE
12.1.4. Using certificates with IPsec/IKE
12.1.4.1. Creating certificates
12.1.5. Choice of algorithms
12.1.6. NAT Traversal
12.1.7. Configuring a Road Warrior server
12.1.8. Connecting to non-FireBrick devices
12.1.8.1. Using StrongSwan on Linux
12.1.8.2. Setting up a Road Warrior VPN on an Android client
12.1.8.3. Setting up a Road Warrior VPN on an iOS (iPhone/iPad) client
12.1.8.4. Manual keying using Linux ipsec-tools
12.2. FB105 tunnels
12.2.1. Tunnel wrapper packets
12.2.2. Setting up a tunnel
12.2.3. Viewing tunnel status
12.2.4. Dynamic routes
12.2.5. Tunnel bonding
12.2.6. Tunnels and NAT
12.2.6.1. FB2500 doing NAT
12.2.6.2. Another device doing NAT
12.3. Ether tunnelling
13. System Services
13.1. Protecting the FB2500
13.2. Common settings
13.3. HTTP Server configuration
13.3.1. Access control
13.3.1.1. Trusted addresses
13.3.2. HTTPS access
13.4. Telnet Server configuration
13.4.1. Access control
13.5. DNS configuration
13.5.1. Blocking DNS names
13.5.2. Local DNS responses
13.5.3. Auto DHCP DNS
13.6. NTP configuration
13.7. SNMP configuration
13.8. RADIUS configuration
13.8.1. RADIUS server (platform RADIUS)
13.8.2. RADIUS client
13.8.2.1. RADIUS client settings
13.8.2.2. Server blacklisting
14. Network Diagnostic Tools
14.1. Firewalling check
14.2. Access check
14.3. Packet Dumping
14.3.1. Dump parameters
14.3.2. Security settings required
14.3.3. IP address matching
14.3.4. Packet types
14.3.5. Snaplen specification
14.3.6. Using the web interface
14.3.7. Using an HTTP client
14.3.7.1. Example using curl and tcpdump
15. VRRP
15.1. Virtual Routers
15.2. Configuring VRRP
15.2.1. Advertisement Interval
15.2.2. Priority
15.3. Using a virtual router
15.4. VRRP versions
15.4.1. VRRP version 2
15.4.2. VRRP version 3
15.5. Compatibility
16. VoIP
16.1. What is VoIP?
16.2. Registration and Proxies
16.2.1. Registrar
16.2.2. Proxy
16.3. Home/office phone system
16.4. Network Address Translation
16.5. Number plan
16.6. Telephone handsets
16.7. VoIP call carriers
16.8. Hunt groups
16.8.1. Ring Type
16.8.2. Ring order
16.8.3. Overflow
16.8.4. Out of hours
16.9. Call pickup/steal
16.10. Busy lamp field
16.11. Using RADIUS
16.11.1. RADIUS accounting
16.11.2. RADIUS authentication
16.11.2.1. Call routing by RADIUS
16.12. Call recording
16.13. Voicemail and IVR services
16.14. Call Data Records
16.15. Technical details
16.16. Custom tones
17. BGP
17.1. What is BGP?
17.2. BGP Setup
17.2.1. Overview
17.2.2. Standards
17.2.3. Simple example setup
17.2.4. Peer type
17.2.5. Route filtering
17.2.5.1. Matching attributes
17.2.5.2. Action attributes
17.2.6. Well known community tags
17.2.7. Announcing black hole routes
17.2.8. Grey holes
17.2.9. Announcing dead end routes
17.2.10. Bad optional path attributes
17.2.11. <network> element
17.2.12. <route>, <subnet> and other elements
17.2.13. Route feasibility testing
17.2.14. Diagnostics
17.2.15. Router startup and shutdown
17.2.16. TTL security
18. OSPF
18.1. What is OSPF?
18.2. OSPF Setup
18.2.1. Overview
18.2.2. Standards
18.2.3. Simple example setup
18.2.4. <ospf> configelement
19. Internet Service Providers
19.1. Background
19.1.1. How it all began
19.1.2. Point to Point Protocol
19.1.3. L2TP
19.1.4. Broadband
19.1.5. RADIUS
19.1.6. BGP
19.2. Incoming L2TP connections
19.3. The importance of CQM graphs
19.4. Authentication
19.5. Accounting
19.6. RADIUS Control messages
19.7. PPPoE
19.8. Typical configuration
19.8.1. Interlink subnet
19.8.2. BGP with carrier
19.8.3. RADIUS session steering
19.8.4. L2TP endpoints
19.8.5. ISP RADIUS
20. Command Line Interface
A. Factory Reset Procedure
B. CIDR and CIDR Notation
C. MAC Addresses usage
C.1. Multiple MAC addresses?
C.2. How the FireBrick allocates MAC addresses
C.2.1. Interface
C.2.2. Subnet
C.2.3. PPPoE
C.2.4. Base MAC
C.2.5. Running out of MACs
C.3. MAC address on label
C.4. Using with a DHCP server
D. Scripted access
D.1. Tools
D.2. Access control
D.2.1. Username and password
D.2.2. OTP
D.2.3. Allow list
D.2.4. Allowed access
D.3. XML data for common functions
D.4. XML data from diagnostics and tests
D.4.1. Cross site scripting security
D.4.2. Arguments to scripts
D.5. Special URLs
D.6. Web sockets
E. VLANs : A primer
F. Supported L2TP Attribute/Value Pairs
F.1. Start-Control-Connection-Request
F.2. Start-Control-Connection-Reply
F.3. Start-Control-Connection-Connected
F.4. Stop-Control-Connection-Notification
F.5. Hello
F.6. Incoming-Call-Request
F.7. Incoming-Call-Reply
F.8. Incoming-Call-Connected
F.9. Outgoing-Call-Request
F.10. Outgoing-Call-Reply
F.11. Outgoing-Call-Connected
F.12. Call-Disconnect-Notify
F.13. WAN-Error-Notify
F.14. Set-Link-Info
F.15. Notes
F.15.1. BT specific notes
F.15.2. IP over LCP
G. Supported RADIUS Attribute/Value Pairs for L2TP operation
G.1. Authentication request
G.2. Authentication response
G.2.1. Accepted authentication
G.2.1.1. Prefix Delegation
G.2.2. Rejected authentication
G.3. Accounting Start
G.4. Accounting Interim
G.5. Accounting Stop
G.6. Disconnect
G.7. Change of Authorisation
G.8. Filter ID
G.9. Notes
G.9.1. L2TP relay
G.9.2. LCP echo and CQM graphs
G.9.3. IP over LCP
G.9.4. Closed User Group
G.9.5. Routing table
H. Supported RADIUS Attribute/Value Pairs for VoIP operation
H.1. Authentication request
H.2. Authentication response
H.2.1. Challenge authentication
H.2.2. Accepted authentication (registration)
H.2.3. Accepted authentication (invite)
H.2.4. Rejected authentication
H.3. Accounting Start
H.4. Accounting Interim
H.5. Accounting Stop
H.6. Disconnect
H.7. Change of Authorisation
I. FireBrick specific SNMP objects
I.1. BGP information
I.2. IPsec information
I.3. L2TP information
I.4. VoIP information
I.5. CPU usage information
I.6. Running Statistics
J. Command line reference
J.1. General commands
J.1.1. Trace off
J.1.2. Trace on
J.1.3. Uptime
J.1.4. General status
J.1.5. Memory usage
J.1.6. Process/task usage
J.1.7. Login
J.1.8. Logout
J.1.9. See XML configuration
J.1.10. Load XML configuration
J.1.11. Show profile status
J.1.12. Enable profile control switch
J.1.13. Disable profile control switch
J.1.14. Show RADIUS servers
J.1.15. Show DNS resolvers
J.2. Networking commands
J.2.1. Subnets
J.2.2. Ping and trace
J.2.3. Show a route from the routing table
J.2.4. List routes
J.2.5. List routing next hops
J.2.6. See DHCP allocations
J.2.7. Clear DHCP allocations
J.2.8. Lock DHCP allocations
J.2.9. Unlock DHCP allocations
J.2.10. Name DHCP allocations
J.2.11. Show ARP/ND status
J.2.12. Show VRRP status
J.2.13. Send Wake-on-LAN packet
J.3. Firewalling commands
J.3.1. Check access to services
J.3.2. Check firewall logic
J.4. L2TP commands
J.5. BGP commands
J.6. OSPF commands
J.7. PPPoE commands
J.8. VoIP commands
J.9. Advanced commands
J.9.1. Panic
J.9.2. Reboot
J.9.3. Screen width
J.9.4. Make outbound command session
J.9.5. Show command sessions
J.9.6. Kill command session
J.9.7. Flash memory list
J.9.8. Delete block from flash
J.9.9. Boot log
J.9.10. Flash log
K. Constant Quality Monitoring - technical details
K.1. Broadband back-haul providers
K.2. Access to graphs and csvs
K.2.1. Trusted access
K.2.2. Dated information
K.2.3. Authenticated access
K.3. Graph display options
K.3.1. Scaleable Vector Graphics
K.3.2. Data points
K.3.3. Additional text
K.3.4. Other colours and spacing
K.4. Overnight archiving
K.4.1. Full URL format
K.4.2. load handling
K.5. Graph scores
K.6. Creating graphs, and graph names
L. Hashed passwords
L.1. Password hashing
L.1.1. Salt
L.2. One Time Password seed hashing
M. Configuration Objects
M.1. Top level
M.1.1. config: Top level config
M.2. Objects
M.2.1. system: System settings
M.2.2. link: Web links
M.2.3. user: Admin users
M.2.4. eap: User access controlled by EAP
M.2.5. log: Log target controls
M.2.6. log-syslog: Syslog logger settings
M.2.7. log-email: Email logger settings
M.2.8. services: System services
M.2.9. http-service: Web service settings
M.2.10. dns-service: DNS service settings
M.2.11. dns-host: Fixed local DNS host settings
M.2.12. dns-block: Fixed local DNS blocks
M.2.13. radius-service: RADIUS service definition
M.2.14. radius-service-match: Matching rules for RADIUS service
M.2.15. radius-server: RADIUS server settings
M.2.16. telnet-service: Telnet service settings
M.2.17. snmp-service: SNMP service settings
M.2.18. time-service: System time server settings
M.2.19. ethernet: Physical port controls
M.2.20. sampling: Packet sampling configuration
M.2.21. portdef: Port grouping and naming
M.2.22. interface: Port-group/VLAN interface settings
M.2.23. subnet: Subnet settings
M.2.24. vrrp: VRRP settings
M.2.25. dhcps: DHCP server settings
M.2.26. dhcp-attr-hex: DHCP server attributes (hex)
M.2.27. dhcp-attr-string: DHCP server attributes (string)
M.2.28. dhcp-attr-number: DHCP server attributes (numeric)
M.2.29. dhcp-attr-ip: DHCP server attributes (IP)
M.2.30. pppoe: PPPoE settings
M.2.31. ppp-route: PPP routes
M.2.32. route: Static routes
M.2.33. network: Locally originated networks
M.2.34. blackhole: Dead end networks
M.2.35. loopback: Locally originated networks
M.2.36. ospf: Overall OSPF settings
M.2.37. namedbgpmap: Mapping and filtering rules of BGP prefixes
M.2.38. bgprule: Individual mapping/filtering rule
M.2.39. bgp: Overall BGP settings
M.2.40. bgppeer: BGP peer definitions
M.2.41. bgpmap: Mapping and filtering rules of BGP prefixes
M.2.42. cqm: Constant Quality Monitoring settings
M.2.43. l2tp: L2TP settings
M.2.44. l2tp-outgoing: L2TP settings for outgoing L2TP connections
M.2.45. l2tp-incoming: L2TP settings for incoming L2TP connections
M.2.46. l2tp-relay: Relay and local authentication rules for L2TP
M.2.47. fb105: FB105 tunnel definition
M.2.48. fb105-route: FB105 routes
M.2.49. ipsec-ike: IPsec configuration (IKEv2)
M.2.50. ike-connection: connection configuration
M.2.51. ipsec-route: IPsec tunnel routes
M.2.52. ike-roaming: IKE roaming IP pools
M.2.53. ike-proposal: IKE security proposal
M.2.54. ipsec-proposal: IPsec AH/ESP proposal
M.2.55. ipsec-manual: peer configuration
M.2.56. ping: Ping/graph definition
M.2.57. profile: Control profile
M.2.58. profile-date: Test passes if within any of the time ranges specified
M.2.59. profile-time: Test passes if within any of the date/time ranges specified
M.2.60. profile-ping: Test passes if any addresses are pingable
M.2.61. shaper: Traffic shaper
M.2.62. shaper-override: Traffic shaper override based on profile
M.2.63. ip-group: IP Group
M.2.64. route-override: Routing override rules
M.2.65. session-route-rule: Routing override rule
M.2.66. session-route-share: Route override load sharing
M.2.67. rule-set: Firewall/mapping rule set
M.2.68. session-rule: Firewall rules
M.2.69. session-share: Firewall load sharing
M.2.70. voip: Voice over IP config
M.2.71. carrier: VoIP carrier details
M.2.72. telephone: VoIP telephone authentication user details
M.2.73. tone: Tone definitions
M.2.74. ringgroup: Ring groups
M.2.75. etun: Ether tunnel
M.2.76. dhcp-relay: DHCP server settings for remote / relayed requests
M.3. Data types
M.3.1. ppp-dump: PPP dump format
M.3.2. autoloadtype: Type of s/w auto load
M.3.3. config-access: Type of access user has to config
M.3.4. user-level: User login level
M.3.5. eap-subsystem: Subsystem with EAP access control
M.3.6. eap-method: EAP access method
M.3.7. syslog-severity: Syslog severity
M.3.8. syslog-facility: Syslog facility
M.3.9. http-mode: HTTP/HTTPS security mode
M.3.10. radiuspriority: Options for controlling platform RADIUS response priority tagging
M.3.11. radiustype: Type of RADIUS server
M.3.12. month: Month name (3 letter)
M.3.13. day: Day name (3 letter)
M.3.14. port: Physical port
M.3.15. Crossover: Crossover configuration
M.3.16. LinkSpeed: Physical port speed
M.3.17. LinkDuplex: Physical port duplex setting
M.3.18. LinkFlow: Physical port flow control setting
M.3.19. LinkClock: Physical port Gigabit clock master/slave setting
M.3.20. LinkLED: LED settings
M.3.21. LinkPower: PHY power saving options
M.3.22. LinkFault: Link fault type to send
M.3.23. sampling-protocol: Sampling protocol
M.3.24. trunk-mode: Trunk port mode
M.3.25. ramode: IPv6 route announce level
M.3.26. dhcpv6control: Control for RA and DHCPv6 bits
M.3.27. bgpmode: BGP announcement mode
M.3.28. sampling-mode: Sampling mode
M.3.29. sfoption: Source filter option
M.3.30. pppoe-mode: Type of PPPoE connection
M.3.31. pppoe-calling: Additional prefix on PPPoE calling ID
M.3.32. ipsec-type: IPsec encapsulation type
M.3.33. ipsec-auth-algorithm: IPsec authentication algorithm
M.3.34. ipsec-crypt-algorithm: IPsec encryption algorithm
M.3.35. peertype: BGP peer type
M.3.36. radius-nas: NAS IP to report
M.3.37. ike-authmethod: authentication method
M.3.38. ike-mode: connection setup mode
M.3.39. ike-PRF: IKE Pseudo-Random Function
M.3.40. ike-DH: IKE Diffie-Hellman group
M.3.41. ike-ESN: IKE Sequence Number support
M.3.42. ipsec-encapsulation: Manually keyed IPsec encapsulation mode
M.3.43. switch: Profile manual setting
M.3.44. dynamic-graph: Type of dynamic graph
M.3.45. firewall-action: Firewall action
M.3.46. voip-format: Number presentation format
M.3.47. uknumberformat: Number formatting option
M.3.48. recordoption: Recording option
M.3.49. ring-group-order: Order of ring
M.3.50. ring-group-type: Type of ring when one call in queue
M.3.51. record-beep-option: Record beep option
M.4. Basic types
Index

List of Figures

2.1. Initial web page in factory reset state
2.2. Setup Wizard
3.1. Main menu
3.2. Icons for layout controls
3.3. Icons for configuration categories
3.4. The "Setup" category
3.5. Editing an "Interface" object
3.6. Show hidden attributes
3.7. Attribute definitions
3.8. Navigation controls
4.1. Setting up a new user
4.2. Software upgrade available notification
4.3. Manual Software upload
7.1. Example sessions created by drop and reject actions
7.2. Processing flow chart for rule-sets and session-rules
C.1. Product label showing MAC address range

List of Tables

2.1. IP addresses for computer
2.2. IP addresses to access the FireBrick
2.3. IP addresses to access the FireBrick
3.1. Special character sequences
4.1. User login levels
4.2. Configuration access levels
4.3. General administrative details attributes
4.4. Attributes controlling auto-upgrades
4.5. Power LED status indications
5.1. Logging attributes
5.2. System-Event Logging attributes
6.1. Port LED functions
6.2. Example modified Port LED functions
7.1. Action attribute values
8.1. Example route targets
12.1. IPsec algorithm key lengths
12.2. IKE / IPsec algorithm proposals
13.1. List of system services
13.2. List of system services
14.1. Packet dump parameters
14.2. Packet types that can be captured
16.1. Ring Type
16.2. Ring Order
16.3. Access-Accept
16.4. Default tones
17.1. Peer types
17.2. Communities
17.3. Network attributes
18.1. OSPF config attributes
C.1. DHCP client names used
D.1. Special URLs
F.1. SCCRQ
F.2. SCCRP
F.3. SCCCN
F.4. StopCCN
F.5. HELLO
F.6. ICRQ
F.7. ICRP
F.8. ICCN
F.9. OCRQ
F.10. OCRP
F.11. OCCN
F.12. CDN
F.13. WEN
F.14. SLI
G.1. Access-request
G.2. Access-Accept
G.3. Access-Reject
G.4. Accounting-Start
G.5. Accounting-Interim
G.6. Accounting-Stop
G.7. Disconnect
G.8. Change-of-Authorisation
G.9. Filter-ID
H.1. Access-request
H.2. Access-Challenge
H.3. Access-Accept
H.4. Access-Accept
H.5. Access-Reject
H.6. Accounting-Start
H.7. Accounting-Interim
H.8. Accounting-Stop
H.9. Disconnect
H.10. Change-of-Authorisation
I.1. iso.3.6.1.4.1.24693.179
I.2. iso.3.6.1.4.1.24693.500
I.3. Connection State
I.4. iso.3.6.1.4.1.24693.1701
I.5. iso.3.6.1.4.1.24693.5060
I.6. iso.3.6.1.4.1.24693.2
I.7. iso.3.6.1.4.1.24693.3
K.1. File types
K.2. Colours
K.3. Text
K.4. Text
K.5. URL formats
M.1. config: Attributes
M.2. config: Elements
M.3. system: Attributes
M.4. system: Elements
M.5. link: Attributes
M.6. user: Attributes
M.7. eap: Attributes
M.8. log: Attributes
M.9. log: Elements
M.10. log-syslog: Attributes
M.11. log-email: Attributes
M.12. services: Elements
M.13. http-service: Attributes
M.14. dns-service: Attributes
M.15. dns-service: Elements
M.16. dns-host: Attributes
M.17. dns-block: Attributes
M.18. radius-service: Attributes
M.19. radius-service: Elements
M.20. radius-service-match: Attributes
M.21. radius-server: Attributes
M.22. telnet-service: Attributes
M.23. snmp-service: Attributes
M.24. time-service: Attributes
M.25. ethernet: Attributes
M.26. sampling: Attributes
M.27. portdef: Attributes
M.28. interface: Attributes
M.29. interface: Elements
M.30. subnet: Attributes
M.31. vrrp: Attributes
M.32. dhcps: Attributes
M.33. dhcps: Elements
M.34. dhcp-attr-hex: Attributes
M.35. dhcp-attr-string: Attributes
M.36. dhcp-attr-number: Attributes
M.37. dhcp-attr-ip: Attributes
M.38. pppoe: Attributes
M.39. pppoe: Elements
M.40. ppp-route: Attributes
M.41. route: Attributes
M.42. network: Attributes
M.43. blackhole: Attributes
M.44. loopback: Attributes
M.45. ospf: Attributes
M.46. namedbgpmap: Attributes
M.47. namedbgpmap: Elements
M.48. bgprule: Attributes
M.49. bgp: Attributes
M.50. bgp: Elements
M.51. bgppeer: Attributes
M.52. bgppeer: Elements
M.53. bgpmap: Attributes
M.54. bgpmap: Elements
M.55. cqm: Attributes
M.56. l2tp: Attributes
M.57. l2tp: Elements
M.58. l2tp-outgoing: Attributes
M.59. l2tp-outgoing: Elements
M.60. l2tp-incoming: Attributes
M.61. l2tp-incoming: Elements
M.62. l2tp-relay: Attributes
M.63. fb105: Attributes
M.64. fb105: Elements
M.65. fb105-route: Attributes
M.66. ipsec-ike: Attributes
M.67. ipsec-ike: Elements
M.68. ike-connection: Attributes
M.69. ike-connection: Elements
M.70. ipsec-route: Attributes
M.71. ike-roaming: Attributes
M.72. ike-proposal: Attributes
M.73. ipsec-proposal: Attributes
M.74. ipsec-manual: Attributes
M.75. ipsec-manual: Elements
M.76. ping: Attributes
M.77. profile: Attributes
M.78. profile: Elements
M.79. profile-date: Attributes
M.80. profile-time: Attributes
M.81. profile-ping: Attributes
M.82. shaper: Attributes
M.83. shaper: Elements
M.84. shaper-override: Attributes
M.85. ip-group: Attributes
M.86. route-override: Attributes
M.87. route-override: Elements
M.88. session-route-rule: Attributes
M.89. session-route-rule: Elements
M.90. session-route-share: Attributes
M.91. rule-set: Attributes
M.92. rule-set: Elements
M.93. session-rule: Attributes
M.94. session-rule: Elements
M.95. session-share: Attributes
M.96. voip: Attributes
M.97. voip: Elements
M.98. carrier: Attributes
M.99. telephone: Attributes
M.100. tone: Attributes
M.101. ringgroup: Attributes
M.102. etun: Attributes
M.103. dhcp-relay: Attributes
M.104. dhcp-relay: Elements
M.105. ppp-dump: PPP dump format
M.106. autoloadtype: Type of s/w auto load
M.107. config-access: Type of access user has to config
M.108. user-level: User login level
M.109. eap-subsystem: Subsystem with EAP access control
M.110. eap-method: EAP access method
M.111. syslog-severity: Syslog severity
M.112. syslog-facility: Syslog facility
M.113. http-mode: HTTP/HTTPS security mode
M.114. radiuspriority: Options for controlling platform RADIUS response priority tagging
M.115. radiustype: Type of RADIUS server
M.116. month: Month name (3 letter)
M.117. day: Day name (3 letter)
M.118. port: Physical port
M.119. Crossover: Crossover configuration
M.120. LinkSpeed: Physical port speed
M.121. LinkDuplex: Physical port duplex setting
M.122. LinkFlow: Physical port flow control setting
M.123. LinkClock: Physical port Gigabit clock master/slave setting
M.124. LinkLED: LED settings
M.125. LinkPower: PHY power saving options
M.126. LinkFault: Link fault type to send
M.127. sampling-protocol: Sampling protocol
M.128. trunk-mode: Trunk port mode
M.129. ramode: IPv6 route announce level
M.130. dhcpv6control: Control for RA and DHCPv6 bits
M.131. bgpmode: BGP announcement mode
M.132. sampling-mode: Sampling mode
M.133. sfoption: Source filter option
M.134. pppoe-mode: Type of PPPoE connection
M.135. pppoe-calling: Additional prefix on PPPoE calling ID
M.136. ipsec-type: IPsec encapsulation type
M.137. ipsec-auth-algorithm: IPsec authentication algorithm
M.138. ipsec-crypt-algorithm: IPsec encryption algorithm
M.139. peertype: BGP peer type
M.140. radius-nas: NAS IP to report
M.141. ike-authmethod: authentication method
M.142. ike-mode: connection setup mode
M.143. ike-PRF: IKE Pseudo-Random Function
M.144. ike-DH: IKE Diffie-Hellman group
M.145. ike-ESN: IKE Sequence Number support
M.146. ipsec-encapsulation: Manually keyed IPsec encapsulation mode
M.147. switch: Profile manual setting
M.148. dynamic-graph: Type of dynamic graph
M.149. firewall-action: Firewall action
M.150. voip-format: Number presentation format
M.151. uknumberformat: Number formatting option
M.152. recordoption: Recording option
M.153. ring-group-order: Order of ring
M.154. ring-group-type: Type of ring when one call in queue
M.155. record-beep-option: Record beep option
M.156. Basic data types