DOCUMENTATION NOTES
Beginning with release 6.0.120, the Customer Release Notes are included in the router as an HTML file, accessible from the Router Information page in the Web GUI.

The following documents are provided to help you with the setup and configuration of your product:

•Customer Release Notes - this document
•Quick Start Guide
- provides an illustrated guide to the installation of the router through login. This fold-out illustration is printed and included with your router.
•User Reference Guide - provides essential information, details of basic router configuration, including step-by-step guidance through the Easy Setup feature. This publication is included in your Documentation CD.
•Technical Reference Guide
- contains technical topics regarding router operation, features and functionality. Procedures and command structures are described for advanced configuration and management of the router. This publication is included in your Documentation CD.
•Command Line Interface
- provides a comprehensive listing of router system commands, including their usage and syntax, as entered at the command line. This publication is included in your Documentation CD.

The Command Line Interface Guide, Technical Reference Guide, and User Reference Guide are included in PDF format on the Documentation CD. If your Documentation CD does not autorun, use your browser to open the file index.html for links to the supporting documentation.

You will need the freely available Acrobat Reader to view and print these publications. If you don't have the Acrobat Reader already installed on your computer, you can obtain it from the Documentation CD or from Adobe's web site at http://www.adobe.com/. The Acrobat Reader is available for a very wide range of platforms, including MS Windows, Macintosh and many Unix systems.

KEY CHANGES
Version 6.0.173
Added syslog enhancements.

Version 6.0.171
SNMP traps will now use the configured read community string.

Version 6.0.170
Can now access a NAT mapped server from LAN via WAN
The IP filtering scripts have changed - noted in WEB GUI
CLI Enhancements

•The ping command now catches incorrect syntax.
•New command: eth stats shows 12 statistics from the ethernet interface(s).
•Change in command: remote setATMTraffic has changed. Was ...
remote setATMTraffic (Service Type) (PCR) [SCR] [MBS] (remoteName) and is now ...
remote setATMTraffic SCR MBS Prior Qos-Type (remoteName)
SCR : Sustained Cell Rate
MBS : Maximum Burst Size
Prior : PVC Priority Level, 1-4
Qos-Type : Absolute=0, Weighted Fair=1

GUI Enhancements

•On the NAT settings page, only 20 entries can be displayed. A note has been added to the page describing this limit.

Version 6.0.160
Added SIP ALG support.
CLI Enhancements

•The system list command now lists the reason for reboot.
•The remote addiproute and eth ip addroute commands and the equivalent delete commands no longer need a restart or reboot to activate the route.
•New command: system natflush flushes the nat table.

Version 6.0.150

Version 6.0.140
The Secure Shell (SSH) feature is no longer supported.

Version 6.0.130
CLI Enhancements

•We have added a new environmental variable to the CLI; env,
that provides a "paging" function so that help text does not scroll off of the screen. This command is set as a per-login option. The env has the following options:


•? or help - provides a description of the env command and its options.
•show - displays the current lines per page setting for the Help Menus value, where
•lines count - sets the lines per page count such that 0 (zero) disables the display of lines per page with Help menus. Any value between 5-100 will display that number of lines per page from the Help menus.


•We have added a new environmental variable to the CLI; env terse <on | off>, to provide an option for terse output of the Help menus. When this command is switched on, it will print only the names of sub-commands, with four commands per line.
•A new command has been added for configuring reset switch behaviors:


•sys resetswitch <default | passwordrecovery> - where default is equivalent to the command reboot default, and passwordrecovery = a five minute time interval, during which a user can login with the router serial number as the password.


•A new command has been added to configure the minimum password length:


•user set minimum <length> - where length is specified between 1 and 32, with a default value of 6.


•The eth ip setAppIpAddr and rem setAppIpAddr
commands have been extended to support the configuration of TACACS+ packet source addresses by the user. The extended syntax is as follows:


•eth ip setAppIpAddr <address> tacplus | radius | tftp port# [:logical]
•rem setAppIpAddr <address> tacplus | radius | tftp <remote>

GUI Enhancements

•A TACACS+ Configuration page has been added to the Web GUI, under the User Management feature. TACACS+ allows access control and user authentication to be managed from a remote server.

Version 6.0.120
We have expanded the range of DHCP value options above 61.

A registered delay reboot will persist after a reboot, but if a reboot factory or reboot default is executed, the power down will clear the delay time setting.

We have added an ability to ping the Ethernet IP address of a router and remote interface IP address when virtual routing is used.

New RIP enhancements now use OAMF5 to confirm a WAN linkup.

CLI Enhancements

•Firewall and L2TP help files have been enhanced.
•TACACS+ Commands have been added to the CLI. TACACS+ allows access control and user authentication to be managed from a remote server. The TACACS+ commands are as follows:

•tacplus ? - This command lists the supported TACACS+ commands and keywords.
•tacplus deleteserver - This command deletes a configured TACACS+ server entry.
•tacplus list secret - This command displays the TACACS+ servers shared-secrets.
•tacplus list server - This command displays the IP address and port for the primary and secondary TACACS+ servers.
•tacplus set retries - This command displays the number of retries to a TACACS+ server before attempting the next TACACS+ server, if so configured.
•tacplus set secret - This command sets the shared secret for the specified TACACS+ server.
•tacplus set server - This command sets the IP address and port values for the primary and/or secondary TACACS+ server(s).
•tacplus set timeout - This command sets the number of seconds between retry attempts to the TACACS+ server.

GUI Enhancements

•We have corrected an anomaly that would rarely cause a bogus user to be displayed in the User Management Web GUI.

Version 6.0.110
We have refined the default route handling when attached to the WAN interface and RIP is active on the LAN interface.
EOC extensions and messages have been enhanced.
Swing PVC has been added as a feature.
LED behavior has been regulated when returning to a DSL link after Dial Backup has been connected.
NAT now handles ICMP packets by mapping only one entry per session instead of one entry per packet.
A port change has been made to handle longer help text messages.
The router will only reboot from a backup file if the current kernel version is the same as the backup file. A message now appears whenever a save backup, erase backup, or reboot backup occurs.
CLI Enhancements

•New reboot command options have been added: reboot backup and reboot delay

Usage: reboot <backup> <delay <n minutes> | clear | list>


•reboot backup
- This command will reboot the router with the backup configuration files. If no backup files exist, the router will perform a default reboot.
•reboot delay 3 - This command will reboot the router after an interval of three minutes.
•reboot delay list

> Reboot will occur in 0 days 0 hours 2 minutes 56 seconds - If reboot delay has been set, this command will show the time remaining until the reboot.
•reboot delay clear - This command will clear any reboot delay action.
•reboot backup delay 4 - This command will set a reboot backup action to occur after an interval of four minutes.
•reboot backup delay list

> Reboot backup will occur in 0 days 0 hours 3 minutes 51 seconds - if a reboot backup delay action has been set, this command will show the time remaining until the reboot backup.
•reboot backup delay clear - This command will cancel any reboot backup action.


NOTE: A reminder message will appear in the command line, one minute before a delayed reboot or reboot backup will occur. This provides an opportunity to cancel the impending reboot by issuing the reboot delay clear or reboot backup delay clear command.
•New backup commands have been added: save backup and erase backup


•Usage: save
backup <all | keys | sys | dod | eth | ssh | ipsec | ike | atom |
dhcp | switch | filter | radius | shdsl | users | l2tp | Firewall | QoS
| sntp>

This command copies the current configuration files from filename.xxx to filename.%bk (not including .txt files). The optional parameters can be used to backup specific configuration files.
•Usage: erase
backup <all | keys | sys | dod | eth | ssh | ipsec | ike | atom |
dhcp | switch | filter | radius | shdsl | users | l2tp | Firewall | QoS
| sntp>

This command will erase all %bk files that were created with save backup. The optional parameters can be used to erase specific configuration files.


•New RIP (Router Information Protocol) commands have been added:


•eth rip add -d dest_addr -m dest_mask -h hops -g gateway <-i interface>
- This command will add a new entry into the RIP table. Our default RIP
timer is set to 30 seconds. Every 30 seconds, a RIP message will be sent out for each entry in the RIP table.
•eth rip delete -d dest_addr <-i interface> - This command will delete an entry from the RIP table.
•eth rip omit -d dest_addr <-i interface>
- This command will omit the RIP entry from those in the RIP table that are sent out. Omit only filters the RIP messages sent, it does not delete entries from the RIP table.
•eth rip clear -d dest_addr <-i interface> - This command will clear any omit filters and let those RIP messages go out as well.
•eth rip list - This command will list the omit filters and the entries in the RIP table.
•remote rip add -d dest_addr -m dest_mask -h hops -g gateway -r remote_name - This command performs the same action as eth rip add, but on a remote router.
•remote rip delete -d dest_addr -r remote_name - This command performs the same action as eth rip delete, but on a remote router.
•remote rip omit -d dest_addr -r remote_name - This command performs the same action as eth rip omit, but on a remote router.
•remote rip clear -d dest_addr -r remote_name - This command performs the same action as eth rip clear, but on a remote router.
•remote rip list - This command performs the same action as eth rip list, but on a remote router.


•A timestamp has been added to the output of the traceroute command.
•The system list command has been enhanced to display CPU and memory use.
•We have added the following two CLI commands to set a source IP address per interface for TFTP packets initiated from the router:

eth ip setAppIpAddr <ip addr> tftp <interface>

rem setAppIpAddr <ip addr> tftp <remote name>
•A new command has been added: system configlist

This command will output the state of the configuration database as CLI commands. This command is designed to support duplicating router configurations.

usage: system
configlist all | sys | eth | ipsec | ike | qos | fwall | l2tp | dod |
snmp | dhcp | radius | switch | ssh | shdsl | user | brfilter

If the system configlist command is input with the <all>
parameter, the entire configuration database will be output as CLI commands. This output can then be copied into another router or into a configuration script. If a subsystem is specified in the parameter, only those configuration commands belonging to that subsystem will be
output.
•A new command has been added: sys logPackets

This command turns packet logging on or off and sets the display. The syntax is as follows:


•sys logPackets on - turns logging on
•sys logPackets off - turns logging off
•sys logPackets display
- sets the display for printing packets. This command has optional parameters. If these parameters are omitted, the packets will be logged to the terminal on which the command was entered. The optional parameters are as follows:

•sys logPackets display console - this will send the log to the console for display
•sys logPackets display syslog - this will send the log output to syslog
•sys logPackets display tn <ipaddr:port> - this will send the log output to the specified telnet session
•sys logPackets list - this will display the current settings


The filters for displaying packets are tied to the command ipfilters. We have added the following three new options to ipfilters:


•ipfilters -vv <ip | trans> - This will set the display level. If <ip> is selected then the IP header will be displayed in a verbose format. If <trans> is selected, then the IP as well as the transport headers (TCP/UDP/ICMP/ESP/AH) will be displayed in the verbose format.
•ipfilters -d <number of bytes> - This will set the number of bytes per payload to display.
•ipfilters print - This option can be used to log packets that match this specific filter rule.


•The iproute command has been adjusted to only display
the entry that has an interface associated with it. The interface must be in a linkup state in order to be displayed. If the interface is not associated or if it is down, it will not be displayed.

GUI Enhancements

•We have added remote pages to enable multiple PVC configurations from the Web GUI.

Version 6.0.100
RIP timers are now configurable in one second intervals, with a minimum of 10 and a maximum of 18 seconds as limits. There are now three separate RIP timers:

update = the rate at which routing updates are sent

validate = the interval of time after which a route is declared as invalid

remove = the amount of time that must pass before a route is removed from the routing table

KNOWN PROBLEMS
After blocking a port using the switch block command, and then unblocking the same port, the port will remain blocked until the router is restarted.

Some PPP systems do not completely support IP address negotiation.

Communications with such systems can result in protocol hangs. The command remote setpppoptions reacqIOAddr off <remote name> can be used to force the router to always request a new IP address whenever the PPP session is terminated, thus providing a work around until the software in the other systems has been changed.

RADIUS timeout issue - When a user account is set to use a RADIUS server as the primary authentication server, and the server is down (while the backup server, if any, is also down), there will be a delay of 30 to 40 seconds when issuing commands. This is due to the fact that the system will wait for the timeout of authentication queries to the
RADIUS server.

DHCP and VPN client - When a system running Windows NT also has the IRE VPN Client software installed and activated, it will not be able to get an IP address via the router's DHCP server. You must deactivate the IRE VPN Client and re-specify the proper IP address.

NAT and VPN client pass-through - The CLI command system vpnpassthru <enable|disable> is used to allow multiple VPN clients to connect through NAT to a remote VPN concentrator. By default, this is disabled.

TECHNICAL SUPPORT
Should you have any difficulty installing or operating the product, please feel free to contact your assigned Systems Engineer. Before you call, please try to gather a trace file.