Draytek Telnet Commands for Vigor3300 Series Reference Guide Version: 1.0 Date: 2006/12/28 i Copyright Information Copyright Declarations Copyright 2006 All rights reserved This publication contains information that is protected by copyright No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders Trademarks The following trademarks are used in this document: z Microsoft is a registered trademark of Microsoft Corp z Windows, Windows 95, 98, Me, NT, 2000, XP and Explorer are trademarks of Microsoft Corp z Apple and Mac OS are registered trademarks of Apple Computer Inc z Other products may be trademarks or registered trademarks of their respective manufacturers ii Table of Contents Introduction 1.1 Accessing Telnet 1.2 Valid Commands Commands Descriptions .7 2.1 advance 2.1.1 nat 2.1.1.1 addressmap 2.1.1.2 dmz 2.1.1.3 portlist 2.1.1.4 redirectport 10 2.1.1.5 status 12 2.1.2 snmp 13 2.1.2.1 community 13 2.1.2.2 trap2sink 14 2.1.3 block 15 2.1.4 blockstatus 16 2.1.5 callsch 17 2.1.6 lanvlan 18 2.1.7 portmirror 19 2.1.8 staticroute 20 2.1.9 tagvlan 21 2.1.10 wanportmirror 23 2.2 firewall 24 2.2.1 dos 24 2.2.1.1 icmpflood 24 2.2.1.2 packetblock 25 2.2.1.3 portscan 26 2.2.1.4 synflood 27 2.2.1.5 udpflood 28 2.2.1.6 enable 28 2.2.2 ipfilter 29 2.2.2.1 filterrule 29 2.2.2.2 general 32 2.2.2.3 group 33 2.2.3 urlfilter 34 2.2.3.1 catetory 34 2.2.3.2 exception 36 2.2.3.3 keyword 37 2.2.3.4 schedule 37 2.2.3.5 web 38 2.2.3.6 enable 39 2.3 network 40 2.3.1 lan 40 2.3.1.1 dhcp 40 2.3.1.2 ip_nat 42 2.3.1.3 ip_route 43 2.3.2 wan 44 2.3.2.1 advance 44 2.3.2.2 active 45 2.3.2.3 dhcp 46 2.3.2.4 dmz 47 2.3.2.5 macf 48 iii 2.3.2.6 ppp_detect 49 2.3.2.7 pppoe 50 2.3.2.8 pptp 51 2.3.2.9 rate 52 2.3.2.10 show 53 2.3.2.11 speed 54 2.3.2.12 static 55 2.3.2.13 static_detect 56 2.3.3 highava 57 2.3.4 policy 58 2.3.5 static_dhcp 60 2.4 qos 61 2.4.1 incoming 61 2.4.1.1 active 61 2.4.1.2 class 61 2.4.4.3 filter 62 2.4.2 outgoing 64 2.4.2.1 active 64 2.4.2.2 class 64 2.4.2.3 filter 65 2.5 System 67 2.5.1 acl 67 2.5.2 administrator 68 2.5.3 ntp 69 2.5.4 port 70 2.5.5 reboot 71 2.5.6 status 72 2.5.7 syslog 73 2.6 voip 74 2.6.1 advspdial 74 2.6.1.1 advspdial 74 2.6.2 in_barring 76 2.6.2.1 allow 76 2.6.2.2 deny 77 2.6.2.3 set 78 2.6.3 misc 79 2.6.3.1 dialing_timeout 79 2.6.3.2 fxo_auto_disconnect 79 2.6.3.3 fxs_ringing 80 2.6.3.4 line_reversal 80 2.6.3.5 rtp_port 81 2.6.3.6 t38port 81 2.6.3.7 t38redundancy 82 2.6.3.8 tos 82 2.6.4 port 83 2.6.4.1 callforward 83 2.6.4.2 codec 84 2.6.4.3 disconnect 86 2.6.4.4 dtmf_relay 87 2.6.4.5 fax 88 2.6.4.6 gain 89 2.6.4.7 group 90 2.6.4.8 hotline 91 2.6.4.9 phonenumber 92 2.6.4.10 proxy 93 2.6.4.11 voip_ip 94 2.6.5 protocol 95 iv 2.6.5.1 mgcp 95 2.6.5.2 sip 98 2.6.5.3 set 99 2.6.6 speeddial 100 2.6.6.1 del 100 2.6.6.2 set 100 2.6.6.3 show 101 2.6.7 tone 102 2.6.7.1 user_defined 102 2.6.7.2 country 106 2.6.8 nat 107 2.6.9 qos 108 2.6.10 save 108 2.6.11 siplog 109 2.6.12 status 109 2.7 vpn 110 2.7.1 ipsec 110 2.7.1.1 connect 110 2.7.1.2 disconnect 110 2.7.1.3 log 110 2.7.1.4 policy 111 2.7.1.5 status 113 2.7.2 pptp 114 2.7.2.1 auth 114 2.7.2.2 general 115 2.7.2.3 group 116 2.7.2.4 12tp 117 2.8 exit/logout/quit 118 2.9 ping 118 2.10 traceroute 118 v Introduction 1.1 Accessing Telnet Click Start >> Run and type Telnet 192.168.1.1 in the Open box as below Note that the IP address in the example is the default address of the router If you have changed the default, enter the current IP address of the router Click OK The Telnet terminal will open If an administrator password has not already been assigned, follow the on-screen instructions to assign one You have to enter “draytek” as the login name and enter “1234” as the password After assigning a password, type “?” You will see a list of valid/common commands depending on the router that your use To access into next level of the command, please type the first level directly; to return to previous level, please type “ ” 1.2 Valid Commands The valid commands will differ according to the router and the firmware version that you have At present, commands explained in this manual are for Vigor 3300 Series Please refer to the following table for quick searching the telnet command for your necessity F/W: V2.5.7.3 (RC1) Commands Type First Layer nat nnmp advance Valid subcommands Second Layer addressmap dmz portlist redirectport status community trap2sink block blockstatus callsch lanvlan portmirror staticroute tagvlan wanportmirror icmpflood Firewall packetblock portscan Dos synflood udpflood enable filterrule Ipfilter general group category urlfilter exception keyword schedule web Third Layer enable threshold option enable threshold enable threshold enable threshold Add Delete Edit status startup Add Delete Edit status Eptallow Eptdeny Server set Add Delete Edit Add Block_mode Delete edit Option time Accessbyip Commands Type First Layer lan network wan Valid subcommands Second Layer filetype enable dhcp Ip_nat Ip_route advance active dhcp dmz mac ppp_detect pppoe pptp rate show speed static static_detect Third Layer highava policy static_dhcp incoming qos outgoing system voip acl administrator ntp port reboot status syslog advspdial In_barring misc port active class filter active class filter advspdial allow deny set dialing_timeout fxo_auto_disconnect fxs_ringing line_reversal rtp_port t38port t38redundancy tos callforward codec disconnect dtmf_relay fax gain group hotline phonenumber proxy voip_ip Commands Type First Layer protocol speeddial tone Valid subcommands Second Layer Third Layer mgcp callagent epidstyle localport wildrsip sip localport set set del set show user_defined busy callerid congestion dial ringing country nat qos save siplog status ipsec vpn pptp exit logout ping quit traceroute connect disconnect log lolicy status auth general group 12tp DrayTek/voip/tone/user_defined> congestion -s ==== VoIP Congestion Tone === LowFreq: 10 HignFreq: 50 TOn1: 50 TOff1:50 TOn2: 50 TOff2: 50 d dial This command can set dial tone which can indicate a phone line is ready to make a call dial -s dial Syntax Description Syntax Description -s It is used for displaying current settings Lowfreq Enter the low frequency number in Hertz Howfreq Enter the high frequency number in Hertz Ton1 Enter the duration of the first ring The unit 10msec Toff1 Enter the silence duration after the first ring The unit 10msec Ton2 Enter the duration of the next continuous ring The unit 10msec Toff1 Enter the silence duration after the next continuous ring The unit 10msec Example DrayTek/voip/tone/user_defined> dial 20 50 200 200 200 200 DrayTek/voip/tone/user_defined> dial -s ==== VoIP Dial Tone === LowFreq: 20 HignFreq: 50 TOn1: 200 TOff1:200 TOn2: 200 TOff2: 200 104 e ringing This command can set features for ringing calls ringing -s ringing Syntax Description Syntax Description -s It is used for displaying current settings Lowfreq Enter the low frequency number in Hertz Howfreq Enter the high frequency number in Hertz Ton1 Enter the duration of the first ring The unit 10msec Toff1 Enter the silence duration after the first ring The unit 10msec Ton2 Enter the duration of the next continuous ring The unit 10msec Toff1 Enter the silence duration after the next continuous ring The unit 10msec Example DrayTek/voip/tone/user_defined> ringing 30 60 60 60 60 60 DrayTek/voip/tone/user_defined> ringing -s ==== VoIP Dial Tone === LowFreq: 30 HignFreq: 60 TOn1: 60 TOff1:60 TOn2: 60 TOff2: 60 105 2.6.7.2 country This command can select country for tone setting country -s country Syntax Description Syntax Description -s It is used for displaying current settings Country Code Enter the number listed below to choose the proper country for tone setting If you want to change the phone settings manually, you have to enter “0” to choose user defined mode : User Defined : Canada, USA 31 : Netherlands 33 : France 44 : British 45 : Denmark 47 : Norway 49 : Germany 65 : Singapore 81 : Japan 86 : China 358: Finland 852: Hong Kong 886: Taiwan Example DrayTek/voip/tone> country -s Country: British 106 2.6.8 nat This command can set VoIP NAT traversal nat -s nat nat nat nat -sym Syntax Description Syntax Description -s It is used for displaying current settings Disable Mode Enter “0” to disable NAT traversal(this is default setting.) Manual Mode Enter “1” for inputting NAT IP address manually Auto Mode Enter “2” for discovering NAT IP address automatically NatIpAddr Enter the IP address to be used as the NAT IP address Type Enter “0” to configure NAT information manually by users Enter “1” to make NAT information configuring automatically LocalPort Enter the local listening port number for STUN client Server IP Enter the IP address of STUN server Server Port Enter the port number of STUN server Sym_rtp_t38 It means Symmetric Media Setting When Vigor3300 detects the IP address of the receiving packets differing with the address informed by remote end, Vigor3300 will change the IP address automatically according to the real IP address of the packets to ensure the remote receiver can get the packets Enter “0” to make RTP and T.38 being not symmetrical Enter “1” to make RTP and T.38 being symmetrical Example DrayTek/voip> nat 558 172.16.3.1 8080 DrayTek/voip> nat -s Mode: Auto Discover NAT IP Address NAT IP Address: 127.0.0.1 STUN Local Port: 558 STUN Server Address: 172.16.3.1 STUN Server Port: 8080 Type: Full-auto Sym RTP: Disable 107 2.6.9 qos This command can set VoIP QoS features qos -s qos Syntax Description Syntax Description -s It is used for displaying current settings mode Enter the number listed below to specify a mode for QoS 0: Disable (Voice Quality: Normal , Data Rate: High) 1: Normal QoS (Voice Quality: Good , Data Rate: Medium) 2: Strict QoS( The mode only for special model) (Voice Quality: Excellent , Data Rate: Low) LFI Enter “0” to disable the function of shrinking the packet for fast sending (this is default setting) Enter “1” to enable the function of shrinking the packet for fast sending Example DrayTek/voip> qos 1 After reboot, changes will take effect Reboot now? (y/n)y 2.6.10 save This command can save VoIP message save Example DrayTek/voip> save 108 2.6.11 siplog This command can display log for SIP usage If there is no SIP usage, it will display “not found” siplog siplog Syntax Description Syntax Description Mode Enter the number for displaying SIP log 0: Output last 50 lines 1: Output last N lines Line Print last N lines for mode Example DrayTek/voip> siplog /bin/tail: not found DrayTek/voip> siplog 100 /bin/tail: not found 2.6.12 status This command can display VoIP connection status status Syntax Description Syntax Description status Enter this word to display connection status of VoIP (eight ports) Example DrayTek/voip> status Port Register Status : Call Status : Idle Call Type : Caller Number : Callee Number : Start Time : Remote RTP Address : Remote RTP Port : Codec Type : Packet Period : 109 2.7 vpn 2.7.1 ipsec This command can configure IPSec settings 2.7.1.1 connect This command can set VPN connection connect Syntax Description Syntax Description Index Enter the number of the VPN configuration that you want to connect The available range is to 10 Example DrayTek/vpn/ipsec> connect DrayTek/vpn/ipsec> 2.7.1.2 disconnect This command can break VPN connection disconnect Syntax Description Syntax Description Index Enter the number of the VPN configuration that you want to disconnect The available range is to 10 Example DrayTek/vpn/ipsec> disconnect DrayTek/vpn/ipsec> 2.7.1.3 log This command can display VPN log Example DrayTek/vpn/ipsec> log -VPN IPSec Log [Date/Time, Description] 110 2.7.1.4 policy This command can set policy table policy -s policy -e policy -cert_any policy -cert policy -proposal policy -dpd policy -dhcp policy -nat-t policy -d Syntax Description 111 Syntax Description -s It is used for displaying all the policy tables -e It is used for editing Preshared Key -d It is used for deleting the specified policy -cert_any It is used for utilizing Local Certificate and accepting any Remote ID for RSA signature To utilize local certificate and accept the remote ID of peer only, please use the syntax of “policy -cert ” Index Enter the item number on the policy table that you want to edit Name Enter the name for VPN connection (ex “VPN1”) The maximum length of name is 20 characters including spaces Preshared Key Enter the number as Preshared Key for the Policy The maximum length is 40 characters, including spaces Security Protocol Enter “0” to specify “ESP” to make the data being encrypted and authenticated Enter “1” to specify “AH” to make the data being authenticated but not be encrypted Admin Status Enter “0” to initiate IPSec Tunnel Enter “1” to disable IPSec Tunnel Enter “2” to invoke this profile automatically by the system for every 30 seconds WAN Interface Enter the number (1 to 4) as the WAN interface for the policy 1: WAN1 ; 2: WAN2 ; 3: WAN3 ; 4: WAN4 Local Subnet Enter a subnet address as local subnet Local Subnet Mask Enter the number (0-32) as the local subnet mask Remote IP Address Enter an IP Address as remote gateway Remote Subnet Enter a subnet address as remote subnet Remote Subnet Mask Enter the number (0-32) as the remote subnet mask Local Certificate The local certificate is active for authentication if the RSA Signature option is set in the Authentication field These options come from the user certificate file Enter the number from to 10 Remote ID Enter the identification number for the remote gateway (ID of Remote Gateway) Phase1 Lifetime Enter the rekey-renegotiated period of the IKE Phase1 keying channel of a connection Available range is 5-480 Phase1 Proposal - Enter the number to specify corresponding proposal -1: none ; 0: des-md5-modp768 ; 1: des-md5-modp1024 ; 2: des-md5-modp1536; 3: des-sha-modp768; 4: des-sha-modp1024; 5: des-sha-modp1536 ; Phase2 Lifetime Enter the rekey-renegotiated period of the IKE Phase2 keying channel Available range is 5-1440 Phase2 Proposal - Enter the number to specify proposed encryption and/or authentication algorithms for IKE Phase2 negotiations PFS Enter “0” to enable this function Enter “1” to disable this function Accepted Proposal If you choose Only accept proposal listed above, only the selected proposal will be accepted and applied by this device If you choose Accept all supported proposal, all the proposals supported by this device will be accepted and applied Enter “0” to enable “Only accept proposal listed above” Enter “1” to enable “Accept all supported proposal” DPD Enable Enter “0” to enable Dead Peer Detection function Enter “1” to disable this function Delay Enter “0” to disable this function Or enter a umber to enable this function A Hello message will be emitted periodically when a tunnel is idle The recommended value is 30 seconds if enabled Timeout Enter “0” to disable this function Or enter a umber to enable this function The recommended value is 120 seconds if enabled 112 DHCP-over-IPSec Enter “0” to enable this function Enter “1” to disable this function NAT-T Enable Enter “0” to enable this function Enter “1” to disable this function Example DrayTek/vpn/ipsec> policy –e test_tunnel 123 192.168.1.0 24 172.16.1.3 192.168.2.0 24 DrayTek/vpn/ipsec> 2.7.1.5 status This command can display current VPN connection Example DrayTek/vpn/ipsec> status VPN Connection Status Index :1 Name :test_tunnel Status :down Algorithm :no Remote IP :172.16.1.3 Remote Subnet :192.168.2.0/24 Packet In :0 Byte In :0 Packet Out :0 Byte Out :0 Uptime :0 - 113 2.7.2 pptp This command can set VPN configuration for PPTP 2.7.2.1 auth This command can set PPTP Authentication function auth -s auth -e auth -d Syntax Description Syntax Description -s It is used for displaying all the policy tables -e It is used for editing the specified policy -d It is used for deleting the specified policy Index Enter the item number on the user profile table that you want to edit or delete There are 30 sets of accounts for authentication can be configured username Enter the name for the index that you want to edit password Enter the password for the index that you want to edit Group IP Enter A, B, C or D to specify certain group for the index that you want to edit 1:Group A; 2:Group B; 3:Group C; 4:Group D Example DrayTek/vpn/pptp> auth -e vpn1 vpn1 DrayTek/vpn/pptp> auth -s VPN PPTP Authentication Index: User Name: vpn1 User Password: **** Group: A 114 2.7.2.2 general This command can set general configuration for PPTP VPN tunnel general -s general general general Syntax Description Syntax Description -s It is used for displaying all the policy table Inactive Enter “0” to disable this general setting Active Enter “1” to enable this general setting PPTP Auth Enter the number (0 – 3) listed below to choose an authentication mode to be used 0:PAP ; 1:CHAP ; 2:MS-CHAP ; 3:MS-CHAP-V2 Encryption Enter the number (0 – 2) listed below to choose an encryption mode to be used 0:No Encryption; 1:MPPE 40 bits; 2:MPPE 40 bits / 128 bits User Auth Enter “0” to user authentication to Local server Enter “1” to user authentication to Radius Server server Disable Mutual Enter “0” to disable this function Enable Mutual Enter “1” to enable this function username Enter the user name that the other side provides for carrying out mutual authentication whenever you want password Enter the password that the other side provides for carrying out mutual authentication whenever you want Example DrayTek/vpn/pptp> general 1 0 DrayTek/vpn/pptp> general -s PPTP General Setting Status: Active PPTP Authentication: PAP PPTP Encryption: MPPE 40 bits User Authentication: Local Status: Disable User Name: Password: 115 2.7.2.3 group This command can assign IP, netmask, subnet, subnet mask for a VPN PPTP group group -s group Syntax Description Syntax Description -s It is used for displaying all the policy table Group ID Enter the group ID (A, B, C or D) to specify certain group for the index that you want to edit Assign IP Enter the IP address for client The default group value for this setting is 192.168.1.224 Assign Netmask Enter the value of subnet mask for the Assign IP The available settings include /24 ; /16 ; /8 ; /25 ; /26 ; /27; /28 ; /29 ; /30 ; /31 ; Subnet Enter the IP address for client (destination IP) Subnet Mask The available settings include /24 ; /16 ; /8 ; /25 ; /26 ; /27; /28 ; /29 ; /30 ; /31 ;/32 Example DrayTek/vpn/pptp> group A 192.168.1.224 /28 192.168.1.5 /24 DrayTek/vpn/pptp> group -s == Group A == Assign IP: 192.168.1.224 Assign netmask: /28 Subnet: 192.168.1.5 Subnet Mask: /24 == Group B == 116 2.7.2.4 12tp This command can configure L2TP General Setup for VPN connection l2tp -s l2tp l2tp l2tp Syntax Description Syntax Description -s It is used for displaying all the policy table Inactive Enter “0” to disable this general setting Active Enter “1” to enable this general setting PPTP Auth Enter the number (0 – 3) listed below to choose an authentication mode to be used 0:PAP ; 1:CHAP ; 2:MS-CHAP ; 3:MS-CHAP-V2 User Auth Enter “0” to user authentication to Local server Enter “1” to user authentication to Radius Server server Disable Mutual Enter “0” to disable this function Enable Mutual Enter “1” to enable this function username Enter the user name that the other side provides for carrying out mutual authentication whenever you want password Enter the password that the other side provides for carrying out mutual authentication whenever you want Example DrayTek/vpn/pptp> l2tp -s L2TP General Setting Status: Active L2TP Authentication: CHAP User Authentication: Local Status: Disable User Name: Password: 117 2.8 exit/logout/quit This command (exit or logout) can set exit telnet command screen of Vigor3300V series 2.9 ping This command can execute ping funuction with telnet command ping Syntax Description Syntax Description Source Interface Enter the number listed below (0 – 4) to specify WAN or LAN interface for pinging : LAN ; : WAN1 ; : WAN2; : WAN3; : WAN4 Destination Address Enter domain name or IP address as the destination for pinging Example DrayTek> ping 172.16.3.229 Reply from 172.16.3.229: time=0 Reply from 172.16.3.229: time=0 Reply from 172.16.3.229: time=0 Reply from 172.16.3.229: time=0 ms ms ms ms 2.10 traceroute This command can trace the path of route traceroute Syntax Description Syntax Description Destination Address Enter domain name or IP address as the destination for tracing Example DrayTek> traceroute 172.16.3.229 traceroute to 172.16.3.229 (172.16.3.229), 30 hops max, 84 byte packets 172.16.3.229 (172.16.3.229) 0.949 ms 0.914 ms 0.897 ms 118 ... 118 2.10 traceroute 118 v Introduction 1.1 Accessing Telnet Click Start >> Run and type Telnet 192.168.1.1 in the Open box as below Note that the IP address in the example... of their respective manufacturers ii Table of Contents Introduction 1.1 Accessing Telnet 1.2 Valid Commands Commands Descriptions .7 2.1... router If you have changed the default, enter the current IP address of the router Click OK The Telnet terminal will open If an administrator password has not already been assigned, follow the