Nvram Parameter Configuration Instructions
-
Upload
cocofourfaith -
Category
Documents
-
view
181 -
download
12
Transcript of Nvram Parameter Configuration Instructions
-
Nvram parameter configuration instructions
Page 1 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
NVRAMparameterconfigurationinstruction
Document No. Product version Securityclassification
AProduct name:nvram parameter configurationinstruction
A total of 72
NVRAM PARAMETERCONFIGURATION INTRODUCTION
This manual applies to the following modelsmodel Product categoryF3x34 Single card five port WIFI
ROUTERF5934 High-performance broadband
ROUTERF3x24 Single card single port WIFI
ROUTERF3B3x Dual card five port WIFI
ROUTERF7x34 Single card five port+GPS
WIFI ROUTERF7x24 Single card single port+GPS
WIFI ROUTERF7B3x Dual card five port+GPS WIFI
ROUTER
-
Nvram parameter configuration instructions
Page 2 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
Documentrevisionhistory
version explanation author
2012-10-31 V1.00 The initial version PF,XCY2013-3-26 V1.10 Increase the number of
common items hiddenparameters
PF
Copyright NoticeAll contents in the files are protected by copyright law, and all copyrights are reserved by XiamenFour-Faith Communication Technology Co., Ltd. Without written permission, all commercial use of thefiles from Four-Faith are forbidden, such as copy, distribute, reproduce the files, etc., butnon-commercial purpose, downloaded or printed by individual (all files shall be not revised, and thecopyright and other proprietorship notice shall be reserved) are welcome.
Trademark notice
Four-Faith were all registered trademarks of xiamen four-faithcommunication technology Co.,Ltdwithout prior written permissionno person shall in any way use thefour-faith name and four-faith trademarks and logos.
-
Nvram parameter configuration instructions
Page 3 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
CatalogueNvram parameters instructions...............................................................................................................................41.setup........................................................................................................................................................................ 6
1.1 Basic setup..................................................................................................................................................61.2 Dynamic DNSDDNS........................................................................................................................171.3 MAC address cloning.............................................................................................................................. 201.4 Advaced routing........................................................................................................................................21
2. wireless.................................................................................................................................................................222.1 basic setup................................................................................................................................................ 222.2 wireless security....................................................................................................................................... 23
3 .service.................................................................................................................................................................. 253.1 service........................................................................................................................................................253.2 PPPoE server........................................................................................................................................... 27
4 . VPN......................................................................................................................................................................294.1 PPTP.......................................................................................................................................................... 294.2 L2TP........................................................................................................................................................... 304.3 IPSEC......................................................................................................................................................324.3 GRE............................................................................................................................................................41
5 . security................................................................................................................................................................ 455.1 firewall........................................................................................................................................................ 455.2 VPN pass-through....................................................................................................................................46
6 . access limit......................................................................................................................................................... 476.1 WAN access..............................................................................................................................................476.2 data-flow filtration..................................................................................................................................... 54
7 . NAT configuration..............................................................................................................................................568 . QoS option..........................................................................................................................................................58
8.1 basic........................................................................................................................................................... 588.2 classification..............................................................................................................................................628.3 Load balance.............................................................................................................................................63
9 . application...........................................................................................................................................................649.1 Serial port application..............................................................................................................................649.2 GPS options.............................................................................................................................................. 65
10 . management.................................................................................................................................................... 6710.1 management...........................................................................................................................................67
-
Nvram parameter configuration instructions
Page 4 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
10.2 Remain active.........................................................................................................................................6811 .Other important parameters nvram...............................................................................................................70
Nvram parameters instructionsThe file is mainly about the nvram parameters used in the new type of router. The
parameters are classified in web menu because of the large amount. Some parametersare omitted since they are not frequently used. It mainly includes VLAN and Network inSetup,MAC filter,Advance settings and WDS in Wireless settings,and OPENVPN in VPN.
There are five commands in common use as follows.nvram showTo make a list of all the commands in NVRAM. grep command can be also used to extractpart of the information. For example,nvram show | grep lan_This command can be used to list all parameters starting with lan_ are listed with and theresult is as followslan_gateway=192.168.1.254dr_lan_rx=0lan_netmask=255.255.255.0lan_lease=86400lan_stp=1lan_hwaddr=00:12:17:E1:56:F5lan_dns=211.152.179.7 202.96.128.86lan_ifnames=vlan0 eth1size: 12567 bytes (20201 left)lan_ipaddr=192.168.1.1lan_proto=staticlan_ifname=br0lan_wins=lan_hwnames=
nvram set parameter="value"To add or modify some parameters. For example, excute the following command to changeLAN ip from 192.168.1.1 to 192.168.1.2.nvram set lan_ipaddr=192.168.1.2
-
Nvram parameter configuration instructions
Page 5 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
nvram commitrebootLine 1 for ip address modification, line 2 for save, and line 3 for reboot. Because the ipaddress modification works after rebooting.
nvram get parametersUsed to obtain some of the parametersfor example,i want to get the LAN IP addressexecutablenvram get lan_ipaddr192.168.1.1So 192.168.1.1 is the ip address of LAN port
nvram unset parameterUsed to remove some of the parametershowever,this feature is rarely usedbecause 64kcapacity of nvram enough to save a large number of parametersmost people rely todeleteFor example,i want to remove dr_lan_rx=0 parameterrequests the executivenvram unset dr_lan_rx
nvram commitWhen you do a lot of modifications to nvramyou need to save these changeswhen yourrouter resetthese modifications will be disappearsame as aboveyou should performnvram commit
-
Nvram parameter configuration instructions
Page 6 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
1.setup1.1 Basic setupWAN port setting
NO. Parameteritem
parameter The value and description example
1 Connectiontype
wan_proto disabled disable nvram set wan_proto=dhcpdhcp Dhcp modestatic Static IP modepppoe Pppoe dial modepptp Pptp model2tp l2tp mode3g 3g link-1 mode3glink 3g link-2 mode
3glink
NO. Parameteritem
parameter The value and parameter example
1 username ppp_username 63 bytes of longestcharacter
nvram setppp_username=card
2 password ppp_passwd 63 bytes of longestcharacter
nvram set ppp_passwd=card
3 Call centernumber
wan_dial 0 *99***1# nvram set wan_dial=11 *99#2 #99***1#3 #7774 *98*1#
4 APN wan_apn 63 bytes of longestcharacter
nvram set wan_apn=3gnet
5 PIN wan_pin Must be 4-byte number nvram set wan_pin=12346 Network type wan_conmode 0 auto nvram set wan_conmode=0
-
Nvram parameter configuration instructions
Page 7 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
selection 1 Enforce 3g2 Enforce 2g3 3g first4 2gfirst5 2g/3g Allow only6 Enforce 4g7 2g/3g/4g Allow
only7 Keep online
modeKpOnlineMode 1 None nvram set KpOnlineMode=1
2 Ping mode5 Route mode6 PPP mode
8 Keep onlinedetectioninterval
KpOnlineInterval Range 0-9999in sec. nvram setKpOnlineInterval=60
9 keep onlineto detectionthe mainserver ip
KpOnlineIcmpDest
Currently only support ipform,does not supportdomain form
nvram set KpOnlineIcmpDest=8.8.8.8
10 Keep onlineto detectionthe secondserver ip
KpOnlineIcmpSecDest
Currently only support ipform,does not supportdomain form
nvram setKpOnlineIcmpSecDest=166.111.8.238
11 Enabledial-up failedto restartmechanism
ppp_restartppp 0 disable nvram set ppp_restartppp=1
1 enable
12 Forced toreconnect
reconnect_enable
0 disable nvram setreconnect_enable=11 enable
13 time reconnect_hours Number of 0-24 range nvram set reconnect_hours=0
reconnect_minutes
Number of 0-59 range nvram setreconnect_minutes=0
14 STP lan_stp 0 disable nvram set lan_stp=11 enable
Static IP
NO. Parameteritem
parameter The value and description example
1 WAN IP wan_ipaddr IP address form nvram set wan_ipaddr
-
Nvram parameter configuration instructions
Page 8 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
address =192.168.8.222 Subnet mask wan_netmask netmask nvram set wan_netmask
=255.255.255.03 gateway wan_gateway netmask nvram set wan_netmask
=192.168.8.14 Static DNS1
Static DNS2Static DNS3
wan_dns First DNSSecond DNSThird DNS
nvram set wan_dns=8.8.8.8218.85.157.99 218.85.152.993 DNS directly separated byspaces,should user quotationmarks separated by a spaceframed
5 Keep onlinemode
KpOnlineMode 1 None nvram set KpOnlineMode=12 Ping mode5 Route mode
6 Keep onlinedetectioninterval
KpOnlineInterval Range 0-9999in sec. nvram setKpOnlineInterval=60
7 Keep onlineto detectmain serverip
KpOnlineIcmpDest
Currently only support ipform,does not supportdomain form
nvram set KpOnlineIcmpDest=8.8.8.8
8 Keep onlineto detectsecondserver ip
KpOnlineIcmpSecDest
Currently only support ipform,does not supportdomain form
nvram setKpOnlineIcmpSecDest=166.111.8.238
notenumber 5-8 only used in the version of the dual-card
DHCP mode
NO. Parameteritem
parameter The value and description example
1 Keep online KpOnlineMode 1 None nvram set KpOnlineMode=12 Ping mode5 Route mode
2 Keep onlinedetectioninterval
KpOnlineInterval Range 0-9999in sec. nvram setKpOnlineInterval=60
3 Keep onlineto detectmain server
KpOnlineIcmpDest
Currently only support ipform,does not supportdomain form
nvram set KpOnlineIcmpDest=8.8.8.8
-
Nvram parameter configuration instructions
Page 9 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
ip4 Keep online
to detectsecondserver ip
KpOnlineIcmpSecDest
Currently only support ipform,does not supportdomain form
nvram setKpOnlineIcmpSecDest=166.111.8.238
notenumber 1-4 only used in version of the dual-card
PPPoE
NO. Parameteritem
parameter The value and description Example
1 User ppp_username 63 bytes of longestcharacter
nvram setppp_username=card
2 password ppp_passwd 63 bytes of longestcharacter
nvram set ppp_passwd=card
3 Server name ppp_service PPPoE server address63character at the longest
nvram set ppp_service=172.16.1.1
4 PPPcompress
ppp_compression
0 disable nvram setppp_compression=01 enable
5 CompatibleVDSL frontdemodulator
wan_vdsl 0 disable nvram set wan_vdsl=01 enable
6 VLAN 8support
dtag_vlan8 0 disable nvram set dtag_vlan8=01 enable
7 MPPEencrypt
ppp_mppe 63 character at the longest nvram set ppp_mppe="mpperequired"
8 Single-linkmulti-connected
ppp_mlppp 0 disable nvram set ppp_mlppp=11 enable
9 Keep onlinemode
KpOnlineMode 1 None nvram set KpOnlineMode=12 Ping mode5 Route mode
10 Keep Onlinedetectioninterval
KpOnlineInterval Range 0-9999in sec. nvram setKpOnlineInterval=60
11 Online tokeep thedetection ofthe main
KpOnlineIcmpDest
Currently only support ipform,does not supportdomain form
nvram set KpOnlineIcmpDest=8.8.8.8
-
Nvram parameter configuration instructions
Page 10 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
server ip12 Online to
keep thedetection ofthe secondserver ip
KpOnlineIcmpSecDest
Currently only support ipform,does not supportdomain form
nvram setKpOnlineIcmpSecDest=166.111.8.238
PPTP
No. Parameteritem
parameter The value and description example
1 User name ppp_username 63 bytes at the longest nvram setppp_username=card
2 password ppp_passwd 63 bytes at the longest nvram set ppp_passwd=card3 Connect
policyppp_demand 0 Remain
activenvram set ppp_demand=0
1 Connect ondemand
4 Remainactive timeperiod
ppp_redialperiod Decimal numbers of 20-180
rangein sec.nvram setppp_redialperiod=30
5 Connect ondemand
ppp_idletime Digital of range 1-9999 inminutes
nvram set ppp_idletime=5
6 PPTPencrypt
pptp_encrypt 0 disable nvram set pptp_encrypt=01 enable
7 Disable thepacketrearrange
pptp_reorder 0 disable nvram set pptp_reorder=1
1 enable
8 Additionalpptp options
pptp_extraoptions
Pptp configuration optionsformat
nvram setpptp_extraoptions=XX
9 Use DHCP pptp_use_dhcp 0 disable nvram set pptp_use_dhcp=01 enable
10 WAN IPaddress
wan_ipaddr IP address format nvram set wan_ipaddr=192.168.8.22
11 Subnet mask wan_netmask netmask nvram set wan_netmask=255.255.255.0
12 gateway wan_gateway netmask nvram set wan_netmask=192.168.8.1
13 gateway pptp_server_name Ip or domain name 63
nvram setpptp_server_name=XX
-
Nvram parameter configuration instructions
Page 11 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
PPTP
server
characters at the longest
LTTP
No. Parameteritem
parameter The value and description example
1 username ppp_username 63 bytes at the longest nvram setppp_username=card
2 Password ppp_passwd 63 bytes at the longest nvram set ppp_passwd=card3 Connection
strategyppp_demand 0 Remain
activenvram set ppp_demand=0
1 Connect ondemand
4 Remainactive tiemperiod
ppp_redialperiod Decimal numbers of range20-180in sec.
nvram setppp_redialperiod=30
5 Connect ondemand
ppp_idletime Numbers of range 1-9999inminute
nvram set ppp_idletime=5
6 L2TP server l2tp_server_name Ip or domain name 63
characters at the longest
nvram setl2tp_server_name=XX
7 Allow chapauthentication protocol
l2tp_req_chap 0 disable nvram set l2tp_req_chap =11 enable
8 Refuse papauthentication protocol
l2tp_ref_pap 0 disable nvram set l2tp_ref_pap =11 enable
9 Allowauthentication protocol
l2tp_req_auth 0 disable nvram set l2tp_req_auth =11 enable
backup wan port settings
NO. Parameter parameter The value and description example
-
Nvram parameter configuration instructions
Page 12 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
item
1Enabledual-linkbackupfeature
dualfailover0 disable
nvram set dualfailover=01 enable
2Dual-linkonline at thesame time
bothonline0 disable
nvram set bothonline=01 enable
3 Connectiontype bkup_wan_proto
disabled disable
nvram set bkup_wan_proto=dhcp
dhcp Dhcp modestatic Static IP modepppoe Pppoe dial mode3g 3g link-1 way
3glink 3g link-2 way
Backup WAN port3g/3glink
No. Parameteritem
Parameter The value and description Example
1 Username bkup_ppp_username
63 bytes at the longest nvram setbkup_ppp_username =card
2 Password bkup_ppp_passwd
63 bytes at the longest nvram set bkup_ppp_passwd=card
3 Call centernumber
bkup_wan_dial 0 *99***1# nvram set bkup_wan_dial=11 *99#2 #99***1#3 #7774 *98*1#
4 APN bkup_wan_apn 63 bytes at the longest nvram setbkup_wan_apn=3gnet
5 PIN bkup_wan_pin Must be 4 byte number nvram setbkup_wan_pin=1234
6 Network typeselection
bkup_wan_conmode
0 auto nvram setbkup_wan_conmode =01 Enforce 3g
2 Enforce 2g3 3g first4 2g first5 Only allow 2g/3g6 Enforce 4g7 Only allow
2g/3g/4g
-
Nvram parameter configuration instructions
Page 13 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
7 keep onlinemode
bkup_KpOnlineMode
1 None nvram set bkup_KpOnlineMode=12 Ping mode
5 Route mode6 PPP mode
8 Onlinemaintaindetectioninterval
bkup_KpOnlineInterval Range 0-9999in sec.
nvram setbkup_KpOnlineInterva l=60
9 Online tokeep thedetection ofthe mainserver ip
bkup_KpOnlineIcmpDest
Currently only support ipform,does not supportdomain name form
nvram setbkup_KpOnlineIcmpDest=8.8.8.8
10 Online tokeep thedetection ofthe secondserver ip
bkup_KpOnlineIcmpSecDest
Currently only support ipform,does not supportdomain name form
nvram setbkup_KpOnlineIcmpSecDest=166.111.8.238
11 Enabledial-up failedto restartmechanism
bkup_ppp_restartppp
0 disable nvram setbkup_ppp_restartppp =11 enable
12 forced toreconnect
bkup_reconnect_enable
0 disable nvram setbkup_reconnect_enable=11 enable
13 time bkup_reconnect_hours
The digital of range 0-24 nvram setbkup_reconnect_hours=0
bkup_reconnect_minutes
The digital of range 0-59 nvram setbkup_reconnect_minutes=0
14 STP bkup_lan_stp 0 disable nvram set bkup_lan_stp=11 enable
Backup WAN portstatic IP
No. Parameteritem
Parameter The value and description example
1 WAN IPaddress
Bkup_wan_ipaddr
Ip address form nvram set bkup_wan_ipaddr=192.168.8.22
2 Subnet mask bkup_wan_netmask
Subnet mask nvram set bkup_wan_netmask=255.255.255.0
3 Gateway bkup_wan_gateway
Gateway address nvram set bkup_wan_netmask=192.168.8.1
-
Nvram parameter configuration instructions
Page 14 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
4 Static DNS1Static DNS2Static DNS3
bkup_wan_dns First DNSSecond DNSThird DNS
nvram set bkup_wan_dns=8.8.8.8 218.85.157.99218.85.152.993 DNS directly separated byspaces,encountered usequotation marks separated bya space framed
5 Keep onlinemode
bkup_KpOnlineMode
1 None nvram setbkup_KpOnlineMode =12 Ping mode
5 Route mode6 Keep Online
detectioninterval
bkup_KpOnlineInterval Range 0-9999in sec.
nvram setbkup_KpOnlineInterval=60
7 Online tokeep thedetection ofthe mainserver ip
bkup_KpOnlineIcmpDest
Currently only support ipform,does not supportdomain name form
nvram setbkup_KpOnlineIcmpDest=8.8.8.8
8 Online tokeep thedetection ofthe secondserver ip
bkup_KpOnlineIcmpSecDest
Currently only support ipform,does not supportdomain name form
nvram setbkup_KpOnlineIcmpSecDest=166.111.8.238
Backup WAN portDHCP mode
No. Parameteritem
Parameter The value and description Example
1 Keep onlinemode
bkup_KpOnlineMode
1 None nvram setbkup_KpOnlineMode =12 Ping mode
5 Route mode2 Keep Online
detectioninterval
bkup_KpOnlineInterval Range 0-9999in sec.
nvram setbkup_KpOnlineInterval=60
3 Online tokeep thedetection ofthe mainserver ip
bkup_KpOnlineIcmpDest
Currently only support ipform,does not supportdomain name form
nvram setbkup_KpOnlineIcmpDest=8.8.8.8
4 Online tokeep the
bkup_KpOnlineIcmpSecDest
Currently only support ipform,does not support
nvram setbkup_KpOnlineIcmpSecDest
-
Nvram parameter configuration instructions
Page 15 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
detection ofthe secondserver ip
domain name form =166.111.8.238
Backup WAN portPPPoE
No. Parameteritem
Parameter The value and description Example
1 Username bkup_ppp_username
Longest character for 63bytes
nvram setbkup_ppp_username =card
2 password bkup_ppp_passwd
Longest character for 63bytes
nvram set bkup_ppp_passwd=card
3 Server name bkup_ppp_service PPPoE server address
support ip addresses anddomain name up to 63characters
nvram set bkup_ppp_service=172.16.1.1
4 PPPcompress
bkup_ppp_compression
0 disable nvram setbkup_ppp_compression=01 enable
5 Compatiblevdsl frontdemodulator
bkup_wan_vdsl 0 disable nvram set bkup_wan_vdsl=01 enable
6 VLAN 8support
bkup_dtag_vlan8
0 disable nvram set bkup_dtag_vlan8=01 enable
7 MPPEencrypt
bkup_ppp_mppe 63 characters At the longest nvram set bkup_ppp_mppe="mppe required"
8 Single-linkmulti-connected
bkup_ppp_mlppp
0 disable nvram set bkup_ppp_mlppp=11 enable
9 Keep onlinemode
bkup_KpOnlineMode
1 None nvram setbkup_KpOnlineMode =12 Ping mode
5 Route mode10 Keep Online
detectioninterval
bkup_KpOnlineInterval Range 0-9999in sec.
nvram setbkup_KpOnlineInterval=60
11 Online tokeep thedetection ofthe mainserver ip
bkup_KpOnlineIcmpDest
Currently only support ipform,does not supportdomain name form
nvram setbkup_KpOnlineIcmpDest=8.8.8.8
12 Online to bkup_KpOnlineI Currently only support ip nvram set
-
Nvram parameter configuration instructions
Page 16 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
keep thedetection ofthe secondserver ip
cmpSecDest form,does not supportdomain name form
bkup_KpOnlineIcmpSecDest=166.111.8.238
optional settings
No. Parameteritem
Parameter The value and description Example
1 Router name router_name 39 characters at the longest nvram setrouter_name=ROUTER
2 Host name wan_hostname 39 characters at the longest nvram setwan_hostname=XXX
3 Domainname
wan_domain 79 characters at the longest nvram set wan_domain =XXX
4 MTU mtu_enable 0 Auto mode nvram set mtu_enable=11 Manual
modewan_mtu Digital of 0-9999 range nvram set wan_mtu=1500
Local setting
No. Parameteritem
Parameter The value and description Example
1 Local ipaddress
lan_ipaddr Ip address form nvram setlan_ipaddr=192.168.1.1
2 Subnet mask lan_netmask LAN port subnet mask nvram setlan_netmask=255.255.255.0
3 Gateway lan_gateway LAN port gateway nvram set lan_gateway=0.0.0.0
4 Local DNS sv_localdns local DNS of lan port nvram set sv_localdns=0.0.0.0
Network address server setting (DHCP)
No. Parameteritem
Parameter The value and description example
1 DHCP type dhcpfwd_enable 0 DHCPserver
nvram setlan_ipaddr=192.168.1.1
1 DHCPrepeater
2 DHCP lan_proto dhcp Enable nvram set
-
Nvram parameter configuration instructions
Page 17 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
server lan_netmask=255.255.255.0static disable3 Start ip
addressdhcp_start Digital of range 1-254 nvram set lan_gateway
=0.0.0.04 The
maximumnumber ofdhcp users
dhcp_num Digital form,with a starting ipaddress,and should not begreater than 254
nvram set sv_localdns=0.0.0.0
5 Client leasetime
dhcp_lease Digital of range 0-99999 inminute
nvram set dhcp_lease =1440
6 Static DNS1Static DNS2Static DNS3
wan_dns First DNSSecond DNSThird DNS
nvram set wan_dns=8.8.8.8218.85.157.99 218.85.152.993 DNSdirectly separated byspaces,encountered usequotation marks separated bya space framed
7 WINS wan_wins WIN server address nvram set wan_wins=0.0.0.08 To use
DNSmasqfor dhcp
dhcp_dnsmasq 0 disable nvram set dhcp_dnsmasq =11 enable
9 To useDNSmasqfor dhcp
dns_dnsmasq 0 disable nvram set dns_dnsmasq =11 enable
10 in dhcpstandard
auth_dnsmasq 0 disable nvram set auth_dnsmasq =11 enable
11 DHCPforwardingserver
dhcpfwd_ip IP address form nvram set dhcpfwd_ip=0.0.0.0
NTP
No. Parameteritem
Parameter The value and description Example
1 NTP client ntp_enable support nvram setlan_ipaddr=192.168.1.1
2 Time zone time_zone LAN port subnet mask nvram setlan_netmask=255.255.255.0
3 Summertime (DST)
daylight_time Set summer time of local nvram set lan_gateway=0.0.0.0
4 ServerIP/host
ntp_server 32 characters at the nvram set sv_localdns=0.0.0.0
-
Nvram parameter configuration instructions
Page 18 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
name longest Currently onlysupport ip form,does notsupport domain name form
Time setting
Setting of System time is specialcan not user nvram settingrtc_tm formatted as follows:
rtc_tm ss year month date hour minute secondsseparated by spaces as follows:
inportrtc_tm ss 2012 10 31 15 10 55
exportWed Oct 31 15:10:55 UTC 2012
Indicates that the time is set to 2012 10 31 15:10:55
1.2 Dynamic DNSDDNSNo. Parameter
itemParameter The value and description Example
1 DDNSservice
ddns_enable 0 disable nvram set ddns_enable =11 DynDNS.org2 freedns.afraid.org3 ZoneEdit.com4 No-IP.com5 custom6 3322.org7 easyDNS.com8 TZO.com9 DynSIP.org
2 type ddns_dyndnstype
1 dynamic nvram set ddns_dyndnstype=12 static
3 custom3 wildcard ddns_wildcard 1 enable nvram set ddns_wildcard =1
other disable4 Do not use ddns_wan_ip 0 disable nvram set ddns_wan_ip=1
-
Nvram parameter configuration instructions
Page 19 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
external ipdetection
1 enable
5 Mandatoryupdateinterval
ddns_force Digital of range 1-60 in
daysthe default is 10 days
nvram set ddns_force =10
DynDNSNo. Parameter
itemParameter The value and description Example
1 Username ddns_username 64 character at the longest nvram set ddns_username=XXX
2 Password ddns_passwd 3 character at the longest nvram set ddns_passwd=XXX
3 Host name ddns_hostname Ddns host name of server nvram set ddns_hostname=XXX
freednsNo. Parameter
itemParameter The value and description Example
1 Username ddns_username_2
64 character at the longest nvram setddns_username_2=XX
2 Password ddns_passwd_2 3 character at the longest nvram setddns_passwd_2=XXX
3 Host name ddns_hostname_2
Ddns host name of server nvram setddns_hostname_2=XX
ZoneEditNo. Parameter
itemParameter The value and description Example
1 Username ddns_username_3
64 character at the longest nvram setddns_username_3=XX
2 Password ddns_passwd_3 3 character at the longest nvram setddns_passwd_3=XXX
3 Host name ddns_hostname_3
Ddns host name of server nvram setddns_hostname_3=XX
No-IPNo. Parameter
itemParameter The value and description Example
1 Username ddns_username 64 character at the longest nvram set
-
Nvram parameter configuration instructions
Page 20 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
_4 ddns_username_4=XX2 Password ddns_passwd_4 3 character at the longest nvram set
ddns_passwd_4=XXX3 Host name ddns_hostname
_4Ddns host name of server nvram set
ddns_hostname_4=XX
customNo. Parameter
itemParameter The value and description Example
1 User name ddns_username_5
64 character at the longest nvram setddns_username_5=XX
2 Password ddns_passwd_5 3 character at the longest nvram setddns_passwd_5=XXX
3 Host name ddns_hostname_5
Ddns host name of server nvram setddns_hostname_5=XX
4 DYNDNSserver
ddns_custom_5 DYNDNS server cangenerally be got in theregistered server
nvram setddns_custom_5=XX
5 URL ddns_url The form of character nvram set ddns_url=XX6 DDNS
additionaloptions
ddns_conf DDNS additional options nvram set ddns_conf=XX
3322No. Parameter
itemParameter The value and description Example
1 Username ddns_username_6
64 character at the longest nvram setddns_username_6=XX
2 Password ddns_passwd_6 3 character at the longest nvram setddns_passwd_6=XXX
3 Host name ddns_hostname_6
Ddns host name of server nvram setddns_hostname_6=XX
4 Type ddns_dyndnstype_6
The default is dynamic,cannot configuration
easyDNSNo. Parameter
itemParameter The value and description Example
1 username ddns_username_7
64 character at the longest nvram setddns_username_7=XX
-
Nvram parameter configuration instructions
Page 21 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
2 Password ddns_passwd_7 3 character at the longest nvram setddns_passwd_7=XXX
3 Host name ddns_hostname_7
Ddns host name of server nvram setddns_hostname_7=XX
4 Wildcard ddns_wildcard_7 1 enable nvram set ddns_wildcard_7=1other disable
TZONO. Parameter
itemParameter The value and description Example
1 Username ddns_username_8
64 character at the longest nvram setddns_username_8=XX
2 Password ddns_passwd_8 3 character at the longest nvram setddns_passwd_8=XXX
3 Host name ddns_hostname_8
Ddns host name of server nvram setddns_hostname_8=XX
DynSIPNo. Parameter
itemParameter The value and description Example
1 Username ddns_username_9
64 character at the longest nvram setddns_username_9=XX
2 Password ddns_passwd_9 3 character at the longest nvram setddns_passwd_9=XXX
3 Host name ddns_hostname_9
Ddns host name of server nvram setddns_hostname_9=XX
1.3 MAC address cloningNo. Parameter
itemParameter The value and description Example
1 MAC cloning mac_clone_enable
0 Disable nvram setmac_clone_enable=11 enable
2 Cloning LANport VLANMAC
def_lhwaddr MAC address format can
not be a multicastsecondcharacter of mac addressmust be an even
nvram set def_lhwaddr=00:0C:43:30:52:77
-
Nvram parameter configuration instructions
Page 22 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
3 CloningWAN portMAC
def_hwaddr MAC address format can
not be a multicastsecondcharacter of mac addressmust be an even
nvram set def_hwaddr=00:0C:43:30:52:78
4 CloningwirelessMAC of LANport
def_whwaddr MAC address format can
not be a multicastsecondcharacter of mac addressmust be an even and thelast character must be: [0, 1,4, 5, 8, 9, C, D]
nvram set def_whwaddr=00:0C:43:30:52:79
1.4 Advaced routingNo. Parameter
itemParameter The value and description Example
1 Work mode wk_mode gateway Gatewaymode
nvram set wk_mode= gateway
static Route mode2 interface dr_setting 0 disable nvram set dr_setting =0
1 WAN2 LAN &
WLAN3 both
3 Route name static_route_name
Each name can be 25
character at the longest
format is $NAME:XXX$$if more than one name isseparated by a space in themiddle
nvram set static_route_name= $NAME:rrr$$$NAME:ddd$$
4 Static route static_route metric Range 0-9999 nvram set static_route =192.168.8.0:255.255.255.0:192.168.1.1:0:br0
LAN IP ofDestinatio
IP segment inthe form
-
Nvram parameter configuration instructions
Page 23 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
192.168.10.0:255.255.255.0:192.168.1.1:0:br0
nSubnetmask
Subnet maskform
Gateway Correspondinggateway
interface
Corresponding to
Port of router example: LAN port isbr0
Format isLAN IP ofdestination:subnetmask:gateway:metric:interfa
ceif multiple static routes isseparated by a space in themiddle
2. wireless2.1 basic setup
NO. Parameteritem
Parameter The value and description Example
1 Wirelessnetworkmode
wl0_net_mode disabled Disable nvram set wl0_net_mode=mixedmixed 801.11b/n/g
bg-mixed 801.11b/gb-only 801.11ng-only 801.11gng-only 801.11g/nn-only 801.11n
2 Wirelessmode
wl0_mode ap AP mode nvram set wl0_mode=apsta Client mode
-
Nvram parameter configuration instructions
Page 24 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
infra Adhoc modeapsta Relay modeapstawet Repeater
bridge3 Wireless
networkname
SSID
wl0_ssid 32 character at the longest nvram setwl0_ssid=four-faith
4 Wirelesschannel
wl0_channel 0 auto nvram set wl0_channel=61 2.412 GHz2 2.417 GHz3 2.422 GHz4 2.427 GHz5 2.432 GHz6 2.437 GHz7 2.442 GHz8 2.447 GHz9 2.452 GHz10 2.457 GHz11 2.462 GHz12 2.467 GHz13 2.472 GHz
5 Channel size wl0_nbw 20 20MHz nvram set wl0_nbw=2040 40MHz
6 Wirelessssidbroadcast
wl0_closed 0 Enable nvram set wl0_closed =01 Disable
7 broadband wl0_nctrlsb upper upper nvram set wl0_ nctrlsb=upperlower lower
2.2 wireless securityNo. Parameter
itemParameter The value and description Example
1 Safe mode wl0_security_mode
disabled Disable nvram set wl0_security_mode=pskpsk WPA Personal
wpa WPA Enterprise
-
Nvram parameter configuration instructions
Page 25 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
psk2 WPA2 Personalwpa2 WPA2
Enterprisepsk psk2 WPA2 Personal
Mixedwpawpa2
WPA2Enterprise Mixed
wep WEP2 WPA
algorithmwl0_crypto tkip TKIP nvram set wl0_crypto=TKIP
aes AEStkip+aes TKIP+AES
3 WPA sharedkey
wl0_wpa_psk Must be 8 63 ACSIIcharacter or 64 hexadecimaldigits
nvram set wl0_wpa_psk=123456789
4 Key updateinterval
sec.
wl0_wpa_gtk_rekey
default: 3600, range: 1 -99999
nvram set wl0_wpa_gtk_rekey=3600
5 Radiusauthentication serveraddress
wl0_radius_ipaddr
IP address format nvram set wl0_radius_ipaddr=0.0.0.0
6 Radiusauthentication server port
wl0_radius_port Digital of range 1-65535default port is 1812
nvram setwl0_radius_port=1812
7 Radiusauthentication shared key
wl0_radius_key 79 characters at the longest nvram set wl0_radius_key=XXX
8 Authentication type
wl0_authmode open Open nvram set wl0_authmode=openshared Shared key
9 Defaulttransmit key
wl0_key 1 1 nvram set wl0_key=12 23 34 4
10 wl0_wep_bit 64 64 bits 10 hexdigits/5 ASCIInvram set wl0_wep_bit=64
128 128 bits 26 hexdigits/13 ASCII
11 ASCII/HEX wl0_wepmode 0 ASCII nvram set wl0_wepmode=11 HEX
-
Nvram parameter configuration instructions
Page 26 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
12 Key 1 wl0_key1 10 hexadecimal nvram setwl0_key1=0000000000
13 key 2 wl0_key2 10 hexadecimal nvram setwl0_key2=0000000000
14 key 3 wl0_key3 10 hexadecimal nvram setwl0_key3=0000000000
15 Key 4 wl0_key4 10 hexadecimal nvram setwl0_key4=0000000000
3 .service3.1 service
No. Parameteritem
Parameter The value and description Example
1 Set thevendor class
dhcpc_vendorclass
79 character at the longest nvram setdhcpc_vendorclass=XXX
2 Request IP dhcpc_requestip 79 character at the longest nvram setdhcpc_requestip=XXX
3 DHCPdadditionaloptions
dhcpd_options Symbol DHCPd additionalset format
nvram set dhcpd_options =XXX
4 MACaddressbinding withLAN address
static_leases MACaddress
MAC addressformat
nvram set static_leases="00:11:22:33:44:55=66=192.168.66.5=144000:11:22:33:44:53=63=192.168.66.3=1440"
Hostname
Host name of theclient
Ipaddress
Ip address ofLAN port
Clientleasetime
Decimalnumbers ofrange1-999999999
Format isMAC address
host name IP address
-
Nvram parameter configuration instructions
Page 27 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
client lease timeif more than
one,separated by a spaceand set the number ofstatic_leasenum in the sametime
5 MACaddressbinding withnumber oflan address
static_leasenum IMAC address binding withnumber of lan address inthe same time need toconfigure static_leases
nvram set static_leasenum =2
6 DNSMasq dnsmasq_enable
0 disable nvram set dnsmasq_enable=11 enable
7 Local DNS local_dns 0 disable nvram set local_dns=01 enable
8 No DNSRebind
dnsmasq_no_dns_rebind
0 disable nvram setdnsmasq_no_dns_rebind=11 enable
9 DNSMasqadditionaloptions
dnsmasq_options
Format of DNSMasqadditional settingexample :option 138 and soon
nvram set dnsmasq_options =dhcpd_options=138,192.168.9.1
10 SNMP snmpd_enable 0 disable nvram set snmpd_enable=01 enable
11 place snmpd_syslocation
100 character at the longest nvram set snmpd_syslocation =Unknown
12 contact snmpd_syscontact
100 character at the longest nvram set snmpd_syscontact=root
13 name snmpd_sysname
100 character at the longest nvram set snmpd_sysname=four-faith
14 Read-onlycommunitystring
snmpd_rocommunity
100 character at the longest nvram set snmpd_rocommunity=public
15 Read-writecommunitystring
snmpd_rwcommunity
100 character at the longest nvram set snmpd_rwcommunity=private
16 System log debuglog_enable
0 disable nvram set debuglog_enable=11 enable
17 Output mode syslogd_enable 0 Serial output nvram set syslogd_enable=01 Network
output18 SSHd sshd_enable 0 disable nvram set sshd_enable=0
-
Nvram parameter configuration instructions
Page 28 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
1 enable19 SSH TCP
transmitsshd_forwarding 0 disable nvram set sshd_forwarding=0
1 enable20 Password
log insshd_passwd_auth
0 disable nvram set sshd_passwd_auth=11 enable
21 port sshd_port Digital of range 1-65535 nvram set sshd_port=2222 Authorizatio
n keysshd_authorized_keys
Format required to meet thestandard of the certificate
nvram setsshd_authorized_keys =XXX
23 Telnet telnetd_enable 0 disable nvram set telnetd_enable=11 enable
24 Ttraff fingerdaemon
ttraff_enable 0 disable nvram set ttraff_enable=11 enable
3.2 PPPoE serverNo. Parameter
itemParameter The value and description Example
1 RP-PPPoEserverdaemon
pppoeserver_enabled
0 disable nvram setpppoeserver_enabled=01 enable
2 Client IP pppoeserver_pool 19 character at the longest
format:xxx.xxx.xxx.xxx-xxx
nvram set pppoeserver_pool=192.168.1.10-100
3 Deflatecompress
pppoeserver_deflate
1 enable nvram set pppoeserver_deflate=0other disable
4 BSDcompress
pppoeserver_bsdcomp
1 enable nvram setpppoeserver_bsdcomp =0other disable
5 LZS Staccompress
pppoeserver_lzs 1 enable nvram set pppoeserver_lzs=0other disable
6 MPPCcompress
pppoeserver_mppc
1 enable nvram set pppoeserver_mppc=0other disable
7 MPPEPPPoEencrypt
pppoeserver_encryption
1 enable nvram setpppoeserver_encryption =0other disable
8 Each macaddressrestrictionspppoe client
pppoeserver_sessionlimit
Decimal numbers of range1-99999
nvram setpppoeserver_sessionlimit =10
-
Nvram parameter configuration instructions
Page 29 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
number
9 LCPresponseinterval
pppoeserver_lcpechoint
Decimal numbers of range1-99999
nvram setpppoeserver_lcpechoint =5
10 LCP respondto failure
pppoeserver_lcpechofail
Decimal numbers of range1-99999
nvram setpppoeserver_lcpechofail =12
11 Free time pppoeserver_idle
Decimal numbers of range1-99999
nvram set pppoeserver_idle =10
12 authentication
pppoeradius_enabled
0 Local usermanagement
nvram setpppoeradius_enabled=0
1 Radius13 Local user
management
pppoeserver_chaps
user 30 character at thelongest
nvram set pppoeserver_chaps=test1:123456:192.168.1.16:ontest2:123456:192.168.1.26:on
password
30 character at thelongest
IPaddress
IP address mode
enable off disableon enable
Format isuser:password:IP
address:enableif there aremultiple sets separated by a
space At the same timeneed to set the number oflocal user managementpppoeserver_chapsnum
14 The numberof local usermanagement
pppoeserver_chapsnum
Decimal digital form nvram setpppoeserver_chapsnum =2
15 Radiusserver ip
pppoeserver_authserverip
IP address form nvram setpppoeserver_authserverip=192.168.1.1
16 Radiusauthentication port
pppoeserver_authserverport
Decimal number of range1-65535
nvram setpppoeserver_authserverport=1812
-
Nvram parameter configuration instructions
Page 30 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
17 Port ofRadiusaccount
pppoeserver_acctserverport
Decimal number of range1-65535
nvram setpppoeserver_acctserverport=1813
18 Radiusshared key
pppoeserver_sharedkey
63 characters at thelongest
nvram setpppoeserver_sharedkey=123456
4 . VPN4.1 PPTP
NO. parameteritem
parameter the value and description example
1 PPTPserver pptpd_enable 0 disable nvram setpptpd_enable=01 enable
2 Supportbroadcast
pptpd_bcrelay 0 disable nvram set pptpd_bcrelay =01 enable
3 forceMPPEencryption
pptpd_forcemppe
0 disable nvram set pptpd_forcemppe =11 enable
4 DNS1 pptpd_dns1 IP address format nvram set pptpd_dns1 =0.0.0.05 DNS2 pptpd_dns2 IP address format nvram set pptpd_dns2 =0.0.0.06 WINS1 pptpd_wins1 IP address format nvram set pptpd_wins1=0.0.0.07 WINS2 pptpd_wins2 IP address format nvram set pptpd_wins2=0.0.0.08 IP of server pptpd_lip IP address format dont
conflict with ip of lan port
nvram set pptpd_lip=200.200.200.1
9 IP of client pptpd_rip Format:XXX.XXX.XXX.XXX-XXX
example200.200.200.2-254
nvram set pptpd_rip=200.200.200.2-254
10 Local usermanage(CHAP Secrets)
pptpd_auth format username *password*
nvram set pptpd_auth= test *test *
-
Nvram parameter configuration instructions
Page 31 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
exampletest * test *
7 PPTP clientoptions
pptpd_client_enable
0 disable nvram setpptpd_client_enable=01 enable
8 Servers IP orDNS name
pptpd_client_srvip
Ip address or domain name nvram set pptpd_client_srvip=120.42.46.98
9 Subnet of peer pptpd_client_srvsub
ip address of subnet mustbe configure with mask
nvram set pptpd_client_srvsub=192.168.8.0
10 Subnet maskof peer
pptpd_client_srvsubmsk
Format of Subnet mask nvram setpptpd_client_srvsubmsk=255.255.255.0
11 MPPE encrypt pptpd_client_srvsec
MPPE encryptvalid character
examplemppe required
nvram set pppoeserver_idle =mppe required
12 MTU pptpd_client_srvmtu 1-1500 range of decimal
numbers
nvram set pptpd_client_srvmtu=1450
13 MRU pptpd_client_srvmru 1-1500 range of decimal
numbers
nvram set pptpd_client_srvmru=1450
14 NAT pptpd_client_nat
0 disable nvram set pptpd_client_nat =11 enable
15Enabledmanually setthe tunnel IP
pptpd_client_assign
0 disable nvram setpptpd_client_assign=11 enable
16 IP address oftunnel
pptpd_client_assignip
IP address format nvram set pptpd_client_assignip=200.200.200.5
17 Username pptpd_client_srvuser
Pptp username of client nvram set pptpd_client_srvuser=XXX
18 password pptpd_client_srvpass
Pptp password of client nvram set pptpd_client_srvpass=123456
-
Nvram parameter configuration instructions
Page 32 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
4.2 L2TPNO. parameter
itemparameter the value and description example
1 L2TP serveroptions
l2tp_server_enable
0 disable nvram l2tp_server_enable=01 enable
2 Force MPPEencrypt
l2tp_forcemppe 0 disable nvram set l2tp_forcemppe =11 enable
3 IP of server l2tp_lip IP address format dontconflict with ip of lan port
nvram set l2tp_lip=200.200.200.1
4 IP of client l2tp_rip Format:XXX.XXX.XXX.XXX-XXX.XXX.XXX.XXX
example200.200.200.2-200.200.200.25
nvram set l2tp_rip=200.200.200.2-200.200.200.25
5 Local usermanage(CHAP Secrets)
l2tp_auth format username *password *
exampletest * test *
nvram set l2tp_auth= test * test*
6 L2TP clientoptions
l2tp_client_enable
0 disable nvram set l2tp_client_enable=01 enable
7 L2TP server l2tp_client_servername
Ip address or domain name nvram setl2tp_client_servername=120.42.46.98
8 Subnet ofpeer
l2tp_client_srvsub
ip address of subnet mustbe configure with mask
nvram set l2tp_client_srvsub=192.168.8.0
9 Subnet maskof peer
l2tp_client_srvsubmsk
Subnet mask format nvram setl2tp_client_srvsubmsk=255.255.255.0
10 MPPEencryption
l2tp_client_srvsec
MPPE encryptvalid character
examplemppe required
nvram set l2tp_client_srvsec =mppe required
-
Nvram parameter configuration instructions
Page 33 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
11 MTU l2tp_client_srvmtu
1-1500 range of decimalnumbers
nvram set l2tp_client_srvmtu=1450
12 MRU l2tp_client_srvmru
1-1500 range of decimalnumbers
nvram set l2tp_client_srvmru=1450
13 NAT l2tp_client_nat 0 Disable nvram set l2tp_client_nat =11 enable
14Enabledmanually setthe tunnel IP
l2tp_client_assign
0 disable nvram set l2tp_client_assign=11 enable
15 Tunnel IPaddress
l2tp_client_assignip
IP address format nvram set l2tp_client_assignip=200.200.200.5
16 username l2tp_username 63 character at the longest nvram set l2tp_username =XXX17 password l2tp_passwd 63 character at the longest nvram set l2tp_passwd =12345618 Allow CHAP
authentication
l2tp_req_chap 0 Disable nvram set l2tp_req_chap =11 enable
19 Refuse PAPauthentication
l2tp_ref_pap 0 disable nvram set l2tp_ref_pap =11 enable
20 Allowauthentication protocol
l2tp_req_auth 0 disable nvram set l2tp_req_auth =11 enable
4.3 IPSECIPSEC config
NO. parameteritem
parameter the value and description example
1 Ipsec tunnelconfigure
Ipsec_conns
Tunnel type tunnel Tunnelmode
nvram set ipsec_conns=tunnel client Enabled yyon WAN1 192.168.5.5/24@ss 191.152.2.2192.36.63.2/23 @yy on 6060 restart 3des md5modp8192 0 3des md5modp4096 0 off off on offpsk 123546|tunnel client
transport
Transportmode
part client clientserver server
Advacedconfiguration
Enabled
enable
Disabl disable
-
Nvram parameter configuration instructions
Page 34 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
Enabled GG on WAN1192.168.78.8/24 @TT12.42.46.98 8.6.6.3/24@YY on 60 60 restart 3desmd5 modp8192 0 3desmd5 modp4096 0 off off onoff X509CertRIGHT+LEFT|
ed
Connectionname
15 character at thelongest
Effectiveimmediately
onEffective
immediately
offDontEffectiveimmediately
export WAN1Local ipaddress
A.B.C.D/M
LocalIdentifiers
15 character at thelongest
Ip address ofpeer
A.B.C.D
Subnet ofpeer
A.B.C.D/M
Character ofpeer
15 character at thelongest
dpd detect on enableoff disable
Dpd detectspace oftime
Natural number
Dpd detecttimeout
Natural number
Action ofDpd detect
hold Hold thelocalsession
restart re-establishtunnel
clear Clearsession
-
Nvram parameter configuration instructions
Page 35 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
restart_by_peer
Restartwhen theend of there-establishment ofthe tunnel
Ikeencryptionalgorithm
whenenableadvanced
featuresIKE integrityalgorithm
whenenableadvanced
featuresIKE DH
groupwhenenableadvanced
featureIKE lifetime
whenenableadvanced
featureESPencryption
-
Nvram parameter configuration instructions
Page 36 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
algorithm
whenenableadvanced
featureESP integrityalgorithm
whenenableadvancedfeatureESP DH
groupwhenenableadvanced
featureESP lifetime
whenenableadvanced
feature
Natural number
Using therecommendedconfiguration
Default is off
Aggressive
modewhenenableadvanced
feature
off disableOn enable
Using theOff disable
-
Nvram parameter configuration instructions
Page 37 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
sessionforwardencryption
whenenableadvanced
feature
On enable
Consultationcompressionloadproportion
whenenableadvanced
feature
Default is off
authentication
psk Pre-shared key
X509Cert
certificateauthentication
Pre-sharedkey
character
x509certificateauthentication
format local x509certificate+remotex509 certificate
Enableadvancedfeature
Tunnel type;part;enable advancedfeature;connectionname;Effectiveimmediately;export;local subnet;localidentity;remote ipaddress;remote
-
Nvram parameter configuration instructions
Page 38 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
subnet;remote localidentity;enable dpddetect;Dpddetection interval;Dpd detectiontimeout;actions ofdpd detection; IkeEncryptionalgorithm;IKEintegrity algorithm;IKE-DH group;IKElifetime; ESPEncryptionalgorithm; ESPintegrity algorithm;ESP-DH group;ESP lifetime; Usingthe recommendedconfiguration;aggressivemode;using thesession forwardencryption;consultation compressionload proportion;authenticationmethod; key orcertificate;| nexttunnelconfiguration| |
Disableadvancedfeature
Tunnel type;part;enable advancedfeature;connectionname;Effectiveimmediately;export;local subnet;localidentity;remote ipaddress;remotesubnet;remote localidentity;enable dpddetect;Dpd
-
Nvram parameter configuration instructions
Page 39 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
detection interval;Dpd detectiontimeout;actions ofdpd detection; IkeEncryptionalgorithm;IKEintegrity algorithm;IKE-DH group;IKElifetime; ESPEncryptionalgorithm; ESPintegrity algorithm;ESP-DH group;ESP lifetime; Usingthe recommendedconfiguration;aggressivemode;using thesession forwardencryption;consultation compressionload proportion;authenticationmethod; key orcertificate;| nexttunnelconfiguration| |
2 NATtranslation
ipsecNatTrav
on enable nvram set ipsecNatTrav=on
Off disable
3 Log level ipsecDebugLevel
none Close log of ipsec nvram set ipsecDebugLevel=basic
basic Open log of ipsec
X509 certificate manage configuration
NO. parameteritem
parameter the value and description example
1 X509certificate
ipsec_certs System containing the nameof x509 certificate
nvram set ipsec_certs=LEFT_CERT|RIGHT_CER
-
Nvram parameter configuration instructions
Page 40 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
Tformatcertificate1 |certificate2 | certificate3
2 Public key ofcertificate
Certificatename_cert
The value contains the publickey of x509 certificate
nvram set LEFT_cert=-----BEGINCERTIFICATE-----MIIDBzCCAnCgAwIBAgIJAPqd2AdwVCi8MA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVUzELMAkGA1UEBxMCVVMxCzAJBgNVBAoTAlVTMQswCQYDVQQLEwJVUzELMAkGA1UEAxMCVVMxETAPBgkqhkiG9w0BCQEWAlVTMB4XDTEyMTAzMDExMTgwMVoXDTEzMDYyMTExMTgwMVowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVTMQswCQYDVQQHEwJVUzELMAkGA1UEChMCVVMxCzAJBgNVBAsTAlVTMQswCQYDVQQDEwJVUzERMA8GCSqGSIb3DQEJARYCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKocH1jWeZ7yVcSVqTj01zuzgWtTBQVMvgYwVZeTqjoNudihKmqmQ0FQ5dZjVLcRBj8MnnmKHRYpYRwQDZPHEEqATgF/GoWERwCoFXq/Li5NnqT02RA41hMeIgERUiw0+9cuRptanPZXmtMce6XeTO+CTxwDOr5GOT4IpLLGPgu9AgMBAA
-
Nvram parameter configuration instructions
Page 41 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
GjgcYwgcMwHQYDVR0OBBYEFCR6H5XFuXl1EhKoG3qUBfZsDHS8MIGTBgNVHSMEgYswgYiAFCR6H5XFuXl1EhKoG3qUBfZsDHS8oWWkYzBhMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVMxCzAJBgNVBAcTAlVTMQswCQYDVQQKEwJVUzELMAkGA1UECxMCVVMxCzAJBgNVBAMTAlVTMREwDwYJKoZIhvcNAQkBFgJVU4IJAPqd2AdwVCi8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYFMClk2qBi0mWFqSKrkTSuM2fwUx3AqWy6a47KFjiazZnpih+zBCNESlvELOjns3xRsWQmfPqQqEW6zU2CHnLLTYo7iHerFpadNf4w2rB0GgcxzeSNM02+FtBLEpFeDh82AEVH9u0V062pcwRJS2O4oeNg0OM+DhGkrB26EX3m8=-----END CERTIFICATE-----
4 Private key ofcertificate
Certificatename_key
the value contain the privatekey of certificate
nvram set LEFT_key=-----BEGIN RSA PRIVATEKEY-----MIICXAIBAAKBgQCqHB9Y1nme8lXElak49Nc7s4FrUwUFTL4GMFWXk6o6DbnYoSpqpkNBUOXWY1S3EQY/DJ55ih0WKWEcEA2TxxBKgE4BfxqFhEcAqBV6vy4uTZ6k9
-
Nvram parameter configuration instructions
Page 42 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
NkQONYTHiIBEVIsNPvXLkabWpz2V5rTHHul3kzvgk8cAzq+Rjk+CKSyxj4LvQIDAQABAoGAMzo01nQAPDWOTp0jUNuq1XfBSai+olHyB7sWi4cUhFcN2IbwVx2qs0jBbkaLhHXEA8ixELje+YWMkP7kl9Qiu08PAqeteWVHGISl5BtnZO0w0I7NRsa2O5nhBDlzpQdWZ2EGpG+I8pdu1wyq4AvdA7mBCUlI19e7eyuYm8Cy56ECQQDZE/5AGuDwC94odkpbk2iTiXenodknN1ktlxC1hfojcv+MmV3ZLtnGy2Ygq4HeA+UJiYxvbZZisYJLBmlG+hEDAkEAyJxCqpsuCcu28coJQEcGoJWsUh724yuDC0FkB6ReIcgolFDrCELP3/fP1Kq47VVlFPy67EoUefQIBgAmgn/0PwJAMQWi1Tc8tPj5IooUILoZU7gnnWOfdou5R+Jlk5i99GNz8nxwBSvfYlVsqtQQb+LRRmYZoNBOtdsAYZEBFVZDoQJAKmUriZaF4jgVD4Ac+GKKOgGniytUDaoyZXyKQTsxUX5VZRK8uOA1wiVC3LS/pBh55jeK4Ui+jw9Nasc5XDbiTQJBAI/VZRyVbi3TFjlUk8Nz3+wx9Vnffg2Sm4FQYwu/pxEfSIzPO4gYCam+rrN15P++AvBmwqUWfHH8D/zCXPxP55I=-----END RSA PRIVATEKEY-----
5 Certificatecount
Certificatename_certCount
Natural number nvram setLEFT_certCount=3
-
Nvram parameter configuration instructions
Page 43 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
4.3 GRENO. parameters Value of parameters The value and
descriptionexample
1 GRE tunnel gre_enable 0 disable nvram gre_enable=01 enable
2 status tunnel1 gre_en1 0 disable nvram set gre_en1=1tunnel2 gre_en2tunnel3 gre_en3tunnel4 gre_en4tunnel5 gre_en5tunnel6 gre_en6tunnel7 gre_en7 1 enabletunnel8 gre_en8tunnel9 gre_en9tunnel10 gre_en10tunnel11 gre_en11tunnel12 gre_en12
3 Nameoftunnel
tunnel1 gre_name1 30 character atthe longest
nvram set gre_name1=gre_testtunnel2 gre_name2tunnel3 gre_name3tunnel4 gre_name4tunnel5 gre_name5tunnel6 gre_name6tunnel7 gre_name7tunnel8 gre_name8tunnel9 gre_name9tunnel10 gre_name10tunnel11 gre_name11tunnel12 gre_name12
4 pass tunnel1 gre_through1 0 PPP nvram set gre_through1 =0tunnel2 gre_through2tunnel3 gre_through3tunnel4 gre_through4tunnel5 gre_through5 1 LANtunnel6 gre_through6tunnel7 gre_through7tunnel8 gre_through8tunnel9 gre_through9 2 WAN(
Statictunnel10 gre_through10
-
Nvram parameter configuration instructions
Page 44 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
IP)tunnel11 gre_through11tunnel12 gre_through125 WAN
IP ofpeer
tunnel1 gre_peer_ipaddr1 IP addressformat
nvram set gre_peer_ipaddr1=120.42.46.98tunnel2 gre_peer_ipaddr2
tunnel3 gre_peer_ipaddr3tunnel4 gre_peer_ipaddr4tunnel5 gre_peer_ipaddr5tunnel6 gre_peer_ipaddr6tunnel7 gre_peer_ipaddr7tunnel8 gre_peer_ipaddr8tunnel9 gre_peer_ipaddr9tunnel10 gre_peer_ipaddr10tunnel11 gre_peer_ipaddr11tunnel12 gre_peer_ipaddr12
6 Subnet ofpeer
tunnel1 gre_peer_net1 Subnet andsubnet maskformatExample:192.168.8.0/24meaning ipaddress is192.168.8.0 andmask is255.255.255.0
nvram set gre_peer_net1=192.168.8.0/24tunnel2 gre_peer_net2
tunnel3 gre_peer_net3tunnel4 gre_peer_net4tunnel5 gre_peer_net5tunnel6 gre_peer_net6tunnel7 gre_peer_net7tunnel8 gre_peer_net8tunnel9 gre_peer_net9tunnel10 gre_peer_net10tunnel11 gre_peer_net11tunnel12 gre_peer_net12
7 tunnelIP ofpeer
tunnel1 gre_peer_tun_ip1 IP addressformat
nvram set gre_peer_tun_ip1=200.200.200.1tunnel2 gre_peer_tun_ip2
tunnel3 gre_peer_tun_ip3tunnel4 gre_peer_tun_ip4tunnel5 gre_peer_tun_ip5tunnel6 gre_peer_tun_ip6tunnel7 gre_peer_tun_ip7tunnel8 gre_peer_tun_ip8tunnel9 gre_peer_tun_ip9tunnel10 gre_peer_tun_ip10tunnel11 gre_peer_tun_ip11tunnel12 gre_peer_tun_ip12
8 Tunnel IP of
tunnel1 gre_local_tun_ip1 IP addressformat
nvram set gre_local_tun_ip1=200.200.200.2tunnel2 gre_local_tun_ip2
-
Nvram parameter configuration instructions
Page 45 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
local tunnel3 gre_local_tun_ip3tunnel4 gre_local_tun_ip4tunnel5 gre_local_tun_ip5tunnel6 gre_local_tun_ip6tunnel7 gre_local_tun_ip7tunnel8 gre_local_tun_ip8tunnel9 gre_local_tun_ip9tunnel10 gre_local_tun_ip10tunnel11 gre_local_tun_ip11tunnel12 gre_local_tun_ip12
9 Localsubnetmask
tunnel1 gre_local_tun_mask1 Subnet maskformat
nvram set gre_local_tun_mask1=255.255.255.0tunnel2 gre_local_tun_mask2
tunnel3 gre_local_tun_mask3tunnel4 gre_local_tun_mask4tunnel5 gre_local_tun_mask5tunnel6 gre_local_tun_mask6tunnel7 gre_local_tun_mask7tunnel8 gre_local_tun_mask8tunnel9 gre_local_tun_mask9tunnel10 gre_local_tun_mask10tunnel11 gre_local_tun_mask11tunnel12 gre_local_tun_mask12
10 keepalive
tunnel1 gre_keepalive_enable1 0 disable nvram setgre_keepalive_enable1 =0tunnel2 gre_keepalive_enable2
tunnel3 gre_keepalive_enable3tunnel4 gre_keepalive_enable4tunnel5 gre_keepalive_enable5tunnel6 gre_keepalive_enable6tunnel7 gre_keepalive_enable7 1 enabletunnel8 gre_keepalive_enable8tunnel98 gre_keepalive_enable9tunnel10 gre_keepalive_enable1
0tunnel11 gre_keepalive_enable1
1tunnel12 gre_keepalive_enable1
211 Re-di
altimes
tunnel1 gre_keepalive_tries1 1-99999 rangeof decimalfigures
nvram set gre_keepalive_tries1=15tunnel2 gre_keepalive_tries2
tunnel3 gre_keepalive_tries3
-
Nvram parameter configuration instructions
Page 46 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
tunnel4 gre_keepalive_tries4tunnel5 gre_keepalive_tries5tunnel6 gre_keepalive_tries6tunnel7 gre_keepalive_tries7tunnel8 gre_keepalive_tries8tunnel9 gre_keepalive_tries9tunnel10 gre_keepalive_tries10tunnel11 gre_keepalive_tries11tunnel12 gre_keepalive_tries12
12 re-dialinterval
tunnel1 gre_keepalive_interval1
1-99999 rangeof decimalfigures
nvram setgre_keepalive_interval1 =60
tunnel2 gre_keepalive_interval2
tunnel3 gre_keepalive_interval3
tunnel4 gre_keepalive_interval4
tunnel5 gre_keepalive_interval5
tunnel6 gre_keepalive_interval6
tunnel7 gre_keepalive_interval7
tunnel8 gre_keepalive_interval8
tunnel9 gre_keepalive_interval9
tunnel10 gre_keepalive_interval10
tunnel11 gre_keepalive_interval11
tunnel12 gre_keepalive_interval12
13 Policyfailure
tunnel1 gre_keepalive_failaction1
0 hold nvram setgre_keepalive_failaction1=0
tunnel2 gre_keepalive_failaction2
tunnel3 gre_keepalive_failaction3
tunnel4 gre_keepalive_failaction4
-
Nvram parameter configuration instructions
Page 47 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
tunnel5 gre_keepalive_failaction5
tunnel6 gre_keepalive_failaction6
tunnel7 gre_keepalive_failaction7
1 restart
tunnel8 gre_keepalive_failaction8
tunnel9 gre_keepalive_failaction9
tunnel10 gre_keepalive_failaction10
tunnel11 gre_keepalive_failaction11
tunnel12 gre_keepalive_failaction12
5 . security5.1 firewallSecurity
NO. parameters The name ofparameters
The value and description example
1 Enable SPIfirewall
filter on enable nvram set filter=onoff disable
2 Filter httpdproxy
block_proxy 1 filter nvram set block_proxy =1
0unfiltered
3 Filter cookies block_cookie 1 filter nvram set block_cookie =1
0 unfiltered
4 Filter javaapplicationprogram
block_java 1 filter nvram set block_java =10 unfiltered
-
Nvram parameter configuration instructions
Page 48 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
5 Filter activex block_activex 1 filter nvram set block_activex =10 unfiltered
6 Filter data ofping fromWAN
block_wan 1 filter nvram set block_wan=1
0 unfiltered
7 Filter data ofport 113
block_ident 1 filter nvram set block_ident=1
0 unfiltered
8 Filter data ofsnmp protocol
block_snmp 1 filter nvram set block_snmp=10 unfiltered
9 Limit times ofssh connection
limit_ssh 1 limited nvram set limit_ssh=10 unlimited
10 Limit times oftelnetconnection
limit_telnet 1 limited nvram set limit_telnet=10 unlimited
11 Limit times ofpptpconnection
limit_pptp 1 limited nvram set limit_pptp=10 unlimited
12 Limit times ofl2tpconnection
limit_l2tp 1 limited nvram set limit_l2tp=10 unlimited
Log manage
NO. parameters Value ofparameters
The values and description example
1 Enable logmanage
log_enable 1 enable nvram set log_enable=10 disable
2 Loggingregistration
log_level 0 low nvram set log_level=11 middle2 high
3 Log droppedpackets
log_dropped 1 log nvram set log_dropped =10 Dont log
4 Log receivedpackets
log_accepted 1 Log nvram set log_accepted =10 Dont log
5 Log rejectedpackets
log_rejected 1 Log nvram set log_rejected =10 Dont log
-
Nvram parameter configuration instructions
Page 49 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
5.2 VPN pass-throughNO. parameters The value of
parameterThe value and description example
1 IPSecpass-through
ipsec_pass 1 enable nvram set ipsec_pass=10 disable
2 PPTPpass-through
pptp_pass 1 Enable nvram set pptp_pass=10 disable
3 L2TPpass-through
l2tp_pass 1 enable nvram set l2tp_pass=10 disable
6 . access limit6.1 WAN accessClient list
NO. Parameteritem
parameter The value and description example
1 MAC addressof applicationclient in policy1
filter_mac_grp1 Mac address
formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8addresses at the longest)
nvram set filter_mac_grp1=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH
2 MAC addressof applicationclient in policy2
filter_mac_grp2 Mac address
formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8addresses at the longest)
nvram setfilter_mac_grp2=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH
3 MAC addressof applicationclient in policy3
filter_mac_grp3 Mac address
formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8addresses at the longest)
nvram set filter_mac_grp3=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH
-
Nvram parameter configuration instructions
Page 50 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
4 MAC addressof applicationclient in policy4
filter_mac_grp4 Mac address
formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8addresses at the longest)
nvram set filter_mac_grp4=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH
5 MAC addressof applicationclient in policy5
filter_mac_grp5 Mac address
formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8addresses at the longest)
nvram set filter_mac_grp5=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH
6 MAC addressof applicationclient in policy6
filter_mac_grp6 Mac address
formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8addresses at the longest)
nvram set filter_mac_grp6=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH
7 MAC addressof applicationclient in policy7
filter_mac_grp7 Mac address
formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8addresses at the longest)
nvram set filter_mac_grp7=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH
8 MAC addressof applicationclient in policy8
filter_mac_grp8 Mac address
formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8addresses at the longest)
nvram set filter_mac_grp8=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH
9 MAC addressof applicationclient in policy9
filter_mac_grp9 Mac address
formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8addresses at the longest)
nvram set filter_mac_grp9=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH
10 MAC addressof applicationclient in policy10
filter_mac_grp10 Mac address
formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8
nvram setfilter_mac_grp10=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH
-
Nvram parameter configuration instructions
Page 51 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
addresses at the longest)11 IP address of
applicationclient in policy1
filter_ip_grp1 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4
nvram set filter_ip_grp1=100 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1
Lan1-Lan6 Address of theclient in thesame networksegments of the
router range
0-255assumingthe routeraddress is
192.168.1.1/24when Lan1 is
20indicates theIP address192.168.1.20;indicates theaddress is notused
A1.B1.C1.D1-A2.B2.C2.D2
Ip address range
A3.B3.C3.D3-A4.B4.C4.D4
Ip address range
12 IP address ofapplicationclient in policy2
filter_ip_grp2 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4
nvram set filter_ip_grp2=100 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1
13 IP address ofapplicationclient in policy3
filter_ip_grp3 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4
nvram set filter_ip_grp3=100 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1
14 IP address ofapplication
filter_ip_grp4 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6
nvram set filter_ip_grp4=100 0 0 0 0
-
Nvram parameter configuration instructions
Page 52 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
client in policy4
A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4
192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1
15 IP address ofapplicationclient in policy5
filter_ip_grp5 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4
nvram set filter_ip_grp5=100 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1
16 IP address ofapplicationclient in policy6
filter_ip_grp6 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4
nvram set filter_ip_grp6=100 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1
17 IP address ofapplicationclient in policy7
filter_ip_grp7 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4
nvram set filter_ip_grp7=100 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1
18 IP address ofapplicationclient in policy8
filter_ip_grp8 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4
nvram set filter_ip_grp8=100 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1
19 IP address ofapplicationclient in policy9
filter_ip_grp9 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4
nvram set filter_ip_grp9=100 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1
20 IP address ofapplicationclient in policy10
filter_ip_grp10 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4
nvram setfilter_ip_grp10=10 0 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1
Access policy
NO. Parameteritem
parameters The value and description example
1 Access policyrules 1
filter_rule1 state 2 enable nvram set filter_rule1=$STAT:2$NAME:FILTER2$DENY:0$$
0 disablepolicy 30 characters at
the longestaction 1 deny
0 filter
format$STAT:stat$NAME:nameof policy$DENY:action$$
-
Nvram parameter configuration instructions
Page 53 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
2 Access policyrules 2
filter_rule2 idem nvram set filter_rule2=$STAT:2$NAME:FILTER2$DENY:0$$
3 Access policyrules 3
filter_rule3 idem nvram set filter_rule3=$STAT:2$NAME:FILTER2$DENY:0$$
4 Access policyrules 4
filter_rule4 idem nvram set filter_rule4=$STAT:2$NAME:FILTER2$DENY:0$$
5 Access policyrules 5
filter_rule5 idem nvram set filter_rule5=$STAT:2$NAME:FILTER2$DENY:0$$
6 Access policyrules 6
filter_rule6 idem nvram set filter_rule6=$STAT:2$NAME:FILTER2$DENY:0$$
7 Access policyrules 7
filter_rule7 idem nvram set filter_rule7=$STAT:2$NAME:FILTER2$DENY:0$$
8 Access policyrules 8
filter_rule8 idem nvram set filter_rule8=$STAT:2$NAME:FILTER2$DENY:0$$
9 Access policyrules 9
filter_rule9 idem nvram set filter_rule9=$STAT:2$NAME:FILTER2$DENY:0$$
10 Access policyrules 10
filter_rule10 idem nvram set filter_rule10=$STAT:2$NAME:FILTER2$DENY:0$$
11 the time of thepolicy rule 1:
filter_tod1 Start time hourpoint
0-23 naturalnumber
nvram set filter_tod1=0:023:58 13,5-6
The number ofminutes of thestart time
0-59 naturalnumber
to terminatetime hours point
0-23 naturalnumber
Termination ofthe time thenumber ofminutes
0-59 naturalnumber
Effect time ofpolicy
If every dayeffectiveset
-
Nvram parameter configuration instructions
Page 54 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
0-6 if
Tuesday wednesdayand Fridayeffective,set
2-3,5 if onlyeffect on
monday set
1 othersimilar record
formatstart time hour point:thenumber of minutes of the starttime:to terminate time hourspoint:termination of the time thenumber of minutes: effect timeof policy
12 The time of thepolicy rule 2
filter_tod2 idem nvram set filter_tod2=0:023:58 13,5-6
13 The time of thepolicy rule 3
filter_tod3 idem nvram set filter_tod3=0:023:58 13,5-6
14 The time of thepolicy rule 4
filter_tod4 idem nvram set filter_tod4=0:023:58 13,5-6
15 The time of thepolicy rule 5
filter_tod5 idem nvram set filter_tod5=0:023:58 13,5-6
16 The time of thepolicy rule 6
filter_tod6 idem nvram set filter_tod6=0:023:58 13,5-6
17 The time of thepolicy rule 7
filter_tod7 idem nvram set filter_tod7=0:023:58 13,5-6
18 The time of thepolicy rule 8
filter_tod8 idem nvram set filter_tod8=0:023:58 13,5-6
19 The time of thepolicy rule 9
filter_tod9 idem nvram set filter_tod9=0:023:58 13,5-6
20 The time of thepolicy rule 10
filter_tod10 idem nvram set filter_tod10=0:023:58 13,5-6
21 Blocked url filter_web_h Network Url address of the nvram set filter_web_host1
-
Nvram parameter configuration instructions
Page 55 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
address bypolicy rule 1
ost1 address site =www.baidu.comwww.163.comformat network
addressurl ofsite
22 Blocked urladdress bypolicy rule 2
filter_web_host2
idem nvram set filter_web_host2=www.baidu.comwww.163.com
23 Blocked urladdress bypolicy rule 3
filter_web_host3
idem nvram set filter_web_host3=www.baidu.comwww.163.com
24 Blocked urladdress bypolicy rule 4
filter_web_host4
idem nvram set filter_web_host4=www.baidu.comwww.163.com
25 Blocked urladdress bypolicy rule 5
filter_web_host5
idem nvram set filter_web_host5=www.baidu.comwww.163.com
26 Blocked urladdress bypolicy rule 6
filter_web_host6
idem nvram set filter_web_host6=www.baidu.comwww.163.com
27 Blocked urladdress bypolicy rule 7
filter_web_host7
idem nvram set filter_web_host7=www.baidu.comwww.163.com
28 Blocked urladdress bypolicy rule 8
filter_web_host8
idem nvram set filter_web_host8=www.baidu.comwww.163.com
29 Blocked urladdress bypolicy rule 9
filter_web_host9
idem nvram set filter_web_host9=www.baidu.comwww.163.com
30 Blocked urladdress bypolicy rule 10
filter_web_host10
idem nvram set filter_web_host10=www.baidu.comwww.163.com
31 the keyword inweb site beblocked bypolicy rule 1
filter_web_url1
keyword Keywords inurl address
nvram setfilter_web_url1=www;163formatkeyword;keyw
ord 32 the keyword in
web site beblocked bypolicy rule 2
filter_web_url2
idem nvram setfilter_web_url2=www;163
-
Nvram parameter configuration instructions
Page 56 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
33 the keyword inweb site beblocked bypolicy rule 3
filter_web_url3
idem nvram setfilter_web_url3=www;163
34 the keyword inweb site beblocked bypolicy rule 4
filter_web_url4
idem nvram setfilter_web_url4=www;163
35 the keyword inweb site beblocked bypolicy rule 5
filter_web_url5
idem nvram setfilter_web_url5=www;163
36 the keyword inweb site beblocked bypolicy rule 6
filter_web_url6
idem nvram setfilter_web_url6=www;163
37 the keyword inweb site beblocked bypolicy rule 7
filter_web_url7
idem nvram setfilter_web_url7=www;163
38 the keyword inweb site beblocked bypolicy rule 8
filter_web_url8
idem nvram setfilter_web_url8=www;163
39 the keyword inweb site beblocked bypolicy rule 9
filter_web_url9
idem nvram setfilter_web_url9=www;163
40 the keyword inweb site beblocked bypolicy rule 10
filter_web_url10
idem nvram setfilter_web_url10=www;163
6.2 data-flow filtrationNO. Parameter
itemparameters The value and description example
1 Enable Dataflow filtrationfunction
packetfilter_enable
0 disable nvram set LoadShunt_rule=01 enable
-
Nvram parameter configuration instructions
Page 57 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
2 Data-flowfiltration policy
packetfilter_policy
DROP Drop in linewith the rulesof data
nvram setpacketfilter_policy=DROP
ACCEPT Receivingdata incompliancewith therules,does notcomply withall thediscarded
3 Filtration policy packetfilter_ips Sourceaddress
Sourceaddress ofdata,format:A.B.C.D/M
nvram set packetfilter_ips=0.0.0.0/0 1 655350.0.0.0/0 1 65535 bothoutput |
destination Destinationaddress ofdata,format:A.B.C.D/M
Starting portnumber in thesource portrange
1-65535
The end ofthe portnumber in thesource portrange
1-65535
Starting portnumber in thedestinationport range
1-65535
The end ofthe portnumber in thedestinationport range
1-65535
Protocol tcp udp
icmpboth
-
Nvram parameter configuration instructions
Page 58 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
direction output
Thedirection oflan towan
input Thedirection ofWanto lan
format sourceaddress;destination address;starting port number in sourceport range;the end of the portnumber in source port range;Starting port number in thedestination port range; Theend of the port number in thedestination port range;protocol;direction | next rule| |
7 . NAT configurationNO. Parameter
itemparameters The value and description example
1 Port forward forward_spec Name ofapplication
Letters and
numbers18characters atthe longest
nvram set forward_spec=xx:on:both:12>192.168.1.1:11192.168.1.2:10
-
Nvram parameter configuration instructions
Page 59 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
Sourceaddress ofdata
A.B.C.D/M
Source port ofdata
1-65535
Destinationaddress offorward
A.B.C.D
Destinationport offorward
1-65535
format Name ofapplication:protocol:destination port ofdata>Destination address offorward: Destination port offorward192.168.7.2 yy:off:tcp:3:6>192.168.7.3
Whether toopen onenable
offdisableprotocol udptcpboth
Startingdestinationport of data
1-65535
The end ofdestinationport of data
1-65535
Destinationport offorward
A.B.C.D
format application:protocol:
-
Nvram parameter configuration instructions
Page 60 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]
destination port ofdata>Destination address offorward: Destination port offorward6-666ttt:on:both:5-66>88-9099yyy:on:udp:2-555>6-666ttt:on:both:5-66>88-9099
Whether toopen onenable
offdisableprotocol tcpudpbothStarting portnumber ofdestinationport range OfTrigger rule
1-65535
The end ofport numberof destinationport range OfTrigger rule
1-65535
Starting portnumber ofport range OfTrigger rule
1-65535
The end ofport numberof portrange OfTrigger rule
1-65535
format Name ofapplication:protocol:Startingport number of destination portrange Of Trigger rule: The endof port number of destination
-
Nvram parameter configuration instructions
Page 61 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:coco@four-fa