FireBrick FB6502 User Manual
   Next

FireBrick FB6502 User Manual

This User Manual documents Software version V1.47.010

Copyright © 2012-2018 FireBrick Ltd.

Table of Contents

Preface
1. Introduction
1.1. The FB6000
1.1.1. Where do I start?
1.1.2. What can it do?
1.1.2.1. FB6502 Gigabit core VoIP SIP switch for ISTP use
1.1.3. Ethernet port capabilities
1.1.4. Product variants in the FB6000 series
1.2. About this Manual
1.2.1. Version
1.2.2. Intended audience
1.2.3. Technical details
1.2.4. Document style
1.2.5. Document conventions
1.2.6. Comments and feedback
1.3. Additional Resources
1.3.1. Technical Support
1.3.2. IRC Channel
1.3.3. Application Notes
1.3.4. Training Courses
2. Getting Started
2.1. IP addressing
2.2. Accessing the web-based user interface
2.2.1. Setup wizard
2.2.1.1. Login username/password
2.2.1.2. WAN/PPPoE settings
2.2.1.3. Initial config
3. Configuration
3.1. The Object Hierarchy
3.2. The Object Model
3.2.1. Formal definition of the object model
3.2.2. Common attributes
3.3. Configuration Methods
3.4. Web User Interface Overview
3.4.1. User Interface layout
3.4.1.1. Customising the layout
3.4.2. Config pages and the object hierarchy
3.4.2.1. Configuration categories
3.4.2.2. Object settings
3.4.3. Navigating around the User Interface
3.4.4. Backing up / restoring the configuration
3.5. Configuration using XML
3.5.1. Introduction to XML
3.5.2. The root element - <config>
3.5.3. Viewing or editing XML
3.5.4. Example XML configuration
3.6. Downloading/Uploading the configuration
3.6.1. Download
3.6.2. Upload
4. System Administration
4.1. User Management
4.1.1. Login level
4.1.2. Configuration access level
4.1.3. Login idle timeout
4.1.4. Restricting user logins
4.1.4.1. Restrict by IP address
4.1.4.2. Logged in IP address
4.1.4.3. Restrict by profile
4.1.5. Password change
4.1.6. One Time Password (OTP)
4.2. General System settings
4.2.1. System name (hostname)
4.2.2. Administrative details
4.2.3. System-level event logging control
4.2.4. Home page web links
4.3. Software Upgrades
4.3.1. Software release types
4.3.1.1. Breakpoint releases
4.3.2. Identifying current software version
4.3.3. Internet-based upgrade process
4.3.3.1. Manually initiating upgrades
4.3.3.2. Controlling automatic software updates
4.3.4. Manual upgrade
4.4. Boot Process
4.4.1. LED indications
4.4.1.1. Port LEDs
5. Event Logging
5.1. Overview
5.1.1. Log targets
5.1.1.1. Logging to Flash memory
5.1.1.2. Logging to the Console
5.2. Enabling logging
5.3. Logging to external destinations
5.3.1. Syslog
5.3.2. Email
5.3.2.1. E-mail process logging
5.4. Factory reset configuration log targets
5.5. Performance
5.6. Viewing logs
5.6.1. Viewing logs in the User Interface
5.6.2. Viewing logs in the CLI environment
5.7. System-event logging
5.8. Using Profiles
6. Interfaces and Subnets
6.1. Relationship between Interfaces and Physical Ports
6.1.1. Port groups
6.1.2. Interfaces
6.2. Defining an interface
6.2.1. Defining subnets
6.2.1.1. Source filtering
6.2.1.2. Using DHCP to configure a subnet
6.2.2. Setting up DHCP server parameters
6.2.2.1. Fixed/Static DHCP allocations
6.2.2.2. Restricted allocations
6.2.2.3. Special DHCP options
6.2.3. DHCP Relay Agent
6.3. Physical port settings
6.3.1. Setting duplex mode
6.3.2. Defining port LED functions
7. Routing
7.1. Routing logic
7.2. Routing targets
7.2.1. Subnet routes
7.2.2. Routing to an IP address (gateway route)
7.2.3. Special targets
7.3. Dynamic route creation / deletion
7.4. Routing tables
7.5. Bonding
8. Profiles
8.1. Overview
8.2. Creating/editing profiles
8.2.1. Timing control
8.2.2. Tests
8.2.2.1. General tests
8.2.2.2. Time/date tests
8.2.2.3. Ping tests
8.2.3. Inverting overall test result
8.2.4. Manual override
9. Traffic Shaping
9.1. Graphs and Shapers
9.1.1. Graphs
9.1.2. Shapers
9.1.3. Ad hoc shapers
9.1.4. Long term shapers
9.2. Multiple shapers
9.3. Basic principles
10. System Services
10.1. Protecting the FB6000
10.2. Common settings
10.3. HTTP Server configuration
10.3.1. Access control
10.3.1.1. Trusted addresses
10.3.2. HTTPS access
10.4. Telnet Server configuration
10.4.1. Access control
10.5. DNS configuration
10.5.1. Blocking DNS names
10.5.2. Local DNS responses
10.5.3. Auto DHCP DNS
10.6. NTP configuration
10.7. SNMP configuration
10.8. RADIUS configuration
10.8.1. RADIUS client
10.8.1.1. RADIUS client settings
10.8.1.2. Server blacklisting
11. Network Diagnostic Tools
11.1. Access check
11.2. Packet Dumping
11.2.1. Dump parameters
11.2.2. Security settings required
11.2.3. IP address matching
11.2.4. Packet types
11.2.5. Snaplen specification
11.2.6. Using the web interface
11.2.7. Using an HTTP client
11.2.7.1. Example using curl and tcpdump
12. VRRP
12.1. Virtual Routers
12.2. Configuring VRRP
12.2.1. Advertisement Interval
12.2.2. Priority
12.3. Using a virtual router
12.4. VRRP versions
12.4.1. VRRP version 2
12.4.2. VRRP version 3
12.5. Compatibility
13. VoIP
13.1. What is VoIP?
13.2. Registration and Proxies
13.2.1. Registrar
13.2.2. Proxy
13.3. Core call routing switch
13.3.1. Call control
13.3.2. Bulk registration client
13.4. Network Address Translation
13.5. Number plan
13.6. Telephone handsets
13.7. VoIP call carriers
13.8. Hunt groups
13.9. Call pickup/steal
13.10. Busy lamp field
13.11. Using RADIUS
13.11.1. RADIUS accounting
13.11.2. RADIUS authentication
13.11.2.1. Call routing by RADIUS
13.12. Call recording
13.13. Voicemail and IVR services
13.14. Call Data Records
13.15. Technical details
13.16. Custom tones
14. BGP
14.1. What is BGP?
14.2. BGP Setup
14.2.1. Overview
14.2.2. Standards
14.2.3. Simple example setup
14.2.4. Peer type
14.2.5. Route filtering
14.2.5.1. Matching attributes
14.2.5.2. Action attributes
14.2.6. Well known community tags
14.2.7. Announcing black hole routes
14.2.8. Grey holes
14.2.9. Announcing dead end routes
14.2.10. Bad optional path attributes
14.2.11. <network> element
14.2.12. <route>, <subnet> and other elements
14.2.13. Route feasibility testing
14.2.14. Diagnostics
14.2.15. Router shutdown
14.2.16. TTL security
15. Command Line Interface
A. CIDR and CIDR Notation
B. MAC Addresses usage
B.1. Multiple MAC addresses?
B.2. How the FireBrick allocates MAC addresses
B.2.1. Interface
B.2.2. Subnet
B.2.3. PPPoE
B.2.4. Base MAC
B.2.5. Running out of MACs
B.3. MAC address on label
B.4. Using with a DHCP server
C. Scripted access
C.1. Tools
C.2. Access control
C.2.1. Username and password
C.2.2. OTP
C.2.3. Allow list
C.2.4. Allowed access
C.3. XML data for common functions
C.4. XML data from diagnostics and tests
C.4.1. Cross site scripting security
C.4.2. Arguments to scripts
C.5. Special URLs
C.6. Web sockets
D. VLANs : A primer
E. Supported RADIUS Attribute/Value Pairs for VoIP operation
E.1. Authentication request
E.2. Authentication response
E.2.1. Challenge authentication
E.2.2. Accepted authentication (registration)
E.2.3. Accepted authentication (invite)
E.2.4. Rejected authentication
E.3. Accounting Start
E.4. Accounting Interim
E.5. Accounting Stop
E.6. Disconnect
E.7. Change of Authorisation
F. FireBrick specific SNMP objects
F.1. Monitoring information
F.2. BGP information
F.3. Monitoring information
G. Command line reference
G.1. General commands
G.1.1. Trace off
G.1.2. Trace on
G.1.3. Uptime
G.1.4. General status
G.1.5. Memory usage
G.1.6. Process/task usage
G.1.7. Login
G.1.8. Logout
G.1.9. See XML configuration
G.1.10. Load XML configuration
G.1.11. Show profile status
G.1.12. Enable profile control switch
G.1.13. Disable profile control switch
G.1.14. Show RADIUS servers
G.1.15. Show DNS resolvers
G.2. Networking commands
G.2.1. Subnets
G.2.2. Ping and trace
G.2.3. Show a route from the routing table
G.2.4. List routes
G.2.5. List routing next hops
G.2.6. See DHCP allocations
G.2.7. Clear DHCP allocations
G.2.8. Lock DHCP allocations
G.2.9. Unlock DHCP allocations
G.2.10. Name DHCP allocations
G.2.11. Show ARP/ND status
G.2.12. Show VRRP status
G.2.13. Send Wake-on-LAN packet
G.2.14. Check access to services
G.3. BGP commands
G.4. VoIP commands
G.5. Advanced commands
G.5.1. Panic
G.5.2. Reboot
G.5.3. Screen width
G.5.4. Make outbound command session
G.5.5. Show command sessions
G.5.6. Kill command session
G.5.7. Flash memory list
G.5.8. Delete block from flash
G.5.9. Boot log
G.5.10. Flash log
H. Constant Quality Monitoring - technical details
H.1. Access to graphs and csvs
H.1.1. Trusted access
H.1.2. Dated information
H.1.3. Authenticated access
H.2. Graph display options
H.2.1. Scaleable Vector Graphics
H.2.2. Data points
H.2.3. Additional text
H.2.4. Other colours and spacing
H.3. Overnight archiving
H.3.1. Full URL format
H.3.2. load handling
H.4. Graph scores
H.5. Creating graphs, and graph names
I. Hashed passwords
I.1. Password hashing
I.1.1. Salt
I.2. One Time Password seed hashing
J. Configuration Objects
J.1. Top level
J.1.1. config: Top level config
J.2. Objects
J.2.1. system: System settings
J.2.2. link: Web links
J.2.3. user: Admin users
J.2.4. eap: User access controlled by EAP
J.2.5. log: Log target controls
J.2.6. log-syslog: Syslog logger settings
J.2.7. log-email: Email logger settings
J.2.8. services: System services
J.2.9. http-service: Web service settings
J.2.10. dns-service: DNS service settings
J.2.11. dns-host: Fixed local DNS host settings
J.2.12. dns-block: Fixed local DNS blocks
J.2.13. radius-service: RADIUS service definition
J.2.14. radius-service-match: Matching rules for RADIUS service
J.2.15. radius-server: RADIUS server settings
J.2.16. telnet-service: Telnet service settings
J.2.17. snmp-service: SNMP service settings
J.2.18. ntp-service: NTP service settings
J.2.19. ethernet: Physical port controls
J.2.20. sampling: Packet sampling configuration
J.2.21. portdef: Port grouping and naming
J.2.22. interface: Port-group/VLAN interface settings
J.2.23. subnet: Subnet settings
J.2.24. vrrp: VRRP settings
J.2.25. dhcps: DHCP server settings
J.2.26. dhcp-attr-hex: DHCP server attributes (hex)
J.2.27. dhcp-attr-string: DHCP server attributes (string)
J.2.28. dhcp-attr-number: DHCP server attributes (numeric)
J.2.29. dhcp-attr-ip: DHCP server attributes (IP)
J.2.30. route: Static routes
J.2.31. network: Locally originated networks
J.2.32. blackhole: Dead end networks
J.2.33. loopback: Locally originated networks
J.2.34. namedbgpmap: Mapping and filtering rules of BGP prefixes
J.2.35. bgprule: Individual mapping/filtering rule
J.2.36. bgp: Overall BGP settings
J.2.37. bgppeer: BGP peer definitions
J.2.38. bgpmap: Mapping and filtering rules of BGP prefixes
J.2.39. cqm: Constant Quality Monitoring settings
J.2.40. profile: Control profile
J.2.41. profile-date: Test passes if within any of the time ranges specified
J.2.42. profile-time: Test passes if within any of the date/time ranges specified
J.2.43. profile-ping: Test passes if any addresses are pingable
J.2.44. ip-group: IP Group
J.2.45. voip: Voice over IP config
J.2.46. carrier: VoIP carrier details
J.2.47. telephone: VoIP telephone authentication user details
J.2.48. tone: Tone definitions
J.2.49. ringgroup: Ring groups
J.2.50. dhcp-relay: DHCP server settings for remote / relayed requests
J.3. Data types
J.3.1. autoloadtype: Type of s/w auto load
J.3.2. config-access: Type of access user has to config
J.3.3. user-level: User login level
J.3.4. eap-subsystem: Subsystem with EAP access control
J.3.5. eap-method: EAP access method
J.3.6. syslog-severity: Syslog severity
J.3.7. syslog-facility: Syslog facility
J.3.8. http-mode: HTTP/HTTPS security mode
J.3.9. radiuspriority: Options for controlling platform RADIUS response priority tagging
J.3.10. radiustype: Type of RADIUS server
J.3.11. month: Month name (3 letter)
J.3.12. day: Day name (3 letter)
J.3.13. port: Physical port
J.3.14. Crossover: Crossover configuration
J.3.15. LinkSpeed: Physical port speed
J.3.16. LinkDuplex: Physical port duplex setting
J.3.17. LinkFlow: Physical port flow control setting
J.3.18. LinkClock: Physical port Gigabit clock master/slave setting
J.3.19. LinkLED-g: Green LED setting
J.3.20. LinkLED-y: Yellow LED setting
J.3.21. LinkPower: PHY power saving options
J.3.22. LinkFault: Link fault type to send
J.3.23. sampling-protocol: Sampling protocol
J.3.24. trunk-mode: Trunk port mode
J.3.25. ramode: IPv6 route announce level
J.3.26. dhcpv6control: Control for RA and DHCPv6 bits
J.3.27. bgpmode: BGP announcement mode
J.3.28. sampling-mode: Sampling mode
J.3.29. sfoption: Source filter option
J.3.30. peertype: BGP peer type
J.3.31. switch: Profile manual setting
J.3.32. voip-format: Number presentation format
J.3.33. uknumberformat: Number formatting option
J.3.34. recordoption: Recording option
J.3.35. ring-group-order: Order of ring
J.3.36. ring-group-type: Type of ring when one call in queue
J.3.37. record-beep-option: Record beep option
J.4. Basic types
Index

List of Figures

2.1. Initial web page in factory reset state
2.2. Setup Wizard
3.1. Main menu
3.2. Icons for layout controls
3.3. Icons for configuration categories
3.4. The "Setup" category
3.5. Editing an "Interface" object
3.6. Show hidden attributes
3.7. Attribute definitions
3.8. Navigation controls
4.1. Setting up a new user
4.2. Software upgrade available notification
4.3. Manual Software upload
B.1. Product label showing MAC address range

List of Tables

2.1. IP addresses for computer
2.2. IP addresses to access the FireBrick
2.3. IP addresses to access the FireBrick
3.1. Special character sequences
4.1. User login levels
4.2. Configuration access levels
4.3. General administrative details attributes
4.4. Attributes controlling auto-upgrades
5.1. Logging attributes
5.2. System-Event Logging attributes
7.1. Example route targets
10.1. List of system services
10.2. List of system services
11.1. Packet dump parameters
11.2. Packet types that can be captured
13.1. Access-Accept
13.2. Default tones
14.1. Peer types
14.2. Communities
14.3. Network attributes
B.1. DHCP client names used
C.1. Special URLs
E.1. Access-request
E.2. Access-Challenge
E.3. Access-Accept
E.4. Access-Accept
E.5. Access-Reject
E.6. Accounting-Start
E.7. Accounting-Interim
E.8. Accounting-Stop
E.9. Disconnect
E.10. Change-of-Authorisation
F.1. iso.3.6.1.4.1.24693.1
F.2. iso.3.6.1.4.1.24693.179
F.3. iso.3.6.1.4.1.24693.5060
H.1. File types
H.2. Colours
H.3. Text
H.4. Text
H.5. URL formats
J.1. config: Attributes
J.2. config: Elements
J.3. system: Attributes
J.4. system: Elements
J.5. link: Attributes
J.6. user: Attributes
J.7. eap: Attributes
J.8. log: Attributes
J.9. log: Elements
J.10. log-syslog: Attributes
J.11. log-email: Attributes
J.12. services: Elements
J.13. http-service: Attributes
J.14. dns-service: Attributes
J.15. dns-service: Elements
J.16. dns-host: Attributes
J.17. dns-block: Attributes
J.18. radius-service: Attributes
J.19. radius-service: Elements
J.20. radius-service-match: Attributes
J.21. radius-server: Attributes
J.22. telnet-service: Attributes
J.23. snmp-service: Attributes
J.24. ntp-service: Attributes
J.25. ethernet: Attributes
J.26. sampling: Attributes
J.27. portdef: Attributes
J.28. interface: Attributes
J.29. interface: Elements
J.30. subnet: Attributes
J.31. vrrp: Attributes
J.32. dhcps: Attributes
J.33. dhcps: Elements
J.34. dhcp-attr-hex: Attributes
J.35. dhcp-attr-string: Attributes
J.36. dhcp-attr-number: Attributes
J.37. dhcp-attr-ip: Attributes
J.38. route: Attributes
J.39. network: Attributes
J.40. blackhole: Attributes
J.41. loopback: Attributes
J.42. namedbgpmap: Attributes
J.43. namedbgpmap: Elements
J.44. bgprule: Attributes
J.45. bgp: Attributes
J.46. bgp: Elements
J.47. bgppeer: Attributes
J.48. bgppeer: Elements
J.49. bgpmap: Attributes
J.50. bgpmap: Elements
J.51. cqm: Attributes
J.52. profile: Attributes
J.53. profile: Elements
J.54. profile-date: Attributes
J.55. profile-time: Attributes
J.56. profile-ping: Attributes
J.57. ip-group: Attributes
J.58. voip: Attributes
J.59. voip: Elements
J.60. carrier: Attributes
J.61. telephone: Attributes
J.62. tone: Attributes
J.63. ringgroup: Attributes
J.64. dhcp-relay: Attributes
J.65. dhcp-relay: Elements
J.66. autoloadtype: Type of s/w auto load
J.67. config-access: Type of access user has to config
J.68. user-level: User login level
J.69. eap-subsystem: Subsystem with EAP access control
J.70. eap-method: EAP access method
J.71. syslog-severity: Syslog severity
J.72. syslog-facility: Syslog facility
J.73. http-mode: HTTP/HTTPS security mode
J.74. radiuspriority: Options for controlling platform RADIUS response priority tagging
J.75. radiustype: Type of RADIUS server
J.76. month: Month name (3 letter)
J.77. day: Day name (3 letter)
J.78. port: Physical port
J.79. Crossover: Crossover configuration
J.80. LinkSpeed: Physical port speed
J.81. LinkDuplex: Physical port duplex setting
J.82. LinkFlow: Physical port flow control setting
J.83. LinkClock: Physical port Gigabit clock master/slave setting
J.84. LinkLED-g: Green LED setting
J.85. LinkLED-y: Yellow LED setting
J.86. LinkPower: PHY power saving options
J.87. LinkFault: Link fault type to send
J.88. sampling-protocol: Sampling protocol
J.89. trunk-mode: Trunk port mode
J.90. ramode: IPv6 route announce level
J.91. dhcpv6control: Control for RA and DHCPv6 bits
J.92. bgpmode: BGP announcement mode
J.93. sampling-mode: Sampling mode
J.94. sfoption: Source filter option
J.95. peertype: BGP peer type
J.96. switch: Profile manual setting
J.97. voip-format: Number presentation format
J.98. uknumberformat: Number formatting option
J.99. recordoption: Recording option
J.100. ring-group-order: Order of ring
J.101. ring-group-type: Type of ring when one call in queue
J.102. record-beep-option: Record beep option
J.103. Basic data types
   Next
   Preface