Nvram Parameter Configuration Instructions

Nvram parameter configuration instructions

Page 1 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:[email protected]

NVRAMparameterconfigurationinstruction

Document No. Product version Securityclassification

AProduct name:nvram parameter configurationinstruction

A total of 72

NVRAM PARAMETERCONFIGURATION INTRODUCTION

This manual applies to the following modelsmodel Product categoryF3x34 Single card five port WIFI

ROUTERF5934 High-performance broadband

ROUTERF3x24 Single card single port WIFI

ROUTERF3B3x Dual card five port WIFI

ROUTERF7x34 Single card five port+GPS

WIFI ROUTERF7x24 Single card single port+GPS

WIFI ROUTERF7B3x Dual card five port+GPS WIFI

ROUTER



Documentrevisionhistory

version explanation author

2012-10-31 V1.00 The initial version PF,XCY2013-3-26 V1.10 Increase the number of

common items hiddenparameters

PF

Copyright NoticeAll contents in the files are protected by copyright law, and all copyrights are reserved by XiamenFour-Faith Communication Technology Co., Ltd. Without written permission, all commercial use of thefiles from Four-Faith are forbidden, such as copy, distribute, reproduce the files, etc., butnon-commercial purpose, downloaded or printed by individual (all files shall be not revised, and thecopyright and other proprietorship notice shall be reserved) are welcome.

Trademark notice

Four-Faith were all registered trademarks of xiamen four-faithcommunication technology Co.,Ltdwithout prior written permissionno person shall in any way use thefour-faith name and four-faith trademarks and logos.



CatalogueNvram parameters instructions...............................................................................................................................41.setup........................................................................................................................................................................ 6

1.1 Basic setup..................................................................................................................................................61.2 Dynamic DNSDDNS........................................................................................................................171.3 MAC address cloning.............................................................................................................................. 201.4 Advaced routing........................................................................................................................................21

2. wireless.................................................................................................................................................................222.1 basic setup................................................................................................................................................ 222.2 wireless security....................................................................................................................................... 23

3 .service.................................................................................................................................................................. 253.1 service........................................................................................................................................................253.2 PPPoE server........................................................................................................................................... 27

4 . VPN......................................................................................................................................................................294.1 PPTP.......................................................................................................................................................... 294.2 L2TP........................................................................................................................................................... 304.3 IPSEC......................................................................................................................................................324.3 GRE............................................................................................................................................................41

5 . security................................................................................................................................................................ 455.1 firewall........................................................................................................................................................ 455.2 VPN pass-through....................................................................................................................................46

6 . access limit......................................................................................................................................................... 476.1 WAN access..............................................................................................................................................476.2 data-flow filtration..................................................................................................................................... 54

7 . NAT configuration..............................................................................................................................................568 . QoS option..........................................................................................................................................................58

8.1 basic........................................................................................................................................................... 588.2 classification..............................................................................................................................................628.3 Load balance.............................................................................................................................................63

9 . application...........................................................................................................................................................649.1 Serial port application..............................................................................................................................649.2 GPS options.............................................................................................................................................. 65

10 . management.................................................................................................................................................... 6710.1 management...........................................................................................................................................67



10.2 Remain active.........................................................................................................................................6811 .Other important parameters nvram...............................................................................................................70

Nvram parameters instructionsThe file is mainly about the nvram parameters used in the new type of router. The

parameters are classified in web menu because of the large amount. Some parametersare omitted since they are not frequently used. It mainly includes VLAN and Network inSetup,MAC filter,Advance settings and WDS in Wireless settings,and OPENVPN in VPN.

There are five commands in common use as follows.nvram showTo make a list of all the commands in NVRAM. grep command can be also used to extractpart of the information. For example,nvram show | grep lan_This command can be used to list all parameters starting with lan_ are listed with and theresult is as followslan_gateway=192.168.1.254dr_lan_rx=0lan_netmask=255.255.255.0lan_lease=86400lan_stp=1lan_hwaddr=00:12:17:E1:56:F5lan_dns=211.152.179.7 202.96.128.86lan_ifnames=vlan0 eth1size: 12567 bytes (20201 left)lan_ipaddr=192.168.1.1lan_proto=staticlan_ifname=br0lan_wins=lan_hwnames=

nvram set parameter="value"To add or modify some parameters. For example, excute the following command to changeLAN ip from 192.168.1.1 to 192.168.1.2.nvram set lan_ipaddr=192.168.1.2



nvram commitrebootLine 1 for ip address modification, line 2 for save, and line 3 for reboot. Because the ipaddress modification works after rebooting.

nvram get parametersUsed to obtain some of the parametersfor example,i want to get the LAN IP addressexecutablenvram get lan_ipaddr192.168.1.1So 192.168.1.1 is the ip address of LAN port

nvram unset parameterUsed to remove some of the parametershowever,this feature is rarely usedbecause 64kcapacity of nvram enough to save a large number of parametersmost people rely todeleteFor example,i want to remove dr_lan_rx=0 parameterrequests the executivenvram unset dr_lan_rx

nvram commitWhen you do a lot of modifications to nvramyou need to save these changeswhen yourrouter resetthese modifications will be disappearsame as aboveyou should performnvram commit



1.setup1.1 Basic setupWAN port setting

NO. Parameteritem

parameter The value and description example

1 Connectiontype

wan_proto disabled disable nvram set wan_proto=dhcpdhcp Dhcp modestatic Static IP modepppoe Pppoe dial modepptp Pptp model2tp l2tp mode3g 3g link-1 mode3glink 3g link-2 mode

3glink

NO. Parameteritem

parameter The value and parameter example

1 username ppp_username 63 bytes of longestcharacter

nvram setppp_username=card

2 password ppp_passwd 63 bytes of longestcharacter

nvram set ppp_passwd=card

3 Call centernumber

wan_dial 0 *99***1# nvram set wan_dial=11 *99#2 #99***1#3 #7774 *98*1#

4 APN wan_apn 63 bytes of longestcharacter

nvram set wan_apn=3gnet

5 PIN wan_pin Must be 4-byte number nvram set wan_pin=12346 Network type wan_conmode 0 auto nvram set wan_conmode=0



selection 1 Enforce 3g2 Enforce 2g3 3g first4 2gfirst5 2g/3g Allow only6 Enforce 4g7 2g/3g/4g Allow

only7 Keep online

modeKpOnlineMode 1 None nvram set KpOnlineMode=1

2 Ping mode5 Route mode6 PPP mode

8 Keep onlinedetectioninterval

KpOnlineInterval Range 0-9999in sec. nvram setKpOnlineInterval=60

9 keep onlineto detectionthe mainserver ip

KpOnlineIcmpDest

Currently only support ipform,does not supportdomain form

nvram set KpOnlineIcmpDest=8.8.8.8

10 Keep onlineto detectionthe secondserver ip

KpOnlineIcmpSecDest


nvram setKpOnlineIcmpSecDest=166.111.8.238

11 Enabledial-up failedto restartmechanism

ppp_restartppp 0 disable nvram set ppp_restartppp=1

1 enable

12 Forced toreconnect

reconnect_enable

0 disable nvram setreconnect_enable=11 enable

13 time reconnect_hours Number of 0-24 range nvram set reconnect_hours=0

reconnect_minutes

Number of 0-59 range nvram setreconnect_minutes=0

14 STP lan_stp 0 disable nvram set lan_stp=11 enable

Static IP

NO. Parameteritem


1 WAN IP wan_ipaddr IP address form nvram set wan_ipaddr



address =192.168.8.222 Subnet mask wan_netmask netmask nvram set wan_netmask

=255.255.255.03 gateway wan_gateway netmask nvram set wan_netmask

=192.168.8.14 Static DNS1

Static DNS2Static DNS3

wan_dns First DNSSecond DNSThird DNS

nvram set wan_dns=8.8.8.8218.85.157.99 218.85.152.993 DNS directly separated byspaces,should user quotationmarks separated by a spaceframed

5 Keep onlinemode

KpOnlineMode 1 None nvram set KpOnlineMode=12 Ping mode5 Route mode



7 Keep onlineto detectmain serverip

KpOnlineIcmpDest



8 Keep onlineto detectsecondserver ip

KpOnlineIcmpSecDest



notenumber 5-8 only used in the version of the dual-card

DHCP mode

NO. Parameteritem


1 Keep online KpOnlineMode 1 None nvram set KpOnlineMode=12 Ping mode5 Route mode



3 Keep onlineto detectmain server

KpOnlineIcmpDest





ip4 Keep online

to detectsecondserver ip

KpOnlineIcmpSecDest



notenumber 1-4 only used in version of the dual-card

PPPoE

NO. Parameteritem

parameter The value and description Example

1 User ppp_username 63 bytes of longestcharacter

nvram setppp_username=card

2 password ppp_passwd 63 bytes of longestcharacter

nvram set ppp_passwd=card

3 Server name ppp_service PPPoE server address63character at the longest

nvram set ppp_service=172.16.1.1

4 PPPcompress

ppp_compression

0 disable nvram setppp_compression=01 enable

5 CompatibleVDSL frontdemodulator

wan_vdsl 0 disable nvram set wan_vdsl=01 enable

6 VLAN 8support

dtag_vlan8 0 disable nvram set dtag_vlan8=01 enable

7 MPPEencrypt

ppp_mppe 63 character at the longest nvram set ppp_mppe="mpperequired"

8 Single-linkmulti-connected

ppp_mlppp 0 disable nvram set ppp_mlppp=11 enable

9 Keep onlinemode

KpOnlineMode 1 None nvram set KpOnlineMode=12 Ping mode5 Route mode

10 Keep Onlinedetectioninterval


11 Online tokeep thedetection ofthe main

KpOnlineIcmpDest





server ip12 Online to

keep thedetection ofthe secondserver ip

KpOnlineIcmpSecDest



PPTP

No. Parameteritem


1 User name ppp_username 63 bytes at the longest nvram setppp_username=card

2 password ppp_passwd 63 bytes at the longest nvram set ppp_passwd=card3 Connect

policyppp_demand 0 Remain

activenvram set ppp_demand=0

1 Connect ondemand

4 Remainactive timeperiod

ppp_redialperiod Decimal numbers of 20-180

rangein sec.nvram setppp_redialperiod=30

5 Connect ondemand

ppp_idletime Digital of range 1-9999 inminutes

nvram set ppp_idletime=5

6 PPTPencrypt

pptp_encrypt 0 disable nvram set pptp_encrypt=01 enable

7 Disable thepacketrearrange

pptp_reorder 0 disable nvram set pptp_reorder=1

1 enable

8 Additionalpptp options

pptp_extraoptions

Pptp configuration optionsformat

nvram setpptp_extraoptions=XX

9 Use DHCP pptp_use_dhcp 0 disable nvram set pptp_use_dhcp=01 enable

10 WAN IPaddress

wan_ipaddr IP address format nvram set wan_ipaddr=192.168.8.22

11 Subnet mask wan_netmask netmask nvram set wan_netmask=255.255.255.0

12 gateway wan_gateway netmask nvram set wan_netmask=192.168.8.1

13 gateway pptp_server_name Ip or domain name 63

nvram setpptp_server_name=XX



PPTP

server

characters at the longest

LTTP

No. Parameteritem


1 username ppp_username 63 bytes at the longest nvram setppp_username=card

2 Password ppp_passwd 63 bytes at the longest nvram set ppp_passwd=card3 Connection

strategyppp_demand 0 Remain

activenvram set ppp_demand=0

1 Connect ondemand

4 Remainactive tiemperiod

ppp_redialperiod Decimal numbers of range20-180in sec.

nvram setppp_redialperiod=30

5 Connect ondemand

ppp_idletime Numbers of range 1-9999inminute

nvram set ppp_idletime=5

6 L2TP server l2tp_server_name Ip or domain name 63

characters at the longest

nvram setl2tp_server_name=XX

7 Allow chapauthentication protocol

l2tp_req_chap 0 disable nvram set l2tp_req_chap =11 enable

8 Refuse papauthentication protocol

l2tp_ref_pap 0 disable nvram set l2tp_ref_pap =11 enable

9 Allowauthentication protocol

l2tp_req_auth 0 disable nvram set l2tp_req_auth =11 enable

backup wan port settings

NO. Parameter parameter The value and description example



item

1Enabledual-linkbackupfeature

dualfailover0 disable

nvram set dualfailover=01 enable

2Dual-linkonline at thesame time

bothonline0 disable

nvram set bothonline=01 enable

3 Connectiontype bkup_wan_proto

disabled disable

nvram set bkup_wan_proto=dhcp

dhcp Dhcp modestatic Static IP modepppoe Pppoe dial mode3g 3g link-1 way

3glink 3g link-2 way

Backup WAN port3g/3glink

No. Parameteritem

Parameter The value and description Example

1 Username bkup_ppp_username

63 bytes at the longest nvram setbkup_ppp_username =card

2 Password bkup_ppp_passwd

63 bytes at the longest nvram set bkup_ppp_passwd=card

3 Call centernumber

bkup_wan_dial 0 *99***1# nvram set bkup_wan_dial=11 *99#2 #99***1#3 #7774 *98*1#

4 APN bkup_wan_apn 63 bytes at the longest nvram setbkup_wan_apn=3gnet

5 PIN bkup_wan_pin Must be 4 byte number nvram setbkup_wan_pin=1234

6 Network typeselection

bkup_wan_conmode

0 auto nvram setbkup_wan_conmode =01 Enforce 3g

2 Enforce 2g3 3g first4 2g first5 Only allow 2g/3g6 Enforce 4g7 Only allow

2g/3g/4g



7 keep onlinemode

bkup_KpOnlineMode

1 None nvram set bkup_KpOnlineMode=12 Ping mode

5 Route mode6 PPP mode

8 Onlinemaintaindetectioninterval

bkup_KpOnlineInterval Range 0-9999in sec.

nvram setbkup_KpOnlineInterva l=60

9 Online tokeep thedetection ofthe mainserver ip

bkup_KpOnlineIcmpDest

Currently only support ipform,does not supportdomain name form

nvram setbkup_KpOnlineIcmpDest=8.8.8.8

10 Online tokeep thedetection ofthe secondserver ip

bkup_KpOnlineIcmpSecDest


nvram setbkup_KpOnlineIcmpSecDest=166.111.8.238

11 Enabledial-up failedto restartmechanism

bkup_ppp_restartppp

0 disable nvram setbkup_ppp_restartppp =11 enable

12 forced toreconnect

bkup_reconnect_enable

0 disable nvram setbkup_reconnect_enable=11 enable

13 time bkup_reconnect_hours

The digital of range 0-24 nvram setbkup_reconnect_hours=0

bkup_reconnect_minutes

The digital of range 0-59 nvram setbkup_reconnect_minutes=0

14 STP bkup_lan_stp 0 disable nvram set bkup_lan_stp=11 enable

Backup WAN portstatic IP

No. Parameteritem

Parameter The value and description example

1 WAN IPaddress

Bkup_wan_ipaddr

Ip address form nvram set bkup_wan_ipaddr=192.168.8.22

2 Subnet mask bkup_wan_netmask

Subnet mask nvram set bkup_wan_netmask=255.255.255.0

3 Gateway bkup_wan_gateway

Gateway address nvram set bkup_wan_netmask=192.168.8.1



4 Static DNS1Static DNS2Static DNS3

bkup_wan_dns First DNSSecond DNSThird DNS

nvram set bkup_wan_dns=8.8.8.8 218.85.157.99218.85.152.993 DNS directly separated byspaces,encountered usequotation marks separated bya space framed

5 Keep onlinemode

bkup_KpOnlineMode

1 None nvram setbkup_KpOnlineMode =12 Ping mode

5 Route mode6 Keep Online

detectioninterval


nvram setbkup_KpOnlineInterval=60





8 Online tokeep thedetection ofthe secondserver ip



nvram setbkup_KpOnlineIcmpSecDest=166.111.8.238

Backup WAN portDHCP mode

No. Parameteritem


1 Keep onlinemode

bkup_KpOnlineMode



detectioninterval







4 Online tokeep the


Currently only support ipform,does not support

nvram setbkup_KpOnlineIcmpSecDest



detection ofthe secondserver ip

domain name form =166.111.8.238

Backup WAN portPPPoE

No. Parameteritem


1 Username bkup_ppp_username

Longest character for 63bytes

nvram setbkup_ppp_username =card

2 password bkup_ppp_passwd

Longest character for 63bytes

nvram set bkup_ppp_passwd=card

3 Server name bkup_ppp_service PPPoE server address

support ip addresses anddomain name up to 63characters

nvram set bkup_ppp_service=172.16.1.1

4 PPPcompress

bkup_ppp_compression

0 disable nvram setbkup_ppp_compression=01 enable

5 Compatiblevdsl frontdemodulator

bkup_wan_vdsl 0 disable nvram set bkup_wan_vdsl=01 enable

6 VLAN 8support

bkup_dtag_vlan8

0 disable nvram set bkup_dtag_vlan8=01 enable

7 MPPEencrypt

bkup_ppp_mppe 63 characters At the longest nvram set bkup_ppp_mppe="mppe required"

8 Single-linkmulti-connected

bkup_ppp_mlppp

0 disable nvram set bkup_ppp_mlppp=11 enable

9 Keep onlinemode

bkup_KpOnlineMode



detectioninterval







12 Online to bkup_KpOnlineI Currently only support ip nvram set



keep thedetection ofthe secondserver ip

cmpSecDest form,does not supportdomain name form

bkup_KpOnlineIcmpSecDest=166.111.8.238

optional settings

No. Parameteritem


1 Router name router_name 39 characters at the longest nvram setrouter_name=ROUTER

2 Host name wan_hostname 39 characters at the longest nvram setwan_hostname=XXX

3 Domainname

wan_domain 79 characters at the longest nvram set wan_domain =XXX

4 MTU mtu_enable 0 Auto mode nvram set mtu_enable=11 Manual

modewan_mtu Digital of 0-9999 range nvram set wan_mtu=1500

Local setting

No. Parameteritem


1 Local ipaddress

lan_ipaddr Ip address form nvram setlan_ipaddr=192.168.1.1

2 Subnet mask lan_netmask LAN port subnet mask nvram setlan_netmask=255.255.255.0

3 Gateway lan_gateway LAN port gateway nvram set lan_gateway=0.0.0.0

4 Local DNS sv_localdns local DNS of lan port nvram set sv_localdns=0.0.0.0

Network address server setting (DHCP)

No. Parameteritem

Parameter The value and description example

1 DHCP type dhcpfwd_enable 0 DHCPserver

nvram setlan_ipaddr=192.168.1.1

1 DHCPrepeater

2 DHCP lan_proto dhcp Enable nvram set



server lan_netmask=255.255.255.0static disable3 Start ip

addressdhcp_start Digital of range 1-254 nvram set lan_gateway

=0.0.0.04 The

maximumnumber ofdhcp users

dhcp_num Digital form,with a starting ipaddress,and should not begreater than 254

nvram set sv_localdns=0.0.0.0

5 Client leasetime

dhcp_lease Digital of range 0-99999 inminute

nvram set dhcp_lease =1440

6 Static DNS1Static DNS2Static DNS3

wan_dns First DNSSecond DNSThird DNS

nvram set wan_dns=8.8.8.8218.85.157.99 218.85.152.993 DNSdirectly separated byspaces,encountered usequotation marks separated bya space framed

7 WINS wan_wins WIN server address nvram set wan_wins=0.0.0.08 To use

DNSmasqfor dhcp

dhcp_dnsmasq 0 disable nvram set dhcp_dnsmasq =11 enable

9 To useDNSmasqfor dhcp

dns_dnsmasq 0 disable nvram set dns_dnsmasq =11 enable

10 in dhcpstandard

auth_dnsmasq 0 disable nvram set auth_dnsmasq =11 enable

11 DHCPforwardingserver

dhcpfwd_ip IP address form nvram set dhcpfwd_ip=0.0.0.0

NTP

No. Parameteritem


1 NTP client ntp_enable support nvram setlan_ipaddr=192.168.1.1

2 Time zone time_zone LAN port subnet mask nvram setlan_netmask=255.255.255.0

3 Summertime (DST)

daylight_time Set summer time of local nvram set lan_gateway=0.0.0.0

4 ServerIP/host

ntp_server 32 characters at the nvram set sv_localdns=0.0.0.0



name longest Currently onlysupport ip form,does notsupport domain name form

Time setting

Setting of System time is specialcan not user nvram settingrtc_tm formatted as follows:

rtc_tm ss year month date hour minute secondsseparated by spaces as follows:

inportrtc_tm ss 2012 10 31 15 10 55

exportWed Oct 31 15:10:55 UTC 2012

Indicates that the time is set to 2012 10 31 15:10:55

1.2 Dynamic DNSDDNSNo. Parameter

itemParameter The value and description Example

1 DDNSservice

ddns_enable 0 disable nvram set ddns_enable =11 DynDNS.org2 freedns.afraid.org3 ZoneEdit.com4 No-IP.com5 custom6 3322.org7 easyDNS.com8 TZO.com9 DynSIP.org

2 type ddns_dyndnstype

1 dynamic nvram set ddns_dyndnstype=12 static

3 custom3 wildcard ddns_wildcard 1 enable nvram set ddns_wildcard =1

other disable4 Do not use ddns_wan_ip 0 disable nvram set ddns_wan_ip=1



external ipdetection

1 enable

5 Mandatoryupdateinterval

ddns_force Digital of range 1-60 in

daysthe default is 10 days

nvram set ddns_force =10

DynDNSNo. Parameter


1 Username ddns_username 64 character at the longest nvram set ddns_username=XXX

2 Password ddns_passwd 3 character at the longest nvram set ddns_passwd=XXX

3 Host name ddns_hostname Ddns host name of server nvram set ddns_hostname=XXX

freednsNo. Parameter


1 Username ddns_username_2

64 character at the longest nvram setddns_username_2=XX

2 Password ddns_passwd_2 3 character at the longest nvram setddns_passwd_2=XXX

3 Host name ddns_hostname_2

Ddns host name of server nvram setddns_hostname_2=XX

ZoneEditNo. Parameter







No-IPNo. Parameter


1 Username ddns_username 64 character at the longest nvram set



_4 ddns_username_4=XX2 Password ddns_passwd_4 3 character at the longest nvram set

ddns_passwd_4=XXX3 Host name ddns_hostname

_4Ddns host name of server nvram set

ddns_hostname_4=XX

customNo. Parameter


1 User name ddns_username_5





4 DYNDNSserver

ddns_custom_5 DYNDNS server cangenerally be got in theregistered server

nvram setddns_custom_5=XX

5 URL ddns_url The form of character nvram set ddns_url=XX6 DDNS

additionaloptions

ddns_conf DDNS additional options nvram set ddns_conf=XX

3322No. Parameter







4 Type ddns_dyndnstype_6

The default is dynamic,cannot configuration

easyDNSNo. Parameter


1 username ddns_username_7







4 Wildcard ddns_wildcard_7 1 enable nvram set ddns_wildcard_7=1other disable

TZONO. Parameter







DynSIPNo. Parameter







1.3 MAC address cloningNo. Parameter


1 MAC cloning mac_clone_enable

0 Disable nvram setmac_clone_enable=11 enable

2 Cloning LANport VLANMAC

def_lhwaddr MAC address format can

not be a multicastsecondcharacter of mac addressmust be an even

nvram set def_lhwaddr=00:0C:43:30:52:77



3 CloningWAN portMAC

def_hwaddr MAC address format can

not be a multicastsecondcharacter of mac addressmust be an even

nvram set def_hwaddr=00:0C:43:30:52:78

4 CloningwirelessMAC of LANport

def_whwaddr MAC address format can

not be a multicastsecondcharacter of mac addressmust be an even and thelast character must be: [0, 1,4, 5, 8, 9, C, D]

nvram set def_whwaddr=00:0C:43:30:52:79

1.4 Advaced routingNo. Parameter


1 Work mode wk_mode gateway Gatewaymode

nvram set wk_mode= gateway

static Route mode2 interface dr_setting 0 disable nvram set dr_setting =0

1 WAN2 LAN &

WLAN3 both

3 Route name static_route_name

Each name can be 25

character at the longest

format is $NAME:XXX$$if more than one name isseparated by a space in themiddle

nvram set static_route_name= $NAME:rrr$$$NAME:ddd$$

4 Static route static_route metric Range 0-9999 nvram set static_route =192.168.8.0:255.255.255.0:192.168.1.1:0:br0

LAN IP ofDestinatio

IP segment inthe form



192.168.10.0:255.255.255.0:192.168.1.1:0:br0

nSubnetmask

Subnet maskform

Gateway Correspondinggateway

interface

Corresponding to

Port of router example: LAN port isbr0

Format isLAN IP ofdestination:subnetmask:gateway:metric:interfa

ceif multiple static routes isseparated by a space in themiddle

2. wireless2.1 basic setup

NO. Parameteritem


1 Wirelessnetworkmode

wl0_net_mode disabled Disable nvram set wl0_net_mode=mixedmixed 801.11b/n/g

bg-mixed 801.11b/gb-only 801.11ng-only 801.11gng-only 801.11g/nn-only 801.11n

2 Wirelessmode

wl0_mode ap AP mode nvram set wl0_mode=apsta Client mode



infra Adhoc modeapsta Relay modeapstawet Repeater

bridge3 Wireless

networkname

SSID

wl0_ssid 32 character at the longest nvram setwl0_ssid=four-faith

4 Wirelesschannel

wl0_channel 0 auto nvram set wl0_channel=61 2.412 GHz2 2.417 GHz3 2.422 GHz4 2.427 GHz5 2.432 GHz6 2.437 GHz7 2.442 GHz8 2.447 GHz9 2.452 GHz10 2.457 GHz11 2.462 GHz12 2.467 GHz13 2.472 GHz

5 Channel size wl0_nbw 20 20MHz nvram set wl0_nbw=2040 40MHz

6 Wirelessssidbroadcast

wl0_closed 0 Enable nvram set wl0_closed =01 Disable

7 broadband wl0_nctrlsb upper upper nvram set wl0_ nctrlsb=upperlower lower

2.2 wireless securityNo. Parameter


1 Safe mode wl0_security_mode

disabled Disable nvram set wl0_security_mode=pskpsk WPA Personal

wpa WPA Enterprise



psk2 WPA2 Personalwpa2 WPA2

Enterprisepsk psk2 WPA2 Personal

Mixedwpawpa2

WPA2Enterprise Mixed

wep WEP2 WPA

algorithmwl0_crypto tkip TKIP nvram set wl0_crypto=TKIP

aes AEStkip+aes TKIP+AES

3 WPA sharedkey

wl0_wpa_psk Must be 8 63 ACSIIcharacter or 64 hexadecimaldigits

nvram set wl0_wpa_psk=123456789

4 Key updateinterval

sec.

wl0_wpa_gtk_rekey

default: 3600, range: 1 -99999

nvram set wl0_wpa_gtk_rekey=3600

5 Radiusauthentication serveraddress

wl0_radius_ipaddr

IP address format nvram set wl0_radius_ipaddr=0.0.0.0

6 Radiusauthentication server port

wl0_radius_port Digital of range 1-65535default port is 1812

nvram setwl0_radius_port=1812

7 Radiusauthentication shared key

wl0_radius_key 79 characters at the longest nvram set wl0_radius_key=XXX

8 Authentication type

wl0_authmode open Open nvram set wl0_authmode=openshared Shared key

9 Defaulttransmit key

wl0_key 1 1 nvram set wl0_key=12 23 34 4

10 wl0_wep_bit 64 64 bits 10 hexdigits/5 ASCIInvram set wl0_wep_bit=64

128 128 bits 26 hexdigits/13 ASCII

11 ASCII/HEX wl0_wepmode 0 ASCII nvram set wl0_wepmode=11 HEX



12 Key 1 wl0_key1 10 hexadecimal nvram setwl0_key1=0000000000

13 key 2 wl0_key2 10 hexadecimal nvram setwl0_key2=0000000000

14 key 3 wl0_key3 10 hexadecimal nvram setwl0_key3=0000000000

15 Key 4 wl0_key4 10 hexadecimal nvram setwl0_key4=0000000000

3 .service3.1 service

No. Parameteritem


1 Set thevendor class

dhcpc_vendorclass

79 character at the longest nvram setdhcpc_vendorclass=XXX

2 Request IP dhcpc_requestip 79 character at the longest nvram setdhcpc_requestip=XXX

3 DHCPdadditionaloptions

dhcpd_options Symbol DHCPd additionalset format

nvram set dhcpd_options =XXX

4 MACaddressbinding withLAN address

static_leases MACaddress

MAC addressformat

nvram set static_leases="00:11:22:33:44:55=66=192.168.66.5=144000:11:22:33:44:53=63=192.168.66.3=1440"

Hostname

Host name of theclient

Ipaddress

Ip address ofLAN port

Clientleasetime

Decimalnumbers ofrange1-999999999

Format isMAC address

host name IP address



client lease timeif more than

one,separated by a spaceand set the number ofstatic_leasenum in the sametime

5 MACaddressbinding withnumber oflan address

static_leasenum IMAC address binding withnumber of lan address inthe same time need toconfigure static_leases

nvram set static_leasenum =2

6 DNSMasq dnsmasq_enable

0 disable nvram set dnsmasq_enable=11 enable

7 Local DNS local_dns 0 disable nvram set local_dns=01 enable

8 No DNSRebind

dnsmasq_no_dns_rebind

0 disable nvram setdnsmasq_no_dns_rebind=11 enable

9 DNSMasqadditionaloptions

dnsmasq_options

Format of DNSMasqadditional settingexample :option 138 and soon

nvram set dnsmasq_options =dhcpd_options=138,192.168.9.1

10 SNMP snmpd_enable 0 disable nvram set snmpd_enable=01 enable

11 place snmpd_syslocation

100 character at the longest nvram set snmpd_syslocation =Unknown

12 contact snmpd_syscontact

100 character at the longest nvram set snmpd_syscontact=root

13 name snmpd_sysname

100 character at the longest nvram set snmpd_sysname=four-faith

14 Read-onlycommunitystring

snmpd_rocommunity

100 character at the longest nvram set snmpd_rocommunity=public

15 Read-writecommunitystring

snmpd_rwcommunity

100 character at the longest nvram set snmpd_rwcommunity=private

16 System log debuglog_enable

0 disable nvram set debuglog_enable=11 enable

17 Output mode syslogd_enable 0 Serial output nvram set syslogd_enable=01 Network

output18 SSHd sshd_enable 0 disable nvram set sshd_enable=0



1 enable19 SSH TCP

transmitsshd_forwarding 0 disable nvram set sshd_forwarding=0

1 enable20 Password

log insshd_passwd_auth

0 disable nvram set sshd_passwd_auth=11 enable

21 port sshd_port Digital of range 1-65535 nvram set sshd_port=2222 Authorizatio

n keysshd_authorized_keys

Format required to meet thestandard of the certificate

nvram setsshd_authorized_keys =XXX

23 Telnet telnetd_enable 0 disable nvram set telnetd_enable=11 enable

24 Ttraff fingerdaemon

ttraff_enable 0 disable nvram set ttraff_enable=11 enable

3.2 PPPoE serverNo. Parameter


1 RP-PPPoEserverdaemon

pppoeserver_enabled

0 disable nvram setpppoeserver_enabled=01 enable

2 Client IP pppoeserver_pool 19 character at the longest

format:xxx.xxx.xxx.xxx-xxx

nvram set pppoeserver_pool=192.168.1.10-100

3 Deflatecompress

pppoeserver_deflate

1 enable nvram set pppoeserver_deflate=0other disable

4 BSDcompress

pppoeserver_bsdcomp

1 enable nvram setpppoeserver_bsdcomp =0other disable

5 LZS Staccompress

pppoeserver_lzs 1 enable nvram set pppoeserver_lzs=0other disable

6 MPPCcompress

pppoeserver_mppc

1 enable nvram set pppoeserver_mppc=0other disable

7 MPPEPPPoEencrypt

pppoeserver_encryption

1 enable nvram setpppoeserver_encryption =0other disable

8 Each macaddressrestrictionspppoe client

pppoeserver_sessionlimit

Decimal numbers of range1-99999

nvram setpppoeserver_sessionlimit =10



number

9 LCPresponseinterval

pppoeserver_lcpechoint


nvram setpppoeserver_lcpechoint =5

10 LCP respondto failure

pppoeserver_lcpechofail


nvram setpppoeserver_lcpechofail =12

11 Free time pppoeserver_idle


nvram set pppoeserver_idle =10

12 authentication

pppoeradius_enabled

0 Local usermanagement

nvram setpppoeradius_enabled=0

1 Radius13 Local user

management

pppoeserver_chaps

user 30 character at thelongest

nvram set pppoeserver_chaps=test1:123456:192.168.1.16:ontest2:123456:192.168.1.26:on

password

30 character at thelongest

IPaddress

IP address mode

enable off disableon enable

Format isuser:password:IP

address:enableif there aremultiple sets separated by a

space At the same timeneed to set the number oflocal user managementpppoeserver_chapsnum

14 The numberof local usermanagement

pppoeserver_chapsnum

Decimal digital form nvram setpppoeserver_chapsnum =2

15 Radiusserver ip

pppoeserver_authserverip

IP address form nvram setpppoeserver_authserverip=192.168.1.1

16 Radiusauthentication port

pppoeserver_authserverport

Decimal number of range1-65535

nvram setpppoeserver_authserverport=1812



17 Port ofRadiusaccount

pppoeserver_acctserverport

Decimal number of range1-65535

nvram setpppoeserver_acctserverport=1813

18 Radiusshared key

pppoeserver_sharedkey

63 characters at thelongest

nvram setpppoeserver_sharedkey=123456

4 . VPN4.1 PPTP

NO. parameteritem

parameter the value and description example

1 PPTPserver pptpd_enable 0 disable nvram setpptpd_enable=01 enable

2 Supportbroadcast

pptpd_bcrelay 0 disable nvram set pptpd_bcrelay =01 enable

3 forceMPPEencryption

pptpd_forcemppe

0 disable nvram set pptpd_forcemppe =11 enable

4 DNS1 pptpd_dns1 IP address format nvram set pptpd_dns1 =0.0.0.05 DNS2 pptpd_dns2 IP address format nvram set pptpd_dns2 =0.0.0.06 WINS1 pptpd_wins1 IP address format nvram set pptpd_wins1=0.0.0.07 WINS2 pptpd_wins2 IP address format nvram set pptpd_wins2=0.0.0.08 IP of server pptpd_lip IP address format dont

conflict with ip of lan port

nvram set pptpd_lip=200.200.200.1

9 IP of client pptpd_rip Format:XXX.XXX.XXX.XXX-XXX

example200.200.200.2-254

nvram set pptpd_rip=200.200.200.2-254

10 Local usermanage(CHAP Secrets)

pptpd_auth format username *password*

nvram set pptpd_auth= test *test *



exampletest * test *

7 PPTP clientoptions

pptpd_client_enable

0 disable nvram setpptpd_client_enable=01 enable

8 Servers IP orDNS name

pptpd_client_srvip

Ip address or domain name nvram set pptpd_client_srvip=120.42.46.98

9 Subnet of peer pptpd_client_srvsub

ip address of subnet mustbe configure with mask

nvram set pptpd_client_srvsub=192.168.8.0

10 Subnet maskof peer

pptpd_client_srvsubmsk

Format of Subnet mask nvram setpptpd_client_srvsubmsk=255.255.255.0

11 MPPE encrypt pptpd_client_srvsec

MPPE encryptvalid character

examplemppe required

nvram set pppoeserver_idle =mppe required

12 MTU pptpd_client_srvmtu 1-1500 range of decimal

numbers

nvram set pptpd_client_srvmtu=1450

13 MRU pptpd_client_srvmru 1-1500 range of decimal

numbers

nvram set pptpd_client_srvmru=1450

14 NAT pptpd_client_nat

0 disable nvram set pptpd_client_nat =11 enable

15Enabledmanually setthe tunnel IP

pptpd_client_assign

0 disable nvram setpptpd_client_assign=11 enable

16 IP address oftunnel

pptpd_client_assignip

IP address format nvram set pptpd_client_assignip=200.200.200.5

17 Username pptpd_client_srvuser

Pptp username of client nvram set pptpd_client_srvuser=XXX

18 password pptpd_client_srvpass

Pptp password of client nvram set pptpd_client_srvpass=123456



4.2 L2TPNO. parameter

itemparameter the value and description example

1 L2TP serveroptions

l2tp_server_enable

0 disable nvram l2tp_server_enable=01 enable

2 Force MPPEencrypt

l2tp_forcemppe 0 disable nvram set l2tp_forcemppe =11 enable

3 IP of server l2tp_lip IP address format dontconflict with ip of lan port

nvram set l2tp_lip=200.200.200.1

4 IP of client l2tp_rip Format:XXX.XXX.XXX.XXX-XXX.XXX.XXX.XXX

example200.200.200.2-200.200.200.25

nvram set l2tp_rip=200.200.200.2-200.200.200.25

5 Local usermanage(CHAP Secrets)

l2tp_auth format username *password *

exampletest * test *

nvram set l2tp_auth= test * test*

6 L2TP clientoptions

l2tp_client_enable

0 disable nvram set l2tp_client_enable=01 enable

7 L2TP server l2tp_client_servername

Ip address or domain name nvram setl2tp_client_servername=120.42.46.98

8 Subnet ofpeer

l2tp_client_srvsub

ip address of subnet mustbe configure with mask

nvram set l2tp_client_srvsub=192.168.8.0

9 Subnet maskof peer

l2tp_client_srvsubmsk

Subnet mask format nvram setl2tp_client_srvsubmsk=255.255.255.0

10 MPPEencryption

l2tp_client_srvsec

MPPE encryptvalid character

examplemppe required

nvram set l2tp_client_srvsec =mppe required



11 MTU l2tp_client_srvmtu

1-1500 range of decimalnumbers

nvram set l2tp_client_srvmtu=1450

12 MRU l2tp_client_srvmru

1-1500 range of decimalnumbers

nvram set l2tp_client_srvmru=1450

13 NAT l2tp_client_nat 0 Disable nvram set l2tp_client_nat =11 enable

14Enabledmanually setthe tunnel IP

l2tp_client_assign

0 disable nvram set l2tp_client_assign=11 enable

15 Tunnel IPaddress

l2tp_client_assignip

IP address format nvram set l2tp_client_assignip=200.200.200.5

16 username l2tp_username 63 character at the longest nvram set l2tp_username =XXX17 password l2tp_passwd 63 character at the longest nvram set l2tp_passwd =12345618 Allow CHAP

authentication

l2tp_req_chap 0 Disable nvram set l2tp_req_chap =11 enable

19 Refuse PAPauthentication

l2tp_ref_pap 0 disable nvram set l2tp_ref_pap =11 enable

20 Allowauthentication protocol

l2tp_req_auth 0 disable nvram set l2tp_req_auth =11 enable

4.3 IPSECIPSEC config

NO. parameteritem


1 Ipsec tunnelconfigure

Ipsec_conns

Tunnel type tunnel Tunnelmode

nvram set ipsec_conns=tunnel client Enabled yyon WAN1 192.168.5.5/24@ss 191.152.2.2192.36.63.2/23 @yy on 6060 restart 3des md5modp8192 0 3des md5modp4096 0 off off on offpsk 123546|tunnel client

transport

Transportmode

part client clientserver server

Advacedconfiguration

Enabled

enable

Disabl disable



Enabled GG on WAN1192.168.78.8/24 @TT12.42.46.98 8.6.6.3/24@YY on 60 60 restart 3desmd5 modp8192 0 3desmd5 modp4096 0 off off onoff X509CertRIGHT+LEFT|

ed

Connectionname


Effectiveimmediately

onEffective

immediately

offDontEffectiveimmediately

export WAN1Local ipaddress

A.B.C.D/M

LocalIdentifiers


Ip address ofpeer

A.B.C.D

Subnet ofpeer

A.B.C.D/M

Character ofpeer


dpd detect on enableoff disable

Dpd detectspace oftime

Natural number

Dpd detecttimeout

Natural number

Action ofDpd detect

hold Hold thelocalsession

restart re-establishtunnel

clear Clearsession



restart_by_peer

Restartwhen theend of there-establishment ofthe tunnel

Ikeencryptionalgorithm

whenenableadvanced

featuresIKE integrityalgorithm

whenenableadvanced

featuresIKE DH

groupwhenenableadvanced

featureIKE lifetime

whenenableadvanced

featureESPencryption



algorithm

whenenableadvanced

featureESP integrityalgorithm

whenenableadvancedfeatureESP DH

groupwhenenableadvanced

featureESP lifetime

whenenableadvanced

feature

Natural number

Using therecommendedconfiguration

Default is off

Aggressive

modewhenenableadvanced

feature

off disableOn enable

Using theOff disable



sessionforwardencryption

whenenableadvanced

feature

On enable

Consultationcompressionloadproportion

whenenableadvanced

feature

Default is off

authentication

psk Pre-shared key

X509Cert

certificateauthentication

Pre-sharedkey

character

x509certificateauthentication

format local x509certificate+remotex509 certificate

Enableadvancedfeature

Tunnel type;part;enable advancedfeature;connectionname;Effectiveimmediately;export;local subnet;localidentity;remote ipaddress;remote



subnet;remote localidentity;enable dpddetect;Dpddetection interval;Dpd detectiontimeout;actions ofdpd detection; IkeEncryptionalgorithm;IKEintegrity algorithm;IKE-DH group;IKElifetime; ESPEncryptionalgorithm; ESPintegrity algorithm;ESP-DH group;ESP lifetime; Usingthe recommendedconfiguration;aggressivemode;using thesession forwardencryption;consultation compressionload proportion;authenticationmethod; key orcertificate;| nexttunnelconfiguration| |

Disableadvancedfeature

Tunnel type;part;enable advancedfeature;connectionname;Effectiveimmediately;export;local subnet;localidentity;remote ipaddress;remotesubnet;remote localidentity;enable dpddetect;Dpd



detection interval;Dpd detectiontimeout;actions ofdpd detection; IkeEncryptionalgorithm;IKEintegrity algorithm;IKE-DH group;IKElifetime; ESPEncryptionalgorithm; ESPintegrity algorithm;ESP-DH group;ESP lifetime; Usingthe recommendedconfiguration;aggressivemode;using thesession forwardencryption;consultation compressionload proportion;authenticationmethod; key orcertificate;| nexttunnelconfiguration| |

2 NATtranslation

ipsecNatTrav

on enable nvram set ipsecNatTrav=on

Off disable

3 Log level ipsecDebugLevel

none Close log of ipsec nvram set ipsecDebugLevel=basic

basic Open log of ipsec

X509 certificate manage configuration

NO. parameteritem


1 X509certificate

ipsec_certs System containing the nameof x509 certificate

nvram set ipsec_certs=LEFT_CERT|RIGHT_CER



Tformatcertificate1 |certificate2 | certificate3

2 Public key ofcertificate

Certificatename_cert

The value contains the publickey of x509 certificate

nvram set LEFT_cert=-----BEGINCERTIFICATE-----MIIDBzCCAnCgAwIBAgIJAPqd2AdwVCi8MA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVUzELMAkGA1UEBxMCVVMxCzAJBgNVBAoTAlVTMQswCQYDVQQLEwJVUzELMAkGA1UEAxMCVVMxETAPBgkqhkiG9w0BCQEWAlVTMB4XDTEyMTAzMDExMTgwMVoXDTEzMDYyMTExMTgwMVowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVTMQswCQYDVQQHEwJVUzELMAkGA1UEChMCVVMxCzAJBgNVBAsTAlVTMQswCQYDVQQDEwJVUzERMA8GCSqGSIb3DQEJARYCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKocH1jWeZ7yVcSVqTj01zuzgWtTBQVMvgYwVZeTqjoNudihKmqmQ0FQ5dZjVLcRBj8MnnmKHRYpYRwQDZPHEEqATgF/GoWERwCoFXq/Li5NnqT02RA41hMeIgERUiw0+9cuRptanPZXmtMce6XeTO+CTxwDOr5GOT4IpLLGPgu9AgMBAA



GjgcYwgcMwHQYDVR0OBBYEFCR6H5XFuXl1EhKoG3qUBfZsDHS8MIGTBgNVHSMEgYswgYiAFCR6H5XFuXl1EhKoG3qUBfZsDHS8oWWkYzBhMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVMxCzAJBgNVBAcTAlVTMQswCQYDVQQKEwJVUzELMAkGA1UECxMCVVMxCzAJBgNVBAMTAlVTMREwDwYJKoZIhvcNAQkBFgJVU4IJAPqd2AdwVCi8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYFMClk2qBi0mWFqSKrkTSuM2fwUx3AqWy6a47KFjiazZnpih+zBCNESlvELOjns3xRsWQmfPqQqEW6zU2CHnLLTYo7iHerFpadNf4w2rB0GgcxzeSNM02+FtBLEpFeDh82AEVH9u0V062pcwRJS2O4oeNg0OM+DhGkrB26EX3m8=-----END CERTIFICATE-----

4 Private key ofcertificate

Certificatename_key

the value contain the privatekey of certificate

nvram set LEFT_key=-----BEGIN RSA PRIVATEKEY-----MIICXAIBAAKBgQCqHB9Y1nme8lXElak49Nc7s4FrUwUFTL4GMFWXk6o6DbnYoSpqpkNBUOXWY1S3EQY/DJ55ih0WKWEcEA2TxxBKgE4BfxqFhEcAqBV6vy4uTZ6k9



NkQONYTHiIBEVIsNPvXLkabWpz2V5rTHHul3kzvgk8cAzq+Rjk+CKSyxj4LvQIDAQABAoGAMzo01nQAPDWOTp0jUNuq1XfBSai+olHyB7sWi4cUhFcN2IbwVx2qs0jBbkaLhHXEA8ixELje+YWMkP7kl9Qiu08PAqeteWVHGISl5BtnZO0w0I7NRsa2O5nhBDlzpQdWZ2EGpG+I8pdu1wyq4AvdA7mBCUlI19e7eyuYm8Cy56ECQQDZE/5AGuDwC94odkpbk2iTiXenodknN1ktlxC1hfojcv+MmV3ZLtnGy2Ygq4HeA+UJiYxvbZZisYJLBmlG+hEDAkEAyJxCqpsuCcu28coJQEcGoJWsUh724yuDC0FkB6ReIcgolFDrCELP3/fP1Kq47VVlFPy67EoUefQIBgAmgn/0PwJAMQWi1Tc8tPj5IooUILoZU7gnnWOfdou5R+Jlk5i99GNz8nxwBSvfYlVsqtQQb+LRRmYZoNBOtdsAYZEBFVZDoQJAKmUriZaF4jgVD4Ac+GKKOgGniytUDaoyZXyKQTsxUX5VZRK8uOA1wiVC3LS/pBh55jeK4Ui+jw9Nasc5XDbiTQJBAI/VZRyVbi3TFjlUk8Nz3+wx9Vnffg2Sm4FQYwu/pxEfSIzPO4gYCam+rrN15P++AvBmwqUWfHH8D/zCXPxP55I=-----END RSA PRIVATEKEY-----

5 Certificatecount

Certificatename_certCount

Natural number nvram setLEFT_certCount=3



4.3 GRENO. parameters Value of parameters The value and

descriptionexample

1 GRE tunnel gre_enable 0 disable nvram gre_enable=01 enable

2 status tunnel1 gre_en1 0 disable nvram set gre_en1=1tunnel2 gre_en2tunnel3 gre_en3tunnel4 gre_en4tunnel5 gre_en5tunnel6 gre_en6tunnel7 gre_en7 1 enabletunnel8 gre_en8tunnel9 gre_en9tunnel10 gre_en10tunnel11 gre_en11tunnel12 gre_en12

3 Nameoftunnel

tunnel1 gre_name1 30 character atthe longest

nvram set gre_name1=gre_testtunnel2 gre_name2tunnel3 gre_name3tunnel4 gre_name4tunnel5 gre_name5tunnel6 gre_name6tunnel7 gre_name7tunnel8 gre_name8tunnel9 gre_name9tunnel10 gre_name10tunnel11 gre_name11tunnel12 gre_name12

4 pass tunnel1 gre_through1 0 PPP nvram set gre_through1 =0tunnel2 gre_through2tunnel3 gre_through3tunnel4 gre_through4tunnel5 gre_through5 1 LANtunnel6 gre_through6tunnel7 gre_through7tunnel8 gre_through8tunnel9 gre_through9 2 WAN(

Statictunnel10 gre_through10



IP)tunnel11 gre_through11tunnel12 gre_through125 WAN

IP ofpeer

tunnel1 gre_peer_ipaddr1 IP addressformat

nvram set gre_peer_ipaddr1=120.42.46.98tunnel2 gre_peer_ipaddr2

tunnel3 gre_peer_ipaddr3tunnel4 gre_peer_ipaddr4tunnel5 gre_peer_ipaddr5tunnel6 gre_peer_ipaddr6tunnel7 gre_peer_ipaddr7tunnel8 gre_peer_ipaddr8tunnel9 gre_peer_ipaddr9tunnel10 gre_peer_ipaddr10tunnel11 gre_peer_ipaddr11tunnel12 gre_peer_ipaddr12

6 Subnet ofpeer

tunnel1 gre_peer_net1 Subnet andsubnet maskformatExample:192.168.8.0/24meaning ipaddress is192.168.8.0 andmask is255.255.255.0

nvram set gre_peer_net1=192.168.8.0/24tunnel2 gre_peer_net2

tunnel3 gre_peer_net3tunnel4 gre_peer_net4tunnel5 gre_peer_net5tunnel6 gre_peer_net6tunnel7 gre_peer_net7tunnel8 gre_peer_net8tunnel9 gre_peer_net9tunnel10 gre_peer_net10tunnel11 gre_peer_net11tunnel12 gre_peer_net12

7 tunnelIP ofpeer

tunnel1 gre_peer_tun_ip1 IP addressformat

nvram set gre_peer_tun_ip1=200.200.200.1tunnel2 gre_peer_tun_ip2

tunnel3 gre_peer_tun_ip3tunnel4 gre_peer_tun_ip4tunnel5 gre_peer_tun_ip5tunnel6 gre_peer_tun_ip6tunnel7 gre_peer_tun_ip7tunnel8 gre_peer_tun_ip8tunnel9 gre_peer_tun_ip9tunnel10 gre_peer_tun_ip10tunnel11 gre_peer_tun_ip11tunnel12 gre_peer_tun_ip12

8 Tunnel IP of

tunnel1 gre_local_tun_ip1 IP addressformat

nvram set gre_local_tun_ip1=200.200.200.2tunnel2 gre_local_tun_ip2



local tunnel3 gre_local_tun_ip3tunnel4 gre_local_tun_ip4tunnel5 gre_local_tun_ip5tunnel6 gre_local_tun_ip6tunnel7 gre_local_tun_ip7tunnel8 gre_local_tun_ip8tunnel9 gre_local_tun_ip9tunnel10 gre_local_tun_ip10tunnel11 gre_local_tun_ip11tunnel12 gre_local_tun_ip12

9 Localsubnetmask

tunnel1 gre_local_tun_mask1 Subnet maskformat

nvram set gre_local_tun_mask1=255.255.255.0tunnel2 gre_local_tun_mask2

tunnel3 gre_local_tun_mask3tunnel4 gre_local_tun_mask4tunnel5 gre_local_tun_mask5tunnel6 gre_local_tun_mask6tunnel7 gre_local_tun_mask7tunnel8 gre_local_tun_mask8tunnel9 gre_local_tun_mask9tunnel10 gre_local_tun_mask10tunnel11 gre_local_tun_mask11tunnel12 gre_local_tun_mask12

10 keepalive

tunnel1 gre_keepalive_enable1 0 disable nvram setgre_keepalive_enable1 =0tunnel2 gre_keepalive_enable2

tunnel3 gre_keepalive_enable3tunnel4 gre_keepalive_enable4tunnel5 gre_keepalive_enable5tunnel6 gre_keepalive_enable6tunnel7 gre_keepalive_enable7 1 enabletunnel8 gre_keepalive_enable8tunnel98 gre_keepalive_enable9tunnel10 gre_keepalive_enable1

0tunnel11 gre_keepalive_enable1

1tunnel12 gre_keepalive_enable1

211 Re-di

altimes

tunnel1 gre_keepalive_tries1 1-99999 rangeof decimalfigures

nvram set gre_keepalive_tries1=15tunnel2 gre_keepalive_tries2

tunnel3 gre_keepalive_tries3



tunnel4 gre_keepalive_tries4tunnel5 gre_keepalive_tries5tunnel6 gre_keepalive_tries6tunnel7 gre_keepalive_tries7tunnel8 gre_keepalive_tries8tunnel9 gre_keepalive_tries9tunnel10 gre_keepalive_tries10tunnel11 gre_keepalive_tries11tunnel12 gre_keepalive_tries12

12 re-dialinterval

tunnel1 gre_keepalive_interval1

1-99999 rangeof decimalfigures

nvram setgre_keepalive_interval1 =60












13 Policyfailure

tunnel1 gre_keepalive_failaction1

0 hold nvram setgre_keepalive_failaction1=0









1 restart






5 . security5.1 firewallSecurity

NO. parameters The name ofparameters

The value and description example

1 Enable SPIfirewall

filter on enable nvram set filter=onoff disable

2 Filter httpdproxy

block_proxy 1 filter nvram set block_proxy =1

0unfiltered

3 Filter cookies block_cookie 1 filter nvram set block_cookie =1

0 unfiltered

4 Filter javaapplicationprogram

block_java 1 filter nvram set block_java =10 unfiltered



5 Filter activex block_activex 1 filter nvram set block_activex =10 unfiltered

6 Filter data ofping fromWAN

block_wan 1 filter nvram set block_wan=1

0 unfiltered

7 Filter data ofport 113

block_ident 1 filter nvram set block_ident=1

0 unfiltered

8 Filter data ofsnmp protocol

block_snmp 1 filter nvram set block_snmp=10 unfiltered

9 Limit times ofssh connection

limit_ssh 1 limited nvram set limit_ssh=10 unlimited

10 Limit times oftelnetconnection

limit_telnet 1 limited nvram set limit_telnet=10 unlimited

11 Limit times ofpptpconnection

limit_pptp 1 limited nvram set limit_pptp=10 unlimited

12 Limit times ofl2tpconnection

limit_l2tp 1 limited nvram set limit_l2tp=10 unlimited

Log manage

NO. parameters Value ofparameters

The values and description example

1 Enable logmanage

log_enable 1 enable nvram set log_enable=10 disable

2 Loggingregistration

log_level 0 low nvram set log_level=11 middle2 high

3 Log droppedpackets

log_dropped 1 log nvram set log_dropped =10 Dont log

4 Log receivedpackets

log_accepted 1 Log nvram set log_accepted =10 Dont log

5 Log rejectedpackets

log_rejected 1 Log nvram set log_rejected =10 Dont log



5.2 VPN pass-throughNO. parameters The value of

parameterThe value and description example

1 IPSecpass-through

ipsec_pass 1 enable nvram set ipsec_pass=10 disable

2 PPTPpass-through

pptp_pass 1 Enable nvram set pptp_pass=10 disable

3 L2TPpass-through

l2tp_pass 1 enable nvram set l2tp_pass=10 disable

6 . access limit6.1 WAN accessClient list

NO. Parameteritem


1 MAC addressof applicationclient in policy1

filter_mac_grp1 Mac address

formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8addresses at the longest)

nvram set filter_mac_grp1=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH




nvram setfilter_mac_grp2=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH

































formatAA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH(8

nvram setfilter_mac_grp10=AA:BB:CC:DD:EE:FFCC:DD:EE:FF:GG:HH



addresses at the longest)11 IP address of

applicationclient in policy1

filter_ip_grp1 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4

nvram set filter_ip_grp1=100 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1

Lan1-Lan6 Address of theclient in thesame networksegments of the

router range

0-255assumingthe routeraddress is

192.168.1.1/24when Lan1 is

20indicates theIP address192.168.1.20;indicates theaddress is notused

A1.B1.C1.D1-A2.B2.C2.D2

Ip address range

A3.B3.C3.D3-A4.B4.C4.D4

Ip address range

12 IP address ofapplicationclient in policy2






14 IP address ofapplication

filter_ip_grp4 format:Lan1 Lan2 Lan3 Lan4Lan5 Lan6

nvram set filter_ip_grp4=100 0 0 0 0



client in policy4

A1.B1.C1.D1-A2.B2.C2.D2A3.B3.C3.D3-A4.B4.C4.D4

192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1


















nvram setfilter_ip_grp10=10 0 0 0 0 0192.168.2.1-192.168.9.244192.167.10.1-192.168.1.1

Access policy

NO. Parameteritem

parameters The value and description example

1 Access policyrules 1

filter_rule1 state 2 enable nvram set filter_rule1=$STAT:2$NAME:FILTER2$DENY:0$$

0 disablepolicy 30 characters at

the longestaction 1 deny

0 filter

format$STAT:stat$NAME:nameof policy$DENY:action$$




filter_rule2 idem nvram set filter_rule2=$STAT:2$NAME:FILTER2$DENY:0$$

















11 the time of thepolicy rule 1:

filter_tod1 Start time hourpoint

0-23 naturalnumber

nvram set filter_tod1=0:023:58 13,5-6

The number ofminutes of thestart time

0-59 naturalnumber

to terminatetime hours point

0-23 naturalnumber

Termination ofthe time thenumber ofminutes

0-59 naturalnumber

Effect time ofpolicy

If every dayeffectiveset



0-6 if

Tuesday wednesdayand Fridayeffective,set

2-3,5 if onlyeffect on

monday set

1 othersimilar record

formatstart time hour point:thenumber of minutes of the starttime:to terminate time hourspoint:termination of the time thenumber of minutes: effect timeof policy

12 The time of thepolicy rule 2

filter_tod2 idem nvram set filter_tod2=0:023:58 13,5-6

















21 Blocked url filter_web_h Network Url address of the nvram set filter_web_host1



address bypolicy rule 1

ost1 address site =www.baidu.comwww.163.comformat network

addressurl ofsite

22 Blocked urladdress bypolicy rule 2

filter_web_host2

idem nvram set filter_web_host2=www.baidu.comwww.163.com


filter_web_host3



filter_web_host4



filter_web_host5



filter_web_host6



filter_web_host7



filter_web_host8



filter_web_host9



filter_web_host10


31 the keyword inweb site beblocked bypolicy rule 1

filter_web_url1

keyword Keywords inurl address

nvram setfilter_web_url1=www;163formatkeyword;keyw

ord 32 the keyword in

web site beblocked bypolicy rule 2

filter_web_url2

idem nvram setfilter_web_url2=www;163




filter_web_url3



filter_web_url4



filter_web_url5



filter_web_url6



filter_web_url7



filter_web_url8



filter_web_url9



filter_web_url10


6.2 data-flow filtrationNO. Parameter

itemparameters The value and description example

1 Enable Dataflow filtrationfunction

packetfilter_enable

0 disable nvram set LoadShunt_rule=01 enable



2 Data-flowfiltration policy

packetfilter_policy

DROP Drop in linewith the rulesof data

nvram setpacketfilter_policy=DROP

ACCEPT Receivingdata incompliancewith therules,does notcomply withall thediscarded

3 Filtration policy packetfilter_ips Sourceaddress

Sourceaddress ofdata,format:A.B.C.D/M

nvram set packetfilter_ips=0.0.0.0/0 1 655350.0.0.0/0 1 65535 bothoutput |

destination Destinationaddress ofdata,format:A.B.C.D/M

Starting portnumber in thesource portrange

1-65535

The end ofthe portnumber in thesource portrange

1-65535

Starting portnumber in thedestinationport range

1-65535

The end ofthe portnumber in thedestinationport range

1-65535

Protocol tcp udp

icmpboth



direction output

Thedirection oflan towan

input Thedirection ofWanto lan

format sourceaddress;destination address;starting port number in sourceport range;the end of the portnumber in source port range;Starting port number in thedestination port range; Theend of the port number in thedestination port range;protocol;direction | next rule| |

7 . NAT configurationNO. Parameter

itemparameters The value and description example

1 Port forward forward_spec Name ofapplication

Letters and

numbers18characters atthe longest

nvram set forward_spec=xx:on:both:12>192.168.1.1:11192.168.1.2:10



Sourceaddress ofdata

A.B.C.D/M

Source port ofdata

1-65535

Destinationaddress offorward

A.B.C.D

Destinationport offorward

1-65535

format Name ofapplication:protocol:destination port ofdata>Destination address offorward: Destination port offorward192.168.7.2 yy:off:tcp:3:6>192.168.7.3

Whether toopen onenable

offdisableprotocol udptcpboth

Startingdestinationport of data

1-65535

The end ofdestinationport of data

1-65535

Destinationport offorward

A.B.C.D

format application:protocol:



destination port ofdata>Destination address offorward: Destination port offorward6-666ttt:on:both:5-66>88-9099yyy:on:udp:2-555>6-666ttt:on:both:5-66>88-9099

Whether toopen onenable

offdisableprotocol tcpudpbothStarting portnumber ofdestinationport range OfTrigger rule

1-65535

The end ofport numberof destinationport range OfTrigger rule

1-65535

Starting portnumber ofport range OfTrigger rule

1-65535

The end ofport numberof portrange OfTrigger rule

1-65535

format Name ofapplication:protocol:Startingport number of destination portrange Of Trigger rule: The endof port number of destination


Page 61 of 75Xiamen Four-Faith Communication Technology Co.,Ltd.Add J1-J3,3rdFloor,No.44,GuanRiRoad,SoftWare Park,XiaMen .361008.Chinahttpen.four-faith.com Tel +86 13178273589 E-mail:coco@four-fa

Nvram Parameter Configuration Instructions

Documents

Transcript of Nvram Parameter Configuration Instructions