Arris NVG595, Administrator'S Handbook

Page 1: ...ARRIS NVG595 Fiber Business Gateway ARRIS Embedded Software Version 9 1 2 Administrator s Handbook ...

Page 2: ...HEIR OPERATION WILL BE UNINTERRUPTED OR ERROR FREE OR THAT ANY ERRORS CAN OR WILL BE FIXED ARRIS HEREBY DISCLAIMS ALL OTHER WARRANTIES EXPRESS OR IMPLIED ORAL OR WRITTEN WITH RESPECT TO THE SYSTEM AND SERVICES INCLUDING WITHOUT LIMITATION ALL IMPLIED WARRANTIES OF TITLE NON INFRINGEMENT INTEGRATION MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE AND ALL WARRANTIES ARISING FROM ANY COURSE OF ...

Page 3: ... ARRIS Gateway Status Indicator Lights 13 Set up the ARRIS Gateway 16 Microsoft Windows 16 Macintosh MacOS 8 or higher or Mac OS X 18 Attaching a Fiber Optic Module 19 Accessing the Web Management Interface 20 IP Diagnostics Page Redirect 21 Offline Troubleshooting 21 Device Status page 22 Device Access Code 22 Tab Bar 24 Help 24 Links Bar 24 Device List 25 System Information 27 Access Code 28 Rem...

Page 4: ... Function Summary Matrix 95 Factory Reset Switch 98 Log Event Messages 99 CHAPTER 4 Command Line Interface 103 Overview 105 Starting and Ending a CLI Session 107 Logging In 107 Ending a CLI Session 107 Using the CLI Help Facility 108 About SHELL Commands 108 SHELL Prompt 108 SHELL Command Shortcuts 108 SHELL Commands 109 Common Commands 109 WAN Commands 118 About CONFIG Commands 119 CONFIG Mode Pr...

Page 5: ...d Insertion commands 167 System commands 169 Debug Commands 174 Disclaimer Warning Text 174 Commands 174 CLI CShell Commands debug mode 174 CHAPTER 5 Technical Specifications and Safety Information 175 Description 175 Power Supply 175 Environment 175 Software and protocols 175 Agency approvals 176 Manufacturer s Declaration of Conformance 177 Important Safety Instructions 179 47 CFR Part 68 Inform...

Page 6: ...Open Source Software Information 185 Appendix A ARRIS Gateway Captive Portal Implementation 209 Overview 210 Captive Portal RPC 211 X_00D09E_GetCaptivePortalParams RPC 211 X_00D09E_SetCaptivePortalParams RPC 212 Appendix B Quality of Service QoS Examples 213 Overview 214 Downstream QoS Ethernet Switch 216 Downstream QoS Egress queues 217 Index 219 ...

Page 7: ...mat PDF files They are viewed and printed from Adobe Acrobat Reader Exchange or any other application that supports PDF files They are downloadable from the ARRIS website http www arrisi com consumer NOTE This guide describes the wide variety of features and functionality of the ARRIS Gateway when used in Router mode The ARRIS Gateway may also be delivered in Bridge mode In Bridge mode the Gateway...

Page 8: ...nks terminal Computer display text bold terminal User entered text Italic Italic type indicates the complete titles of manuals Convention Graphics Description Denotes an excerpt from a Web page or the visual truncation of a Web page Denotes an area of emphasis on a Web page Convention Description straight brackets in cmd line Optional command arguments curly brackets with values sepa rated with ve...

Page 9: ...command examples for each mode is provided Chapter 5 Technical Specifications and Safety Information Presents system and device specifica tions and important compliance and safety statements Appendix A ARRIS Gateway Captive Portal Implementation Describes the ARRIS Gateway Captive Portal Implementation Appendix B Quality of Service QoS Examples Describes the ARRIS Gateway Quality of Service QoS Im...

Page 10: ...Administrator s Handbook 10 ...

Page 11: ...d for more in depth configuration The following topics cover installation in Router Mode This chapter covers Important Safety Instructions on page 12 ARRIS Gateway Status Indicator Lights on page 13 Set up the ARRIS Gateway on page 16 Accessing the Web Management Interface on page 20 Device Status page on page 22 Tab Bar on page 24 Broadband on page 32 Local Network on page 37 Wi Fi on page 41 Voi...

Page 12: ...he telephone to report a gas leak in the vicinity of the leak CAUTION The external phone should be UL Listed and the connections should be made in accordance with Article 800 of the NEC PRODUCT VENTILATION The ARRIS Gateway is intended for use in a business Ambient temperatures around this product should not exceed 104 F 40 C It should not be used in locaƟons exposed to outside heat radiaƟon or tr...

Page 13: ... process Power LED GREEN FLASH All other LED OFF If the device does not boot and fails its self test or fails to perform initial load of the bootloader Power LED RED FLASH ALL other LED OFF If the device boots and then detects a failure Power LED GREEN FLASH starting POST and then all LEDs will FLASH RED including Power LED Ethernet Solid Green Powered device connected to the associated port inclu...

Page 14: ...s a WAN IP address from DHCP or 802 1x authentication and the broadband connection is up Flashing Green Attempting connection attempting IEEE 802 1X authentication or attempting to obtain DHCP information Red Device attempted to become IP connected and failed no DHCP response 802 1x authentica tion failed no IP address from IPCP etc The Red state times out after two minutes and the Service indicat...

Page 15: ...Off The device is not powered or no powered devices connected to the associated ports NOTE The NVG595 supports two VoIP lines over one RJ14 VoIP port In order to con nect two phone lines the supplied inner outer pair splitter adapters must be attached to the RJ14 VoIP port in order to terminate both lines This is a spe cial purpose splitter You must only use the inner outer pair splitter adapters ...

Page 16: ...ions follow a path like this Start menu Settings Control Panel Network or Network and Dial up Connections Local Area Connection Properties TCP IP your_network_card or Internet Protocol TCP IP Properties Some Windows versions follow a path like this Start menu Control Panel Network and Internet Con nections Network Connections Local Area Connection Properties Internet Protocol TCP IP Properties 2 S...

Page 17: ...l Panel and select Internet Protocol Version 4 TCP IPv4 2 Click the Properties button The Internet Protocol Version 4 TCP IPv4 Properties window should appear as shown 3 Set the radio buttons to the values shown above and click the OK button ...

Page 18: ...ol panel MacOS follows a path like this Apple Menu Control Panels TCP IP Control Panel Mac OS X follows a path like this Apple Menu System Preferences Network 2 Select Built in Ethernet 3 Select Configure Using DHCP 4 Close and Save if prompted Proceed to Accessing the Web Management Interface on page 20 ...

Page 19: ...the rubber protective cap from the end of the SFP SX LX fiber optic module 3 Remove the protective plastic caps from the end of the fiber cable and insert the fiber cable into the SFP SX LX fiber optic module Push firmly until the latch on the end of the connector locks over the fiber cable WARNING Laser output can cause serious eye damage The lasers used in this device produce light that is invis...

Page 20: ...the Location text box Once the network type is determined The Device Status Page opens 3 Check to make sure the Broadband and Service LEDs are lit GREEN to verify that the connection to the Internet is active IP Diagnostics Page Redirect In the event that your connection to the Internet fails the Broadband LED will flash RED and you will be redi rected to the IP Diagnostics page Follow the on scre...

Page 21: ...your connection is restored or the problem is resolved the Broadband LED will turn GREEN Offline Troubleshooting If the WAN is down the following information is displayed at the top of the page NOTE For AT T this function is enabled by default See the CLI command set management lan redirect enable off on on page 150 ...

Page 22: ...ge by typing http 192 168 7 254 in your web browser s location box Device Access Code You may be required to provide your Device Access Code in order to access the web management configura tion pages The Device Access Code is unique to your device It is printed on a label on the bottom of the Gateway Enter your Device Access Code and click the Continue Continue Continue Continue button The Device ...

Page 23: ... is attxxx where xxx is the last 3 digits of the serial number located on the side of the Gateway Authentication Type The type of Wi Fi encryption security in use May be Disabled WPA or WEP Default Key or Manual Password Wi Fi network encryption key in use Voice Line 1 Indication of VoIP or other phone connection Line 2 Indication of VoIP or other phone connection Display additional troubleshootin...

Page 24: ...tton is displayed click it to open the Help If the Hide Help button is displayed click it to close the Help window Here is an example The page shown here is displayed when you are on the System Informa tion page Links Bar The links bar at the top of each page allows you to configure different aspects of the features displayed on the page For example on the Home Summary page the button bar is shown...

Page 25: ...Network Name and MAC Address of devices con nected to this device on your local area network MAC Address Client device s unique hardware address IPv4 Address Name Client device s IP address or device network name Last Activity Date and time of last traffic for this client device Status May be off or on Allocation Type of IP address assignment for example Static or DHCP Connection Type Type of conn...

Page 26: ...ength as follows Click the Clear Device List Clear Device List Clear Device List Clear Device List button to update the Local Network summary Click the Scan for Devices Scan for Devices Scan for Devices Scan for Devices button to seek out other devices that have been connected since the last Local Net work summary update ...

Page 27: ...he current embedded software in your Gateway MAC Address Unique hardware address of this Gateway unit First Use Date Date and Time when the Gateway is first used This field changes to the current date and time after a reset to factory defaults Time Since Last Reboot Elapsed time since last reboot of the Gateway in days hr min sec Current Date Time Current system date and time in days hr min sec Da...

Page 28: ... and 20 charac ters long The new password must also include two characters from any these categories alpha number and special characters Example fru1tfl13s_likeabanana Enter your Old Access Code your New Access Code and click the Use New Access Code Use New Access Code Use New Access Code Use New Access Code button The new Access Code takes effect immediately You can always return to the original ...

Page 29: ... radio button to select the desired level of access Read only access to allow the remote access session to view but not change the configuration and col lected statistics of the gateway Update access to allow the session to make changes to the gateway s configuration 4 Click Enable Remote Access Enable Remote Access Enable Remote Access Enable Remote Access The NVG595 updates the Remote Access pag...

Page 30: ...inistrator s Handbook 30 To end disable an existing remote access configuration Click the Disable Remote Access Disable Remote Access Disable Remote Access Disable Remote Access button under the Access URL ...

Page 31: ...he Gateway is restarted it will disconnect all users initialize all its interfaces and load the Operating System Software In some cases when you make configuration changes you may be required restart for the changes to take effect ...

Page 32: ...Broadband IPv4 Address The public IP address of your device whether dynamically or statically assigned Gateway IPv4 Address Your ISP s gateway router IP address MAC Address Your Gateway s unique hardware address identifier Primary DNS The IP Address of the Primary Domain Name Server Secondary DNS The IP Address of the backup Domain Name Server if available Primary DNS Name The name of the Primary ...

Page 33: ...ed errored packets that were fixed successfully without a retry Transmit Errors Number of times data packets have had to be resent due to errors in transmission Collisions Count of packet collisions IPv6 Status May be Enabled or Unavailable Global Unicast IPv6 Address The public IPv6 address of your device whether dynamically or statically assigned Border Relay IPv4 Address The public IPv4 address...

Page 34: ...change in the future Broadband Source Override Auto automatically detected Fiber or Ethernet Maximum allowable MTU The WAN connection is automatically configured However you can adjust the Maximum Transmittable Unit value if your service provider suggests it The default 1500 is the maximum value but some services require other values 1492 is common If you make any change here click the Save Save S...

Page 35: ...ink length for 50 micrometer OM2 fiber units of 10 meters Length 62dot5uM Supported link length for 62 5 micrometer OM1 fiber units of 10 meters Length OM3 Supported link length for 50 micrometer OM3 fiber units of 10 meters Vendor Name SFP vendor s name Vendor OUI IEEE company id for the SFP vendor Vendor PN SFP module s vendor part number Vendor Rev SFP module s revision level for the part numbe...

Page 36: ...The device is externally calibrated DMC Type Rx Avg Pwr The type of power measurement Either Modulation Amplitude method or Average power method EOC Alarm implemented 1 implemented 0 not implemented EOC Soft Tx Disable TX_DISABLE control and monitoring 1 implemented 0 not implemented EOC Soft Tx Fault TX_FAULT monitoring 1 implemented 0 not implemented EOC Soft Rx LOS RX_LOS monitoring 1 implement...

Page 37: ...n feature provides simple data to the user to show the level of network congestion in each Wi Fi channel This data can be used to determine router placement or to determine which channels to avoid The display currently tells the user how many Access Points APs are active within each channel and provides a score of 1 10 to indicate how clear the channel is A higher score indicates less congestion i...

Page 38: ...atistics Transmit Packets IPv6 packets transmitted Transmit Errors Errors on IPv6 packets transmitted Transmit Discards IPv6 packets dropped Wi Fi Status Wi Fi Radio Status Indicates whether the Wi Fi radio is Enabled or Disabled Network Name SSID This is the name or ID that is displayed to a client scan The default SSID for the Gate way is attxxx where xxx is the last 3 digits of the serial numbe...

Page 39: ...i network Transmit Discard Packets This is the number of packets transmitted on the Wi Fi network that were dropped Receive Discard Packets This is the number of packets received on the Wi Fi network that were dropped LAN Ethernet Statistics State up or down Transmit Speed This is the maximum speed of which the port is capable Transmit Packets This is the number of packets sent out from the port T...

Page 40: ... Configure page for the Ethernet LAN opens For each Ethernet Port 1 through 4 you can select Ethernet Auto the default self sensing rate 10M full or half duplex 100M full or half duplex or 1G full or half duplex MDI X Auto the default self sensing crossover setting off or on Click the Save Save Save Save button ...

Page 41: ...displayed to a client scan The default SSID for the Gateway is attxxx where xxx is the last 3 digits of the serial number located on the side of the gateway Hide Network Name SSID May be either Off or On If On your SSID will not appear in a client scan Band Choose between 2 4 and 5 0 Ghz If 5 0 is chosen all devices connecting to this device must support 802 11n Security The type of Wi Fi encrypti...

Page 42: ...idth clients the Wi Fi network will revert to 20MHz operation if non compatible 802 11B 802 11G or 20MHz 802 11N clients are detected Channel 1 through 11 for North America on which the network will broadcast This is a frequency range within the 2 4Ghz band The Automatic setting allows the Wi Fi Access Point to determine the best channel to broadcast automatically Power Level Sets the Wi Fi transm...

Page 43: ...43 Not all client Wi Fi devices support WPS Refer to their documentation Enter your WPS PIN and click the Submit Submit Submit Submit button Follow the instructions that came with your Wi Fi client ...

Page 44: ...ty it should be at least 20 characters If you select WPA PSK as your privacy setting the WPA Version pull down menu allows you to select the WPA version s that will be required for client connections Choices are Both for maximum interoperability WPA 1 for backward compatibility WPA 2 for maximum security All clients must support the version s selected in order to successfully connect Be sure that ...

Page 45: ... key The longer the key the stronger the encryption and the more difficult it is to break the encryption Password You enter a key using hexadecimal digits For 40 64 bit encryption you need ten digits 26 digits for 128 bit WEP Hexadecimal characters are 0 9 and a f Examples 40 bits 02468ACE02 128 bits 0123456789ABCDEF0123456789 Any WEP enabled client must have an identical key of the same length as...

Page 46: ...ses you specify will be denied access Whitelist means that only MAC addresses you specify will be allowed access You add Wi Fi clients that you want to Whitelist or Blacklist for your Wi Fi LAN by selecting them from the List of MACs or by entering the MAC addresses in the Manual Entry field provided Click the Add Add Add Add button Your entries will be added to a list of clients that will be eith...

Page 47: ... selection can have a significant impact on performance depending on other Wi Fi activity close to this device You need not select a channel at any of the computers on your Wi Fi network they will automatically scan available channels seeking a Wi Fi device broadcasting on the SSID for which they are configured This scan will disconnect any Wi Fi client devices from the Wi Fi network If you want t...

Page 48: ...ur Gateway as seen from the LAN Subnet Mask Subnet mask of your LAN DHCP Server DHCP Server DHCP Server DHCP Server DHCP Server Enable If you have a dedicated source of DHCP assigned addresses on your LAN choose off from the pull down menu By default the NVG595 will act as a DHCP server and should be set to On DHCPv4 Start Address First IP address in the range being served to your LAN by the Gatew...

Page 49: ...ur LAN or Public assigned remotely radio button Cascaded Router Cascaded Router Cascaded Router Cascaded Router Cascaded Router Enable If you have another router behind this Gateway choose On from the pull down menu Cascaded Router Address If you chose On from the pull down menu enter the IP address of the router you are using behind this Gateway in the LAN Private IP subnet range Network Address ...

Page 50: ...HCP server of the NVG595 IP allocation lets you set up client devices as com mon DHCP systems but ensures that they always receive the same IP address from the gateway The IP Allocation table shows a list of all identified and active client devices the NVG595 is serving To change the allocation method used by a client 1 Locate the client in the IP Allocation table The client may be identified by t...

Page 51: ...dress from DHCP Pool to set the client to accept any valid DHCP address available standard oper ation Click any of the private fixed IP addresses 192 168 7 64 to 192 168 7 253 shown in the list to allocate that IP address to the selected client 4 Click the Save button to save the IP allocation settings A red Changes saved message opens at the top of the IP Allocation page ...

Page 52: ...twork or the Internet in the form of data packets The Voice page displays information about your VoIP phone lines if configured Your Gateway supports two phones Line 1 and Line 2 If either one or both are registered with a SIP server by your service provider or not registered the Voice page will display their Registration Details The links at the top of the Voice page access a series of pages to a...

Page 53: ...ter Register Register Register Line 1 Line 1 Line 1 Line 1 or Register Line 2 Register Line 2 Register Line 2 Register Line 2 button s To test if the lines are enabled click the Ring Line 1 Ring Line 1 Ring Line 1 Ring Line 1 or Ring Line 2 Ring Line 2 Ring Line 2 Ring Line 2 button s If enabled and registered the respective phone will ring for 30 seconds To update the display click the Refresh Re...

Page 54: ...Administrator s Handbook 54 Link Call Statistics When you click Call Statistics Call Statistics Call Statistics Call Statistics the Call Statistics page opens ...

Page 55: ...um ber of packets expected This will be calculated on every RTCP SR packet Sum of the fraction lost is calculated with all the RTCP packets Sum of Franc Loss Squared Fraction lost is squared with every RTCP SR or RR packet Sum of all this will give the Sum of Franc Loss Squared Max One Way Delay One Way Delay will be calculated in milliseconds on every RTCP SR or RR packet This value is systime ls...

Page 56: ...odec in Use Audio codec used for decoding the call packet traffic Far End Host Information SIP server IP information IP address and port number Far End Caller Information Caller ID information if available Cumulative Since Last Reset Last Reset Timestamp Date and Time of the last call Number of Calls Total number of calls for each VoIP line Duration Time in seconds since the last call Number of In...

Page 57: ... hook UP Idle OFF N A off Enabled On hook UP Registered ON N A Solid Enabled Off hook UP Registered ON DIAL TONE Blink Enabled On off hook UP Failure OFF N A off Enabled On off hook DOWN Idle OFF N A off VOIP Line 1 2 WAN Status Hook State Reg state FXS Voltage Tone LED Disable Down Off hook Idle On to off off off Enabled Down On Off hook Idle ON Congestion off Enabled Up Off hook Registered ON Co...

Page 58: ...ime examining incoming and outgoing packets Outgoing packets that request specific types of incoming packets are tracked only those incoming packets constituting a proper response are allowed through the firewall Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled You can configure UDP and TCP no activity periods that will also apply to NAT time ...

Page 59: ...of pages to allow you to configure security features of your device The following sections give brief descriptions of these pages Packet Filter on page 60 NAT Gaming on page 69 Public Subnet Hosts on page 74 IP Passthrough on page 75 Firewall Advanced on page 78 ...

Page 60: ...ad and understand this entire section thor oughly The ARRIS Gateway incorporating NAT has advanced security features built in Improperly adding fil ters and filtersets increases the possibility of loss of communication with the Gateway and the Internet Never attempt to configure filters unless you are local to the Gateway Although using filtersets can enhance network security there are disadvantag...

Page 61: ...der the following guidelines Be sure the filterset s overall purpose is clear from the beginning A vague purpose can lead to a faulty set and that can actually make your network less secure Be sure each individual filter s purpose is clear Determine how filter priority will affect the set s actions Test the set on paper by determining how the fil ters would respond to a number of different hypothe...

Page 62: ...cket Filters Enable Disable Packet Filters Click this button to globally turn your filters on or off Packet Filter Rules Buttons Click either Add a Drop Rule Add a Drop Rule Add a Drop Rule Add a Drop Rule or Add a Pass Rule Add a Pass Rule Add a Pass Rule Add a Pass Rule button Action drop If you select drop the specified packets will be blocked pass If you select pass the specified packets will ...

Page 63: ...sly been created Select Protocol if necessary from the pull down menu ICMP TCP UDP or None to specify any another IP transport protocol If you chose by number enter the Protocol by number here If you chose by name enter the Protocol by name here Enter the Source Port this filter will match on Enter the Destination Port this filter will match on If you selected ICMP enter the ICMP Type here When yo...

Page 64: ...ction on a packet matching none of the filters is to block any traffic Therefore if the behavior you want is to force the routing of a certain type of packet and pass all others through the normal routing mechanism you must configure one filter to match the first type of packet and apply Force Routing A subsequent filter is required to match and forward all other packets Management IP traffic If t...

Page 65: ...65 ...

Page 66: ...net IP address information and select save save save save at the bottom of the view 4 Navigate to Firewall Packet Filter to create a packet filter that will allow specific traffic to flow to a public LAN client 5 Scroll to the bottom of the screen and select Add a Pass Rule This rule will allow traffic to flow through the public subnet based on the match criteria that will be set up next 6 The new...

Page 67: ...ch Add Match Add Match Add Match below the rule created earlier 11 Select Destination Port from the Match Type drop down menu and enter 21 this value corresponds to FTP in the Match Value entry box 12 Click Enter Match Enter Match Enter Match Enter Match 13 Select Add Match Add Match Add Match Add Match below the same rule created earlier 14 Select Destination IP Address from the Match Type drop d...

Page 68: ...Administrator s Handbook 68 ...

Page 69: ...n page 72 In addition to choosing from these predefined services you can also select a user defined custom service See Custom Services on page 71 For each supported game or service you can view the protocols and port ranges used by the game or service by clicking the Service Details Service Details Service Details Service Details button For example Select a hosting device from the Needed by Device...

Page 70: ...re service or game your entry will be added to the list of Service names dis played on the NAT Configuration page To remove a game or software from the hosted list choose the game or software you want to remove and click the Remove Remove Remove Remove button ...

Page 71: ...be received Base Host Port The port number at the start of the port range your Gateway should use when forwarding traffic of the specified type s to the internal IP address Protocol Protocol type of Internet traffic TCP or UDP Once you define a Custom Service it becomes available in the Application Hosting Entry Service menu as one of the services to select Click the Add Add Add Add button Each ti...

Page 72: ...Earned in Blood Brothers in Arms Online Buddy Phone CART Precision Racing v 1 0 Calista IP Phone Call of Duty Citrix Metaframe ICA Client Close Combat III The Russian Front v 1 0 Close Combat for Windows 1 0 Close Combat A Bridge Too Far v 2 0 Combat Flight Sim 2 WWII Pacific Thr v 1 0 Combat Flight Sim WWII Europe Series v 1 0 Counter Strike DNS Server Dark Reign Delta Force Client and Server Del...

Page 73: ...peed Porsche Net2Phone Operation FlashPoint Outlaws POP 3 PPTP PlayStation Network Quake 2 Quake 3 Quake 4 Rainbow Six RealAudio Return to Castle Wolfenstein Roger Wilco Rogue Spear SMTP SNMP SSH server ShoutCast Server SlingBox Soldier of Fortune StarCraft StarLancer v 1 0 Starfleet Command TFTP TeamSpeak Telnet Tiberian Sun Command and Con quer Timbuktu Total Annihilation Ultima Online Unreal To...

Page 74: ...ubnet Hosts to open this view This view provides the ability to create public sub net hosts In order to create a public subnet host it must be enabled turned on in the Public Subnet section of Subnets DHCP on page 48 To create a Public Subnet click on the Public Subnet hyperlink ...

Page 75: ...ugh feature allows a single PC on the LAN to have the ARRIS Gateway s public address assigned to it It also provides PAT NAPT via the same public IP address for all other hosts on the private LAN subnet Using IP Passthrough the public WAN IP is used to provide IP address translation for private LAN computers The public WAN IP is assigned and reused on a LAN computer ...

Page 76: ...your ARRIS Gateway This mode works the same as the DHCP modes Unsolicited WAN traffic will get passed to this client The client is still able to access the ARRIS Gateway and other LAN clients on the 192 168 1 x network etc The Passthrough DHCP Lease By default the passthrough host s DHCP leases will be shortened to two minutes This allows for timely updates of the host s IP address which will be a...

Page 77: ...might use For example some network games select arbitrary port numbers when a connection is opened When you want all unsolicited traffic to go to a specific LAN host This feature allows you to direct unsolicited or non specific traffic to a designated LAN station With NAT On in the Gateway these packets normally would be discarded For instance this could be application traffic where you don t know...

Page 78: ...going packets Outgoing packets that request specific types of incoming packets are tracked only those incoming packets constituting a proper response are allowed through the firewall Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled You can configure UDP and TCP no activity periods that will also apply to NAT time outs if stateful inspection is...

Page 79: ...ted and offending packets be dropped On or Off Flood limit UDP Pass multicast Allows exclusion of UDP multicast traffic On by default Flood limit TCP enable Allows exclusion of TCP traffic Off by default Flood limit TCP SYN cookie Allows TCP SYN cookies flooding to be excluded Neighbor Discovery Attack protection Prevents downstream traffic from an upstream device that sends excessive traffic but ...

Page 80: ...being sent by users through the Router You can run all the tests in order by clicking the Run Full Diagnostics Run Full Diagnostics Run Full Diagnostics Run Full Diagnostics button The device will automatically test a number of components to determine any problems You can see detailed results of the tests by clicking the Details Details Details Details buttons for each item The details presented d...

Page 81: ...re generated Ping tests the reachability of a particular network destination by sending an ICMP echo request and waiting for a reply Traceroute displays the path to a destination by showing the number of hops and the router addresses of these hops NSLookup converts a domain name to its IP address and vice versa To use the Ping capability type a destination address domain name or IP address in the ...

Page 82: ...this test Action If PING fails possible causes are From the Check Connection page Ping the internet default gateway IP address Connection is down Gateway s IP address or subnet mask are wrong gateway router is down Ping an internet site by IP address Site is down Ping an internet site by name Servers are down site is down From a LAN PC Ping the Modem s LAN IP address IP address and subnet mask of ...

Page 83: ...Log button You can save logs to a text TXT file by clicking the Save to File Save to File Save to File Save to File button This will download the file to your browser s default download location on your hard drive The file can be opened with your favorite text edi tor NOTE Some browsers such as Internet Explorer for Windows XP require that you specify the ARRIS device s URL as a Trusted site in In...

Page 84: ...Administrator s Handbook 84 The following is an example log portion saved as a TXT file ...

Page 85: ...e Update Update Update Update button The LEDs will operate normally as described in Status Indicator Lights on page 92 The installation may take a few minutes and the web page will indicate a 3 part countdown before returning you to the Home page wait for it to complete During the software installation you will lose Internet and phone service The LEDs will function as follows During this phase the...

Page 86: ... side users will be briefly disconnected from the Internet but will otherwise be unaffected Click the Reset Connection Reset Connection Reset Connection Reset Connection button to disconnect and reconnect all of your connections including your VoIP phones Click the Reset Device Reset Device Reset Device Reset Device button to reset the Gateway back to its original factory default settings Click th...

Page 87: ...s and port if required either in dotted decimal format or as a DNS name up to 63 characters You can specify the UNIX syslog Facility to use by selecting from the Facility pull down menu From the pull down menu you specify the Log Level in decreasing severity level Emergency Alert Critical Error Warning Notice Info or Debug By toggling each event descriptor to either On or Off you can determine whi...

Page 88: ...nt Notifications Event Notifications Event Notifications the Event Notifications page opens If you check the Broadband Status Notification checkbox the device will alert users on your network if the connection to the Internet should fail In that event troubleshooting suggestions will display ...

Page 89: ... the NAT Table page opens The NAT Table page displays the network address translation sessions in use by the Gateway You can use the pull down menu to limit the displayed sessions to selected IP addresses To refresh all the sessions displayed click the Reset Reset Reset Reset button ...

Page 90: ...Administrator s Handbook 90 ...

Page 91: ...e simple suggestions for troubleshooting problems with your Gateway s initial configura tion Before troubleshooting make sure you have read the User Manual plugged in all the necessary cables set your PC s TCP IP controls to obtain an IP address automatically ...

Page 92: ...POWER ON LED behavior will happen During Boot process Power LED GREEN FLASH All other LED OFF If the device does not boot and fails its self test or fails to perform initial load of the bootloader Power LED RED FLASH ALL other LED OFF If the device boots and then detects a failure Power LED GREEN FLASH starting POST and then all LEDs will FLASH RED including Power LED Ethernet Solid Green Powered ...

Page 93: ...r 802 1x authentication and the broadband connection is up Flashing Green Attempting connection attempting IEEE 802 1X authentication or attempting to obtain DHCP information Red Device attempted to become IP connected and failed no DHCP response 802 1x authentica tion failed no IP address from IPCP etc The Red state times out after two minutes and the Service indicator light returns to the Off st...

Page 94: ...powered devices connected to the associated ports NOTE The NVG595 supports two VoIP lines over one RJ14 VoIP port In order to con nect two phone lines the supplied inner outer pair splitter adapters must be attached to the RJ14 VoIP port in order to terminate both lines This is a spe cial purpose splitter You must only use the inner outer pair splitter adapters supplied by AT T Power Jack Reset RJ...

Page 95: ...of the light is synchronized to actual data traf fic Off The device is not powered no cable or no powered devices connected to the associated ports Broadband Ethernet Solid Green Powered device connected to the associated port includes devices with wake on LAN capability where a slight voltage is sup plied to the Ethernet connec tion Flashing Green Activ ity seen from devices associ ated with the ...

Page 96: ... attempted to become IP con nected and failed no DHCP response 802 1x authentication failed no IP address from IPCP etc The Red state times out after two minutes and the Service indicator light returns to the Off state Off The device is not powered or the broad band connection is not present Phone 1 2 Solid Green The associated VoIP line has been registered with a SIP proxy server Flashing Green I...

Page 97: ...t cable is securely plugged into the Ethernet jack on the PC Make sure the Ethernet cable is securely plugged into the Ethernet port on the Modem Make sure you have Ethernet drivers installed on the PC Make sure the PC s TCP IP Properties for the Ethernet Network Control Panel is set to obtain an IP address via DHCP Make sure the PC has obtained an address in the 192 168 1 x range You may have cha...

Page 98: ...king red within one 1 second of the reset button being pressed This will occur independent of the fact that the button is still being pressed or has been released The indica tor lights will flash for a minimum of five seconds even if the reset button is released prior to five seconds after it has been depressed If the reset button is held for more than 5 seconds then it will continue to flash unti...

Page 99: ...rect user name 5 administrative access denied invalid password This log message is generated whenever the user tries to access the router s management interface and authentication fails due to incorrect password 6 administrative access denied telnet access not allowed This log message is generated whenever the user tries to access the router s Telnet management interface from a Public interface an...

Page 100: ...the packet cannot be sent without fragmentation but the do not fragment bit is set 8 dropped no route found This log message is generated whenever a packet traversing the router or destined to the router itself is dropped because no route is found to for ward the packet 9 dropped invalid IP version This log message is generated whenever a packet traversing the router or destined to the router itse...

Page 101: ... IP ILLEGAL IP Address is illegal either src or dest NM_LOGDROP_CAT_TCP TCP TCP Header generic NM_LOGDROP_CAT_TCP_SRC_PORT TCP SRC PORT TCP Source Port NM_LOGDROP_CAT_TCP_DST_PORT TCP DST PORT TCP Destination Port NM_LOGDROP_CAT_TCP_FLAGS TCP FLAGS TCP Flags field NM_LOGDROP_CAT_UDP UDP UDP Header generic NM_LOGDROP_CAT_UDP_SRC_PORT UDP SRC PORT UDP Source Port NM_LOGDROP_CAT_UDP_DST_PORT UDP DST ...

Page 102: ...red NM_LOGDROP_CAT_POLICY_ESP POLICY IPV6 ESP IPv6 Packets with ESP Header if so configured NM_LOGDROP_CAT_POLICY_DEP_HEADER POLICY DEPRECATED HEADER IPv6 Packets with deprecated header currently this only includes routing extension header type 0 NM_LOGDROP_CAT_POLICY_CAPT_PORTAL POLICY CAPTIVE PORTAL IPv6 Packets dropped because captive portal is enabled NM_LOGDROP_CAT_FLOW FLOW Packets rejected ...

Page 103: ...ine interface to enter and update the unit s configuration settings monitor its performance and restart it This chapter covers the following topics Overview on page 105 Starting and Ending a CLI Session on page 107 Using the CLI Help Facility on page 108 About SHELL Commands on page 108 SHELL Commands on page 109 About CONFIG Commands on page 119 CONFIG Commands on page 122 Debug Commands on page ...

Page 104: ...s on page 140 NTP commands on page 143 Application Layer Gateway ALG commands on page 143 Dynamic DNS Commands on page 144 Link commands on page 144 Management commands on page 147 Remote access commands on page 149 Physical interfaces commands on page 151 PPPoE relay commands on page 154 NAT Pinhole commands on page 154 Security Stateful Packet Inspection SPI commands on page 155 VoIP commands on...

Page 105: ...download to download config file exit to quit this shell ffbb to show the number of POST fault states help to get more help all or help help install to download and program an image into flash log to add a message to the diagnostic log loglevel to report or change diagnostic log level netstat to show IP information nslookup to send DNS query for host ping to send ICMP Echo request quit to quit thi...

Page 106: ... Network Time Protocol options gateway Gateway options link WAN link options management System management options physical Physical interface options enet Ethernet options pinhole Pinhole options pppoe relay Point to Point Protocol over Ethernet relay options preferences Shell environment preferences queue Queue options security Security firewall options system Gateway s system options target ad i...

Page 107: ...as the IP address for its LAN interface You can use a Web browser to configure the ARRIS Gateway IP address Logging In The command line interface log in process emulates the log in process for a UNIX host To logon enter the username and your password Entering the administrator password lets you display and update all ARRIS Gateway settings When you have logged in successfully the command line inte...

Page 108: ...hen you are in SHELL mode the CLI prompt is the name of the ARRIS Gateway followed by a right angle bracket For example if you open a CLI connection to the ARRIS Gateway named ARRIS 3000 9437188 you would see ARRIS 3000 9437188 as your CLI prompt SHELL Command Shortcuts You can truncate most commands in the CLI to their shortest unique string For example you can use the trun cated command q in pla...

Page 109: ...You can include one or more of the following arguments with the download command If you omit arguments the console prompts you for this information The server_address argument identifies the IP address of the TFTP server from which you want to copy the ARRIS Gateway configuration file The filename argument identifies the path and name of the configuration file on the TFTP server If you include the...

Page 110: ...es level 5 Use the following values for the level argument 1 or low Low level informational messages or greater includes trivial status messages 2 or medium Medium level informational messages or greater includes status messages that can help monitor network traffic 3 or high High level informational messages or greater includes status messages that may be significant but do not constitute errors ...

Page 111: ...ize c count conn_name Generates and sends 6rd loopback packets to the 6rd gateway reset arp Clears the Address Resolution Protocol ARP cache on your unit reset crash Clears crash dump information which identifies the contents of the ARRIS Gateway registers at the point of system malfunction reset dhcp server Clears the DHCP lease table in the ARRIS Gateway reset enet all Resets Ethernet statistics...

Page 112: ...d does in config mode show crash Displays the most recent crash information if any for your ARRIS Gateway show dhcp server leases Displays the DHCP leases stored in RAM by your ARRIS Gateway show dhcp client Displays the DHCP clients stored in RAM by your ARRIS Gateway show f device association Displays LAN devices that conform with the TR111 Gateway requirement It displays IP Address Manufacture ...

Page 113: ...000 Ethernet port 4 Port Status Link down HPNA port 5 counter values include management traffic Port Status Link up Duplex Full Speed 200 MBPS Transmit OK 1702 Transmit unicastpkts 1173 Tx Octets 226117 Tx Collision 0 Receive OK 1168 Receive unicastpkts 1168 Receive errors 0 Rx Octets 202156 Ethernet driver statistics Wi Fi Port Status Link down Ethernet driver full statistics PTM WAN Port Status ...

Page 114: ...tx queue This is an output of what is should look like NOS 128600225699776 UNLOCKED show enet tx queue No transmit software queue configured on Ethernet port 1 No transmit software queue configured on Ethernet port 2 No transmit software queue configured on Ethernet port 3 No transmit software queue configured on Ethernet port 4 No transmit software queue configured on Ethernet port 5 No transmit ...

Page 115: ...es for your ARRIS Gateway show ip firewall Displays firewall statistics show ip lan discovery Displays the LAN Host Discovery Table of hosts on the wired or Wi Fi LAN and whether or not they are cur rently online show ip routes Displays the IP routes stored in your ARRIS Gateway show ipmap Displays IPMap table NAT show ipv6 interfaces Display IPv6 interfaces show ipv6 routes Display IPv6 route tab...

Page 116: ...sults Displays POST results show pppoe Displays status information for each PPPoE socket such as the socket state service names and host ID values show rootcert Dumps the Subject line for the list of all the trusted root certificates for the 802 1x supplicant show rtsp Displays RTSP ALG session activity data show status Displays the current status of a ARRIS Gateway the device s hardware and softw...

Page 117: ...destination upload server_address filename confirm Copies the current configuration settings of the Gateway to a TFTP Trivial File Transfer Protocol server The TFTP server must be accessible on your Ethernet network The server_address argument identifies the IP address of the TFTP server on which you want to store the ARRIS Gateway settings The filename argu ment identifies the path and name of th...

Page 118: ...lf pin Displays the ARRIS Gateway s own Personal Identification Number PIN value WAN Commands show enet Displays statistics for both the WAN and the Wireless show enet all Displays statistics for the WAN LAN and Wireless show enet tx queue Displays all tx queues configured on the devicve show ppp stats lcp ipcp show opticwan data Displays information for the Fiber WAN Show voip all Displays inform...

Page 119: ...g RETURN ARRIS 3000 9437188 top ip ARRIS 3000 9437188 ip As a shortcut you can enter the significant letters of the node name in place of the full node name at the CON FIG prompt The significant characters of a node name are the letters that uniquely identify the node For example since no other CONFIG node starts with b you could enter one letter b to move to the bridge node Jumping down several n...

Page 120: ...er the configuration values appropriate for your site with out having to enter complete CLI commands When you are in step mode the command line interface prompts you to enter required and optional settings If a setting has a default value or a current setting the command line interface displays the default value for the command in parentheses If a command has a limited number of acceptable values ...

Page 121: ... example ARRIS 3000 9437188 top set system system name ARRIS 3000 9437188 Mycroft Diagnostic Level High medium Stepping mode ended Validating Your Configuration You can use the validate CONFIG command to make sure that your configuration settings have been entered correctly If you use the validate command the ARRIS Gateway verifies that all required settings for all services are present and that s...

Page 122: ...the device should use Routing Information Protocol RIP broadcasts to advertise its routing tables to other Gateways RIP Version 2 RIP 2 is an extension of the original Routing Information Protocol RIP 1 that expands the amount of useful information in the RIP packets While RIP 1 and RIP 2 share the same basic algorithms RIP 2 supports several additional features including inclusion of subnet masks...

Page 123: ...nd off off v1 v2 v1 compat v2 md5 rip receive off off v1 v2 v1 compat v2 md5 fs egress Security QosUpstream WanEgress fs ingress Security QosUpstream WanEgress static ipaddr 192 168 1 254 netmask 255 255 255 0 dhcp server enable on off on dhcp server start addr 192 168 1 64 end addr 192 168 7 253 lease time 01 00 00 00 subnet order 1 1 8 gen option gen option node list Select name node to modify f...

Page 124: ...92 168 7 253 set conn name name dhcp server lease time seconds If dhcp server enable is set to on specifies the default length for DHCP leases issued by the ARRIS Gateway Lease time is in seconds Default is 3600 set conn name name dhcp server subnet order 1 8 If dhcp server enable is set to on specifies the order in which to address the first of 8 possible subnets Ordi narily this is the first one...

Page 125: ...ation that identifies the unit set conn name name fs egress filterset_name Attaches a user filterset to a conn which is applied to transmitted packets See Filterset commands on page 126 set conn name name fs ingress filterset_name Attaches a user filterset to a conn which is applied to received packets See Filterset commands on page 126 ...

Page 126: ...r in the filterset If order is set to an already existing order value order values of other rules are incremented automatically set filterset name filterset_name rule number enable on off Dynamically enables or disables the specified filterset rule set filterset name filterset_name rule number match eth proto number Matches ethernet protocol field to the supplied value set filterset name filterset...

Page 127: ...ch can be in decimal ex 32 or in Hex ex 0x20 Or match the supplied diffserv class This value may be any of the BE EF AFxx or CSx classes A full list is CS0 0x00 CS1 0x08 CS2 0x10 CS3 0x18 CS4 0x20 CS5 0x28 CS6 0x30 CS7 0x38 BE 0x00 AF11 0x0a AF12 0x0c AF13 0x0e AF21 0x12 AF22 0x14 AF23 0x16 AF31 0x1a AF32 0x1c AF33 0x1e AF41 0x22 AF42 0x24 AF43 0x26 EF 0x2e set filterset name filterset_name rule n...

Page 128: ... rule number action set dscp number diffserv_class_string Sets the dscp field to the supplied value set filterset name filterset_name rule number action set eth p bits number Sets vlan priority bits to the supplied value set filterset filterset_name rule number action do filterset name Executes the supplied filterset Default actions If a packet passes through all of a filter s rules without a matc...

Page 129: ...ddress host name equivalently IPv4 address range or subnet IPv6 address or subnet WAN side range IPv4 address range or subnet IPv6 address or subnet Ingress and egress interface by link oid e g LAN set gfs name filterset_name enable on off Dynamically enables or disables the specified filterset rule set gfs name filterset_name default action value pass drop Executes the named filterset s default a...

Page 130: ...s but only a small number of large packets can be enqueued If there are no tail drops that is the queue is not blocked from sending and doesn t over fill and dump pack ets then these queue size bytes parameters do not affect anything Their only function is to adjust the threshold at which the queue is considered full which dictates when tail drops will occur So if there are no src ip addr ip 4 6 a...

Page 131: ... red that don t drop from the tail of the queue Instead red drops packets towards the front of the queue so that the congestion is noticed more quickly in order for the sender to scale back bandwidth usage to avoid drops the following types of queue building blocks are supported basic queue ingress queue priority queue wfq weighted fair queue Basic queues have three different packet dropping optio...

Page 132: ...r priority gets link resource first for wfq queue each entry gets reserved bandwidth according to its weight If different priority is given any excess bandwidth is offered to higher priority entry first otherwise any excess bandwidth is distributed to the weights ratio set queue name queue_name entry number weight 0 100 Sets the weight level of this weighted fair queue Weight units are dependent o...

Page 133: ...refix length 1 set ip6 conn name WANv6 6rd tunnel ipv4 common bits 0 set ip6 conn name WANv6 6rd tunnel relay ipv4 addr 0 0 0 0 set ip6 conn name WANv6 6rd tunnel ipv4 tx tos mode off set ip6 conn name WANv6 6rd tunnel force tx to br on set ip6 conn name WANv6 6rd tunnel anti spoof enable on set ip6 conn name WANv6 6rd tunnel tx df bit set on set ip6 conn name LANv6 enable off set ip6 gateway enab...

Page 134: ...s Specifies the IPv6 address of a host on a local or remote network in standard IPv6 format ip6 conn set ip6 conn name name enable on off Enables disables the IPv6 connection named name set ip6 conn name name type static autoconf rd dp aiccu Type of connection See below for connection types set ip6 conn name name mtu octets Specified MTU of connection set ip6 conn name name side lan wan Specified ...

Page 135: ...e to tunnel over an associated IPv4 connection named ipv4_name set ip6 conn name name 6rd tunnel use dhcp values off on If this parameter is on 6rd provisioned parameters are obtained via the underlying DHCPv4 client associated with IPv4 connection named ipv4 name See draft ietf softwire ipv6 6rd 10 for DHCP format description ip6 conn type rd 6rd tunnel use dhcp values off set ip6 conn name name ...

Page 136: ... 6rd domain is sent directly to the 6rd endpoint on means that all packets are transmitted to the 6rd border gateway AICCU SixXS tunnel broker Connections ip6 conn type aiccu side wan This connection type enables an IPv6 connection to the IPv6 internet over an IPv4 NAT UDP tunnel to a tunnel endpoint administered by tunnel broker SIXXS www sixxs net You set up an account with SIXXS and subsequentl...

Page 137: ...ay up is set to on the global prefix assigned from the conn delegating the prefix remains active in the event that the conn delegating the prefix goes down and the prefix becomes invalid This enables local LAN side hosts to continue to use the global prefix uninterrupted If parameter stay up is set to off the connection s delegated prefix becomes invalid when the connection named ipv6 conn name de...

Page 138: ...n DHCPv6 servers on all IPv6 LAN conns operate in stateless information only mode The default is off set ip6 dhcp server preference 255 Sets the preference option as defined in RFC1315 sec 22 8 The preference option in the server s Advertise message may assist a DHCPv6 client in selecting from more than one server on the LAN set ip6 dhcp server authoritative on off If a client requests an IP addre...

Page 139: ...etrieved from DHCPv6 in stateless mode http tools ietf org html rfc4242 The default is 86400 24 hours Static Routes ip6 static route set ip6 static route name conn oid ipv6_conn_name Route is directed to IPv6 connection named ipv6_conn_name T1 The time at which the client contacts the server from which the addresses in the IA_NA were obtained to extend the lifetimes of the addresses assigned to th...

Page 140: ...r set ip dns proxy enable on off This allows you to disable the default behavior of acting as a DNS proxy The default is on IP IGMP commands Multicasting is a method for transmitting large amounts of information to many but not all computers over an internet One common use is to distribute real time voice video and data services to the set of computers which have joined a distributed conference Ot...

Page 141: ...al Unsolicited Report Interval the amount of time in seconds between repetitions of a particular computer s initial report of membership in a group The default unsolicited report interval is 10 seconds Querier Version select a version of the IGMP Querier version 1 version 2 or version 3 If you know you will be communicating with other hosts that are limited to v1 or v2 for backward compatibility s...

Page 142: ...f on Sets fast leave on or off Set to on by default fast leave enables a non standard expedited leave mechanism The querier keeps track of which client is requesting which channel by IP address When a leave message is received the querier can check its internal table to see if there are any more clients on this group If there are none it immediately sends an IGMP leave message to the upstream quer...

Page 143: ...od minutes update period specifies how often in minutes the Gateway should update the clock Default is 1440 Application Layer Gateway ALG commands These commands allow you to enable or disable the router s support for a variety of Application Layer Gate ways ALGs An application layer gateway ALG is a NAT component that helps certain application sessions to pass cleanly through NAT Each ALG has a s...

Page 144: ...mically assigned IP address This allows you to get to the IP address assigned to your Gate way even though your actual IP address may change as a result of a PPPoE connection to the Internet set ip dynamic dns service type dyndns set ip dynamic dns username myusername set ip dynamic dns password mypassword set ip dynamic dns hostname myhostname set ip dynamic dns retries 1 64 Enables or disables d...

Page 145: ...agged VLAN on the selected port on the link named name Default is ptm set link name name tagged vlan name integer vid vlan_id Specifies a VLAN ID vid on the selected link named name Default is 0 set link name name tagged vlan name integer priority 0 7 Specifies the 802 1p priority bit If you set this to a value greater than 0 all packets of this VLAN with unmarked priority bits pbits will be re ma...

Page 146: ...t link name name ppp restart timer integer Specifies the number of seconds the Gateway should wait before retransmitting a configuration or termination request The integer argument can be any number between 1 and 30 set link name name ppp connection type instant on always on Specifies whether a PPP connection is maintained by the ARRIS Gateway when it is unused for extended peri ods If you specify...

Page 147: ...oE servers and having the ARRIS Gateway indicate an AC Name specifies to which one the ARRIS Gateway is trying to connect Management commands All management related items are grouped in this section set management account administrator username username Specifies the username for the administrative user the default is admin set management account user username username Specifies the username for t...

Page 148: ... minutes for telnet set management shell ssh port 1 65534 Specifies the port number for secure shell SSH communication with the ARRIS Gateway Defaults to port 0 off set management shell telnet port 1 65534 Specifies the port number for telnet CLI communication with the ARRIS Gateway Because port numbers in the range 0 1024 are used by other protocols you should use numbers in the range 1025 65534 ...

Page 149: ...ss http total timeout 1 120 Specifies a total timeout period of inactivity for remote HTTP access to the Gateway after which a user must re login to the Gateway Default is 20 minutes for HTTP set management remote access http max clients number Specifies the maximum number of client sessions for remote web access management Defaults to 1 one set management remote access https port 1 65534 Sets the...

Page 150: ... telnet max clients number Specifies the maximum number of client sessions for remote telnet access management Defaults to 4 set management remote access ssh port 1 65534 Specifies the port number for secure shell SSH communication with the ARRIS Gateway Defaults to port 22 set management remote access ssh idle timeout 1 120 Specifies a timeout period of inactivity for remote secure shell SSH acce...

Page 151: ...nagement services on or off The default is off Physical interfaces commands Ethernet interfaces set physical enet 1 4 mac addr override mac_addr You can override your Gateway s Ethernet MAC address with any necessary setting Some ISPs require your account to be identified by the MAC address among other things Enter your 12 character Ethernet MAC over ride address as instructed by your service prov...

Page 152: ...mode you want bg b only g only bgn n only an or a only For compatibility with clients using 802 11b up to 11 Mbps transmission 802 11g up to 20 Mbps 802 11a up to 54 Mbit s using the 5 GHz band or 802 11n from 54 Mbit s to 600 Mbit s with the use of four spatial streams at a channel width of 40 MHz select B G N To limit your Wi Fi LAN to one mode or the other select G only N only A only or B only ...

Page 153: ... the specified addresses will be permitted to join the specified SSID Default is none set physical Wi Fi ssid 1 access list mac_address Specifies the MAC address of devices controlled by MAC address filtering set physical Wi Fi ssid 1 hidden off on Enables or disables SSID hiding for the specified SSID If set to on the specified SSID will not appear on client scans Clients must log into the SSID w...

Page 154: ...specific host behind the ARRIS Gateway transparently To set up NAT pinholes you identify the type s of traffic you want to redirect by port number and you specify the internal host to which each specified type of traffic should be directed The following list identifies protocol type and port number for common TCP IP protocols FTP TCP 21 telnet TCP 23 SMTP TCP 25 TFTP UDP 69 set pinhole name name p...

Page 155: ...pecial circumstances a low level of firewall protection is available You can also turn all firewall protection off Defaults to low set security spi ip4 invalid addr drop on off Enables or disables whether Broadband packets with invalid source or destination addresses should be dropped Default is on set security spi ip4 private addr drop on off Enables or disables whether Broadband packets with pri...

Page 156: ...y spi flood limit udp enable off on Enables or disables whether UDP packet flooding should be detected and offending packets be dropped Defaults to off set security spi flood limit tcp enable off on Enables or disables whether TCP packet flooding should be detected and offending packets be dropped Defaults to off set security spi flood limit tcp syn cookie on off Allows TCP SYN cookies flooding to...

Page 157: ...eatures VoIP Profile Settings set voip profile 1 4 prof enable on off Enables or disables the use and configuration of the specified VoIP profile on the ARRIS Gateway set voip profile 1 4 proxy server address Specifies the IP address or fully qualified domain name of the SIP proxy server that stations using the profile will connect to set voip profile 1 4 proxy port port Sets the well known port n...

Page 158: ...e identified profile set voip profile 1 4 reinvite expires seconds Sets the amount of time a SIP user agent with the named profile will consider a re INVITE message valid set voip profile 1 4 reg retry interval seconds Specifies the number of seconds that must elapse before a SIP user agent using the named profile may attempt to retry registration set voip profile 1 4 reg min expires seconds Assig...

Page 159: ... sip session refresher auto Assign a SIP session refresh method to the identified profile set voip profile 1 4 sip advanced setting sip session timer value value Configure the SIP session timer value for the profile Default 2280 set voip profile 1 4 sip advanced setting sip dynamic payload value Set the dynamic payload value for the identified profile Default 101 set voip profile 1 4 sip advanced ...

Page 160: ...redundancy level 0 1 Specifies the level of fax redundancy for t38 fax data rate management Default 1 set voip profile 1 4 sip advanced setting sip init de register on off Turns SIP de registration on or off for the profile Default off set voip profile 1 4 sip advanced setting sip known ip list string Specifies a known IP address list of SIP servers for the SIP profile set voip profile 1 4 sip adv...

Page 161: ...g sip timer h value 32000 Assigns a SIP H timer ACK reciept wait time value to the profile set voip profile 1 4 sip advanced setting sip timer i value 5000 Assigns a SIP I timer ACK retransmit wait time value to the profile set voip profile 1 4 sip advanced setting sip timer j value 32000 Assigns a SIP J timer non INVITE retransmit request wait time value to the profile set voip profile 1 4 sip ad...

Page 162: ...oip profile 1 4 advanced telephony setting fxs port setting for fxo none fxs1 fxs2 both emgncy Sets a port to be used for the FXS Foreign eXchange Subscriber interface port to the FXO Foreign eXchange Office interface the phone port Default is none set voip profile 1 4 advanced telephony setting t38 option on off Enables or disables T 38 fax capability for the VoIP profile set voip profile 1 4 adv...

Page 163: ... a display name for the identified user account on the specified VoIP profile Default 1000 set voip profile 1 4 user account 1 4 sip user name string Adds a user name value to the VoIP profile SIP user account Default 1000 set voip profile 1 4 user account 1 4 sip user password string Sets the SIP password for the user account on the VoIP profile set voip profile 1 4 user account 1 4 sip user auth...

Page 164: ...support on off Enables or disabled G 729 Annex B support on the specified user account Default off set voip profile 1 4 user account 1 4 codec G726_16 priority 1 7 none Assigns a priority value to the 16 kbit s G 726 codec on the user account Default 3 set voip profile 1 4 user account 1 4 codec G726_16 payload type value Assigns a payload value to the 16 kbit s G 726 codec on the user account Def...

Page 165: ...igns a payload value to the AMR codec on the user account Default 120 set voip profile 1 4 user account 1 4 codec AMR packetization time value Assigns a packetization time value to the AMR codec on the user account Default 20 set voip profile 1 4 user account 1 4 codec AMR_WB priority 1 7 none Assigns a priority value to the Adaptive Multi Rate Wide Band AMR WB audio codec on the user account Defa...

Page 166: ...r account 1 4 call feature anonymous call block option on off Sets the user account to block on or accept off calls from unidentified sources set voip profile 1 4 user account 1 4 call feature call transfer option on off Enables or disables the call transfer function on the user account set voip profile 1 4 user account 1 4 call feature call disconnsupervision option on off Enables or disabled dis...

Page 167: ...p identifier of the ad carousel server set targeted ad insertion key identification counter 0 n Sets a counter value for the ad key indentifier set targeted ad insertion authentication key string Specifies an authentication key for the targeted ads set targeted ad insertion channel change notification on off Turns the change the channel notification on or off Default is on set targeted ad insertio...

Page 168: ...al for retransmission of ad insertion in seconds Default is 300 seconds set targeted ad insertion vcc ip address ip_address Specifies the VCC IP address of the ad carousel server set targeted ad insertion vcc port 0 n Specifies the VCC port of the ad carousel server set targeted ad insertion zones zone_number Specifies the zone for targeted ads when v zone ad is set to on set targeted ad insertion...

Page 169: ...tracks attempted violations of the firewall rules Default is on set system firewall log persist on off When set to on causes the log information to be kept in flash memory Default is off set system firewall log file size 4096 65536 Specifies a size for the firewall logs The most recent entries are posted to the beginning of the log When the log becomes full the oldest entries are dropped The defau...

Page 170: ...ould poll the update server monthly or biweekly The default is monthly set system calendar update protocol http https tftp Specifies the protocol for accessing the update server The default is http set system calendar update server server_address Specifies the address of the update server by name or IP address The default is cpems bellsouth net set system calendar update username string Specifies ...

Page 171: ...licant tagging enable off on Disable or enable VLAN tagging on the WAN port set system syslog enable on off Enables on or disables off the NVG595 syslog function The syslog function is disabled by default If syslog is enabled the following additional syslog settings may be configured set system syslog server ip IPv4 IPv6 Address set system syslog server port port set system syslog facility local0 ...

Page 172: ...ult set system syslog log firewall on off Enables on or disables off the delivery of firewall log messages to the syslog server Firewall log is disabled by default set system syslog log igmp on off Enables on or disables off the delivery of IGMP log messages to the syslog server The igmp log is disabled by default set system syslog log voice on off Enables on or disables off the generation of voic...

Page 173: ... messages with a level equal to or greater than the level you specify are recorded For example if you specify set system diagnostic level medium the diagnostic log will retain medium level informational messages alerts and failure messages Use the following guidelines low Low level informational messages or greater includes trivial status messages medium Medium level informational messages or grea...

Page 174: ... Config level Warning Accessing these commands may impact the normal operation of this device Exit now if you entered by mistake Commands console Make this session the console mirror src port dst port To mirror one port s traffic to another Causes traffic transmitted or received on src port to be mirrored on dst port Ports must support Ethernet IPoA and PPPoA ATM ports are not supported mirror off...

Page 175: ...rnet RJ 45 Power Supply 115VAC 24W 12VDC 2 0A 2phone 5REN RINGING Environment Operating temperature 0 C to 42 C 32 F to 107 F 8 to 95 Non Condensing Relative Humidity Storage temperature 20 C to 85 C 4 F to 185 F Relative storage humidity 20 to 80 noncondensing Software and protocols Software media Software preloaded on internal flash memory field upgrades done via download to inter nal flash memo...

Page 176: ...methods HTTP Web server TR 069 Diagnostics Ping event logging routing table displays statistics counters web based management tracer oute nslookup and diagnostic commands Agency approvals North America Safety Approvals United States UL 60950 Third Edition Canada CSA CAN CSA C22 2 No 60950 00 EMC United States FCC Part 15 Class B Canada ICES 003 Telecom United States 47 CFR Part 68 Canada CS 03 ...

Page 177: ...e complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undes ired operation This transmitter must not be co located or operating in conjunction with any other antenna or transmitter Operation within the 5 15 5 25GHz ba...

Page 178: ...e pas qu Industrie Canada a approuvé le matériel AVIS L indice d équivalence de la sonnerie IES du présent matériel est de 0 1 L IES assigné à chaque dis positif terminal indique le nombre maximal de terminaux qui peuvent être raccordés à une interface télépho nique La terminaison d une interface peut consister en une combinaison quelconque de dispositifs à la seule condition que la somme d indice...

Page 179: ...tallic water pipe system if present are connected together This precaution may be particularly important in rural areas Caution Users should not attempt to make such connections themselves but should contact the appropriate electric inspection authority or electrician as appropriate The Ringer Equivalence Number REN assigned to each terminal device provides an indication of the maxi mum number of ...

Page 180: ...power supply serves as the main power disconnect locate the direct plug in power supply near the product for easy access For use only with CSA Certified Class 2 power supply rated 12VDC 1 0A Telecommunication installation cautions Never install telephone wiring during a lightning storm Never install telephone jacks in wet locations unless the jack is specifically designed for wet locations Never t...

Page 181: ...mpany b List all applicable certification jack Universal Service Order Codes USOC for the equipment RJ11 c A plug and jack used to connect this equipment to the premises wiring and telephone network must comply with the applicable FCC Part 68 rules and requirements adopted by the ACTA A compliant telephone cord and modular plug is provided with this product It is designed to be connected to a comp...

Page 182: ... has specially wired alarm equipment connected to the telephone line ensure the installation of this ARRIS Series Gateway does not disable your alarm equipment If you have questions about what will dis able alarm equipment consult your telephone company or qualified installer RF Exposure Statement NOTE Installation of the Wi Fi models must maintain at least 20 cm between the Wi Fi Gateway and any ...

Page 183: ...ucto junto con sus residuos residenciales o comer ciales Algunos países o regiones tales como la Unión Europea han orga nizado sistemas para recoger y reciclar desechos eléctricos y electrónicos Comuníquese con las autoridades locales para obtener información acerca de las prácticas vigentes en su región Si no existen sistemas de recolección disponibles solicite asistencia llamando el Servicio al ...

Page 184: ...ou regiões tais como a União Européia criaram sistemas para cole cionar e reciclar produtos eletroeletrônicos Para obter informações sobre as práticas estabelecidas para sua região entre em contato com as autori dades locais Se não houver sistemas de coleta disponíveis entre em con tato com o Serviço ao Cliente da ARRIS para obter assistência Återvinning av din ARRIS utrustning Kasta inte denna pr...

Page 185: ...185 Please visit http www ARRIS com recycle for instructions on recycling ...

Page 186: ...source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Neither the name of SixXS nor the names of its contributors may be used to endorse or promo...

Page 187: ...cp isc 4 1 1 P1 Copyright 2004 2011 by Internet Systems Consortium Inc ISC Copyright 1995 2003 by Internet Software Consortium Permission to use copy modify and or distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THE SOFTWARE IS PROVIDED AS IS AND ISC DISCLAIMS ALL WARRANTIES WITH...

Page 188: ...ditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Neither the name of the copyright holder nor the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR S AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES I...

Page 189: ...right c Rusty Russell Copyright c The Regents of the University of California Copyright c USAGI WIDE Project Copyright c Free Software Founcation Copyright c Intel Corp Copyright c Robert Olsson Uppsala Univer sity Sweden Copyright c Harald Welte iptables 1 4 0 also Copyright c Netfilter Core Team libnetfilter_conntrack also C 2005 2011 Pablo Neira Ayuso libnfnetlink also c 2001 2005 Netfilter Cor...

Page 190: ...NG DISTRIBUTION AND MODIFICATION 0 This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License The Program below refers to any such program or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say a work containin...

Page 191: ... no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or c Accompany it with the information you received as to the offer to distribute corresponding source code This alternative is allowed only for noncom...

Page 192: ...raphical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 9 The Free Software Foundation may publish revised and or new versions of the General Public License from time to time Such new versions will be similar in spirit to ...

Page 193: ...this license which gives you legal permission to copy distribute and or modify the library To protect each distributor we want to make it very clear that there is no warranty for the free library Also if the library is modified by someone else and passed on the recipients should know that what they have is not the original version so that the original author s reputation will not be affected by pr...

Page 194: ...onditions a The modified work must itself be a software library b You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change c You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License d If a facility in the modified Library refers to a function or a table of data to be suppl...

Page 195: ... in the Library will not necessarily be able to recompile the application to use the modified definitions b Use a suitable shared library mechanism for linking with the Library A suitable mechanism is one that 1 uses at run time a copy of the library already present on the user s computer system rather than copying library functions into the executable and 2 will operate properly with a modified v...

Page 196: ...bution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 13 The Free Software Foundation may publish revised and or new versions of the Lesser General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new probl...

Page 197: ...lcopies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS...

Page 198: ...of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org 4 The names OpenSSL Toolkit and OpenSSL Project must...

Page 199: ...ITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The licence and distribution terms for any publically available version or derivative of this code cannot be changed i e this code cannot simply be copied and put under another distribution licence including the GNU ...

Page 200: ...US ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Copyright c 1999 2004 Paul Mackerras All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following di...

Page 201: ...C 1995 1996 1997 1998 Lars Fenneberg lf elemental net Permission to use copy modify and distribute this software for any purpose and without fee is hereby granted provided that this copyright and permission notice appear on all copies and supporting documentation the name of Lars Fenneberg not be used in advertising or publicity pertaining to distribution of the program without specific prior perm...

Page 202: ... of this software for any particular purpose It is provided as is without express or implied warranty of any kind These notices must be retained in any copies of any part of this documentation and or software Copyright c 2000 by Sun Microsystems Inc All rights reserved Permission to use copy modify and distribute this software and its documentation is hereby granted provided that the above copyrig...

Page 203: ...Modified June 1993 by Paul Mackerras paulus cs anu edu au so that the entire packet being decompressed doesn t have to be in contiguous memory just the compressed header Copyright 1995 2000 EPFL LRC ICA and are licensed under the GNU Lesser General Public License Written 1995 2000 by Werner Almesberger EPFL LRC ICA Copyright 2000 Mitchell Blank Jr Based in part on work from Jens Axboe and Paul Mac...

Page 204: ...eserved Non exclusive rights to redistribute modify translate and use this software in source and binary forms in whole or in part is hereby granted provided that the above copyright notice is duplicated in any source form and that neither the name of the copyright holder nor the author is used to endorse or promote products derived from this software THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT AN...

Page 205: ...G LSR Ce travail a été fait au sein du GIE DYADE Groupement d Intérêt Économique ayant pour membres BULL S A et l INRIA Ce logiciel informatique est disponible aux conditions usuelles dans la recherche c est à dire qu il peut être utilisé copié modifié distribué à l unique condition que ce texte soit conservé afin quel origine de ce logiciel soit reconnue Le nom de l Institut National de Recherche...

Page 206: ...ware Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA radvd 1 8 3 radvd license The author s grant permission for redistribution and use in source and binary forms with or without modification of the software and documentation provided that the following conditions are met 0 If you receive a version of the software that is specifically labelled as not being for redistribution chec...

Page 207: ...St Denis and are Public Domain sshpty c is taken from OpenSSH 3 5p1 Copyright c 1995 Tatu Ylonen ylo cs hut fi Timo Rinne tri iki fi Espoo Finland All rights reserved As far as I am concerned the code I have written for this software can be used freely for any purpose Any derived versions of this software must be clearly marked as such and if the derived work is incompatible with the protocol desc...

Page 208: ...F USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Import code in keyimport c is modified from PuTTY s import c licensed as follows PuTTY is copyright 1997 2003 Simon Tatham Port...

Page 209: ...n Inc zlib 1 2 3 Copyright C 1995 2005 Jean loup Gailly and Mark Adler This software is provided as is without any express or implied warranty In no event will the authors be held liable for any damages arising from the use of this software Permission is granted to anyone to use this software for any purpose including commercial applications and to alter it and redistribute it freely subject to th...

Page 210: ...Administrator s Handbook 210 ...

Page 211: ...209 Appendix A ARRIS Gateway Captive Portal Implementation This section contains information about the ARRIS Gateway Captive Portal Support ...

Page 212: ...st takes a comma separated string which can be Individual IP addresses or a range of IP addresses For a range of IP Addresses subnet mask is required The following formats of IP address are accepted Individual IP address 144 130 120 62 or 144 130 120 62 32 Range of 64 IP addresses 144 130 120 64 26 White IP Address list gets rewritten on any changes Clearing the Captive Portal URL disables Captive...

Page 213: ...mentation If true the Captive Portal is enabled xs documentation xs documentation If false the Captive Portal is disabled xs documentation xs annotation xs element xs element name RedirectURL xs annotation xs documentation the URL to be redirected to xs documentation xs annotation xs simpleType xs restriction base xs string xs maxLength value 512 xs restriction xs simpleType xs element xs element ...

Page 214: ...X_00D09E_SetCaptivePortalParams xs element name X_00D09E_SetCaptivePortalParams xs annotation xs documentation X_00D09E_SetCaptivePortalParams message to set the Captive Portal parameters on a CPE xs documentation xs annotation xs complexType xs sequence xs element name CaptivePortalParamStruct type tns CaptivePortalParamStruct xs sequence xs complexType xs element X_00D09E_SetCaptivePortalParamsR...

Page 215: ...213 Appendix B Quality of Service QoS Examples This section contains information about the ARRIS Gateway QoS implementation ...

Page 216: ... queuing or bandwidth shaping across critical net working bottlenecks Packets forwarded through the system are classified using sets of filter rules to match various criteria for example p bit DSCP IP address port etc The matching rule can set the classification which is the name of the queue that is to be used Figure 1 Illustration of upstream congestion all traffic is consistently delayed Figure...

Page 217: ...rid queue that is both priority and WFQ to both constrain bandwidth usage and expedite one of the queues After the packet has been classified it can be put in the proper queue Queues are assigned to interfaces and can be constructed of several queue components to deliver the desired behavior ...

Page 218: ...ch hardware and should be used when a strict priority queue with 4 priorities is sufficient The traffic is classified by priority bit value This can be the value retained from WAN ingress assuming WAN is tagged or it can be a value that is set via a filter rule which allows for advanced classification criteria to be used Even though the LAN interface might not be tagged there is still an internal ...

Page 219: ...ort configuration This is less efficient however it allows more advanced queue scheduling algorithms to be used Packets are classified by QoS markers set by filter rules This method is typically not recommended for deployment configuration as this mechanism can con sume a large amount of CPU processing bandwidth ...

Page 220: ...Administrator s Handbook 218 ...

Page 221: ...ee CLI CONFIG Command List 106 Configuration mode 119 Connection commands 122 Custom Service 71 D Default Server 77 designing a new filter set 61 Device Access Code 22 Device List 25 DHCP lease table 111 Diagnostic log 111 116 Diagnostics 80 Documentation conventions 8 Downstream QoS 216 E Ethernet statistics 111 Event Notifications 88 F filter parts 61 parts of 61 filter sets using 62 filters usi...

Page 222: ...rect page 21 150 151 Reset Connection 86 Reset Device 86 Reset IP 86 Resets 86 Restart 86 112 Restart command 108 Restart Modem 31 S Safety Instructions 12 Security filters 60 Session Initiation Protocol 157 SHELL Command Shortcuts 108 Commands 108 Prompt 108 SHELL level 119 SHELL mode 108 show config 112 Show ppp 118 SIP 157 Step mode 120 Subnets DHCP 48 Supported Games and Software 72 Syslog 87 ...

Page 223: ...221 V View command 120 view config 117 Voice 52 Voice over IP 157 VoIP 157 W WiFi Key 44 Wireless 41 Wireless Security 44 ...

Page 224: ...Administrator s Handbook 222 ...

Page 225: ...223 ARRIS Mobility DSL Gateways ARRIS Mobility LLC 600 North U S Highway 45 Libertyville Illinois 60048 USA Telephone 1 847 523 5000 December 6 2013 ...

Page 226: ...Administrator s Handbook 224 ...