Do 009467 PS 4

ISOS (8.
2 Service Release 2) User Guide

DO-009467-PS (Issue 4, 6th Dec 2002)
Copyright
Copyright 2002 GlobespanVirata Inc. All Rights Reserved. This document and the software programs to which it relates are furnished under license and may only be used in accordance with the terms and conditions set forth in the license agreement. This document is provided for information only and is subject to change without notice. GlobespanVirata Inc assumes no responsibility or liability for any errors or inaccuracies that may appear in the document, and specifically disclaims any implied warranties of merchantability, fitness for a particular purpose, and non-infringement. Except as permitted by such license, no part of this document may be copied, reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, recording or otherwise, or used as the basis for manufacture or sale of any items without the prior written consent of GlobespanVirata Inc. Virata is a registered trademark of GlobespanVirata Inc. All other names are for reference only and are the property of their respective owners. ISOS (8.2 Service Release 2) User Guide: DO009467-PS GlobespanVirata Company Proprietary.
Contacting GlobespanVirata
For more information on GlobespanVirata, contact the offices below or visit our web site:
http://www.globespanvirata.com GlobespanVirata Headquarters

100 Schulz Drive Red Bank NJ 07701 USA Telephone: +1 888 855 4562
GlobespanVirata UK
Unit 230 Cambridge Science Park Milton Road Cambridge CB4 0WB United Kingdom Telephone: +44 1223 707400
Trademarks
Virata, EmStack and EmWeb are registered trademarks of GlobespanVirata Inc. ATMOS real-time operating system, Helium communications processor, Helium 200 communications processor, Helium 210 communications processor, ISOS Integrated Software on Silicon, are trademarks of GlobespanVirata Inc.
ii
ISOS (8.2 Service Release 2) User Guide, DO-009467-PS (Issue 4, 6th Dec 2002)
Contents
1. About this Guide 1
1.1 Structure of this guide 2 1.2 Typographical conventions 4 1.3 Reading this guide 5 1.4 Documentation Reference Roadmap 6
2. Introduction 7
2.1 What is ISOS? 8 2.2 What is an ISOS System? 8 2.3 What configurations are supported by an ISOS System? 8 2.4 How is the ISOS System configured? 9 2.5 What are the features of each supported configuration? 10 2.6 What is the typical setup for each supported configuration? 13 2.7 What software platforms are supported? 18 2.8 What software development platforms are supported? 20 2.9 What additional software applications are needed? 20
3. Installing ISOS software 27

3.1 Installation overview 28 3.2 Searching for ISOS release packages 29 3.3 Downloading ISOS software packages 29 3.4 Installing ISOS Tools 35 3.5 Installing ISOS software 41 3.6 Installing the ISOS Chip support package 43 3.7 Installing the ISOS Board support package 44 3.8 Install the Web Content Compiler License 45 3.9 Configure your shell initialisation file 48
4. Installing PC Driver software 51

4.1 Installation overview 52 4.2 RNDIS driver support 53 4.3 CDC Ethernet Networking Model support 57
ISOS (8.2 Service Release 2) User Guide Issue 4, 6th Dec 2002
iii
Contents
5. Building an ISOS image 61

5.1 Introduction 62 5.2 Typical image structure 63 5.3 Build requirements 65 5.4 Hardware type 66 5.5 Product type 68 5.6 Product and platform combinations 70 5.7 Build directories and configuration files 72 5.8 Product configuration files 73 5.9 System configuration file 73 5.10 Hardware configuration file 74 5.11 Build directory 76 5.12 BUN configuration file 77 5.13 Image directory 79 5.14 Building an ISOS image 79 5.15 Building a debug image 80 5.16 Building a network-boot image 81 5.17 Building an image containing a recovery image 83 5.18 Building an image containing multiple configuration partitions 87 5.19 Including files in an image 91 5.20 Creating customized images 94 5.21 Further information 96
6. Booting the ISOS System in Gateway mode 99

6.1 Introduction to Booting 100 6.2 Assumptions 100 6.3 Booting over the network (using DHCP and TFTP) 100 6.4 Booting over the network (using BOOTP and TFTP (UNIX)) 102 6.5 Booting over the network (using BOOTP and TFTP (Windows))
106
6.6 Booting an ISOS System over the network 109 6.7 Troubleshooting 113
iv
Contents
7. Configuring Booting of an ISOS System 115

7.1 Introduction 116 7.2 Assumptions 116 7.3 Overview 116 7.4 Rebooting the system 119 7.5 Configuring a temporary boot source 120 7.6 Configuring prompting for a boot source 120 7.7 Configuring booting from Flash 121 7.8 Configuring booting from the network 122 7.9 Using tftp to download an image from the network 123
8. Using the CLI 125

8.1 Introduction 126 8.2 Starting a CLI session 126 8.3 Logging in to the system 127 8.4 Logging out of the system 128 8.5 Using CLI and Console Commands 128 8.6 Administering user accounts 135 8.7 Setting user passwords 136 8.8 Changing user settings 136 8.9 About the console 137
9. Using the EmWeb server 141

9.1 Introduction 142 9.2 About EmWeb 142 9.3 Accessing EmWeb 142 9.4 About EmWeb pages 145 9.5 About the Status Page 145 9.6 About the Quick Start page 149 9.7 About the System menu 152 9.8 About the Configuration menu 158 9.9 Ports 199
Contents
10. Using the ISOS File Manager 201

10.1 Introduction 202 10.2 About the File Manager process 202 10.3 About FlashFS and ISFS 202 10.4 Multiple FLASH partitions 203 10.5 Choosing the default filesystem/partition 204 10.6 Listing the contents of ISFS and FlashFS 206 10.7 Updating ISFS and FlashFS 214 10.8 Managing files in ISFS and FlashFS 214
11. Configuring ISOS modules 217

11.1 Introduction 218 11.2 Interaction between configuration methods 218 11.3 Module configuration files 219 11.4 Using a Management Tool or Console 221 11.5 Restoring a saved configuration from the CLI 225 11.6 By downloading files to ISFS 226 11.7 By programming Flash devices 227
12. Compressing an ISOS image 229

12.1 Introduction 230 12.2 Compression overview 230 12.3 About the compression utilities 232 12.4 Typical compression figures 234 12.5 Typical decompression figures 235 12.6 Choosing a compression method 235 12.7 Configuring the compression method 236
13. Configuring the ISOS System in Gateway mode 237

13.1 Introduction 238 13.2 Test network setup 239 13.3 Bridged configurations 243 13.4 Routed configurations 250 13.5 Tunnelling configurations 294
vi
Contents
14. Configuring the ISOS System in PC-attached Gateway mode 301

14.1 Introduction 302 14.2 Test network setup 303 14.3 Bridged configurations 306 14.4 Routed configurations 309 14.5 Bridged/Routed configurations 315
15. Configuring the ISOS System in Switch mode 323

15.1 Introduction 324 15.2 Pre-requisites 324 15.3 Switch network configuration 325
16. Configuring security on the ISOS System 331

16.1 Introduction 332 16.2 Firewall, WAN Router & DMZ Router network 334 16.3 Initial Firewall, WAN Router & DMZ Router configuration (CLI)
337
16.4 Virtual DMZ interface network 340 16.5 Initial virtual DMZ interface network configuration (CLI) 342 16.6 Security configuration (CLI) 345 16.7 NAT example configurations (CLI) 346 16.8 Firewall example configurations (CLI) 348 16.9 Initial Firewall, WAN Router & DMZ Router configuration (EmWeb) 353 16.10 Configuring the security interfaces (EmWeb) 359 16.11 Initial virtual DMZ interface network configuration (CLI) 361 16.12 NAT example configurations (CLI) 365 16.13 Firewall example configurations (CLI) 367 16.14 Initial virtual DMZ interface configuration (EmWeb) 372 16.15 Firewall example configurations (EmWeb) 378 16.16 NAT example configurations (EmWeb) 383
vii
Contents
17. Obtaining and changing system setup information 387

17.1 Introduction 388 17.2 Image validation and verification 388 17.3 Obtaining software package version information 391 17.4 Obtaining system information 393 17.5 Module information 394 17.6 Setup analysis 396 17.7 Getting diagnostic information 399
18. Upgrading an ISOS System 403

18.1 Introduction 404 18.2 Upgrading Serial ROM 404 18.3 Upgrading Boot ROM 410 18.4 Updating software from a running image 411
19. Troubleshooting network configurations 419

19.1 Introduction 420 19.2 General guidelines 420 19.3 Troubleshooting at the device driver level 421 19.4 Troubleshooting the ATM protocols 423 19.5 Troubleshooting PPP connections 425 19.6 Troubleshooting bridged systems 425 19.7 Troubleshooting routed systems 426
20. ISOS Modules description 429

20.1 Introduction 430 20.2 OSI Model 431 20.3 Core processors 433 20.4 ISOS 434 20.5 ATM Protocols 434 20.6 Device Drivers 436 20.7 Encapsulations 438 20.8 Other Layer 2 Protocols 440 20.9 Layer 3 and Higher Protocols 440 20.10 Miscellaneous 442 20.11 ISOS Module Configuration files 444
viii
Contents
A: Installing ISOS System hardware 447

A.1 What is the ISOS System Evaluation System? 448 A.2 What are the differences between the BD6000 systems? 448 A.3 What additional hardware components are needed? 449 A.4 How can ISOS System functionality be demonstrated? 449 A.5 Installation overview 451 A.6 Pre-requisites 451 A.7 Unpacking the ISOS System 452 A.8 Reading important notices 453 A.9 Positioning the ISOS System 453 A.10 Connecting the ISOS System 453 A.11 Powering on the ISOS System 459
Index 461
ix
Contents
List of Tables
Table 1: Gateway features 10 Table 2: PC-attached (USB) Gateway features 11 Table 3: Switch features 12 Table 4: Supported software platforms for ISOS 20 Table 5: Perl compatibility with ISOS Tools releases 21 Table 6: C++ compiler dependency for Linux Debian releases 23 Table 7: Software Source release 30 Table 8: Chip support package releases 30 Table 9: EmWeb Compiler License 31 Table 10: Tools Release Compatibility 32 Table 11: ISOS Software Tools Binary packages 33 Table 12: Installation directories for Linux and Solaris 34 Table 13: Installation directories for Windows platforms 34 Table 14: PC-attached Gateway Driver details 52 Table 15: RNDIS Driver package 54 Table 16: RNDIS Driver package 55 Table 17: MAC OS CDC Ethernet Driver package 58 Table 18: Linux CDC Ethernet Driver package 60 Table 19: Contents of flash.bin file 64 Table 20: BDXXXX Hardware types 67 Table 21: DMXXXX Hardware types 67 Table 22: (He210-80) MDS Hardware types 68 Table 23: ISOS product types 69 Table 24: Supported Product/Hardware type combinations 71 Table 25: Booting configuration options 118 Table 26: flash.bin image breakdown 231 Table 27: Image compression comparison 234 Table 28: Image decompression comparison 235 Table 29: PPPoE and FRED configuration setup 279 Table 30: Event level description 401 Table 31: ISOS Module configuration files 445 Table 32: ISOS ISFS files 445
ISOS (8.2 Service Release 2) User Guide Issue 4, 6th Dec 2002 xi
List of Tables
xii
List of Figures
Figure 1 : Documentation roadmap 6 Figure 2 : Typical Gateway configuration 13 Figure 3 : Typical Gateway (detailed configuration) 14 Figure 4 : Typical PC-attached (USB) Gateway configuration 15 Figure 5 : PC (USB)-attached Gateway (detailed configuration) 16 Figure 6 : Typical Switch configuration 18 Figure 7 : ISOS Installation procedure 28 Figure 8 : TEMP and TMP Variables Setup 40 Figure 9 : AGRANAT_LICENSE_FILE Variable Setup 47 Figure 10 : MAC OS CDC Ethernet Driver loaded 59 Figure 11 : ISOS image structure 63 Figure 12 : ISOS Build directories and configuration files 72 Figure 13 : ISOS image structure (with recovery image) 83 Figure 14 : ISOS image (with multiple partitions) 88 Figure 15 : EmWeb Status homepage 144 Figure 16 : EmWeb Quick Start No Login/DHCP page 150 Figure 17 : EmWeb Quick Start PPPoE Login Setup page 151 Figure 18 : EmWeb webserver Error Log page 153 Figure 19 : EmWeb Auto update page 154 Figure 20 : EmWeb Remote Access page 155 Figure 21 : EmWeb Firmware Upgrade page 155 Figure 22 : EmWeb Configuration Backup/Restore 156 Figure 23 : EmWeb Restart page 157 Figure 24 : EmWeb Save Configuration page 159 Figure 25 : EmWeb Authentication page 160 Figure 26 : EmWeb create user page 160 Figure 27 : EmWeb Edit User page 161 Figure 28 : EmWeb LAN connections page 162 Figure 29 : EmWeb WAN connections page 164 Figure 30 : EmWeb Edit Routes page 166 Figure 31 : EmWeb Create IP V4 Route page 167
xiii
List of Figures
Figure 32 : EmWeb ZIPB page 169 Figure 33 : DHCP Server page 172 Figure 34 : EmWeb DHCP server subnet configuration page 173 Figure 35 : EmWeb DHCP Server configuration option page 174 Figure 36 : EmWeb Create new DHCP server fixed host page 175 Figure 37 : EmWeb DHCP Relay page 176 Figure 38 : EmWeb DNS client page 178 Figure 39 : EmWeb DNS Relay page 179 Figure 40 : EmWeb Security page 181 Figure 41 : EmWeb Firewall Add Interface page 183 Figure 42 : EmWeb Security Interfaces table 184 Figure 43 : EmWeb Advanced NAT configuration page 185 Figure 44 : EmWeb Firewall Add Global Address Pool page 185 Figure 45 : EmWeb Firewall Add Reserved Mapping page 187 Figure 46 : EmWeb Firewall Add Policy page 189 Figure 47 : EmWeb Current Firewall Policies table 190 Figure 48 : EmWeb Firewall Add TCP Port Filter page 191 Figure 49 : EmWeb Firewall Add Raw IP Filter page 192 Figure 50 : EmWeb Firewall Add Host Validator page 193 Figure 51 : EmWeb Firewall Add Trigger page 194 Figure 52 : EmWeb Firewall Configure Intrusion Detection page 197 Figure 53 : EmWeb Ethernet Port Configuration page 199 Figure 54 : ISOS Module configuration schematic 220 Figure 55: : Demo Network (Gateway) 239 Figure 56 : Demo network (Gateway) with Bootp/TFTP server 240 Figure 57 : Ethernet-RFC1483 bridged configuration 243 Figure 58 : Ethernet-Frame Relay bridged configuration 246 Figure 59 : Ethernet-IPoA routed configuration 251 Figure 60 : Ethernet-BUN RFC1483 routed configuration 255 Figure 61 : Ethernet-PPP routed configuration 259 Figure 62 : PPPoE Client over RFC1483 configuration 267 Figure 63 : PPPoE Configuration using FRED 274 Figure 64 : Multiple PPPoE sessions with pass-through configuration 281 Figure 65 : Multiple PPPoE session IP architecture 282 Figure 66 : Routed using DHCP configuration 289 Figure 67 : DHCP test configuration 290 Figure 68 : Tunnelling encapsulation stack schematic 294
xiv ISOS (8.2 Service Release 2) User Guide Issue 4, 6th Dec 2002
List of Figures
Figure 69 : Ethernet-PPTP tunnelling-PPP server configuration 295 Figure 70 : Ethernet-PPTP tunnelling-PPP client configuration 298 Figure 71 : Demo network PC (USB)-attached Gateway configuration 303 Figure 72 : Ethernet-USB PC-attached (USB) Gateway configuration 306 Figure 73 : Ethernet-USB IPoA PC (USB)-attached Gateway routed configuration 309 Figure 74 : Ethernet-USB/PPPoE PC (USB)-attached Gateway configuration 315 Figure 75 : Demo network (Switch) 325 Figure 76 : Firewall network configuration setup 334 Figure 77 : Firewall virtual DMZ network configuration setup 341 Figure 78 : ISOS Image structure 389 Figure 79 : Demonstration configuration for ISOS System systems 450 Figure 80 : Connecting the ISOS System (Gateway) 455 Figure 81 : Connecting the ISOS System (PC-attached Gateway) 457 Figure 82 : Connecting the ISOS System (Switch) 459
xv
List of Figures
xvi
1. About this Guide
This chapter tells you about: The scope of this guide and its intended audience. The typographical conventions used in this guide. How to read and provide feedback about this guide. The information contained in this guide must be read and fully understood before you attempt to use the product.
ISOS (8.2 Service Release 2) User Guide DO-009467-PS (Issue 4, 6th Dec 2002)
Structure of this guide
1.1
Structure of this guide

1.1.1 Scope This guide describes how to develop your products using ISOS 8.2; the Integrated Software on Silicon solution used by GlobespanVirata communications processors. Before embarking on any product development, it is essential that you are familiar with the basic operation of the ISOS System that contains your GlobespanVirata communications processor. The chapters in this guide contain basic information about how to install and begin using your ISOS System. At the end of this manual you will find appendices containing information about the various hardware development platforms which are provided for use with ISOS. 1.1.2 Audience This guide is written for developers who wish to begin developing software for their product using ISOS 8.2. 1.1.3 Content The manual is divided into the following chapters: The early chapters describe how to install ISOS and ISOS tools and how to build an ISOS software image and boot this image on an ISOS System: Introduction on page 7; a quick overview of the ISOS System system and its capabilities. Installing ISOS software on page 27; describes how to install ISOS software. Installing PC Driver software on page 51; describes how to install PC driver software. Building an ISOS image on page 61; describes how to build an ISOS image. Booting the ISOS System in Gateway mode on page 99; how to boot an ISOS System in Gateway configuration and download a software image. Configuring Booting of an ISOS System on page 115; how to configure the booting of an ISOS System.
About this Guide
The next few chapters describe the basic use and configuration of ISOS: Using the CLI on page 125; explains how to use the CLI - the new command-line interface for ISOS. Using the EmWeb server on page 151; explains how to configure and set-up EmWeb; the ISOS embedded Web server. Using the ISOS File Manager on page 201; describes how to manage the Flash memory used on the ISOS System. Configuring ISOS modules on page 217; describes the various methods for configuring ISOS modules.
Compressing an ISOS image on page 229; describes how to use the various compression methods provided in ISOS. The next few chapters describe how to configure an ISOS System in typical network configurations: Configuring the ISOS System in Gateway mode on page 235; describes how to use the CLI to configure an ISOS System in many typical Gateway configurations. Configuring the ISOS System in PC-attached Gateway mode on page 275; describes how to use the CLI to configure an ISOS System in PC-attached Gateway configurations. Configuring the ISOS System in Switch mode on page 323; describes how to use the CLI to configure an ISOS System to function as an ATM switch.
Configuring security on the ISOS System on page 259; describes how to setup security on an ISOS System and provides example configurations for Firewall and NAT. The final chapters and appendices contain advanced and reference information about ISOS: Obtaining and changing system setup information on page 387; describes how to obtain system and setup information for the ISOS System. Upgrading an ISOS System on page 403; describes how to upgrade software and hardware components of an ISOS System.
Typographical conventions
Troubleshooting network configurations on page 419; describes the procedures to follow to find problems with many types of network configurations. ISOS Modules description on page 429; describes the configurations which are supported by the ISOS System. Installing ISOS System hardware on page 447; describes the GlobespanVirata BD6000 Series Evaluation systems and how to install these systems.
After reading this guide you should be ready to begin using ISOS for your own development.
1.2
Typographical conventions
Throughout this guide, the following typographical conventions are used to denote important information. 1.2.1 Text conventions The following text conventions are used: Text like this is used to introduce a new term, to indicate menu options or to denote field and button names in GUI windows and dialogue boxes. Text like this is used to emphasize important points. For example: To keep your changes, you must save your work before quitting. Text like this is used for text that you type as a command or entry to a field in a dialogue box. Variables to a command are shown in text like this. Text like this is used for text that you see on the screen in a terminal window. Variables to displayed text are shown in text like this. Text in square brackets is used to indicate keyboard keys. For example: To reboot your computer, press [Ctrl]+[Alt]+[Del]. Type versus Enter; Type means type the text as shown in the instruction. Enter means type the text as indicated and then press [Enter]; the Return key on the keyboard.
About this Guide
1.2.2
Notes, Warnings and Cautions The following symbols are used: Warning Indicates a hazard which may endanger equipment or personnel if the safety instruction is not observed. Caution Indicates a hazard which may cause damage to equipment if the safety instruction is not observed. Note Indicates general additional information about the operation of the equipment, including safety information.
1.3
Reading this guide

1.3.1 Providing feedback on this guide Please report support requests and questions to the Technical Advice Center (TAC) via the Support area on the GlobespanVirata Licensee Server at: http://ls.globespanvirata.com Once you have entered your user login and password you can access the Licensee Server. From the toolbar at the top of the page, click on Support. The GlobespanVirata Licensee Support page is displayed. When submitting feedback, please give the full title, part number and version number of the guide. 1.3.2 Reading this guide Although this guide can be printed for easy reference, it has been prepared for viewing online through a web browser, (such as Internet Explorer or Netscape Navigator) or Adobe Acrobat. Links to other sections of this guide or to other guides are marked in blue (although the links are black when printed on a standard laser printer). Click on the link to view the associated section or document.
Documentation Reference Roadmap
1.4
Documentation Reference Roadmap

The diagram below shows some of the key documents that are referenced in this guide, which contain more detailed information about certain aspects of your GlobespanVirata system. All of these documents are available from the GlobespanVirata Licensee Server:
Helium Boot Procedure (DO-007286-TC) Helium 210-80 Data Book (DO-008538-PS) Helium 100 Data Book (DO-008532-PS)
ISOS 8.2 (SR2) CLI Ref Manual (DO-009430-PS)
Booting Console Helium ISOS 8.2 User Guide ISOS IP Stack Feature & Interface Guide (DO-400072-TC)
IP Stack
Hardware BD6200/BD6210 BD6220, Hardware Guide (DO-008202-PS)
File system ATMOS ISFS & FLASHFS (DO-007101-PS)
BD6100 Hardware Guide (DO-980097-PS) BD6221 Hardware Guide (DO-008606-SP)
Figure 1 Documentation roadmap There are also references given in this manual to other supporting documents which can be read for more information about ISOS. These documents are also available from the Licensee Server.
2. Introduction
This chapter provides a brief overview of ISOS software and ISOS System hardware. It is essential that you are familiar with the information in this chapter before you start using this system for development.
What is ISOS?
2.1
What is ISOS?
ISOS stands for Integrated Software On Silicon. It is a comprehensive suite of networking software and protocols which, when used with a GlobespanVirata Communications processor, provides an ideal platform for developing a wide range of networking and communications products.
2.2
What is an ISOS System?

The ISOS System is a development system based on a particular GlobespanVirata communications processor. You can use this system with an ISOS software release to develop networking and communications products. An ISOS System is an extremely versatile piece of hardware. You can use an ISOS System to quickly develop products using a combination of ISOS System hardware, ISOS technology, and third-party networking peripherals. The system can be setup and configured in a number of ways to behave as a particular network device such as a gateway, router, or bridge. These devices can also be configured to use any number of low-level and high-level network protocols which are available from the ISOS software suite contained on the GlobespanVirata communications processor. All ISOS Systems provide various standard interfaces which enable new hardware to be added to enhance its functionality. For more information about installing a typical ISOS System refer to the appendices at the back of this manual.
2.3
What configurations are supported by an ISOS System?

An ISOS System can be used in a variety of network configurations for development. The configuration you choose depends on the type of product you wish to develop.
Introduction
The ISOS System can be used in any of the following configuration modes: PC-attached Gateway configuration; where the ISOS System appears as both a PC-attached Ethernet NIC card via USB device and an Ethernet Gateway. The PC runs protocols for the PC-attached component of the device and the ISOS System runs protocols for the Gateway component of the device. Gateway configuration; where the ISOS System acts as a standalone bridge/router between interfaces supported by the system. For example, USB, Ethernet/HDLC and ATM/ADSL. Switch configuration; where the ISOS System acts as an ATM switch, switching between multiple ATM ports. For more details about the above configurations, refer to What are the features of each supported configuration? on page 10.
2.4
How is the ISOS System configured?

The ISOS System is configured by an ISOS image file, which is compiled from an ISOS source release. The image file can contain a number of ISOS system modules such as the IP Router module and protocol modules such as PPP. The image file is created using the ISOS development environment. The ISOS development environment consists of software source files and development tools. The development tools are used to compile and build an image. The image file is then downloaded to the ISOS System. The file can be downloaded from various locations, but is usually downloaded from on-board Flash memory, a USB connection to a PC or via a network boot server using TFTP. The downloaded image file can be configured at run-time, using any supported ISOS management tool. For example: Command Line Interface (CLI) Embedded Web server (EmWeb) The CLI and EmWeb can be used to change the configuration of the software modules and the resultant functionality of the ISOS System.
What are the features of each supported configuration?
This configuration can be saved to Flash memory on the ISOS System in order to permanently save the configuration of the unit. The ISOS System can then be configured to boot from Flash, so that this configuration is used when the system is rebooted. Although some modules are configured partially at compile time, for example using Config.h lines in the system file, most modules can also be configured at run-time. When the system boots, these modules read a text configuration file from the ISFS filing system. Separate files can be stored in ISFS which configure certain parts of ISOS. For more details about configuring the ISOS System, refer to Configuring ISOS modules on page 217.
2.5

The following table describes various features of each of the configurations supported by ISOS and the ISOS System. 2.5.1 Gateway The table below defines the features of a Gateway configuration:
Feature Gateway A multi-user, multi-port device such as a Router or Gateway. Typical ports: Ethernet port and a DSL port. Small office/Home Ethernet (TFTP) Flash memory Any network node which can connect via Ethernet.
Typical product
Typical use Booting method during Development Booting method for end product Supported product platforms
Table 1:
Gateway features
10
Introduction
2.5.2
PC-attached (USB) Gateway The table below defines the features of a PC-attached Gateway configuration:
Feature Typical product Typical use Booting method during Development Booting method for end product PC-attached Gateway A multi-user, multi-port device, such as a Router or Gateway. Small office/Home Ethernet (TFTP) and/or USB Flash memory/USB Windows 98 FE (Gold) Windows 98 SE Windows 2000 Supported product platforms Windows ME Windows XP Linux (RedHat 7.2) MAC OS X MAC OS 9
Table 2:
PC-attached (USB) Gateway features
11
2.5.3
Switch The table below defines the features of a Switch configuration:

Feature Typical product Typical use Booting method during Development Booting method for end product Supported product platforms Switch ATM cell switch Small ATM network or DSLAM line-card. Ethernet (TFTP) Flash memory Any network node which can connect via ATM.
Table 3:
Switch features
12
Introduction
2.6
What is the typical setup for each supported configuration?

The following sections describe how an ISOS System would typically be set up for each of the supported configurations. 2.6.1 Typical Gateway configuration The diagram below illustrates how you would connect up an ISOS System to develop a Gateway configuration:
Higher level protocols ATM protocols BUN drivers PC ISOS System HUB Ethernet UTOPIA/EIO PHY ADSL
WAN
Figure 2 Typical Gateway configuration In the configuration shown above, the ISOS System system provides all the layer 2 and layer 3 protocols required to communicate with the Network. A DSL PHY (provided separately), connected via the UTOPIA/EIO port of the ISOS System, runs the DSL code for physically connecting the ISOS System to the network.
13
A typical Gateway (bridge) configuration is shown in more detail below:
Gateway
Bridge
BUN ATM driver BUN ADSL PHY driver
BUN Ethernet driver
ADSL
Ethernet (LAN)
Figure 3 Typical Gateway (detailed configuration) The ISOS System is booted over Ethernet (via a TFTP server) during development. An end-product developed from this type of configuration would probably be booted from Flash. Note In order to develop for this type of configuration, you must install the full GlobespanVirata software release. For more information about the modules used in such a configuration, refer to ISOS Modules description on page 429.
14
Introduction
2.6.2
Typical PC-attached Gateway (USB) configuration The diagram below illustrates how you would connect up an ISOS System to develop a PC-attached Gateway:
Higher level protocols ETH driver RNDIS/CDC driver BUN drivers PC USB HUB Ethernet ISOS System UTOPIA/EIO PHY Ethernet ADSL ATM protocols
PC WAN
Figure 4
Typical PC-attached (USB) Gateway configuration
This configuration combines the features of a PC-attached and Gateway configurations to create a dual-mode configuration known as PC-attached Gateway. In this configuration, the ISOS System can be connected simultaneously to both USB and Ethernet connection ports. The ISOS System is recognised by the PC as a USB-attached Ethernet NIC and the PCs USB interface is recognised by the ISOS System as an extra Ethernet interface.
15
A typical PC-attached Gateway configuration is shown in more detail below:

USB (to PC) PC-attached Gateway
USB port
IP Stack NAT
CDC
RNDIS Bridge
PPPoE RFC1483
pc-ethernet port
usb-ethernet port
Ethernet port
DSL port
PC-Attached
Gateway
Ethernet NIC
Ethernet Gateway
Ethernet (LAN)
ADSL
Figure 5
PC (USB)-attached Gateway (detailed configuration)
In the above diagram, the ISOS System is bridging information between ADSL and Ethernet. In addition, LAN traffic received on the Ethernet port can be bridged to ADSL without the need for the data to travel to the PC and back again to the modem. This data flow can happen even while the PC is powered off. One key advantage of this type of configuration is that it enables the ISOS System to operate completely independently of the PC, yet take advantage of the USB-attached connection (via the Ethernet driver) for initial setup and configuration from the host PC. A DSL PHY (provided separately), connected via the EIO/Utopia port of the ISOS System, runs the DSL code for physically connecting the ISOS System to the Network.
16
Introduction
This configuration is supported on the chip-side by either an RNDIS or USB CDC Ethernet driver depending on the OS running on the connected PC. RNDIS is a specification developed by Microsoft for network devices on dynamic Plug-and-Play I/O buses such as USB. The specification defines a bus-independent message set and a description of how this message set can be conveyed across a specific I/O bus on which it is supported. If a device adheres to this specification then it eliminates the need for hardware vendors to provide PC-side device drivers to communicate with their device. If RNDIS is supported on the PC and the devices also support RNDIS, the network device can be attached to the PC without a device driver having to be loaded on the PC. Thus, RNDIS provides a truly driver-less installation. The RNDIS specification is supported by Microsoft for all versions of Microsoft OS from Windows XP onwards. For earlier versions of Microsoft OS the RNDIS drivers are provided by Microsoft. CDC Ethernet Networking model is used for Linux and MAC OS PCs. The CDC-Ether model is defined by the USB Forum as the specification for devices to follow for driver-less installation on host operating systems which support the CDC Ethernet Networking Model and have a common driver for it. CDC-Ether support has been built into the Linux kernel (V2.4.18) and GlobespanVirata have developed CDC-Ether drivers for both MAC OS 9 and MAC OSX (10.1 and 10.2). The ISOS System can be booted by the PC over USB during development. An end-product developed from this type of configuration would be booted from Flash or USB. Note In order to develop for this type of configuration, you must install the ISOS full software release as well as the PC driver software. For more information about PC-attached support, refer to Booting the ISOS System in PC-attached mode on page 111.
17
What software platforms are supported?
2.6.3
Typical Switch configuration
ATM network device
ATM25 ATM protocols ISOS System
ATM Switch Network ATM25
ATM network device
Figure 6
Typical Switch configuration
In the configuration shown above, the ISOS System system provides all of the ATM protocols to communicate with and manage the ATM Network Devices connected to it via the UTOPIA port. The ISOS System system enables SVC and PVC connections to be setup between the ATM Network Devices. For more information about the modules used in such a configuration, refer to ISOS Modules description on page 429.
2.7
What software platforms are supported?

The sections below list the platforms which are supported for using the ISOS System in the supported configurations. Refer to the next section for information about the platforms which are supported for developing software for the ISOS System.
18
Introduction
2.7.1
For PC-attached configuration The ISOS System can be connected to PCs and used in the PC-attached configuration on any of the following operating systems: Windows XP Windows 2000 Windows 98 and Windows 98 SE Windows 98 FE (PC-attached (USB) Gateway only). (This version of Windows is also referred to as Windows 98 Gold.) Windows ME MAC OSX 10.1 and MAC OSX 10.2 MAC OS 9 Linux
2.7.2
For Gateway configurations The ISOS System can be connected to any network node which has an Ethernet interface.
19
What software development platforms are supported?
2.8
What software development platforms are supported?

If you wish to develop software for the ISOS System, the table below indicates the platforms which are supported by ISOS software and ISOS Software Tools releases:
Platform Version V2.2 V6.2 V7.x V2.6/V2.7 Service Pack 6 (SP 6) or later All versions supported. All versions supported.
Linux Debian (i386) Linux RedHat (i386/libc6.1) Linux RedHat (i386) Solaris (Sun OS 5.7) Windows NT 4 Windows 2000 Windows XP
Table 4:
Supported software platforms for ISOS
You should consult the documentation provided with your system for information on how to find out which version of a particular OS you are running. In general: For Windows systems, the information about the OS is given from the System Properties dialog box. This box is displayed by choosing Properties from the menu of the My Computer icon. For UNIX-based systems, this information is normally contained in a configuration file in /etc. For example, RedHat Linux systems store version information in /etc/issue.
2.9
What additional software applications are needed?

To install and configure ISOS source software and the ISOS Tools release, various third-party tools and applications are needed. Most of these tools are available as freeware downloads from appropriate websites.
20
Introduction
2.9.1
Perl requirements The correct version of Perl is needed for all ISOS Tools releases installed on any supported platform. This is because the ISOS Tools releases supply a pre-built version of the Perl expat library. The following table shows which Perl versions have been used to build the supplied expat library for each platform and which versions of Perl should be compatible with this build:
Version of Perl used for build V5.005_5 (from Debian V2.2 distribution) V5.005_x Perl version required for compatibility
Platform
Linux Debian (i386) V2.2
Linux RedHat (i386/libc6.1) V6.2 Linux RedHat (i386) V7.0
V5.005_3 (from RedHat V6.2 CD) V5.6.0 (from RedHat V7.0 CD) V5.005_x V5.6.0 (from RedHat 7.0 CD) V5.6.1.x (from www.activestate. com) V5.6.1
Solaris 2.7
V5.6.1 (from ActiveState)
Windows NT 4, Windows 2000, Windows XP
V5.6.1 (in Cygwin)
Table 5: Perl compatibility with ISOS Tools releases Note Cygwin, which must be installed for all Windows platforms, includes Perl, so by installing the correct version of Cygwin you have also installed the correct version of Perl. If you would like to use a different version of Perl (which must be at least 5.005), you will need to recompile the expat library. To do this, you need the source code for this library. The source code for the expat library is part of the XML::Parser perl module, and GlobespanVirata uses V2.29 of this module.
21
GlobespanVirata also make this module available in the ISOS Tools 8.41 Source release. To build the expat library, follow these steps:
1
Download the module from a distribution site. Some web sites where this module may be found include: http://www.activestate.com http://www.cpan.org (or one of its mirror sites)
2 3 4
Untar the downloaded file into a temporary directory. For example: tar -xzvf XML-Parser-2.29.tar.gz Enter the directory created by the previous step (XML-Parser-2.29). Enter the following commands: perl Makefile.PL make make install This will create a working version of the expat library, installed in the correct Perl directory.
The following sections outline other more general requirements that you need to meet for each particular platform. 2.9.2 For Linux All Linux systems You must have the following applications installed on your computer: A Terminal application; a program called Minicom is supplied with many Linux distributions. (If you do not have this application, you can use gdbterm which is provided as part of the ISOS Tools Release.) unzip, to decompress software releases. You may also need the following applications installed on your computer, depending on how you will be configuring the ISOS System: TFTP Boot server or similar.
22
Introduction
Debian Linux Debian Linux systems require particular versions of the C++ compiler libstdc++ to be installed. The following table shows the required versions:
Version of C++ compiler required libstdc++2.10
Platform
Linux Debian (i386) V2.2
Table 6: 2.9.3 For Solaris
C++ compiler dependency for Linux Debian releases
You must have the following applications installed on your computer: GNU make version 3.62 or later. Note The ISOS Tools release will not work with the standard Solaris make. A Terminal application; a program called minicom is supplied with Solaris. (If you do not have this application, you can use gdbterm which is provided as part of the ISOS Tools Release.) unzip, to decompress software releases.
You may also need the following applications installed on your computer, depending on how you will be configuring the ISOS System: TFTP Boot server or similar. 2.9.4 For Windows (NT, 2000 and XP) You must have the following applications installed on your computer: The Cygnus Cygwin software (UNIX environment for Windows) must be pre-installed on your system. To obtain Cygwin, visit: http://sources.redhat.com/cygwin/ The following elements of Cygwin must be installed: Base: All (the default set) Interpreters: gawk and Perl
23
Devel: make The versions of Cygwin which have been fully tested with ISOS are: v1.3.6 or v1.3.9. Later versions of Cygwin are also likely to be compatible with ISOS. Note that if you install Cygwin in another directory apart from the default directory you must edit the file atmos.bat in the root of the Tools installation directory. Edit the line:
PATH=%__INSTDIR_W%\%ATMOSHOST%bin;c:\cygwin\bin;%PATH%; set ATMOSTOOLS=%__INSTDIR_U%
and change the following entry on this line:

c:\cygwin\bin
to match the directory where you have installed Cygwin. A Terminal application; a program called HyperTerminal, is normally supplied with Windows. There are lots of other similar Terminal applications available from the Internet. WinZip, to decompress software releases. This program is not needed for Windows XP as this OS includes unzip functionality. A Multi-file editor, such as PFE which can handle text files in UNIX format. To obtain PFE, visit: http://www.winsite.com
You may also need the following applications installed on your computer depending on how you will be configuring the ISOS System: To download image files to the ISOS System over Ethernet, you will need Bootp and TFTP server software for your computer. This software is available as a third-party add-on from many vendors. Some web sites where this software can be found include: http://www.weird-solutions.com/download/index.html: bootp server. http://www.walusoft.co.uk/products.htm: tftp server and bootp application. Note No association with Walusoft or Weird Solutions is implied, nor is this an endorsement of their products. You are strongly encouraged to read the usage agreements provided
24
Introduction
with each product and to abide by them. GlobespanVirata can assume no responsibility for users that do not follow the instructions provided with each product.
25
26
3. Installing ISOS software
This chapter describes how to install ISOS software, including source software, license packages and development tools.
27
Installation overview
3.1
To install ISOS software, you need to carry out the following steps, as shown in the diagram below:
The diagram below illustrates how you would connect up a ISOS System to develop a PC-attached
START
Search for the ISOS release packages using the Licensee Server or ISOS Release CD Download the packages specific to your hardware platform
Install the ISOS Development Tools
Install the ISOS source software
Install the ISOS Chip/Board Support package for your hardware
Install the Web Content Compiler license
Configure your shell initilisation file. (If working with more than one ISOS release.)
FINISH - ISOS IS NOW INSTALLED
Figure 7 ISOS Installation procedure
28
Installing ISOS software
The installation steps are described in the following sections of this chapter.
3.2
Searching for ISOS release packages

You can search for all packages which have been produced for ISOS 8.2 from the following places: From the Licensee Server (http://ls.globespanvirata.com). On the ISOS 8.2 Getting Started CD. Note - As a GlobespanVirata licensee, you should have been provided with access to the Licensee Server. The packages that you need to download depend on: The version of ISOS that you are installing. The host platform on which you intend to develop ISOS software. For more information about the host platforms supported by ISOS, refer to What software development platforms are supported? on page 20.
3.3
Downloading ISOS software packages

The ISOS source software is supplied in separate packages which need to be downloaded and installed. The following packages need to be downloaded from the Licensee Server depending on your particular requirements: ISOS source software package. Chip support package. Board support package. EmWeb license package. ISOS Tools package. All of the above packages are available for download from the GlobespanVirata Licensee Server. The packages which need to be downloaded for ISOS 8.2 are given in the next few sections. Note - There may also be additional service packs and enhancement packages made available for a particular ISOS release. You should check the Licensee Server for information about these packages and how to install them.
29
3.3.1
ISOS source software package The following table indicates which ISOS source files you need to download.
ISOS Release Software 8.2 Service Release 2: ISOS Source Part number DO-400599-LS
Table 7: 3.3.2 Chip support package
Software Source release
The Chip support package (CSP) is the software which has knowledge of the underlying hardware platform and in particular the communications processor being used. If you consider the ISOS Source release as a generic release, then the CSP is the software which customizes the ISOS source release for use with a particular GlobespanVirata communications processor. The following table lists the most common CSP releases for ISOS Systems:
Chip support package (CSP) Software 8.2 Service Release 2: Helium 2x0/100 CSP Software 8.2 Service Release 2: Argon Chip Support Package Part number DO-400600-LS DO-400601-LS
Table 8:
Chip support package releases
There are many more CSPs available for use with the full range of GlobespanVirata development systems and reference designs. These packages can all be downloaded from the GlobespanVirata Licensee Server.
30
3.3.3
Board support package The Board support package (BSP) is a similar package to the CSP. A BSP also has knowledge of the underlying hardware platform. If you consider the ISOS Source release as a generic release, then the BSP is the software which customizes the ISOS source release for use with a particular GlobespanVirata ISOS System. In general, only ISOS Systems such as Reference Designs require a BSP package to be installed. Support for ISOS Systems such as BD3000 and BD6000 systems is provided in the CSP for the Communication processors used by these systems. There are many more BSPs available for use with the full range of GlobespanVirata Development Systems and Reference Designs. These packages can all be downloaded from the GlobespanVirata Licensee Server.
3.3.4
EmWeb compiler license package The EmWeb compiler license package is needed to enable you to use the EmWeb compiler (ewc). The EmWeb compiler is used in the build process to rebuild the set of default web pages which are provided in ISOS. The following table indicates the EmWeb license which can be used with ISOS 8.2:
EmWeb license Web Content Compiler Enhanced License Part number DO-008620-LS
Table 9: 3.3.5 ISOS Tools Release
EmWeb Compiler License
The ISOS 8.2 Tools are released as a set of binary packages for specific development platforms. The Tools are also provided in source form for licensees who wish to understand more about how some of the Tools work or to make custom changes and rebuild the tools.
31
The main version number of ISOS Tools release must agree with the ISOS software release version number. For example, for an ISOS 8.x source release you should use the latest version of the ISOS 8.x Tools release. Therefore, for ISOS 8.2 we strongly recommend that you use the ISOS 8.20 Tools release. The following table offers some guidelines to follow for choosing which Tools release to use with which version of ISOS:
ISOS Release ISOS 7.1 (and earlier) ISOS 8.0 ISOS 8.1 ISOS 8.2 Tools 8.20 Tools Release Tools 7.13
Table 10:
Tools Release Compatibility
If you need to work with more than one ISOS 8.x release, you need to download and install each ISOS source software release and then download the latest 8.x Tools release. Also check that there is not a patch available for the ISOS Software release you are using to ensure compatibility with the latest Tools release. If you need to work with both an ISOS 7.x and an ISOS 8.x source release then you will need to install the latest versions of both the 7.x Tools and the 8.x Tools and configure your environment to switch between each Tools release. (For more information on how to switch between different Tools release versions, refer to Configure your shell initialisation file on page 48.). The Release Notes provided with an ISOS software release will always mention the Tools release version which needs to be used and provide advice for backwards compatibility with previous ISOS Tools releases.
32
Tools Binary Release packages The following table indicates which ISOS Tools binary files you need to download for developing with ISOS 8.2:
Platform Part number DO-009471-LS DO-009470-LS DO-009473-LS DO-009474-LS DO-009475-LS
Linux i386/libc6.1 (Debian 2.2 i386) Linux i386/libc6.1 (RedHat 6.2) Linux i386/libc6.1 (Redhat 7.0 i386) Solaris 2.6/2.7 Windows (NT4 / W2K / XP)
Table 11: ISOS Software Tools Binary packages Tools Source Release packages The ISOS 8.20 Tools are also provided in source format. The source is provided primarily as a reference if you wish to understand how some of the tools work in more detail, or to make custom changes. However, note that building the Tools from source is not a trivial exercise and is not usually necessary or recommended. 3.3.6 Installation directories The following sections list the top-level directories which are created when the ISOS Tools release is installed on all supported platforms. For Linux and Solaris based platforms For Linux and Solaris based platforms the directories created are: /usr/local/virata/share
33
/usr/local/virata/tools_v<version number> where <version number> is the version of the Tools release being installed. For example, for Tools 8.20, the directory created would be: /usr/local/virata/tools_v8_20 The directories created for each platform are listed in the table below:
Platform Directories /Linux2-6 Linux2-6 Linux2-6 Linux2-6 SunOS5-1
Linux i386/libc6 (Debian 2.1) Linux i386/libc6.1 (Debian 2.2 i386) Linux i386/libc6.1 (RedHat 6.2) Linux i386/libc6.1 (Redhat 7.0 i386) Solaris 2.6/2.7
Table 12:
Installation directories for Linux and Solaris
For Windows platforms For Windows platforms the directories created are: c:\usr\local\virata\share c:\virata\tools_v<version number> where <version number> is the version of the Tools release being installed. For example, for Tools 8.20, the directory created would be: /usr/local/virata/tools_v8_20 The directory created is listed in the table below:
Platform Directory tools tools tools
Windows NT4 (Service Pack 5) Windows 2000 Windows XP
Table 13:
Installation directories for Windows platforms
34
3.4
Installing ISOS Tools

This section describes how to install the ISOS 8.20 Tools packages. 3.4.1 Installing the Tools Binary packages The Tools binaries are supplied as platform-specific packages in the following native install formats: Debian package. RedHat rpms. Solaris packages. Windows NT InstallShield Windows Installer. Windows 2000 InstallShield Windows Installer. Windows XP InstallShield Windows Installer. You must use the native package utility for your platform to install the packages. This ensures that dependencies, for example on standard libraries, are checked. 3.4.2 Linux (Debian) installation procedure You must be logged in as root in order to install the tools. To install the tools on a Debian (Linux) system, follow the procedure below:
1
Ensure that you are running a supported version of Debian. (For more information, refer to What software development platforms are supported? on page 20.) Ensure that you have met all additional requirements for this platform. (For more information, refer to What additional software applications are needed? on page 20.) Ensure that you have downloaded the appropriate ISOS Tools file for your platform, as described in Downloading ISOS software packages on page 29. Type the following command:
dpkg i -force-depends <tools binary file>
A directory structure is created for the Tools files in /usr/local/virata/tools<version>/Linux2-6/.
35
Configure your shell initialisation file to ensure that your path includes the correct ISOS Tools and any necessary environment variables are set. Add a line to your shell configuration file, to set the shell variable VIRATA_TOOLS to the version of the Tools you will be using. For csh and tcsh users, add the line: set VIRATA_TOOLS=8.20 For sh, bash or zsh users, add the line: VIRATA_TOOLS=8.20
Add another line to your shell configuration file to source the relevant Tools configuration script. For csh and tcsh users, add the line: source /usr/local/virata/config.csh For sh, bash or zsh users, add the line: . /usr/local/virata/config.sh This line must come after the VIRATA_TOOLS line in your shell configuration file. For more information on how to work with more than one release, refer to Configure your shell initialisation file on page 48.
6
For the very latest information about the release, read the Tools Release note provided with the release. This is called RELEASE.txt and is contained in the directory: /usr/local/virata/tools<version>/doc.
3.4.3
Linux (RedHat) installation procedure You must be logged in as root in order to install the tools. To install the Tools on a RedHat (Linux) system, follow the procedure below:
1
Ensure that you are running a supported version of RedHat Linux. (For more information, refer to What software development platforms are supported? on page 20.) Ensure that you have met any additional requirements for this platform. (For more information, refer to What additional software applications are needed? on page 20.)
36
Ensure that you have downloaded the appropriate ISOS Tools file for your platform, as described in Downloading ISOS software packages on page 29. Type the following command: rpm i --force <tools binary file> A directory structure is created for the Tools in /usr/local/virata/tools<version>/Linux2-6/ and information is displayed on how you need to change your shell configuration file to use the release. Configure your shell initialisation file to ensure that your path includes the correct ISOS tools and any necessary environment variables are set. Add a line to your shell configuration file, to set the shell variable VIRATA_TOOLS to the version of the tools you will be using. For csh and tcsh users, add the line: set VIRATA_TOOLS=8.20 For sh, bash or zsh users, add the line: VIRATA_TOOLS=8.20
Add another line to your shell configuration file to source the relevant Tools configuration script. For csh and tcsh users, add the line: source /usr/local/virata/config.csh For sh, bash or zsh users, add the line: . /usr/local/virata/config.sh This line must come after the VIRATA_TOOLS line in your shell configuration file. For more information on how to work with more than one release, refer to Configure your shell initialisation file on page 48.
6
37
3.4.4
Solaris installation procedure You must be logged in as root in order to install the ISOS Tools. To install the Tools on a Solaris system, follow the procedure below:
1
Ensure that you are running a supported version of Solaris. (For more information, refer to What software development platforms are supported? on page 20.) Ensure that you have met any additional requirements for this platform. (For more information, refer to What additional software applications are needed? on page 20.) Ensure that you have downloaded the appropriate ISOS tools file for your platform, as described in Downloading ISOS software packages on page 29. Enter the following command: pkgadd -d <tools binary file> If prompted, overwrite any existing files. A directory structure is created for the tools files in /usr/local/virata/tools<version>/SunOS5-1/ and information is displayed on how you need to change your shell configuration file to use the release. Setup a symbolic link to perl for the Tools. The default installation for perl is /usr/bin, but the Tools release expects to find perl in /usr/local/bin. Therefore, a symbolic link needs to be created from /usr/bin as shown below:
cd /usr/bin ln -s /usr/local/bin/perl
To confirm the link has been setup correctly, enter:

ls -la perl
The following information is returned:

lrwxrwxrwx 1 df staff 19 Jan /usr/local/bin/perl 9 14:38 perl ->
Ensure that you have installed GNU make version 3.62 or later. Note The ISOS Tools release will not work with the standard Solaris make.
38
Configure your shell initialisation file to ensure that your path includes the correct ISOS Tools and any necessary environment variables are set. Add a line to your shell initialisation file, to set the shell variable VIRATA_TOOLS to the version of the tools you will be using. For csh and tcsh users, add the line: setenv VIRATA_TOOLS=8.20 For sh, bash or zsh users, add the line: VIRATA_TOOLS=8.20
Add another line to your shell initialisation file to source the relevant Tools configuration script. For csh and tcsh users, add the line: source /usr/local/virata/config.csh For sh, bash or zsh users, add the line: . /usr/local/virata/config.sh This line must come after the VIRATA_TOOLS line in your configuration file. For more information on how to work with more than one Tools release, refer to Configure your shell initialisation file on page 48.
8
3.4.5
Windows (NT, 2000, XP) installation procedure Note If you have previously installed a Tools release on the Windows system, then you must firstly un-install the old release before you install this Tools release. For more information, refer to the Release Notes provided with this release which describes the un-install procedure. To install the Tools on a Windows system, follow the procedure below:
1
Ensure that you are running a supported version of Windows. (For more information, refer to What software development platforms are supported? on page 20.)
39
Ensure that you have met any additional requirements for this platform. (For more information, refer to What additional software applications are needed? on page 20.) Note The most important requirement is to ensure that you have installed the Cygnus Cygwin software (UNIX environment for Windows). This must be pre-installed on your system before you install the Tools release.
Ensure that you have downloaded the appropriate ISOS Tools packages for your platform, as described in Downloading ISOS software packages on page 29. Ensure that the Environment variables temp and tmp have been setup to point to temporary directories on your computer. The variable settings are shown on the Environment tab in the System Properties dialog box. (This dialog box is displayed by right-clicking on the My Computer icon and choosing Properties from the menu displayed.) For example:
Figure 8 TEMP and TMP Variables Setup
40
Run the *.exe file you have downloaded. This will start the InstallShield program which will begin installing the Tools release. Note - Do not install the Tools in a directory path containing a space, such as Program Files. A directory structure is created, by default, in: c:\virata\tools_v<version_number>\tools
Run the Build ATMOS images program from the menu: Start > Programs > Virata-Tools<Version number> The Build ATMOS images sub-shell window is displayed. From here you can build images. For the very latest information about the release, read the Tools Release note provided with the release. This is called RELEASE.txt and is contained in the directory: c:\virata\tools_v<version_number>\doc.
3.5

After you have downloaded the relevant ISOS source files, you must install them in a suitable location. For example, on your local disk. The source files are compressed using Zip for compactness and minimal download time, so you must extract the file using an appropriate decompression program. 3.5.1 Linux or Solaris installation procedure To install the ISOS source software release, follow the procedure below:
1
Log in to your computer using your normal username and password. You do not need to be logged in as root to install the software. Ensure that you are running a supported version of Linux or Solaris. (For more information, refer to What software development platforms are supported? on page 20.) Ensure that you have met all additional requirements for this platform. (For more information, refer to What additional software applications are needed? on page 20.)
41
4 5 6
Ensure that you have installed the relevant ISOS Tools release, as described in Installing ISOS Tools on page 35. Create a new directory where you wish to store the software. For example, ISOS_DEVEL. Decompress the ISOS source file to the new directory, using the correct Zip options. For example: unzip <software source file> A directory structure is created, containing the ISOS source and system files. Read the Release Notes, for any further information about the release. The Release note for the ISOS source release is a text file called release.txt and is contained in the root of the install directory. There is also a document that you should read: DO-400602-TC, Software 8.2 Service Release 2: Release Notes which contains more detailed information about the release.
3.5.2
Windows (NT, 2000 and XP) installation procedure To install the ISOS source software release, follow the procedure below:
1
Ensure that you are running a supported version of Windows. (For more information, refer to What software development platforms are supported? on page 20.) Ensure that you have met any additional requirements for this platform. (For more information, refer to What additional software applications are needed? on page 20.) Ensure that you have installed the relevant ISOS Tools release, as described in Installing ISOS Tools on page 35. Create a new directory called, for example, ISOS_DEVEL. Open the downloaded ISOS source file in WinZip and extract all files to the new directory. A directory structure is created, containing the ISOS source and system files. Read the Release Notes, for any further information about the release. The Release note for the ISOS source release is a text file called release.txt and is contained in the root of the install directory.
3 4 5
42
There is also a document that you should read: DO-400602-TC Software 8.2 Service Release 2: Release Notes which contains more detailed information about the release.
3.6
Installing the ISOS Chip support package

After you have installed the ISOS source release, you need to install the Chip support package for your platform. It is important to note the following rules when installing CSPs: Only ONE Chip Support Package (CSP) should be installed on top of any ISOS source installation. The CSP must be installed after the ISOS source software has been installed. 3.6.1 Installation procedure To install a CSP, follow the procedure below: For UNIX (Linux or Solaris)
1
Decompress the CSP from the same directory in which you installed ISOS, using the correct Zip options. For example: unzip <CSP file> The files are copied to the relevant ISOS directories. Read the Release Notes for the CSP that has been installed. The Release Note for the CSP is a .txt file which will be installed in the current directory. You should read this note as it contains important information about how to make various customizations to the software. For example, in the Release Note for the Helium CSP there is information about how to enable the second ATM port on the ISOS System and how to enable the ISOS System to work with the TransVoice 2 board.
For Windows (NT, 2000 and XP)

1
Open the downloaded CSP file in WinZip and extract all files to the same directory in which you installed ISOS. The files are copied to the relevant ISOS directories.
43
Installing the ISOS Board support package
Read the Release Notes for the CSP that has been installed. The Release Note for the Helium CSP is a .txt file which will be installed in the current directory. You should read this note as it contains important information about how to make various customisations to the software.
3.7
Installing the ISOS Board support package

If necessary, after you have installed the CSP, install the Board support package (BSP) for your platform. It is important to note the following rules when installing BSPs: Only ONE Board Support Package (BSP) should be installed on top of any ISOS source installation. The BSP must be installed after the ISOS source software and CSP has been installed. 3.7.1 Installation procedure To install a BSP, follow the procedure below: For UNIX (Linux or Solaris)
1
Decompress the BSP from the same directory in which you installed ISOS, using the correct Zip options. For example: unzip <BSP file> The files are copied to the relevant ISOS directories. Read the Release Notes for the BSP that has been installed. The Release Note is a .txt file which will be installed in the current directory.

1
Open the downloaded BSP file in WinZip and extract all files to the same directory in which you installed ISOS. The files are copied to the relevant ISOS directories. Read the Release Notes for the BSP that has been installed. The Release Note for the CSP is a .txt file which will be installed in the current directory.
44
3.8
Install the Web Content Compiler License

The Web content compiler license is a time-limited license which is currently set to expire on 1st Nov 2006. 3.8.1 Installation procedure For UNIX (Linux or Solaris)
1
Decompress the license package into a temporary directory, using the correct Zip options. For example:
unzip <license file>
Two files are copied to the temporary directory:

2
agranat.lic readme.txt
Copy the agranat.lic (the license file) to an appropriate directory, which you can refer to in an environment variable. A good place to copy the license file is the directory /usr/local/virata/share that is created when you install any GlobespanVirata Tools package. This directory is used to store files which are not tied to a specific Tools release. Add the following environment variable to your shell initialisation file:
AGRANAT_LICENSE_FILE
For csh and tcsh users, define the variable as follows:

setenv AGRANAT_LICENSE_FILE /usr/local/virata/share
For sh, bash or zsh users, define the variable as follows:

AGRANAT_LICENSE_FILE=/usr/local/virata/share
45
Install the Web Content Compiler License
Then, export this variable. For csh users, enter:

source ~/.cshrc
For tcsh users, enter:

source ~/.tcshrc
For sh, bash or zsh users, enter:

export VIRATA_TOOLS
To check that you have configured the variable correctly, enter:

echo $AGRANAT_LICENSE_FILE
The following line should be returned:

/usr/local/virata/share
Read the ReadMe file (readme.txt) for more information about the license. In particular, pay attention to the expiry date for the license that you have installed. The license files will expire on 1st Nov 2006. After this time period, you will need to download a new license from the GlobespanVirata Licensee Server and install it by overwriting the old license file with the new license file.

1
Open the downloaded license file in WinZip and extract all files to a temporary directory. Two files are copied to the temporary directory: agranat.lic readme.txt
Copy the agranat.lic (the license file) to an appropriate directory, which you can refer to in an environment variable. A good place to copy the license file is the directory c:\virata\share that is created when you install any GlobespanVirata Tools package.
46
Add the following environment variable to your system:

AGRANAT_LICENSE_FILE
This variable should point to the location of the argranat.lic file. The variable settings are shown on the Environment tab in the System Properties dialog box. (This dialog box is displayed by right-clicking on the My Computer icon and choosing Properties from the menu displayed.) For example:
Figure 9
4
AGRANAT_LICENSE_FILE Variable Setup
Read the Readme file (readme.txt) for more information about the license. In particular, pay attention to the expiry date for the license that you have installed. The license files will expire on 1st Nov 2006. After this time period, you will need to download a new license from the GlobespanVirata Licensee Server and install it by overwriting the old license file with the new license file.
47
Configure your shell initialisation file
3.9

You will need to configure your shell initialisation file if you are working with more than one ISOS source release. To work with more than one release, you will need to download and install the appropriate tools package for each release that you are working with and then alter the shell configuration file when you wish to work on the other source release. The configuration method varies depending on the OS platform you are using. 3.9.1 Unix (Linux or Solaris) To switch between Tools releases, change the VIRATA_TOOLS environment variable in your shell initialisation file. When you start a new shell, it will use the new Tools version. To check which tools version you are currently using, enter the following command: For csh and tcsh users, enter:
env

set
to see what the VIRATA_TOOLS variable has been set to. For csh and tcsh users, edit the following line in your shell initialisation file: setenv VIRATA_TOOLS=8.20 For sh, bash or zsh users, edit the following line in your shell initialisation file: VIRATA_TOOLS=8.20 Change these lines to whatever Tools release you wish to use and export the new setting using the following commands: For csh users, enter:
source ~/.cshrc
48
For tcsh users, enter:

source ~/.tcshrc

export VIRATA_TOOLS
Then check that the new Tools version has been set correctly using the set or env commands described earlier. 3.9.2 Windows (NT, 2000 and XP) To switch between different Tools releases on a Windows system, select the relevant version of the ISOS release from the Start menu: Start > Programs > Virata Tools<Version number>. This menu will have separate menu entries for each Tools release which has been installed on the system.
49
50
4. Installing PC Driver software
This chapter describes how to install PC-driver software on Windows, MAC and Linux OS platforms.
51
4.1
PC Driver software is needed if you wish to use the ISOS System in a PC-attached Gateway configuration where the PC is attached to the ISOS system via USB. Refer to Typical PC-attached Gateway (USB) configuration on page 15 for more information about PC-attached Gateway configurations. The table below summarises the driver requirements for all OS platforms which can support a PC-attached Gateway configuration:
PC-attached Gateway Driver details OS Windows XP Windows 2000 Windows 98 Windows 98 SE Windows ME MAC OS 9 USB CDC Ethernet MAC OS X 10.1 and USB CDC Ethernet MAC OS X 10.2 Linux USB CDC Ethernet RNDIS Driver type PC-side driver Microsoft (Native support prov) Microsoft (download) Microsoft (download) Microsoft (download) GlobespanVirata (support included in Microsoft (download) usb-gateway image) GlobespanVirata GlobespanVirata Linux kernel 2.4.18 Chip-side driver
Table 14:
PC-attached Gateway Driver details
This chapter describes how to setup your PC for use in a PC-attached Gateway configuration for all the OS platforms listed in the table above. These systems can be connected to an ISOS System running a PC-attached Gateway build image (usb-gateway). This image file includes support for RNDIS and USB CDC Ethernet. Due to the legal restrictions of using RNDIS on non-Microsoft operating systems and to benefit from the in-built support of CDC under Linux, GlobespanVirata has devised an architecture to allow a single image (usb-gateway) to support RNDIS and CDC. Two USB configurations are exposed by the device and the host operating system selects which protocol to use for communication with the device by selecting the correct USB configuration.
52
Installing PC Driver software
4.2
RNDIS driver support

For PCs running a version of the Microsoft Windows OS, RNDIS PC driver software is required to support PC-attached Gateway operation. Microsoft have incorporated RNDIS support in Windows XP and have committed to providing native RNDIS support in all future Windows OS releases. 4.2.1 Software supplied by Microsoft For Microsoft OS versions earlier than XP, Microsoft provide the RNDIS drivers as a download from their web site. For more information about RNDIS support under Windows, refer to the following location on the Microsoft web site: http://www.microsoft.com/hwdev/tech/network/rmNDIS.asp The RNDIS drivers themselves can be downloaded from the following location on the Microsoft web site: http://www.microsoft.com/hwdev/resources/hwservices/rndis.asp The RNDIS drivers are provided as a Development kit for Independent Hardware Vendors (IHVs) to customise for their particular product and then to distribute to users of their product. The development kit comprises: A drivers directory containing the RNDIS USB drivers. The free sub-directory contains the drivers in object code format. A documents directory which contains useful information about RNDIS and information on how to customise the RNDIS INF file for your use. A Template INF file is supplied for this purpose. A Licenses directory which contains license agreements for developers and users of the Microsoft RNDIS drivers: Microsoft Redistribution agreement for the RNDIS drivers. This agreement specifies that the RNDIS drivers must be supplied to users as object code. Sample End-user license agreement which you can customize for your own use. This license agreement must be included with the RNDIS drivers which you distribute to users.
53
4.2.2
Software supplied by GlobespanVirata GlobespanVirata provide an example RNDIS distribution package which shows you the packages you will need to distribute to your customers.
Release Name Part number DO-400849-LS
RNDIS Driver Package
Table 15:
RNDIS Driver package
The package contains: The RNDIS drivers - in object code format as supplied by Microsoft. INF file - customised for GlobespanVirata use. License Agreements as supplied by Microsoft. Thus, the only item which has been customised by GlobespanVirata is the INF file. All other components are included as supplied by Microsoft. This software package is referenced and used in the following section which describes how to install the RNDIS drivers on a Windows OS PC platform which does not have native RNDIS support. 4.2.3 Outline installation procedure The outline procedure for installing the RNDIS drivers on a Windows PC is described below:
1 2
Ensure you meet the pre-requisites; see Pre-requisites on page 54. Install the PC Driver software release on the computer; see Installing RNDIS Driver software on Windows on page 55.
4.2.4
Pre-requisites The procedure described in this section assumes the following: You are using a computer which contains a clean installation of any of the following Windows platforms (all of the platforms listed below support a PC-attached Gateway configuration):
54
Windows 98 FE (PC-attached Gateway configuration only). (This version of Windows is also referred to as Windows 98 Gold.) Windows 98 SE Windows ME Windows 2000
4.2.5
Windows XP You have System Administrator-level knowledge and privileges for the platform that you are using. For example, you can install software packages, have permission to edit system files and so on. You have built a usb-gateway ISOS image and successfully downloaded the image to the system.
Installing RNDIS Driver software on Windows To install the RNDIS software on all versions of Windows which do not include native RNDIS support, follow the procedure below:
1
Download the GlobespanVirata RNDIS Driver Package. The table below shows the release package required:
RNDIS Driver Package
Table 16:
2 3
RNDIS Driver package
Create a new directory on your PC called, for example, GSPNVRTA_PC. Open the downloaded file in WinZip and extract all files to the new directory. A directory structure is created containing the drivers and system files. Copy the files on to a floppy disk. Read the Release Notes, for information about the release. There is also a document that you should read: DO-400602-TC, Software 8.2 SR2 Release Notes which contains more detailed information about the release. Power up the ISOS System.
4 5
55
Plug the USB cable from the ISOS System into the USB port of the PC. The PC will detect the newly-attached device and display the Found New Hardware dialog box. The Add New Hardware Wizard dialog box is then displayed to load the driver for the ISOS System: Click on Next to continue. The following dialog box is displayed asking you to specify how to install the driver:
8 9
10 Ensure that the first option is selected and click on Next.
The following dialog box is displayed asking you to specify where the driver can be found:
56
11 Insert the floppy disk containing the RNDIS driver software. 12 Check the Floppy disk drive option and click on Next.
A dialog box is displayed which confirms that a suitable driver has been found on the floppy disk which will now be installed. The driver will now be installed.
13 After restarting the system, the device will be detected as a new
LAN Device called GSPN USB Remote NDIS Network Device. For example:
Refer to the documentation supplied with your system for more information on configuring the Ethernet port on the device.
4.3
CDC Ethernet Networking Model support

The CDC Ethernet Networking model is used for Linux and MAC OS PCs. The USB CDC-Ether model is defined by the USB Forum as the specification for devices to follow for driver-less installation on host operating systems which support the CDC Ethernet Networking Model and have a common driver for it. CDC-Ether is protocol published by the USB Forum (www.usb.org). For more information about this protocol refer to the USB Forum web-site and the document:
57
http://www.usb.org/developers/data/devclass/usbcdc11.pdf CDC-Ether support has been built into the Linux kernel (V2.4.18) and GlobespanVirata have developed CDC-Ether drivers for MAC OS platforms. 4.3.1 For MAC OS platforms GlobespanVirata provides both chip-side and PC-side support for the CDC Ethernet Networking Model for MAC OS platforms running MAC OS 9 and MAC OSX 10.1 and MAC OSX 10.2. PC-side support is provided by a set of Ethernet drivers for the USB interface on Helium Communication Processors. Both drivers for each version of MAC OS are supplied in the following packages
Mac OS 9/X CDC Release
Table 17:
MAC OS CDC Ethernet Driver package
For more information on how to use the MAC OS drivers, refer to the Release Notes provided with the software shown above. The Release Notes describe how to install and run the software and discuss known issues and limitations with the drivers. If you follow the instructions in the release notes, you should end up with an additional Ethernet port on the MAC system which you can configure.
58
For example:
Figure 10
MAC OS CDC Ethernet Driver loaded
Refer to the documentation supplied with your system for more information on configuring the Ethernet port. 4.3.2 For Linux OS platforms The CDC Ethernet Networking Model is supported on PCs running a version of the Linux OS with a recent version of the kernel. The following version of the Linux kernel contains PC-side support for the CDC Ethernet Networking model: V2.4.18 The only commercial version of Linux which incorporates this version of the kernel is RedHat 8.0. If you are using other versions of Linux you can download this version of the kernel from one of many web sites and recompile the kernel for your system.
59
For example: http://www.kernel.org/ You will need to download the kernel and recompile this kernel for the Linux OS you are using. Refer to the documentation supplied with your system for more information on how to recompile the kernel. The Linux kernel 2.4.18 is provided with drivers for CDC-Ether. During testing GlobespanVirata found some issues with the Linux CDC-Ether support. A patch is available from GlobespanVirata to address these issues with the current Linux CDC-Ether driver.
Linux CDC Ethernet driver patch
Table 18: Linux CDC Ethernet Driver package The Release Notes provided with this patch explain how to add the patch to the kernel. GlobespanVirata have provided these changes back to the Linux community and expect these fixes to be available as standard in future Linux kernel If the kernel compiles with no errors you will be able to connect an ISOS system to the PC. If the Linux OS distribution you are using includes hot-plug support, then simply plugging a device running an ISOS usb-gateway image into the USB port will cause the USB driver to be loaded. To check whether the driver is loaded, type lsmod If the driver is loaded and the ISOS System is correctly configured it should appear as a normal network device (called GlobespanVirata DM6710) and can be listed by the command: ifconfig -a The device can now be configured and used as a normal Linux network device. Refer to the documentation supplied with your system for more information on configuring the Ethernet port.
60
5. Building an ISOS image
This chapter describes how to build an ISOS image to download to your ISOS System. It also describes the contents of the image file produced and describes how to create customized ISOS image files.
61
Introduction
5.1
Introduction
The ISOS System requires a software image to be available in order for it to boot and function as a network device. After booting and initial configuration, the image also needs to be able to be configured by various management applications. This chapter discusses how to build an image for this purpose. For more information about how to configure and manage the image, refer to Using the ISOS File Manager on page 201. The ISOS Tools utility called mkproduct is used to build an image file from the ISOS source and configuration files which will typically be stored in Flash memory on the ISOS System. The image file produced, (usually called flash.bin), is a composite file which contains the boot images and the run-time images required by the ARM processors contained in the Helium communications processor, together with software and hardware configuration information required by the ISOS System to support a particular type of network configuration. In addition, you can customize the build process to build various types of images: Building a default image; see Building an ISOS image on page 79. Building a debug image; see Building a debug image on page 80. Building a network-bootable image; see Building a network-boot image on page 81. Building an image containing a recovery image; see Building an image containing a recovery image on page 83 Building an image containing multiple configuration partitions; see Building an image containing multiple configuration partitions on page 87. Including additional files in an image; see Including files in an image on page 91. Building an image to include particular ISOS processes; Creating customized images on page 94. The next few sections describe some of the fundamental concepts about image building and configuration under ISOS.
62
Building an ISOS image
5.2
Typical image structure

The diagram below shows the structure of a typical ISOS image. The entire composite image is usually called flash.bin:
0 - Start of Flash boot.bin
Boot and Configuration area config.bin
Run-time image
Image area flashfs_main.bin
Figure 11
ISOS image structure
The complete image is not restricted to being on one Flash chip. This image can be located on a number of Flash chips and you can edit configuration files to determine which part of the image is stored on which particular Flash chip.
63
Typical image structure
5.2.1
Images included in a build This flash.bin file has three main sections described in the table below:
Flash area File name Description of Contents The images required to boot the ARM chips in the Communications processor (CP): Boot area boot.bin - Boot image (for the IDMAE (Intelligent DMA Engine) in the CP). - PP Boot image (for the PP (Protocol Processor) ARM chip in the CP). Configuration information used to configure the images in the Image area. Information such as the MAC address of the ISOS System is stored in this file. Run-time images that will be loaded when the CP has booted up: Image area flashfs_main.bin - IDMAE run-time image. - PP run-time image. Also contains configuration information for the image and web page archive.s
Configuration area
config.bin
Table 19:
Contents of flash.bin file
Note that the above description is for a typical image file. You can make changes to the image file produced by editing various configuration files to suit your particular requirements. This is discussed in the later sections of this chapter. For more information about listing the contents image file which has been downloaded to the ISOS System, refer to Using the ISOS File Manager on page 201.
64
5.3
Build requirements
In order to build an ISOS image you need to consider two areas: Hardware type; the type of hardware (ISOS System) you are using. For example, BD6100. Product type; the type of product you wish to build. For example, a PC-attached (USB) gateway configuration is called a usb-gateway product type. When building any type of image, you need to specify the hardware you are using and the type of product you wish to build. The flash.bin image is then built to include all the required software packages for this particular combination of hardware and product type. The build directory created to produce the images is derived from the hardware and product type that you specify. For example, building an image for: Hardware type: bd6100 Product type: usb-gateway produces a build directory called: bd6100-usb-gateway. You must specify a product type which will be supported by the ISOS System you are using. For example, it makes no sense to attempt to build a pci-modem product for a BD6100 ISOS System as the Helium processor does not have a PCI interface.
65
Hardware type
5.4
Hardware type
The Hardware type defines the hardware system that is used to run ISOS software. For example, BD6100. Hardware configuration files are provided for each system type supported by ISOS 8.2 Service Release 2. The files are located in the directory: <install dir>/atmos/source/hardware For example, for the BD6100 ISOS System, the hardware file is called bd6100.hw. The following sections list the hardware types which are supported in ISOS ISOS 8.2 Service Release 2 for each group of hardware systems supported by GlobespanVirata and the corresponding hardware configuration files which are used to build an image for each of these systems. The systems supported are: BDXXXX systems; GlobespanVirata Development systems, where XXXX is a number denoting the type of Communications processor used in the system. DMXXXX systems; GlobespanVirata Design for Manufacture systems, where XXXX is the model number. MDS system; GlobespanVirata Modular Development System comprising a Communications processor blade and other blades providing additional network interfaces.
66
5.4.1
BDXXXX Hardware types

Hardware type Hardware file bd6100.hw BD6100 bd6100-1MB.hw Description He100-based evaluation system. He100-based evaluation system. (Use with lean product files to produce an image size of <1MB.) He200-based evaluation system. bd6000.hw He210-based evaluation system. He210-80-based evaluation system. bd62x1.hw BD6221 bd62x1-1MB.hw He210-80-based evaluation system. He21-80-based evaluation system. (Use with lean product files to produce an image size of <1MB.)
BD6200 BD6210 BD6220
Table 20: 5.4.2
BDXXXX Hardware types
DMXXXX Hardware types

Hardware type DM6710 Hardware file dm6710.hw Description Full-rate ADSL Modem based on the He210-80 and GS7070 ADSL PHY.
Table 21:
DMXXXX Hardware types
67
Product type
5.4.3
MDS Hardware types He 210-80 configurations

Hardware type MDS-210-cpu MDS-210-atm25 MDS-210-ar1 MDS-210-atm25155 Hardware file mds-210-cpu.hw mds-210-atm25.hw mds-210-ar1.hw MDS-210-atm25155.hw Description/Blades included - RD7102 (Helium 210-80 CPU) - RD7102 (Helium 210-80 CPU) - RD7301 (IDT ATM25) - RD7102 (Helium 210-80 CPU) - RD7312 (GS7070 PHY) - RD7102 (Helium 210-80 CPU) - RD7302 (rev 1 or rev 2) - NEC ATM25 / PM5384 ATM155.
Table 22:
(He210-80) MDS Hardware types
Note All other MDS blade configurations using the RD7102 (He210-80 blade) are not supported by GlobespanVirata and are also unlikely to work.
5.5
Product type
The Product type defines a specific type of product for a particular configuration. (The types of configurations supported by the ISOS System are described in What configurations are supported by an ISOS System? on page 10.) The number of product types available will vary depending on the software release you are using with the ISOS System; later software releases support a larger number of configurations.
68
The following table lists the product types provided in ISOS:

Product type atm-switch eth-gateway usb-gateway Description Gateway image including ATM switch support. Ethernet Gateway image providing bridging and routing support. USB PC-attached Gateway image providing bridging and routing support. A subset of the usb-gateway image which will produce a smaller image than usb-gateway. Processes removed include: DHCP relay and Spanning-tree bridge. Archive of modules including example configurations. Images built by this product should NOT be run because they may require more memory than available on the ISOS System. Same as the eth-gateway but also includes a recovery image. Build for upgrading the Boot ROM images stored in Flash memory on the ISOS system. Build for upgrading the Serial ROM (EEPROM) on the ISOS System.
usb-gateway-lean
extra-sw
eth-gatewayrecovery flash-rewrite serialboot
Table 23:
ISOS product types
For more information about the characteristics of the product types listed in the above table, refer to What are the features of each supported configuration? on page 13. For more information about the other product types which are available, refer to Product type on page 68. All product types are defined in pre-configured product files in the <install dir>/atmos/products directory. A separate directory exists for each particular product. For example, the directory used to create an image for a PC-attached (USB) Gateway product is called usb-gateway.
69
Product and platform combinations
5.6
Product and platform combinations

The following table lists the combinations of hardware types and product types which are supported by GlobespanVirata in ISOS 8.2. All other combinations are not supported by GlobespanVirata and are unlikely to work.
Product atm-switch Hardware types bd6000, bd6100, bd62x1. mds-210-atm25, mds-210-atm25-155. bd6000, bd6100, bd62x1. eth-gateway mds-210-atm25, mds-210-atm25-155, mds-210-ar1. dm6710. bd6000, bd6100, bd62x1. usb-gateway mds-210-atm25, mds-210-atm25-155, mds-210-ar1. dm6710. bd6000, bd6100 (or bd6100-1MB), bd62x1 (or bd62x1-1MB). usb-gateway-lean mds-210-atm25, mds-210-atm25-155, mds-210-ar1. dm6710. extra-sw (Note: This product is not intended to be built. It is for example purposes only.) bd6000, bd6100, bd62x1. mds-210-atm25, mds-210-atm25-155, mds-210-ar1. dm6710. bd6000, bd6100, bd62x1. eth-gateway-recovery mds-210-atm25, mds-210-atm25-155, mds-210-ar1. dm6710.
70
Product
Hardware types bd6000, bd6100, bd62x1.
flash-rewrite
mds-210-cpu. mds-500-cpu. dm6710. bd6000, bd6100, bd62x1.
serialboot
mds-210-cpu. mds-500-cpu. dm6710.
Table 24:
Supported Product/Hardware type combinations
71
Build directories and configuration files
5.7
Build directories and configuration files

The diagram below shows the build directories created and the product and configuration files used when building a usb-gateway image for a BD6100:
e diagramdevelop w
atmos/products/usb-gateway/mkproduct.pst atmos/products/usb-gateway/mkproduct.cfg Product configuration files atmos/system/usb-gateway System configuration file Product directory Build Configuration Files
atmos/source/hardware/bd6100.hw Hardware configuration file
atmos/build/bd6100-usb-gateway/ Build directory
Build directory
atmos/products/usb-gateway/flashfs/initbun BUN configuration file
Run-time Configuration File
atmos/build/products/bd6100-usb-gateway/ Image directory
Image directory
Figure 12
ISOS Build directories and configuration files
72
The following sections describe the use for each of the above files and directories.
5.8
Product configuration files

The products directory contains all the software-specific configuration information required for creating a particular type of product.There are many configuration files contained in the Products directory which can be edited to suit your particular requirements. The mkproduct.pst and mkproduct.cfg file describe some basic configuration information and what images are to be put in the partitions described in the hardware file. In the products/flashfs directory are default configuration files for configuring ISOS processes such as SNMP, BUN and VMI. All files in the flashfs directory are included in the flash.bin file. For more information about the products which can be built, refer to Product type on page 68.
5.9
System configuration file

The system file defines the ISOS processes which are included in a build to support a particular type of configuration. This file can be edited quite extensively to produce an image which contains only the ISOS processes that you wish to use in your product. The system files required for a product build are included by the mkproduct.cfg file in the products directory. For example, the mkproduct.cfg file for the usb-gateway-lean product configuration file (in atmos/products/usb-gateway-lean) includes the line:
SYSTEM_FILES="usb-gateway-lean np_rt"
This includes the system files, usb-gateway-lean and np_rt in a usb-gateway-lean product build. The usb-gateway-lean system file can be edited extensively to include or remove software modules which are not required. The np_rt system file defines the runtime code used for the IDMAE (Intelligent DMA Engine). It is supplied in binary image format.
73
Hardware configuration file
When a product using this file is built, the build process will search for a system file called np_rt. If it is not found, the build process looks for an object file in the following directory: atmos/products/objects/<chip-type>-np_rt where <chip-type> is the name of the processor as defined in the hardware configuration file (in the directory atmos/source/hardware/):
HWCHIP:augustus
For example, for a build on the target hardware He 210 (Augustus) the NP object file will be found in the directory: atmos/products/objects/augustus-np_rt There are many product variants provided in an ISOS release which provide similar features. For example: eth-gateway usb-gateway are identical products apart from usb-gateway includes support for USB. To ensure that changes made to one product type are also applied to other similar product types, the system files for both of these products reference a generic system file called gateway. The eth-gateway system file calls this file to use as its system file. The usb-gateway file also calls this system file and adds a line to provide USB support. For example, here is the main section of the eth-gateway system file:
Include ../system/gateway
Here is the main section of the usb-gateway system file:

Set with_usb Include ../system/gateway
For more information and for an example of using system files, refer to Creating customized images on page 94.
5.10
Hardware configuration file

The hardware (*.hw) file is used to configure low-level hardware-specific information for the ISOS System you are using. It defines some very basic hardware configuration information about the system.
74
For example, the hardware file defines: Sizes of flash partitions Flash granularity Board registers LEDs (if present). BUN software drivers to use for the physical interfaces provided by the hardware. EPB modes GPIO settings It is unlikely that you will ever need to change this file but you are likely to want to take a copy of a hardware file and edit it to suit your particular hardware product which may not use all of the functionality provided by the hardware. There is usually one hardware file for each ISOS System where an ISOS System is a BDXXX Series Evaluation System. For example, for the BD6100 system the hardware file is bd6100.hw. In the case of the MDS System which can contain multiple boards there is still one hardware file but this hardware file references other lower-level hardware files one hardware file for each board in the MDS configuration. These lower-level MDS hardware files are contained in a sub-directory of the hardware directory, called mds-card. For example, here is an extract from the hardware file mds-210-atm25-155.hw which provides support for an MDS system containing: RD7102 (Helium 210-80 CPU) RD7302 (ATM card) The following lines in the hardware file reference the other hardware files required for each of the above blades in the MDS:
% Include base MDS support Hardware mds-base % Pull in CPU card Hardware mds-card/rd7102-3 % Pull in ATM25/ATM155 card support Hardware mds-card/rd7302_rev1
75
Build directory
For more information about the hardware files and the corresponding system they are used with, refer to Hardware type on page 66.
5.11
Build directory
mkproduct creates a build directory based on the hardware type (BD6100) and system file (usb-gateway). The name of the build directory is formed by combining the hardware type and system file. For example: atmos/build/bd6100-usb-gateway mkproduct also creates a sub-directory within the main build directory for each product. This directory is created in atmos/build/products. The name of this directory is also formed by combining the hardware type and product file name. For example: atmos/build/products/bd6100-usb-gateway. These build directories contain all the intermediate files and directories for use in producing the image files in the image directory. You can build as many product types as you wish using mkproduct. Separate build directories are created for each hardware and product type combination that you build. 5.11.1 Image files The two main image files for a build are: The image file used by the IDMAE (Intelligent DMA Engine) in the Helium communications processor. The PP image file used by the Protocol Processor in the Helium communications processor. The PP image is created from source and is copied into the build directory for the product you are building. For example, if you build an bd6100-usb-gateway image, the PP image file (called image.comp) would be located in the build directory: atmos/build/bd6100-usb-gateway The IDMAE image is for an ISOS System is provided as a pre-compiled binary. It will be installed in the directory: atmos/build/bd6100-np_rt/
76
The IDMAE file in this directory is called image.
5.12
BUN configuration file

The BUN configuration file called initbun is used to configure the ISOS System at the hardware port and device driver level. The file contains port and device statements which are special BUN directives used to configure BUN device drivers. The device BUN configuration statements create an alias for each of the physical devices on the board and define the BUN drivers that will be layered on each of the devices. The port BUN configuration statements configure all the ports on the board, specifying the device driver to be used (as defined in the device statement) and declaring a default set of port attributes for each of the ports. For example, PhysicalPort and PortSpeed attributes are set for the Utopia driver. Here is an example initbun file, taken from the eth-gateway product directory, showing the use of the port and device statements:
# BUN configuration runes # # # # # # # To get a build that uses the T1.413 (ADSL) interface rather than the utopia interface for atm traffic, uncomment the two adsl configuration lines and comment out the two atm configuration lines. You will also need to remove all lines that refer to hdlc. The hdlc and adsl interfaces share the same pins, and if both are compiled in, hdlc takes priority. You must even remove the line 'Package bun/devices/hdlc'
device : atm = chameleon, debug, pppoe, rfc1483, atm_phy, atm_transport #device : adsl_device = chameleon, debug, rfc1483, dsl_phy, t1_413 device : h1 = chameleon, debug, hdlc device : e1 = chameleon, debug, ethernet, ethernet_phy device : aal2cps_device = aal2cps port : hdlc = h1 /NewAttribute=<bool:VMI=true> port : ethernet = e1 /NewAttribute=<bool:VMI=true> /NewAttribute=<bool:Inside=true> %filtering driver replaces EDD %port : etherfilter=filter/interface=<port=ethernet> port : a1 = atm/PhysicalPort=0/PortSpeed=59111 /NewAttribute=<bool:VMI=true> /NewAttribute=<bool:Outside=true> #port : a1 = adsl_device/PortSpeed=2000 /NewAttribute=<bool:VMI=true> /NewAttribute=<bool:Outside=true> # To include support for AAL2 on a particular port and VCI, uncomment the following # line and modify the settings as appropriate. #port : aal2_cps = aal2cps_device/rxbuffersource=<AAL2>/interface=<port=a1/txvci=100/rxvci=100 >
77
BUN configuration file
The information in this file can be changed to suit your particular requirements. For example, you may wish to comment out ports that you are not using and to set different attributes for the ports you are using. For more information on the BUN directives which can be used in the initbun file, refer to the ISOS BUN Developers Guide, DO-010033-TC. 5.12.1 BUN configuration in the hardware file It is also worth pointing out that hardware files also contain a Software driver definition section which defines the BUN device drivers which are needed for each of the interfaces supported by the system. Here is a section taken from the bd6100.hw hardware file:
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % Software driver definitions % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Set atm_device = bun/devices/utopia Set atm_phy_device = bun/devices/idt7710x Set num_atm_ports = 31 Set atm_multi_phy_device = bun/devices/idt7710x Set ethernet_device = bun/devices/ethernet bun/devices/fluorine Set hdlc_device = bun/devices/hdlc Set t1_413_device = bun/devices/adsl Set dsl_phy_device = bun/devices/sample_adsl Set usb_device = bun/devices/usb
% Set up standard devices Config.hs Config.hs Config.hs Config.hs Config.hs Config.hs Config.hs BUN_CONFIG_HW_0 BUN_CONFIG_HW_1 BUN_CONFIG_HW_2 BUN_CONFIG_HW_3 BUN_CONFIG_HW_4 BUN_CONFIG_HW_5 BUN_CONFIG_HW_6 "device : atm_transport = utopia" "device : atm_phy = idt7710x" "device : atm_multi_phy = idt7710x" "device : dsl_phy = SampleAdsl" "device : t1_413 = adsl" "device : ethernet_phy = fluorine" "port : ciao = ciao"
78
5.13
Image directory
This directory contains the output of the build process. It contains the components of the final flash.bin image which is downloaded to the ISOS System. The files included in this directory are: boot.bin config.bin flashfs_main.bin flashfs_main.cfg A separate ISOS Tools program called mkhfflash is used to combine all the above files into the flash.bin composite file. The following file is also created in this directory: http-upload.tar This file is a tar format of all the files which are included in the flash.bin file. This file can be downloaded to an ISOS System via HTTP upload using a web browser. For more information, refer to Update on page 171. For more information about these images, refer to Images included in a build on page 64.
5.14

To build an ISOS image, follow the procedure below. This example procedure assumes that you are going to build an image for the bd6100-usb-gateway product:
1
Ensure that you have a command prompt from where you can run ISOS commands: For Linux and Solaris users, ensure that you are working in the atmos directory. For any Windows users, start a Build ATMOS images sub-shell window by choosing Start > Programs > Virata Tools<Version number> from the Start menu. You may then need to cd to the atmos directory.
79
Building a debug image
Enter the command: mkproduct usb-gateway bd6100 to build an image for a PC-attached gateway product type for an ISOS System, attached via USB. where: usb-gateway refers to a product name defined in the <install dir>/atmos/products/ directory. Namely, usb-gateway.
bd6100 refers to a hardware file in the <install dir>/atmos/source/hardware/ directory. Namely, bd6100.hw. The resultant ISOS image file produced, called flash.bin, will be copied into the directory: <install dir>/atmos/build/products/bd6100-usb-gateway
5.15
Building a debug image

To build an ISOS System image for debugging purposes, use the mkproduct command with the -d option. For example, to build a debug version of the bd6100-usb-gateway product, enter the command: mkproduct -d usb-gateway bd6100 A new build directory is created in: <install dir>/atmos/build/products/bd6100-usb-gateway The resultant ISOS image file produced, called flash.bin, will be copied into the directory: <install dir>/atmos/build/products/bd6100-usb-gateway This is also the directory used for the flash.bin file when building a non-debug bd6100-usb-gateway image, so any non-debug image file will be overwritten. For more information about debugging, refer to DO-007821-TC, How To Debug and Troubleshoot ATMOS.
80
5.16
Building a network-boot image

A network-boot image is an image which has been specifically built for downloading to the ISOS System over a network connection (e.g. Ethernet or USB). This feature is provided so that you can easily upgrade your ISOS System during early development phases before you start having to consider Flash requirements for your product. The differences between a network-boot image and a normal image are: No recovery image is included; if the ISOS System is booted over the network then there is no need for a recovery image to be provided. For the recovery partition to be ignored, the following line must be present in the mkproduct.pst file for the product you are building:
flags skipnet
This flag tells the build process to ignore this partition if building a network-boot image. All Flash chip sizes are ignored; the image is built as small as possible for quicker download over the network.
You can build a network-boot image in two ways: Using mkproduct with the -n option. Editing the product configuration file to add an option to always build this type of image. Using mkproduct For example: mkproduct -n usb-gateway bd6100 Editing mkproduct.pst To build a network-boot image for a particular product build you can edit the product configuration file, mkproduct.pst for the product you are building. Adding the line:
NETWORK_BOOT=1
to the mkproduct.pst file will build a network-boot image.
81
Building a network-boot image
To build a normal image again you can either remove this line from the file or change the line to:
NETWORK_BOOT=0
This setting will also override the mkproduct -n option. If NETWORK_BOOT is not specified in the mkproduct.pst file a normal image is built, unless the mkproduct -n option is used.
82
5.17
Building an image containing a recovery image

A recovery image can be created as part of the build process and included in the final ISOS image. If there is a problem in the main FlashFS partition that is being used, then ISOS will use the recovery image which should contain a known good working image. The following diagram shows the flash.bin structure for an image containing a recovery image:
0 - Start of Flash boot.bin
Boot and Configuration area config.bin
Partition 1 (Recovery image)
flashfs_recovery.bin
Image area Partition 2 (Main image)
flashfs_main.bin
Figure 13 ISOS image structure (with recovery image)
83
This flash.bin file has a main flash image which it uses to boot (flashfs_main.bin) and also a recovery image (flashfs_recovery.bin) which it will use if the main flash image fails to boot. For an example of the changes you need to make to build an image containing a recovery image, refer to: atmos/products/eth-gateway-recovery file. This product has built-in support for including a recovery image in the flash.bin file. The hardware file for the BD6100 ISOS System includes such a section for the recovery image. To build an image containing a recovery image, you will need to edit the following configuration files: mkproduct.pst mkproduct.cfg hardware file You will also need to have created the following configuration files and directories for the recovery image. For example: A system file in atmos/system. For example, called usb-recovery. Typically this file would define a minimum ISOS build containing support for restoring a new image from a remote host. An additional FlashFS directory in the Products directory to contain any configuration information for the recovery image. The outline procedure to follow for creating a recovery image for the BD6100ISOS System using a usb-gateway image is given below:
1
Edit the file mkproduct.pst in the directory, atmos/products/usb-gateway and add the following line:
PPRECIMAGE=build/${HWTYPE_PREFIX}usb-recovery${DEBUG_DIR}/image
to the first section of the mkproduct.pst file. This section of the file should now read:
PPIMAGE=build/${HWTYPE_PREFIX}usb-gateway${DEBUG_DIR}/image PPRECIMAGE=build/${HWTYPE_PREFIX}usb-recovery${DEBUG_DIR}/image NPIMAGE=build/${HWTYPE_PREFIX}np_rt${DEBUG_DIR}/image NPBOOTIMAGE=build/${HWTYPE_PREFIX}hf_np_boot${DEBUG_DIR}/image PPBOOTIMAGE=build/${HWTYPE_PREFIX}hf_pp_boot${DEBUG_DIR}/image
The line defines a new image referred to as PPRECimage and called usb-recovery.
84
Add the following line to define a FlashFS directory (flashfs_recovery) where you wish to add any recovery configuration information. This directory should be in the same directory as the main product directory (${PRODUCT_DIR}).
FLASHFS_RECOVERY_DIR=products/${PRODUCT_DIR}/flashfs_recovery/
Add the following line to export the recovery image: FLASHFS_RECOVERY_DIR:

export NPIMAGE PPIMAGE PPRECIMAGE NPBOOTIMAGE PPBOOTIMAGE HARDWARE_FILE FLASHFS_RECOVERY_DIR
You must ensure that you export the image using the same name you defined for it in the previous step.
4
Add the following two lines to call mkhfimage to create the NP and PP images for the recovery image (PPRECIMAGE):
mkhfimage $VERBOSE_v -p 0 -i ${PPRECIMAGE} ${NPIMAGE} ${NPIMAGE}.val2 mkhfimage $VERBOSE_v -i ${PPRECIMAGE} -e ${PPRECIMAGE} ${PPRECIMAGE}.comp ${PPRECIMAGE}.val
You must ensure that you refer to the image using the same name you defined for the recovery image in Step 1. These two lines are a copy of the two lines used for generating the main flash.bin image but replace PPIMAGE with PPRECIMAGE and refer to NPIMAGE.val2 rather than NPIMAGE.val.
5
Add an entry for creating the recovery image in the START BUILD CONFIG section of the file. This section defines what needs to be added to the flash.bin file:
# # # # # # flashfs recovery flags skipnet file ${NPIMAGE}.val2 NPimage file ${PPRECIMAGE}.val image dir ${FLASHFS_RECOVERY_DIR} end
This section defines a recovery image called recovery containing an NP and PP image and a FlashFS recovery directory which you have defined in the previous steps. The option flags skipnet tells the build process to ignore building this image if building a network boot image. (There is more information about creating a network boot image in Building a network-boot image on page 81.) Note that even though this section of the file appears to be commented out it is parsed by the build process.
6
Edit the file mkproduct.cfg to include a reference to the system file for the recovery image (usb-recovery). For example:
SYSTEM_FILES="usb-gateway usb-recovery np_rt hf_pp_boot hf_np_boot"
85
Edit the hardware file bd6100.hw to define a partition for the recovery image:
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Flash chip configuration for build process %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % These lines are process by the build process to extract board specific % information that is needed for the build process % % START BUILD CONFIG % % flashchipsize 4096k % flashchipnum 1 % % fsorder recovery main % % flashfs main % size 3072k % end % % flashfs recovery % size 512k % offset 512k % end % % END BUILD CONFIG
The above entry defines two partitions called main and recovery. The images are added to flash in the order recovery followed by main. This is defined by the fsorder line in the file. Both partitions are then defined separately. The recovery image (recovery) is allocated a size of 512k in memory and this partition is created in Flash after an offset of 512k. (This offset is included to leave space (0 to 512K) for the boot partition and configuration information.) The main image (main) is allocated all the remaining space in Flash memory, 3072k:
4096k - 1024k (512k (offset) +512k (recovery)) = 3072k
These definitions must correspond with those set for FLASH_START_OFFSET and EMERGENCY_FLASHFS_SIZE in this file. For example:
config.hs FLASH_START_OFFSET (512UL * 1024UL) EMERGENCY_FLASHFS_SIZE (512UL * 1024UL)
and
config.hs
86
You should now be able to create a recovery image, using the command: mkproduct usb-gateway bd6100 To check that the recovery image has been created, use the ISOS File Manager to examine each partition. For more information, refer to Using the ISOS File Manager on page 201.
5.18
Building an image containing multiple configuration partitions

An image can be further customised by defining extra partitions in the image to store configuration data. The advantage of storing configuration data in separate partitions is that it reduces the risk associated with saving the configuration data to FlashFS. The traditional saving of configuration data to Flash involves rewriting the configuration files and the run-time images to the main FLASHFS partition. This means that the FLASHFS partition is effectively "corrupt" throughout this process, leaving the device vulnerable to power cuts, surges etc. Including a recovery partition in the image does reduce the impact of this type of failure, but if you need to build an image with a small foot-print you may not wish to include a recovery image. Saving configuration data on a system running an image containing configuration partitions has two main advantages: Configuration data is written from ISFS to one of the configuration partitions in FlashFS. As data is only written to the configuration partitions, the integrity of the main partition containing the run-time images is guaranteed. The time taken to save a configuration is significantly reduced to approximately 1 second. In a typical configuration, two partitions are defined which ensures that there is never a complete loss of the configuration of the system. The save process involves finding the partition with the lowest version number, writing the configuration files to this partition and then writing the version file with an updated version number to the partition. At this point, the partition has the highest version number and becomes the candidate for the next restore operation. If a save process fails, it is likely that the partition would be corrupted and so the other partition would be used for the restore.
87
The following diagram shows the flash.bin structure for an image containing partitions for a recovery image and configuration data:
Figure 14
ISOS image (with multiple partitions)
88
Note that the configuration partitions are used to store dynamic configuration data. All fixed configuration data such as im.conf.factory etc. is stored in the main image. The files which are classified as dynamic configuration data are defined in the file atmos/source/im/library/SystemConfig.cc. The files included in this file by default are: im.conf (defined by IM_DEF_FILE earlier in this file) dhclient.leases dhcpd.leases initportcli You can add extra files to this list if you wish by including the following line in your system configuration file. For example, to add snmpinit, enter:
Config.hs IM_DYNCONFIG_FILE_0 "snmpinit"
This will add snmpinit to the list of dynamic configuration files. The FlashFS partition definitions are located in the file: atmos/source/hardware/flashfs_config/flashfs_config<x>MB.hw where <X> is the total flash size in MB. This file is included in the hardware file for all ISOS systems. For example, in the bd6000.hw file:
% Include the flashfs partition definitions Hardware flashfs_config/flashfs_config_4MB
Currently, only one file is contained in this directory as all ISOS systems contain 4MB of Flash. You will need to create your own definition file if you are using bigger or smaller Flash devices on your system. If you are building images to program into flash chips you will also need to ensure that the FlashFS directives in the metamk configuration lines in the hardware file are updated to match the new FlashFS partition definitions. An example metamk definition section for configuration partitions is provided in the hardware file atmos/source/hardware/mds-210-ar1.hw:
89
% % % % % % % % % % % % % % % % % % % % % % % % % % % % %
The following lines are suitable for a 4M FLASH matching the settings in atmos/source/hardware/flashfs_config/flashfs_config_4MB.hw: flashchipsize 4096k flashchipnum 1 fsorder recovery main config1 config0 flashfs main size 3072k end flashfs recovery size 448k flags skipnet offset 512k end flashfs config1 size 32k flags skipnet offset 4032k end flashfs config0 size 32k flags skipnet offset 4064k end
5.18.1 Procedure to follow To create an image containing configuration partitions for the configuration data, you need to add support for multiple partitions to both your run-time image and your Boot ROM image.
1
Insert the following line to in the file global_config.pkg in atmos/source/software:

Set flashfs_multiple_partitions
Build a new Boot ROM image and download this to your system. (For more information on how to update the Boot ROM image, refer to Upgrading Boot ROM on page 410.)
90
Build a new run-time image and download this to your system. For more information, refer to Building an ISOS image on page 79. You should now have multiple configuration partitions. Check this by running the command: system config save This command should save the configuration noticeably quicker than before. You can also enter the console and list the partitions. For example:
--> console enable 1.2.3.4> flashfs partitions Number of partitions: 4 Partition 1: 0x003f8000 ... Partition 2: 0x003f0000 ... Partition 3: 0x000f0000 ... Partition 4: 0x00080000 ...
0x00400000 0x003f8000 0x003f0000 0x000f0000
is is is is
valid valid invalid invalid
5.19
Including files in an image

You can include additional files in a build from the following two locations: Adding the file in flashfs directories contained in various products directories. Adding a reference to the file in a module file in any ISOS module directory. These are described in the next section. 5.19.1 Including files from flashfs directories Any image build will include all the files contained in the following directories: atmos/products/include/flashfs atmos/products/<product>/flashfs Although you can put any file you wish into any of these flashfs directories, you can use the following guidelines to ensure that only the files required for a particular type of build are included in the image.
91
Including files in an image
The guidelines for what type of files should go into each directory are given below: atmos/products/include/flashfs; files in here are required for all builds. For example, the banner.txt file which contains the company name that is displayed on the console during system start-up is stored in this directory. atmos/products/<product>/flashfs; files in here are required for all builds for this particular product. For example, the BUN software initialisation file, initbun, is stored in this directory. Note If both directories contain the same filename, then the file contained in atmos/products/<product>/flashfs will be included in the build. For example, a build for a usb-gateway image for the BD6100 ISOS System would include the following directories: atmos/products/include/flashfs atmos/products/usb-gateway/flashfs The file flashfs.conf (contained in the atmos/products/include/ directory) can be used to pre-process any of the files stored in the flashfs directories before they are included in the build.
92
The default flashfs.conf file is shown below:

# # Configuration of handling of FLASHFS files # compress banner.txt strip cliconsole strip im.conf.factory strip im.descriptions strip translate.tab strip translate.tab.hw strip hfa3841.translations strip ks8995e.translations strip realtek.translations strip gs7070.translations # ignore this file, since the intention is that # it be copied to im.conf.factory before it can # be useful. ignore im.conf.quickstart
flashfs.conf contains a list of files that will be pre-processed in some way before being added to FlashFS. The format of the file is:
<directive> <filename>
The valid directives which can be used in this file are: compress the file will be compressed (using gzip) before being included in FlashFS. strip the file will be stripped of all comments before being compressed and included in FlashFS. ignore the file will be ignored and will not be included in FlashFS. Files which are not referenced in this file are simply included in the build. No pre-processing of the file is performed. 5.19.2 As references from module files You can add additional files to a build, for example phy images, by adding a make command to the appropriate module file in the source directory. The commands which can be used are: Make.zflashfs to include the file in the build and to compress the file.
93
Creating customized images
Make.flashfs to include the file in the build with no compression.
The syntax for either command is:

Make.zflashfs <filename> <compressed filename> Make.dep <compressed filename>
For example, the webserver.module file (in atmos/source/webserver/) uses this command to create a compressed version of the ISOS web pages:
Make.zflashfs derived_data.dat derived_data.dat Make.dep derived_data.dat
This command will compress the derived_data.dat file - calling the compressed file by the same name - and putting the compressed file in the build. To add a file with no compression, enter:
Make.flashfs <filename> <compressed filename> Make.dep <compressed filename>
The files are compressed with gzip. You can use the ISOS File Manager to view which files have been compressed in an image. For more information on viewing compressed images, refer to Listing the contents of ISFS and FlashFS on page 206.
5.20
Creating customized images

You can create customized images by copying one of the default product directories provided with the ISOS release, and editing the files in this directory to create a customized image. The corresponding system file for this product can be edited to include specific modules for your own particular needs, or to remove particular modules which you do not need. You can then use this product file with the mkproduct command to produce a customized image which can be downloaded to the ISOS System.
94
The procedure below explains how to create a customized image file. It assumes that you are going to produce a customized image based on the usb-gateway product configuration:
1 2
Copy the directory /atmos/products/usb-gateway-lean to a new directory name. For example, usb-gwl-custom. In the usb-gwl-custom directory, edit the file mkproduct.cfg. Change the line:
SYSTEM_FILES="usb-gateway-lean np_rt"
to read:
SYSTEM_FILES="usb-gwl-custom np_rt"
In the same directory, edit the file mkproduct.pst. Change the line:
PPIMAGE=build/${HWTYPE_PREFIX}usb-gateway-lean${DEBUG_DIR}/image
to read:
PPIMAGE=build/${HWTYPE_PREFIX}usb-gwl-custom${DEBUG_DIR}/image
In the same file change the line:

metamk -v products/usb-gateway-lean/mkproduct.pst
to:
metamk -v products/usb-gwl-custom/mkproduct.pst
In the atmos/system directory, copy the system file usb-gateway-lean as usb-gwl-custom, keeping it in the same directory.
95
Further information
Edit the newly copied file, usb-gwl-custom, to suit your requirements. For example, if you do not wish to include any Security modules in a build, comment out the lines which include the processes related to Security: Change the lines:
% firewall Set use_firewall % Set use_dmz Set use_nat Set use_firewall_logging Package security
to:
% % % % % % firewall Set use_firewall Set use_dmz Set use_nat Set use_firewall_logging Package security
Build the image using the command: mkproduct usb-gwl-custom bd6100 The resultant ISOS image file produced, called flash.bin, will be copied into atmos/build/products/bd6100-usb-gwl-custom.
You can now download this file and check if the processes which you have added or removed are available or not. For more information, refer to Booting the ISOS System in Gateway mode on page 99.
5.21
Further information
For more information about the mkproduct command and the Tools releases in general, refer to the online manual pages which are provided in the Tools release.
96
For Linux and Solaris platforms, enter the command: man mkproduct This will display the manual page for mkproduct, describing all the options available. There are also manual pages for all the GlobespanVirata tools, contained in: /usr/local/virata/tools<version>/man The manual pages are also provided in HTML format. To view the pages, open the following file in your web browser: /usr/local/virata/tools<version>/doc/index.html For Windows platforms, choose Tools Documentation from the Start Menu Start > Programs > Virata Tools<Version number>. This will display a page in your Web browser containing information about all the Tools provided in the Tools release, including mkproduct.
97
Further information
98
6. Booting the ISOS System in Gateway mode
This chapter describes the different methods which can be used to boot an ISOS System over a network in a Gateway configuration. This chapter assumes that you have created a suitable image by building an image from the ISOS source code. For more information about booting an ISOS System in any type of PC-attached configuration, refer to Booting the ISOS System in PC-attached mode on page 111.
99
Introduction to Booting
6.1
Introduction to Booting
The most common method of booting an ISOS System is over the network for a Gateway configuration and over USB in a PC-attached configuration. This chapter covers booting over the network. (For more information on booting over USB, refer to Booting the ISOS System in PC-attached mode on page 111.) For more information how to configure the booting of an ISOS System, refer to Configuring Booting of an ISOS System on page 115. Once there is a running image on the ISOS System, the images and/or configuration stored in Flash memory can be updated using TFTP and HTTP. For more information, refer to Updating software from a running image on page 411. For more information on the most suitable booting method for your type of configuration, refer to What are the features of each supported configuration? on page 10.
6.2
Assumptions
The procedures contained in this chapter assume the following: You have created a compiled ISOS image, as described in Building an ISOS image on page 61. You have System Administrator-level knowledge and privileges about the platform that you are using. For example, you can install software packages, have permission to edit system files and so on. You know the MAC address of the ISOS System system that you wish to boot over the network. You have allocated an IP address for the ISOS System system that you wish to boot over the network. The boot server that you use for booting the ISOS System is on the same subnet as the ISOS System.
6.3
Booting over the network (using DHCP and TFTP)

The following procedure is appropriate for the platforms listed below: Solaris Linux (Red Hat distribution of Linux V6.0 and later). The DHCP server is provided by the dhcpd<version>.rpm package.
100
Booting the ISOS System in Gateway mode
The above platforms provide a DHCP server instead of a Bootp server. DHCP is a superset of Bootp and is backwards-compatible; a Bootp client can issue a request and it will be serviced by a suitably configured DHCP server. For the boot procedure to follow using Bootp, refer to Booting over the network (using BOOTP and TFTP (UNIX)) on page 102. 6.3.1 Outline procedure The outline procedure to follow to set-up network booting using DHCP and tftp is as follows:
1 2 3
Add an entry for the ISOS System by editing /etc/dhcpd.conf. Make the files you wish to boot available to dhcpd. Restart dhcpd.
6.3.2
Edit /etc/dhcpd.conf dhcpd is used to boot the target hosts by identifying them using their IP address. To configure dhcpd, you need to edit the file /etc/dhcpd.conf. A typical entry for an ISOS System called ISOS system-1 is shown below:
subnet 192.168.235.0 netmask 255.255.255.0 {} host ISOS system-1 { hardware ethernet 00:20:2b:00:40:18; fixed-address 192.168.235.65; filename "/tftpboot/flash.bin"; }
This file configures the dhcp daemon serving requests on the 192.168.235.0 (netmask 255.255.255.0) subnet, with a single entry for the ISOS System with Ethernet address 00:20:2b:00:40:18. The device will be assigned the IP address 192.168.235.65 and told to boot the file /tftpboot/flash.bin. Before the DHCP daemon will start, it needs to have a file in which to store its leases. This is the case even if the DHCP daemon is issuing fixed IP addresses to individual devices. The file is called /var/state/dhcp/dhcpd.leases. For our purposes the file should be empty.
101
Booting over the network (using BOOTP and TFTP (UNIX))
6.3.3
Make the files you wish to boot available to dhcpd The filename entry in the file /etc/dhcpd.conf defines the location of the file that will be used to boot the ISOS System. By convention, the location is always specified as the /tftpboot directory. Instead of copying files to this location, it is usual to create a symbolic link from this directory to the actual file to be used to boot. A symbolic link can be created using the ln -s command. For example, to link the file flash.bin in the directory /home/jjf to the /tftpboot directory, enter:
ln -s /home/jjf/flash.bin /tftpboot
Listing the contents of the /tftpboot directory will show the symbolic link to the flash.bin file:
lrwxrwxrwx 1 root root 19 Jul 11 15:52 flash.bin -> /home/jjf/flash.bin
6.3.4
Restart DHCPD To restart DHCPD, enter the following command:

/etc/rc.d/init.d/dhcpd reload
The following information is displayed after this command has been issued:
dhcpd reload Shutting down dhcpd Starting dhcpd [OK] [OK]
This information confirms that dhcpd has been restarted successfully. You should now be able to boot the ISOS System over the network. For more information, refer to Booting an ISOS System over the network on page 109.
6.4

The following procedure is appropriate for the following platforms: Linux (Debian); the Debian distributions of Linux include TFTP and BOOTP servers, in the netstd<version>.deb package. Linux (Red Hat distribution of Linux); this distribution includes TFTP and BOOTP servers, in the tftp<version>.rpm and bootp<version>.rpm packages respectively.
102
6.4.1
Outline procedure The outline procedure to follow to set-up network booting using Bootp and TFTP is as follows:
1 2 3 4
Add entries for tftp and bootp services in /etc/inetd.conf. Add an entry for the ISOS System, by editing /etc/bootptab. Make the files you wish to boot, available to tftpd. Restart inetd.
The above steps are covered in detail in the remainder of this section. 6.4.2 Edit /etc/inetd.conf Add entries for tftp and bootp in the inetd.conf file. The example below shows a typical entry:
#:BOOT: Tftp service is provided primarily for booting. # run this only on machines acting as "boot servers." tftp dgram /tftpboot bootps dgram -d 9 -t 120 udp udp wait wait nobody root /usr/sbin/tcpd /usr/sbin/in.tftpd -l bootpd -i Most sites
/usr/sbin/bootpd
Note In this example tftp is invoked by tcpd, which can be used to provide a minimum level of security by restricting the hosts that may connect (tftp does not include any of its own security measures). If this is inconvenient or not needed, tftpd could be invoked directly using the entry:
tftp dgram udp wait nobody /usr/sbin/in.tftpd tftpd -l /tftpboot
Both of these examples specify /tftpboot as the directory to which tftp will give access (and therefore in which the boot images, or symbolic links to them) should be placed. 6.4.3 Edit /etc/bootptab An entry must be added to the file /etc/bootptab for the ISOS System. The example below shows a typical entry:
# /etc/bootptab: database for bootp server (/usr/sbin/bootpd) # # Blank lines and lines beginning with '#' are ignored. # # Legend: (see bootptab.5)
103
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
first field -- hostname (not indented) bf -- bootfile bs -- bootfile size in 512-octet blocks cs -- cookie servers df -- dump file name dn -- domain name ds -- domain name servers ef -- extension file gw -- gateways ha -- hardware address hd -- home directory for bootfiles hn -- host name set for client ht -- hardware type im -- impress servers ip -- host IP address lg -- log servers lp -- LPR servers ns -- IEN-116 name servers ra -- reply address rl -- resource location protocol servers rp -- root path sa -- boot server address sm -- subnet mask sw -- swap server tc -- template host (points to similar host entry) td -- TFTP directory to -- time offset (seconds) ts -- time servers vm -- vendor magic number Tn -- generic option tag n
# Be careful about including backslashes where they're needed.
Weird (bad)
# things can happen when a backslash is omitted where one is intended. # Also, note that generic option data must be either a string or a # sequence of bytes where each byte is a two-digit hex value.
pgctest:\ :ip=192.168.219.194:\ :ht=ether:\ :ha=00202b000485:\ :sa=192.168.219.94:\
104
:bf=/tftpboot/pgc:
This defines a single entry, for an ISOS System with Ethernet address 00:20:2b:00:04:85, which will be passed to the IP address 192.168.219.194 and the filename /tftpboot/pgc. 192.108.219.94 is the IP address of the server (which the system will need for tftp access). Note that pgctest is a dummy hostname; it will not be sent to the bootp client and simply marks the start of the entry. To send the hostname, there should be a tag hn: in the entry. The manual page for bootptab(5) explains in detail all of the options available. 6.4.4 Make the files you wish to boot available to tftpd The filename entry in the file /etc/inetd.conf defines the location of the file that will be used to boot the ISOS System. By convention, the location is always specified as the /tftpboot directory. Instead of copying files to this location, it is usual to create a symbolic link from this directory to the actual file to be used to boot. A symbolic link can be created using the ln -s command. For example, to link the file flash.bin in the directory /home/jjf to the /tftpboot directory, enter:
ln -s /home/jjf/flash.bin /tftpboot/
Listing the contents of the /tftpboot directory will show the symbolic link to the flash.bin file:
lrwxrwxrwx 1 root root 19 Jul 11 15:52 flash.bin -> /home/jjf/flash.bin
6.4.5
Restart inetd Restart inetd on the server to make tftp and bootp services available. This can be done by typing:
kill -SIGHUP <pid>
where <pid> is the process identifier of the inetd process. Alternatively, rebooting the server is the simplest way of ensuring that all the services become available in the right order. The ISOS System can now be booted on the network. For more information, refer to Booting an ISOS System over the network on page 109.
105
Booting over the network (using BOOTP and TFTP (Windows))
6.5

The following procedure is appropriate for the following Windows platform: Windows NT 4 (running Service Pack 5 or later) 6.5.1 Outline procedure The outline procedure for setting up network booting using Bootp and TFTP is as follows:
1 2 3 4
Obtain and install Bootp and TFTP software. Configure the Bootp application. Configure the TFTP server. Make the files you wish to boot available to tftpd.
6.5.2
Downloading and Installing Bootp/TFTP software For more information on where to download suitable Bootp/TFTP software, refer to What additional software applications are needed? on page 20. The rest of this procedure provides instructions for setting up the Bootp server provided by Weird Solutions and TFTP Server from Walusoft. Although you may be using different software, it is likely that the setup procedure will be similar.
6.5.3
Configure the Bootp server To configure the Bootp server, follow the procedure below:
1 2 3
Start the Bootp application, from: Start > Programs > Weird Solutions > Bootp Server 95 Choose Service > Properties. The Bootp Server 95 properties window is displayed. Click on the Clients tab.
106
The following information is displayed in the Bootp Server 95 properties window:
5 6 7 8 9
Enter the MAC address of the ISOS System system in the Hardware Address edit field. Select <no template> from the Template drop-down list box. Double-click on Boot file in the Available options list box. The Boot file option will move to the Configured options list box. Select the Boot file option and click on the Edit button alongside the Value field. The Boot file dialog box is displayed.
10 Enter the complete path and filename of the binary image file that
the ISOS System system should boot in the Boot file field.
11 Click on OK.
107
12 Repeat steps for the Boot file size option.
Enter the size of the boot file (in bytes) the Boot file size dialog box. (You can find out the size of the boot file by right-clicking on the file in Explorer and choosing Properties from the menu displayed.)
13 Select the IP address option and click on the Edit button alongside
the Value field.

14 Enter a suitable IP address for the ISOS System system. 15 Click on OK.
The Bootp server is now configured. This will allow the ISOS System system to initiate the appropriate TFTP request for its boot file. 6.5.4 Configure the tftp server The installation instructions included with the download from Walusoft enable you to install a TFTP server that is very easy to set up. Once the installation is complete, the boot file simply needs to be located exactly as specified in the Boot file option as configured in the BOOTP application, and the TFTP server should not have any restrictions on outbound files. This is the default TFTP server configuration. 6.5.5 Make the files you wish to boot available to tftpd After you have built an image, you must copy the flash.bin file to this directory so that the file can then be downloaded to the ISOS System. The ISOS System can now be booted on the network. For more information, refer to Booting an ISOS System over the network on page 109.
108
6.6
Booting an ISOS System over the network

This section describes the procedure to follow to boot an ISOS System over the network on the following platforms: Windows; see Windows procedure on page 109. UNIX (Solaris and Linux); see UNIX procedure on page 110. 6.6.1 Windows procedure To boot the ISOS System over the network, follow the procedure below. The procedure assumes that the ISOS System is connected to a Windows NT computer:
1 2 3
Enter a terminal session with the ISOS System using a suitable Terminal program such as HyperTerminal. Start the TFTP program. Reset the ISOS System by pressing the Reset button on the front panel of the ISOS System.
109
The following information is displayed in the Terminal window:

He2xx Family Ethernet / USB boot v3.7
MAC 00:20:2b:00:e1:00 SDRAM 0x02000000 bytes
(Hold '*' during reset for prompt)
Booting from Ethernet or USB (auto-select) boot reply IP 192.168.234.2 Server 192.168.234.1 () Booting 'tftpboot\flash.bin' ................................................................ ................................................................ ................................................................ ................................................................ ................................................................
rest of system start-up messages ... completing when the login prompt is displayed:
Login:
The ISOS System has been successfully booted if the information above is displayed on the Terminal. Refer to Using the CLI on page 125 for information about logging in to the system. If the booting procedure fails, you will be returned to the following prompt on the Terminal:
He>
Refer to the section Troubleshooting on page 113 for more information about the possible causes of the problem. 6.6.2 UNIX procedure To boot the ISOS System over the network, follow the procedure below. The procedure assumes that the ISOS System is connected to a UNIX computer:
110
Start a terminal session with the ISOS System from the computer, using a suitable Terminal program. (For more information on the Terminal programs which can be used, refer to What additional software applications are needed? on page 20.) To enter a Terminal session using the ISOS tool gdbterm, enter the following command from a Terminal window: gdbterm -s /dev/ttyS0 Reset the ISOS System by pressing the Reset button on the front panel of the ISOS System.
111
The following information is displayed in the Terminal window:

He2xx Family Ethernet / USB boot v3.7
MAC 00:20:2b:00:e1:00 SDRAM 0x02000000 bytes
(Hold '*' during reset for prompt)
Booting from Ethernet or USB (auto-select) boot reply IP 192.168.234.2 Server 192.168.234.1 () Booting 'tftpboot\flash.bin' ................................................................ ................................................................ ................................................................ ................................................................ ................................................................
rest of system start-up messages ... completing when the login prompt is displayed:
Login:
The ISOS System has been successfully booted if the information above is displayed on the Terminal. Refer to Using the CLI on page 125 for information about logging in to the system. If the booting procedure fails, you will be returned to the following prompt on the Terminal:
He>
Refer to the section, Troubleshooting on page 113 for more information about the possible causes of the problem.
112
6.7
Troubleshooting
This section contains some information which may help you to diagnose any problems that you have with booting the ISOS System over the network. 6.7.1 Diagnostic information You should be aware of the useful information that is displayed during the booting sequence. Information is shown about the Board Support package (BSP) and the Chip Support Package (CSP) which has been used to build the image. In the examples below, V2.3 of the Helium 100/2xx CSP and V2.0 of the BD6000 BSP have been used to build the image, using ISOS Release 8.2:
BSP: BD6000 BSP v2.0 (ISOS 8.2) CSP: Helium 100/2xx CSP v2.3 (ISOS 8.2)
V2.3 of the Helium 100/2xx CSP and V2.0 of the DM8010 BSP have been used to build the image, using ISOS Release 8.2: For more information about BSP and CSP releases, refer to Downloading ISOS software packages on page 29. 6.7.2 Whether BOOTP/DHCP needs to be gatewayed By default, BOOTP/DHCP requires that the client and server be on the same subnet. It is usually easiest to go along with this, but if the restriction is unacceptable, BOOTP and DHCP servers generally include a gateway server or the option to configure the main server as a gateway server. The gateway server will forward BOOTREQUEST packets to a specified BOOTP/DHCP server. 6.7.3 Permissions on tftpboot directory The permissions on the /tftpboot directory must allow the tftpd server to search for and read files, otherwise the ISOS System will print a message such as:
Error 0x0002: Access violation
when trying to load the boot image. Typically, a permission mask of 755 on the /tftpboot directory will be satisfactory where users are not allowed to create files on an ad hoc basis.
113
Troubleshooting
114
7. Configuring Booting of an ISOS System
This chapter describes how to configure the booting of an ISOS System. For more information on booting an ISOS System system, refer to Booting the ISOS System in Gateway mode on page 99 and Booting the ISOS System in PC-attached mode on page 111.
115
Introduction
7.1
Introduction
This chapter describes how to configure the booting of an ISOS System. Booting the ISOS System is multi-faceted due to the need to boot the two processors contained in the Helium communications processor and to allow for flexibility in how an image is provided. Several images are involved: the Serial boot ROM image is the first code that is run on power-up of the ISOS System; the boot sequence then moves to an NP boot image and a PP boot image and finally the NP and PP run-time images are entered. If a Serial ROM is fitted in the ISOS System, the system can be booted from the following sources: Booting over the network; (using BOOTP/TFTP) via an Ethernet connection. Booting from Flash memory. Booting from USB. Booting from UART (Serial port). If a Serial ROM is not fitted on the ISOS System then the Boot ROM contained in Flash is used. This will boot the system from Flash or over the network. But note that USB booting out of Flash is not supported. The body of code that performs network booting resides in the Serial ROM. It is built using the system file serialboot_main. The Boot ROM software in Flash can be built using the system file flash-rewrite. For more detailed information about the booting process, refer to DO-007286-TC, Helium Boot Procedure.
7.2
Assumptions
The configuration options described in this section assume you are using V3.12 or later of the Serial ROM update utility. For more information on how to upgrade your Serial ROM with the latest version of software, refer to Upgrading Serial ROM on page 404.
7.3
Overview
This section provides an overview of the boot options for an ISOS System system fitted with a Serial ROM and without a Serial ROM.
116
Configuring Booting of an ISOS System
The Serial ROM (EEPROM) can be configured using the following command with suitable options:
configeeprom
The Boot ROM in Flash is configured using the following command with suitable options:
configflash
When the Serial ROM is fitted all configflash options are ignored. The Serial ROM must be removed from the system before the configflash options will take effect.
117
Overview
7.3.1
Serial ROM boot settings The following table describes the various booting configuration options which are provided for an ISOS System with a Serial ROM installed:
Boot source configeeprom serialboot Flash Network Ethernet USB
yes or auto usb eth no ask configeeprom netboot yes no X X
Auto-detect the network-boot source - either eth or usb X X
Prompt for the boot source each time the system is rebooted. When Flash Boot source is used X No USB boot out of Flash
Table 25: Booting configuration options The serialboot option determines the boot source used to boot the ISOS System. The netboot option is used to determine how the system will be booted from Flash if the boot source to be used is configured as Flash by the configeeprom setting or because the normal boot sequence has been interrupted (by pressing * on the keyboard attached to the Serial port of the system and telling the system to boot from Flash). If netboot is set to Yes, the system boots over Ethernet via tftp. If netboot is set to No (the default setting), the system boots from Flash. Note that if booting from Flash fails you can also manually download an image over the network using the Boot ROM tftp command. For more information, refer to Using tftp to download an image from the network on page 123.
118
7.3.2
Boot from Flash options To ensure that your ISOS System will always boot from Flash, you need to set the following options in the Serial ROM and Boot ROM: configeeprom serialboot no configeeprom netboot no
7.3.3
Boot from Network options To ensure that your ISOS System will always attempt a network boot via Ethernet or USB you need to set the following options in the Serial ROM and Boot ROM: configeeprom serialboot yes configflash netboot yes You can force network booting from a particular network source by changing the serialboot option in the Serial ROM: configeeprom serialboot usb to always attempt to boot from USB. configeeprom serialboot eth to always attempt to boot from Ethernet. The above options are described in more detail in the later sections of this chapter which describe the procedure to follow to configure booting.
7.4
Rebooting the system

To restart the ISOS System from the CLI, use the restart command: system restart This performs a complete system restart and is equivalent to rebooting the system using the Reset button on the front panel of the ISOS System.
119
Configuring a temporary boot source
7.5
Configuring a temporary boot source

The ISOS System can be configured on a per-boot basis to boot from another source. To boot the ISOS System from another source, follow the procedure below:
1
Press the Reset button on the ISOS System, while holding down the [*] key on your computer keyboards numeric keypad. The following prompt is displayed: Boot from Ethernet, USB or Flash (E/U/F)? Press the appropriate key to specify which location you wish to boot from: Press E to boot from Ethernet. Press U to boot from USB.
Press F to boot from Flash. The ISOS System will attempt to boot from the location specified. Note This boot setting is temporary; it will only apply for this session. If you reset the system, the ISOS System will run the boot sequence from its permanently configured source in the Serial ROM.
7.6
Configuring prompting for a boot source

The ISOS System can be permanently configured to prompt you to boot from the possible boot sources described in the previous section. To set up this type of booting, follow the procedure below:
1 2
Press the Reset button on the ISOS System while holding down the space-bar on the keyboard of the PC connected to the ISOS System. Keep holding down the space-bar as the ISOS System boots up. The ISOS System will boot-up normally and then drop-down to the Boot ROM console prompt: SDRAM size = 0x800000 Key pressed, stopping boot. Entered console ... User request. ]
120
At the boot prompt, enter: configeeprom serialboot ask This command sets the Serial ROM to prompt for a boot source each time that it boots up. Press the Reset button. After a short wait, the ISOS System will prompt you to specify the boot source, as shown below:
He100/He2xx Family Ethernet / USB boot v3.12 MAC 00:20:2b:80:0e:80 SDRAM 0x01000000 bytes Boot from Ethernet, USB or Flash? (E/U/F)
Press the appropriate key to specify which location you wish to boot from: Press E to boot from Ethernet. Press U to boot from USB.
Press F to boot from Flash. The ISOS System will attempt to boot from the location specified.
7.7
Configuring booting from Flash

To configure the ISOS System to boot from Flash, follow the procedure below:
1 2
Press the Reset button on the ISOS System, while holding down the space-bar on the keyboard of the PC connected to the ISOS System. Keep holding down the space-bar as the ISOS System boots up. The ISOS System will boot-up normally and then drop-down to the Boot ROM console prompt: SDRAM size = 0x800000 Key pressed, stopping boot. Entered console ... User request. ]
121
Configuring booting from the network
To disable network booting, enter: configeeprom serialboot no configeeprom netboot no This command disables network booting in both the Serial ROM and Boot ROM. Press the Reset button. After a short wait, the ISOS System will attempt to boot from Flash memory, as shown below: ]
He100/He2xx Family Ethernet / USB boot v3.9 Network boot disabled: trying flash or UART
If a valid boot image is found in Flash memory, the ISOS System will use this to boot. If no valid boot image is found in Flash, it will then attempt to load a boot image over the Serial port (UART).
7.8
Configuring booting from the network

To configure the ISOS System to boot from the network, follow the procedure below:
1 2
Press the Reset button on the ISOS System, while holding down the space-bar on the keyboard of the PC connected to the ISOS System. Keep holding down the space-bar as the ISOS System boots up. The ISOS System will drop-down to the Boot ROM console prompt: SDRAM size = 0x800000 Key pressed, stopping boot. Entered console ... User request. ]
122
At the boot prompt, enter: configeeprom serialboot yes This will configure the system to attempt to boot over the network from either USB or Ethernet depending on the response time of the USB host of TFTP boot server. To force booting from either USB or Ethernet only, you can enter: configeeprom serialboot usb or configeeprom serialboot eth for USB or Ethernet booting respectively. Press the Reset button. The ISOS System will now attempt to boot over the network.
For more information about other useful Serial EEPROM Console commands, refer to DO-007286-TC, Helium Boot Procedure.
7.9
Using tftp to download an image from the network

If booting from Flash fails you can also manually download an image over the network using the Boot ROM tftp command.
1 2
Press the Reset button on the ISOS System, while holding down the space-bar on the keyboard of the PC connected to the ISOS System. Keep holding down the space-bar as the ISOS System boots up. The ISOS System will drop-down to the Boot ROM console prompt: SDRAM size = 0x800000 Key pressed, stopping boot. Entered console ... User request. ]
At the boot prompt, enter: tftp The image is downloaded. At the boot prompt, enter: quit The ISOS System will now boot up using this image.
123
Using tftp to download an image from the network
124
8. Using the CLI
This chapter provides information about how to use the ISOS Command Line Interface (CLI).
125
Introduction
8.1
Introduction
This chapter describes how to use the Command Line Interface (CLI). It describes the CLI commands available which provide useful information about the configuration or performance of the ISOS System. For more information on all the commands available and their options, refer to DO-009430-PS, ISOS (8.2) CLI Reference Manual. 8.1.1 What is the CLI? The CLI is the Command Line Interface for configuring ISOS modules. It largely replaces the console commands that were provided in earlier releases of ISOS. For information on the relationship between the CLI and the console commands, see Using CLI and Console Commands on page 128. For detailed information on the structure of the Unified CLI, see the ISOS CLI Specification: DO-008362-PS. Some console commands are available for use if you have appropriate access permissions set. For details of access permissions, see Access permissions to the CLI on page 129.
8.2
Starting a CLI session

You can start or access a local CLI session, in a number of ways: Using gdbterm; see Using gdbterm on page 126. (This utility is only available with the UNIX (Linux, Solaris) releases of ISOS tools.) Using terminal programs which can be used with your computer; see Using Terminal programs on page 127. 8.2.1 Using gdbterm To start an ISOS console session, follow the procedure below:
1 2
Start a Terminal window. Enter the command:

gdbterm -s /dev/ttyS0
where ttys0 refers to Serial Port 0 on the computer attached to the serial port of the ISOS System.
126
Using the CLI
You can also use gdbterm to start a console session via a terminal server. For example, to connect to an ISOS System via a terminal server called spider1 at port 2064, enter:
gdbterm t spider1 2064
By default, gdbterm listens on TCP/IP socket 1042. This can be changed using the -g option. For more information about gdbterm, refer to the manual page gdbterm(1). The manual page for gdbterm can be displayed on the screen by entering:
man gdbterm
8.2.2
Using Terminal programs There are many terminal applications provided which can be used to start a console session with the ISOS System. The most popular applications available for each platform are shown below: Minicom; available with most Linux distributions. HyperTerminal; available with most Windows distributions. Refer to the documentation provided with each application for more information on how to set up a terminal session from your computer to the ISOS System.
8.3
Logging in to the system

To login to the system for the first time, at the Login prompt, enter the following user name and password:
Login: admin Password: admin
This is the only user ID which is set up on the system by default. An admin user has super-user level access, so you can create new user IDs and access permissions from this account. To see the settings for the admin user enter:
system list users
127
Logging out of the system

Users: May ID | Name | Conf. | May Dialin | Access Level | Comment
-----|------------|----------|----------|------------|--------------------1 | admin | ENABLED | disabled | superuser | Default admin user
---------------------------------------------------------------------------
8.4
Logging out of the system

To logout of the system, enter the command:
user logout
The system logs out the current user and displays the Login: prompt:
Logging out GlobespanVirata Login:
8.5
Using CLI and Console Commands

There are two types of commands available for use in ISOS: CLI commands - the CLI commands replace the majority of console commands. For example, the console command:
ip version
is now the CLI command:

ip show
Console commands - some console commands have not been replaced by CLI commands. Users with appropriate access permissions (see Access permissions to the CLI on page 129) can enter console mode from the CLI and use the console commands. For details of how to enter console mode, see Entering console commands from the CLI on page 137. There are two types of console command, and different access permissions exist for each type of command: Usable commands - console commands which do not change or affect the system. Most of these commands are read-only commands which provide status information and do not configure any part of ISOS.
128
Using the CLI
Blacklisted commands - using blacklisted console commands can lead to inconsistencies between the information model and the underlying system and should be used with extreme caution.
Details of which category each command belongs to can be found in DO-009430-PS, ISOS (8.2) CLI Reference Manual. 8.5.1 Access permissions to the CLI There are three access level options for CLI users: default user - can use CLI commands; cannot use usable console commands or blacklisted console commands. engineer - can use CLI commands and usable console commands; cannot use blacklisted console commands. super user - can use CLI commands, usable console commands and blacklisted console commands. Can also set up user login accounts, save backup configuration and restore factory settings. 8.5.2 CLI Command Groups Each ISOS module included in an image file will have an associated group of commands available in the CLI for configuring the module. All commands in a group start with the same command string. For example, all router configuration commands start with ip.The typical CLI command groups included in an ISOS image are as follows:
Command string begins: ip bridge ethernet rfc1483 ipoa
CLI Group
Used to: Add, configure and remove IP interfaces Add, configure and remove bridge interfaces Create and remove ethernet transports and provide statistics Create, configure and remove RFC transports Create, configure and remove IP over ATM transports
router configuration bridge configuration ethernet configuration RFC1483 configuration IPoA configuration
129
CLI Group
Command string begins: pppoa
Used to: Create, configure and remove PPPoA server and client transports Create, configure and remove PPTP tunneling configurations. Defines the DHCP network topology Add, change and remove DHCP client interface declarations Add and remove DHCP server addresses Add and remove DNS server addresses Add and remove DNS client addresses Enable the security module, create, configure and remove security interfaces and create/configure triggers Enable/disable NAT objects, create, configure and remove global address pools and reserve mappings Create, configure and remove port filters and validators. Control Intrusion Detection settings Enable and disable auto provisioning and check its status Control the operation and check the status of the webserver Display and delete existing transport configuration details
PPPoA configuration
PPTP configuration DHCP server configuration DHCP client configuration DHCP relay configuration DNS relay configuration DNS client configuration
pptp dhcpserver dhcpclient dhcprelay dnsrelay dnsclient
Security configuration
security
NAT configuration
nat
Firewall configuration
firewall
Auto Provisioning Webserver Transports configuration
autoprov webserver transports
130
Using the CLI
CLI Group console port
Command string begins: console port
Used to: Access console commands Configure and display port information
For a comprehensive list of the modules which can be included in an ISOS image, refer to ISOS Module Configuration files on page 444. 8.5.3 CLI terminology In order to use the CLI commands, you need to understand the following CLI terms: Transport: A transport is a layer 2 session and everything below it. You can create a transport and attach it to a bridge or router so that data can be bridged or routed via the attached transport. For an example, see Attaching a transport to an interface on page 132. The CLI supports the following transports: PPPoA PPPoE PPPoH RFC1483 IPoA
Ethernet (For more information on transport protocols, see Encapsulations on page 438.) Interface: bridges and routers both have interfaces. A single transport is attached to a bridge or router via an interface. For an example, see Attaching a transport to an interface on page 132. Object: an object is anything that you can create and manipulate as a single entity, for example, interfaces, transports, static routes and NAT rules.
131
List: Objects are numbered entries in a list. For example, if you have created more than one IP interface, the following command:
ip list interfaces
produces a list of numbered interface objects. Object numbers are displayed in the first column under the heading ID. For example:
IP Interfaces: ID | Name | IP Address | DHCP | Transport
-----|--------------|------------------|----------|--------------1 | ppp_device 2 | ip2 | 192.168.102.2 | 192.168.102.3 | disabled | pppoa1 | disabled | 0.0.0.0
------------------------------------------------------------------
Attaching a transport to an interface To attach a transport to a bridge or router, you need to:
1
Create a transport. In the following command, an Ethernet transport is created and named eth2, and the port name is specified (ethernet):
ethernet add transport eth2 ethernet
Create an interface. In the following command, a bridge interface is created and called myinterface:
bridge add interface myinterface
Attach the transport to the interface. In the following command, the eth2 Ethernet transport is attached to the myinterface bridge interface:
bridge attach myinterface eth2
8.5.4
CLI conventions The CLI uses standard, intuitive command names that can be used in different instances: Add Use this command to add and name objects (e.g., interfaces or transports). The add command requires attributes to be specified as arguments in a certain order. For example, to create an Ethernet transport, you need to specify the transport name and system port:
ethernet add transport <name> <port>
132
Using the CLI
Delete The delete command deletes named objects or numbered objects (as displayed using the list command):
ethernet delete transport {<name>|<number>}
Clear The clear command deletes ALL named entities that belong to an object, for example, the following command:
firewall clear policies
deletes all of the policy objects that belong to the Firewall. You should use the clear command with caution - the above example also deletes all validators and portfilters that belong to the policies. Set The set command changes a value or multiple values within the system, for example:
ip set interface {<name>|<number>} ipaddress <ipaddress>
Show The show command lists current configuration and statistics for an object or module. For example, the command:
dhcpserver show subnet {<name>|<number>}
May give the following output, depending on your DHCP server configuration:
Global DHCP Server Configuration:
Status: ENABLED
Default lease time: 43200 seconds Max. lease time: 86400 seconds
Allow BOOTP requests: true Allow unknown clients: true
133
8.5.5
Help with completing CLI commands Tab-completing keywords You can tab-complete unique keywords in CLI commands. For example, if you type the first few characters of a keyword in a command, then press the [Tab] key:
ethernet add t[Tab]
the keyword is automatically completed:

ethernet add transport
Note The tab-completion facility works with fixed CLI keywords. It does not work with any CLI objects that you create or edit, such as transport names. Command syntax options If you type a command keyword and want to find out what the next syntax options are, type [Spacebar]?. For example:
ethernet ?
Displays a list of valid keywords that you can use after ethernet:
add delete set show list clear
For more information on using the CLI to configure the ISOS System, refer to Configuring the ISOS System in Gateway mode on page 235. You can also enter:
help
This commands will display some general help information about the CLI.
134
Using the CLI
8.5.6
Using the source CLI command The source <filename> command allows you to run a list of predefined commands stored in an existing file. This saves you having to retype lengthy configurations when you want to use them again. Before you can use this command, you need to create a file containing the command list and save it in your ISFS directory. Once you specify the filename in the source command, the file is located and the commands are executed. For example:
prompt> source //isfs/myconfigfile.txt
8.5.7
Adding new CLI commands You can create CLI commands that configure and read values and attributes that you have defined. For information on how to do this, see the ISOS Management Developers Guide: DO-008640-PS.
8.6
Administering user accounts

As admin user you can administer user accounts. This section summarizes the CLI commands which can be used to administer user accounts. For more information about all the commands listed in this section, refer to DO-009430-PS, ISOS (8.2) CLI Reference Manual. 8.6.1 Adding new users There are two types of user that you can add to the system: a user who can access the system via a dialin connection, for example, using PPP. To add a user, use the command:
system add user <name> [comment]
For example:
system add user fred user with dialin access
a login user who can login to the system. To add a login user, use the command:
system add login <name> [comment]
For example:
system add login joe user with login access
To display information about the new users, use the command:

system list users
135
Setting user passwords

Users: May ID | Name | Conf. | May Dialin | Access Level | Comment
---|--------|----------|----------|------------|-----------------------1 | joe 2 | fred 3 | admin | ENABLED | disabled | default | default | user with login access | user with dialin access | Default admin user
| disabled | ENABLED | ENABLED
| disabled | superuser
------------------------------------------------------------------------
By default, both new users are given a default access level as described in Access permissions to the CLI on page 129.
8.7
Setting user passwords

To change the password for the user you are currently logged in as, use the command:
user password
Enter the new password twice as prompted:

Enter new password: *** Again to verify: *** -->
Note that no check is made for any current password which may have been set for the user. If you wish to change the password for another user, enter the command:
user change <name>
This command logs you into the system as another user. You can then use the user password command to change the password for this user. Note that changing to another user means that you lose all superuser privileges. Note that only superusers can use the user change command.
8.8
Changing user settings

To change any of the default settings for a user, use the following commands. For example, to change the settings for user fred:
136
Using the CLI
system set user <name> access {default|engineer|superuser} system set user <name> maydialin {enabled|disabled} system set user <name> mayconfigure {enabled|disabled}
For example, to change the security level for fred, enter:

system set user fred access engineer
Note that only superusers can use the user change command. 8.8.1 Controlling login access To set user access permissions for a user that has been added to the system using the system add login command, enter the command:
system set login <name> access {default|engineer|superuser}
8.8.2
Controlling user access To set user access permissions for a user that has been added to the system using the system add user command, enter the command:
system set user <name> access {default|engineer|superuser}
8.9
About the console

8.9.1 Entering console commands from the CLI You can only enter console commands from the CLI if you have the correct access permissions set. For more information on access permissions, see Access permissions to the CLI on page 129. To enter a single usable console command from the CLI, enter:
console process <console command>
For example:
console process event show
This command enables the display of background output on your console device. To enter a series of console commands you can enter console mode. Enter the following CLI command:
console enable
You are now in console mode and can enter console commands.
137
About the console
To exit console mode and return to the CLI, enter:

exit
Note You must type the exit command at the root level of the console to return to the CLI. 8.9.2 Navigating the console The console is structured in a hierarchical fashion. Entering a module name on the console drops you into this module. From this position, any commands which are then typed are assumed to be commands specific to the module you have entered. To return to the top of the hierarchy, use the command home. For example, entering:
0:20:2b:0:75:20>fm
drops you into the fm module. This is indicated by the change in the console prompt:
0:20:2b:0:75:20 fm>
All commands that are now issued from this prompt refer to commands supported by the IP module. For example, entering the device command:
0:20:2b:0:75:20 fm>fsinfo produces information about the classes known to filesystem. File system: isfs Total bytes: 2095006 Used bytes: 2095006 Dynamic allocation: TRUE File system is valid
To return to the top of the hierarchy, enter:

0:20:2b:0:75:20 fm>home
Entering the fsinfo command from this location produces an error, as shown below:
0:20:2b:0:75:20>list classes console: Unknown command 'fsinfo' - try 'help'
138
Using the CLI
If you know the commands supported by a module, you can call them directly, prefixed with the module name. For example:
0:20:2b:0:75:20>fm fsinfo
For more detailed information about the console, refer to DO-007094-PS, VIRATA Console Functional Specification. 8.9.3 Obtaining help with command syntax The console provides you with tips and help information at various stages. To find out the commands and modules available from the top of the hierarchy, type:
help
A list will be displayed showing the currently loaded modules and available commands. To find out about the console commands provided by a particular module, type:
help
after the module name. This will display a list of all the commands available for the module along with their syntax. For example, typing:
fm help
displays all of the options which can be used with this command:
Commands are: append fsinfo mv cat info rm cp ls version default md5
'.' repeats the last command Type "ip help all" or "ip help <command>" for more details
You can also obtain help on the arguments required for a particular command. For example, to obtain help on the arguments required for the ls command, enter:
fm help ls ls [-l | -L] - list file system
You can also obtain help for all the commands. Enter the command:
139
About the console
fm help all
to display help information for all the commands in the IP module. 8.9.4 Further information For more information about the console commands refer to the appendices in DO-009430-PS, ISOS (8.2) CLI Reference Manual.
140
9. Using the EmWeb server
This chapter describes how to configure the embedded web server, EmWeb, on your ISOS System.
141
Introduction
9.1
Introduction
This chapter describes how to use EmWeb - the embedded web server in ISOS. It describes the content of EmWeb configuration pages. The example image that is used throughout this chapter is the image produced using the mkproduct command:
mkproduct usb-gateway bd6000
The image is downloaded to a BD6210 ISOS system. If you are using a different image or different hardware, the information displayed on EmWeb configuration pages may differ from those described here. 9.1.1 References to CLI commands Configuring your product using EmWeb has the same effect as configuring it using the Command Line Interface (CLI). Throughout this chapter, you will see references to the CLI commands that provide functionality equivalent to EmWeb configurations. This allows you to refer to the ISOS 8.2 CLI Reference Manual: DO-009430-PS if you want further information about specific EmWeb configurations.
9.2
About EmWeb
For more information about the implementation of EmWeb in ISOS, refer to VMI Web Management Entity Architecture: DO-008274-TC.
9.3
Accessing EmWeb
To access EmWeb on an ISOS System that has been booted with an image containing a factory default configuration:
1
Attach a PC to one of the LAN interfaces. At the console, type the following CLI command: ip list interfaces This command lists the default interfaces available, including the LAN interface that is attached to your PC. The default LAN IP address is 192.168.1.1.
142
Using the EmWeb server
At your web browser, enter the URL: http://192.168.1.1 If you need to change the ip address of the LAN interface, use the following CLI command (with the correct values added): ip set interface iplan ipaddress 192.168.1.1 then at your web browser, enter the new IP address as the URL. The following page is displayed. This is the Status homepage for EmWeb on an ISOS System system running a default usb-gateway image:
143
Accessing EmWeb
Figure 15 EmWeb Status homepage The first time that EmWeb is launched during a session, a Welcome message is displayed at the top of the Status homepage. This message is replaced by the Status heading once the page is automatically or manually refreshed.
144
9.3.1
Logging in to EmWeb The first time that you click on an entry from the left-hand menu, a login box is displayed. You must enter your username and password to access the pages. The default network login is the same as the login used at the CLI console. Type the following: User Name: admin Password: admin Click on OK. You are now ready to configure your ISOS System using EmWeb.
9.4
About EmWeb pages

EmWeb provides a series of web pages that you can use to setup and configure the ISOS System. These pages are organized into four main topics. You can select each of the following topics from the menu on the left-hand side of the main window: Status homepage; information about the current setup and status of the system. For more information, see About the Status Page on page 145. Quick Start; information about how to setup the WAN connection. For more information, see About the Quick Start page on page 149. System; information about the system hardware and options to upgrade the firmware and restart the system. For more information, see About the System menu on page 152. Configuration; information about the current configuration of various system features with options to change the configuration. For more information, see About the Configuration menu on page 158. The exact information displayed on each web page depends on the specific configuration that you are using. The following sections give you a general overview of the setup and configuration details.
9.5
About the Status Page

The Status homepage contains information about the current configuration of your ISOS System. It provides an overview of the current image configuration. The page contains the following sections:
145
9.5.1
Status section; see Status on page 146 Advanced Diagnostics; see Advanced Diagnostics on page 146 Port Connection Status; see Port Connection Status on page 146 WAN Status; see WAN Status on page 147 LAN Status; see LAN Status on page 147 Hardware Status; see Hardware Status on page 148 Defined Interfaces; see Defined Interfaces on page 148
Status The Status section displays: PPPoE Connection status (connected or disconnected). See Creating a PPPoE login on page 151. the current WAN IP Address configuration. It also provides a WAN Settings hyperlink that allows you to create, modify or delete your WAN configuration. See WAN Connection on page 164 for details of how to do this. the current Local IP Address configuration. It also provides a LAN Settings hyperlink that allows you to create, modify or delete your LAN configuration. See LAN connections on page 162 for details of how to do this.
9.5.2
Advanced Diagnostics The Advanced Diagnostics section displays: Connection Authentication details; this displays details about your current ISP login settings. It also provides a Login Settings hyperlink that allows you to create, modify or delete your existing login setup. See About the Quick Start page on page 149. PPPoE Dial-On-Demand status; this displays whether you can dialin to the system using PPPoE. To configure this setting, see About the Quick Start page on page 149.
9.5.3
Port Connection Status This section displays information about your port connections: Port; the ports available on your ISOS System Type; the kind of traffic that can be transported on each port
146
Connected; which of the ports on your ISOS System are currently connected: represents a port that is not connected represents a port that is connected Line State; DSL connection status
For information on how to configure ports, see Ports on page 199. 9.5.4 WAN Status This section displays the following status information about your WAN configuration: IP Address Type; whether the WAN IP address is used or the address is obtained dynamically from DHCP. See WAN Connection on page 164. WAN Subnet Mask Default Gateway; whether DHCP server has been configured to give out the WAN IP address as the default Gateway address. See DHCP Server on page 171. Primary DNS; whether a Primary DNS IP address has been set. See DHCP Server on page 171. The WAN Status section also provides two hyperlinks: IP Address Settings; this allows you to create, modify or delete your WAN configuration. See WAN Connection on page 164. DNS Client Settings; this allows you to create, modify or delete your DNS Client configuration. See DNS Client on page 177. 9.5.5 LAN Status This section displays the following status information about your Local Area Network settings: LAN Subnet Mask Act as Local DHCP Server (Yes/No) MAC Address; this is the actual MAC address for the Ethernet block in the GlobespanVirata communications processor which is used in the ISOS System. You can configure the ISOS System to use the MAC address from the Ethernet NIC in the PC instead of its own MAC address. This is known as MAC Address Spoofing. For more information on how to clone the MAC address, refer to the MAC
147
Spoofing Functional Specification: DO-009427-PS. If you have configured MAC spoofing on the ISOS System the MAC address shown in this table will not be changed. This table will always show the true MAC address of the ISOS System. The LAN Status section also provides a DHCP Server Settings hyperlink that allows you to configure your DHCP server status. See DHCP Server on page 171. 9.5.6 Hardware Status This section displays the following status information about your ISOS System: Up-Time; the length of time (in hours:minutes:seconds) that your current session has been connected for Version; information about the ISOS core software release which has been used to build the image running on your ISOS System, including: the image version that you are booting, for example USB Hypergate the ISOS System that the image is suitable for the Board Support Package and Chip Support Package versions included in the image build
9.5.7
the release version number For more information, refer to ISOS source software package on page 32. Vendor; The name of the Vendor supplying the ISOS System. The default setting for this is GlobespanVirata.
Defined Interfaces This section lists LAN interfaces that have been defined. For more information on defining LAN interfaces, see LAN connections on page 162. Each interface listed has a Show Statistics hyperlink associated with it. Click on this for detailed information about some/all of the following (depending on the interface type and configuration): the interface connection details
148
port configuration service parameters
Your ISOS System has default interfaces defined. These defaults depend on the type of image that you are building. For example, a BD6210 ISOS System booting a usb-gateway image has the following default interfaces:
--> ip list interfaces IP Interfaces:
ID
Name
IP Address
DHCP
Transport
-----|--------------|------------------|----------|---------------1 | iplan 2 | ipwan | 192.168.1.1 | 0.0.0.0 | disabled | iplan | disabled | PppoeUp
-------------------------------------------------------------------
The iplan interface is your default LAN connection over Ethernet. The ipwan interface is your default connection to the WAN. It uses PPPoE over ATM (RFC1483). To list the transports set for each of the interfaces, use the following command:
--> transports list Services:
ID
Name
| Type
-----|--------------|-----------------------------------------------------1 | iplan 2 | Rfc1483Up 3 | PppoeUp | Ethernet | RFC1483 | PPPoE | TxPkts: | TxPkts: | TxPkts: 750/0 0/0 2/0 RxPkts: RxPkts: RxPkts: 475/0 0/0 0/0
---------------------------------------------------------------------------
9.6
About the Quick Start page

This page allows you to configure your WAN login connection. From the left-hand menu, click on Quick Start. The Quick Start page is displayed. There are two types of login that you can configure: Using a DHCP address from your ISP instead of having a login account. See Creating a login using DHCP on page 150. Login using PPPoE. This allows a user to login remotely via PPPoE. See Creating a PPPoE login on page 151.
149
About the Quick Start page
9.6.1
Creating a login using DHCP

1
From the Login Type section, click on the No Login/DHCP radio button. Click on Apply. The DHCP Login Options form is displayed:
Figure 16
2 a b 3
EmWeb Quick Start No Login/DHCP page
Complete the DHCP Login Options: If you want your ISP server to automatically recognize your own host name, type a Special DHCP host name. If you want LAN DHCP clients to use a specific domain name, type a Domain Name for Clients to send with DNS Requests.
Once you have configured DHCP login options, click on Apply. The Quick Start page is refreshed, and the following confirmation message appears near the top of the page: Settings successfully changed
These actions have the same effect as typing the following CLI commands: dhcpclient interfaceconfig add sent option host-name dhcpserver subnet add option domain-name dhcpclient update dhcpserver update
150
9.6.2
Creating a PPPoE login

1
From the Login Type section, click on the PPPoE Login radio button. Click on Apply. The PPPoE Login Setup form is displayed:
Figure 17 EmWeb Quick Start PPPoE Login Setup page

2
Complete the PPPoE Login Setup section to enable a user to login to the remote end:
a
PPPoE Username and Password; type a (dialout) username and password which will be required when PPP negotiation takes place and is supplied to the remote PPP server for authentication. PPPoE Service Name; type the PPPoE tag that identifies a specific service acceptable to the PPPoE client. Dial on Demand check box; check this box if you want PPPoE to automatically connect to TCP/IP whenever a user requests TCP/IP packets from public destinations. Auto-disconnect idle time (secs); if you have checked the Dial on Demand box, type the length of time a PPPoE session connected to an ISP can remain idle before the session is disabled.
Complete the PPPoE Login Options section:

a b
151
About the System menu
Keep-Alive check box; check this box if you want PPPoE to send regular Link Control Protocol (LCP) echo request frames. If no reply to the request is received, the PPP connection is torn down. Domain Name for Clients to send with DNS Requests text box; type a domain name if you want LAN DHCP clients to use a specific domain name.
Once you have configured PPPoE login options, click on Apply. The Quick Start page is refreshed, and the following confirmation message appears near the top of the page: Settings successfully changed
These actions have the same effect as typing the following CLI commands: pppoe set transport username pppoe set transport password pppoe set transport servicename pppoe set transport autoconnect pppoe set transport idletimeout pppoe set transport lcpechoevery dhcpserver subnet add option domain-name dhcpserver update
9.7

The System menu contains options which describe the ISOS System and allow low-level changes to be made, such as updating the image on the system. From the left-hand menu, click on System. The following sub-headings are displayed: Error Log; displays information about recent configuration errors. See Error Log on page 153. One-click update; One-click update on page 153. Remote Access; allows you to enable remote administration of your ISOS System (using NAT). See Remote Access on page 154. Update; allows you to update the image on your ISOS System. See Update on page 155.
152
9.7.1
Backup/restore; allows you to backup your configuration and restore an existing configuration. See Backup/restore on page 156. Restart; allows you to restart your ISOS System and optionally restore factory defaults. See Restart on page 157.
Error Log The Error Log page is automatically displayed when a configuration error occurs. From the System menu, click on Error Log. The following page is displayed:
Figure 18
EmWeb webserver Error Log page
This page displays a table containing all configuration errors experienced by your ISOS System during a current session. The table also tells you: when the error occurred (in seconds since your system was restarted) which process the error occurred in brief descriptions of the Error 9.7.2 One-click update This allows you to use one-click to download new ISOS images from a remote HTTP server. You do not need to browse for the correct file to upload, which you must do when updating your system software using Update on page 155.
1
From the System menu, click on One-click update. The following page is displayed:
153
Figure 19 EmWeb Auto update page

2
Click on the Next button. The Auto Update page is displayed. This page contains the following information: Existing software version: the software version that you are currently using Available software version: the software version available for download Download from: the available software versions source address Summary: description of downloadable source Overview: URL that can be linked to a Web page detailing additional information about this software version.
To update device firmware, click on OK. The Firmware Update page is refreshed. The page contains two progress bars: the first progress bar displays how long it is taking to fetch the new software version from the Web server. once the software version has been retrieved, the second progress bar displays how long it is taking to write the new software version to Flash.
Once the file has been written to Flash, the Auto Update page is refreshed. The page confirms completion of the update and asks you to restart your ISOS System in order to use the new firmware. Click on Restart. See Restart on page 157.
For more information about one-click updating, see One-click Firmware Download Functional Specification: DO-009841-PS. 9.7.3 Remote Access This allows you to enable temporary remote access to your ISOS System using Network Address Translation (NAT).
154
Note In order to configure remote access, you first need to enable the firewall and create an external to internal firewall policy. For more information, see Security on page 180.
1
Once you have configured Security, from the System menu, click on Remote Access to display the following:
Figure 20
2 3
EmWeb Remote Access page
Type in the length of time that you want to allow remote access for. Click on Enable. The Remote Access page is displayed, confirming the number of seconds remaining for remote access. There is also a Disable button that allows you to stop remote access before the specified time ends.
9.7.4
Update This option allows you to upload firmware images to the ISOS System using HTTP. A .tar archive is uploaded to the RAM of your ISOS System. The archive is unpacked automatically, files are validated and then written to Flash memory.
1
From the System menu, click Update. The following page is displayed:
Figure 21
2
EmWeb Firmware Upgrade page
Type in the network location of the new firmware image that you want to upload, or use the Browse button to browse through the network and select the file. Click on Update.
155
Once the file has been uploaded to the RAM of your ISOS System, it is written to Flash. A status page is displayed confirming that the upload is complete and telling you how much of the file (in bytes and as a percentage) has been written to Flash. Once the file has been written to Flash, the Firmware Update page is refreshed. The page confirms completion of the update and asks you to restart your ISOS System in order to use the new firmware. Click on Restart. See Restart on page 157. Note Updating your firmware could take up to 4 minutes to complete.
For more information on updating the firmware on your ISOS System, refer to Upgrading an ISOS System on page 403. 9.7.5 Backup/restore This page allows you to backup your configuration to, or restore it from, your computer. Backing up your configuration
1
From the System menu, click on Backup/restore. The following page is displayed:
Figure 22 EmWeb Configuration Backup/Restore
156
From the Backup Configuration section, click on the Backup button. The File Download window is displayed. Click to select the Save this file to disk radio button. From the Save As window, select a file in which to save your backup configuration. Click on Save. These actions have the same effect as typing the following CLI command: system config backup From the System menu, click on Backup/restore. In the Restore Configuration section, click in the Configuration File text box and type the network path of the file that you wish to restore. If you do not know the path details, click on the Browse button and locate the file using the Choose file box. Click on the Restore button. The page is refreshed with a Configuration Restored message and details of the number of bytes uploaded. These actions have the same effect as typing the following CLI command: system config restore
Restoring your configuration

1 2
9.7.6
Restart This page allows you to restart your ISOS System. It has the same effect as resetting your ISOS System by pressing the appropriate reset button on the hardware.
1
From the System menu, click on Restart. The following page is displayed:
Figure 23
EmWeb Restart page
157
About the Configuration menu
Click on the Restart button to reset the ISOS system. The Restart page also provides you with the option of restarting and restoring the factory default settings. Click in the Reset to factory default settings box to check it, then click on the Restart button. Read the console status output to check how the reset is progressing. Once the login and password prompt is displayed at the console, you can login as usual (with login = admin, password = admin), then refresh the browser that is running EmWeb. The Status page is displayed and your ISOS System has been reset.
The Restart button has the same effect as typing the following CLI command: system restart Checking the Reset to factory default settings check box has the same effect as typing the following CLI command: system config restore factory
9.8

The Configuration menu contains options for configuring features on your ISOS System including basic LAN and WAN connections and DHCP and DNS settings. Note Most of the features contain sensible default settings. You are unlikely to have to reconfigure every feature included in the Configuration menu. From the left-hand menu, click on Configuration. The following sub-headings are displayed: Save config; allows you to save your current configuration to Flash memory. See Save configuration on page 159. Authentication; allows you to create, edit and delete user accounts. See Authentication on page 160. LAN connections; allows you to edit your LAN port IP address, create and edit a secondary IP address and create new LAN services. See LAN connections on page 162. WAN connections; allows you to create, edit and delete WAN services. See WAN Connection on page 164.
158
9.8.1
IP routes; allows you to create, edit and delete IP routes. See IP Routes on page 166. ZIPB; allows you to enable, disable and configure the ISOS Zero Installation PPP Bridge. See ZIPB on page 168. DHCP server; allows you to enable, disable and configure your DHCP server. See DHCP Server on page 171. DHCP relay; DNS client; allows you to enable, disable and configure DNS client. See DNS Client on page 177. DNS relay; allows you to enable, disable and configure DNS relay. See DNS Relay on page 179. Security; allows you to configure Security, Firewall, NAT and Intrusion Detection. See Security on page 180. Ports; allows you to configure the ports available on your ISOS System. See Ports on page 199.
Save configuration To save your current configuration to Flash memory:

1
From the Configuration menu, click on Save config. The following page is displayed:
Figure 24
2
EmWeb Save Configuration page
Click on the Save button to save your current configuration in the im.conf file in FlashFS. The Save button has the same effect as typing the following CLI command: system config save After a short time the configuration is saved and the following confirmation message is displayed: Saved information model to file //flashfs/im.conf
159
9.8.2
Authentication This option allows you to administer accounts for users who access the ISOS System. From the Configuration menu, click on Authentication. The following page is displayed:
Figure 25
EmWeb Authentication page
Creating a new login account

1
Click on the Create a new user button. The following page is displayed:
Figure 26 EmWeb create user page

2
Type details for the new user into the username, password and comment text boxes, and select a May login? option: true means that the user can login but not dialin false means that the user can dialin but not login
Click on the Create button. The Authentication page is displayed. The table now contains details for the user that you have just created.
160
Editing/deleting a login account

1
The Authentication page table contains an Edit user hyperlink for each user account entry. Click on a link. The following page is displayed:
Figure 27 EmWeb Edit User page This page allows you to:
2
update details for a specific user account. Modify the necessary text boxes then click on the Apply button. delete a user account. Click on the Delete this user button.
Once you have edited or deleted a user account, the Authentication page is displayed and the table reflects any changes that you have made on the edit user page.
These actions have the same effect as entering the following CLI commands: system list users system list logins system add login system add user system set login maydialin system set user maydialin system set login mayconfigure system set user mayconfigure system delete login system delete user
ISOS (8.2 Service Release 2) User Guide DO-009467-PS (Issue 4, 6th Dec 2002) 161
9.8.3
LAN connections This option allows you to: configure the IP address and subnet of the default LAN connection to the ISOS System. configure a secondary IP address on the same subnet as the primary IP address. create virtual interfaces; multiple virtual interfaces can be associated with the existing primary LAN interface. From the Configuration menu, click on LAN connections. The following page is displayed:
Figure 28
EmWeb LAN connections page
Configuring primary and secondary LAN connections

1
The Default LAN Port section contains two subsections:

a
IP address and subnet mask details of your primary LAN connection. To edit these details, click in the appropriate text box and type new primary address details. This has the same effect as entering the following CLI command (with the correct values added): ip set interface ipaddress ip set interface netmask
162
Secondary IP address details. To create/configure a secondary IP address, click in the Secondary IP Address text box and type new address details. This has the same effect as entering the following CLI command (with the correct values added): ip interface add secondaryipaddress
Once you have configured the IP address(es), click on the Apply button. A message is displayed confirming that your address information is being updated. If you have changed the primary IP address, you may need to enter the new address in your web browser address box.
Creating virtual interfaces

1
Click on the Create a new virtual interface... hyperlink at the bottom of the LAN connections page. On the Create virtual interface page, type the IP address and netmask of the virtual interface, then click on the Apply button. The LAN connections page is displayed. The virtual interfaces section contains a table listing the names of the virtual interface(s). Each virtual interface is called item# by default. Each virtual interface name has an Edit and a Delete link associated with it. To edit a service:
a b
Click on the Edit link.
Change the options for the existing virtual interface, then click on Change. The page is reset and the new values are displayed. To delete a service: Click on the Delete link. Check the details displayed, then click on the Delete this connection button.
a b
These actions have the same effect as entering the following CLI commands (with the correct values added): ip add interface ip attachvirtual ip set interface ip delete interface
163
For more information on virtual interfaces, see the ISOS IP Stack Feature and Interface Guide: DO-400072-TC. 9.8.4 WAN Connection This option allows you to create and configure WAN connections for your ISOS System. You can also create virtual interfaces on routed services. From the Configuration menu, click on WAN connections. The WAN connections page is displayed:
Figure 29 Creating a WAN service

1
EmWeb WAN connections page
Click on Create a new service. A page is displayed containing a list of WAN service options. The options available on this page are determined by the image which is running on the ISOS System. Select an option, then click on Configure. You need to add detailed configuration information about the WAN service that you are creating. Click on Apply. The WAN connections page is displayed. The table now contains details of the service that you have just created. Configuring the service type has the same effect as entering the following CLI command (with the correct values added): <module> add transport and ip add interface ip attach or bridge add interface bridge attach
164
Editing a WAN service

1 2
Click on the Edit link for a specific service. The WAN connection: edit page is displayed. Change the values for the existing service. If you want to carry out advanced editing, click on the links at the top of the edit page. The links that appear depend on the type of service that you are configuring. For example, for an RFC 1483 routed service, you can choose from the following advanced editing links: Edit Service Edit RFC1483 Edit Atm Channel Edit Ip Interface Edit Tcp Mss Clamp Edit Rip Versions Edit Nat Helper Click on Change. The edit page is displayed and changes are applied to the service.
Deleting a WAN service

1 2
At the WAN connections page, click on the Delete link for a specific service. The WAN connection: delete page is displayed. Check the details displayed, then click on the Delete this connection button. This has the same effect as entering the following CLI commands (with the correct values added): ip delete interface or bridge delete interface Click on the Virtual I/f link for a specific service. The Virtual interface page is displayed. Click on the Create a new virtual interface... hyperlink. On the Create virtual interface page, type the IP address and netmask of the virtual interface, then click on the Apply button.
Creating a virtual interface (routed services only)

1 2
165
The WAN connections page is displayed. If you click on the Virtual I/f link, the Virtual interface page displays a table listing the names of existing virtual interfaces. Each virtual interface is called item# by default. This has the same effect as entering the following CLI commands (with the correct values added): ip add interface <module> add transport ip attachvirtual
9.8.5
IP Routes This option allows you to create static IP routes to destination addresses via an IP interface name or a Gateway address. From the Configuration menu, click on IP routes. The Edit Routes page is displayed:
Figure 30
EmWeb Edit Routes page
This page lists the following information about existing routes: Whether the route is valid or invalid Destination IP address Gateway address Netmask address This has the same effect as entering the following CLI command: ip list routes
166
Editing a route
1
To edit the destination, gateway and netmask address of a route, Click in the relevant text box, update the information then click on Apply. This has the same effect as entering the following CLI command (with the correct values added): ip set route destination ip set route gateway To edit the cost and interface setting for the route, click on the Advanced Options hyperlink for a specific route and update the relevant information. Click on OK. This has the same effect as entering the following CLI command (with the correct values added): ip set route cost ip set route interface To delete an existing route, check the Delete? box for a specific route. Click on Apply. This has the same effect as entering the following CLI command (with the correct values added): ip delete route Click on the Create new Ip V4 Route hyperlink. The following page is displayed:
Deleting a route
1 2
Creating an IP V4 Route
1
Figure 31
EmWeb Create IP V4 Route page
167
Complete the Create IP v4 Route form in order to configure the route. Adding a route has the same effect as entering the following CLI command (with the correct values added): ip add route and you can use the following CLI commands to set the properties of the route: ip set route destination ip set route cost ip set route gateway ip set route interface When you have typed the details, click on OK. The Edit Routes page is displayed. The table now contains details of the route that you have just created. This has the same effect as entering the following CLI command: ip list routes
9.8.6
ZIPB This option allows you to enable, disable and configure the ISOS Zero Installation PPP Bridge (ZIPB) on your ISOS System. From the Configuration menu, click on ZIPB. The following page is displayed:
168
Figure 32 EmWeb ZIPB page This page allows you to:

1
enable/disable ZIPB. Click on the Enable button. The ZIPB page is refreshed and the ZIPB status is changed to enabled. To disable ZIPB, click on the Disable button. This has the same effect as typing the following CLI commands: zipb enable zipb disable carry out advanced configuration of ZIPB. Note You must ensure that ZIPB is in a disabled state before you carry out any configuration changes. Once you have changed the configuration and clicked on OK, you can enable
169
ZIPB and changes will be reflected in the configuration. Any changes made to the configuration while ZIPB is enabled will be ignored. You can configure the following:
a b c
select the LAN interface that ZIPB will run on. Click on the LAN interface drop down list and select an interface. select the WAN interface that ZIPB will run on. Click on the WAN interface drop down list and select an interface. set the Private LAN IP address. Type the address into the Private LAN IP address boxes. The private LAN IP address allows you to continue configuring the ISOS System via EmWeb pages. You should set the private LAN to the IP address entered as the URL in Accessing EmWeb on page 142. set the LAN IP address spoof method. Once a public IP address is assigned to the LAN PC, an IP address on the same subnet as the public IP address must be created and assigned to the ISOS System LAN interface. This option configures how the LAN interface IP address is created. Click on the LAN IP address spoof method drop down list and select one of the following: Top of subnet - selects the highest available address in the subnet Bottom of subnet - selects the lowest available address in the subnet Increment - increments the assigned IP address by 1 Manual - uses the IP address specified in the Manual LAN IP address field. set the manual LAN IP address only if you selected Manual as your LAN IP address spoof method. Type the address into the Manual LAN IP address boxes. set the LAN subnet mask selection method. Click on the LAN subnet mask selection method drop down list and select one of the following: Natural - uses the subnet mask of the assigned IP address Manual - uses the netmask specified in the Manual LAN subnet mask field
170
set the manual LAN subnet mask only if you selected Manual as your LAN subnet mask selection method. Type the subnet mask into the Manual LAN subnet mask boxes. set the LAN DHCP server lease time. Click on the LAN DHCP server lease time text box and type the duration (in seconds) of DHCP leases on the LAN. set the LAN PC power down time. Click on the LAN PC power down time text box and type the duration (in seconds) of down time before ZIPB assumes that the LAN PC has been turned off and that the user no longer needs access to the Internet. Note For more information about these configuration options, click on the Help hyperlink at the bottom of the page.
Once you have configured ZIPB, click on the OK button. Note that the configuration changes will not take effect until ZIPB is set to enabled. Click on the Enable button at the top of the page.
For more information on ZIPB, see the ISOS Zero Installation PPP Bridge (ZIPB) Functional Specification: DO-400808-PS. 9.8.7 DHCP Server This option allows you to enable/disable the DHCP server and create, configure and delete DHCP server subnets and DHCP fixed IP /MAC mappings.
171
From the Configuration menu, click on DHCP server. The following page is displayed:
Figure 33
DHCP Server page
Enabling/disabling the DHCP server

1 2
Click on the Enable/Disable button at the top of the page. The DHCP server is enabled by default. If you click on the Disable button, DHCP server is disabled and the button changes to Enable. This has the same effect as entering the following CLI command (with the correct values added): dhcpserver enable dhcpserver disable Note If DHCP relay is enabled, DHCP server will be disabled by default. You can not enable DHCP server unless you disable DHCP relay. See DHCP Relay on page 176.
Creating a DHCP server subnet

1
Click on the Create new Subnet link. The following page is displayed:
172
Figure 34 EmWeb DHCP server subnet configuration page

2
This page allows you to:

a
Set the value and netmask of the subnet (either manually or by selecting an IP interface whose value and mask is used instead), and set the maximum and default lease times. This has the same effect as entering the following CLI commands: dhcpserver add subnet dhcpserver set subnet defaultleasetime dhcpserver set subnet maxleasetime Set the DHCP address range (or use a default range of 20 addresses). This has the same effect as entering the following CLI commands: dhcpserver add subnet or dhcpserver subnet add iprange This has the same effect as entering the following CLI command:
173
Set the Primary and Secondary DNS Server addresses or set your ISOS System to give out its own IP address as the DNS Server address. This has the same effect as entering the following CLI commands: dhcpserver subnet add option domain-name-server primary-dns, secondary-dns or dhcpserver set subnet hostisdnsserver Set your ISOS System to give out its own IP address as the default Gateway address. This has the same effect as entering the following CLI command: dhcpserver set subnet hostisdefaultgateway
Once you have entered new configuration details for your DHCP server, click on OK. The DHCP Server page is displayed, containing details of your new subnet.
Editing a DHCP subnet

1
Click on the Advanced Options link for a specific subnet. The Edit DHCP server subnet page is displayed. This allows you to edit all of the values that were set when the subnet was created. This page also allows you to add additional option information. At the bottom of the page, click on the Create new DHCP option link. The following page is displayed:
Figure 35
EmWeb DHCP Server configuration option page
174
Click on the Option name drop-down list and select a name. Type a value that matches the selected option name in the Option value text box. Click on OK. This has the same effect as entering the following CLI command: dhcpserver subnet add option The Edit DHCP server subnet page is displayed, and details of you new option are displayed under the sub-heading Additional option information. To delete an existing option, check the Delete? box for a specific option and click OK.
Creating a fixed host

1
Click on the Create new Fixed Host link. The following page is displayed:
Figure 36 EmWeb Create new DHCP server fixed host page

2
Complete the following:

a b
Type in the IP address that will be given to the host with the specified MAC address.
Type in the MAC address and the maximum lease time (default is 86400 seconds). This has the same effect as typing the following CLI command: dhcpserver add fixedhost
Click on OK. The DHCP Server page is displayed, and details of your new fixed host are displayed under the sub-heading Existing DHCP fixed IP/MAC mappings. To edit a fixed mapping, click on
175
the IP address, MAC address or max lease time, type a new entry and click Apply. To delete a fixed mapping, check the Delete? box for a specific mapping and click Apply. This has the same effect as typing the following CLI commands: dhcpserver set fixedhost ipaddress dhcpserver set fixedhost macaddress dhcpserver set fixedhost maxleasetime dhcpserver delete fixedhost 9.8.8 DHCP Relay This option allows you to: enable/disable DHCP relay. add DHCP servers to the DHCP relay list. configure/delete server entries on the DHCP relay list. From the Configuration menu, click on DHCP relay. The following page is displayed:
Figure 37
EmWeb DHCP Relay page
176
Enabling/disabling DHCP relay

1
Click on the Enable/Disable button at the top of the page. If you click on the Disable button, DHCP server is disabled and the button changes to Enable. This has the same effect as entering the following CLI command: dhcprelay enable dhcprelay disable Note If DHCP server is enabled, DHCP relay will be disabled by default. You can not enable DHCP relay unless you disable DHCP server. See DHCP Server on page 171.
Adding a DHCP server to the DHCP relay list

1 2
In the Add new DHCP server section, type an address in the New DHCP server IP address text box. Click on Apply. The address is displayed in the Edit DHCP server list section.
Editing/deleting entries in the DHCP relay list

1 2
To edit an entry, click on an IP address and type a new entry, then click on Apply. To delete an entry, check the Delete? box for a specific IP address, then click on Apply. These actions have the same effect as entering the following CLI commands (with the correct values added): dhcprelay add server dhcprelay update dhcprelay list servers dhcprelay delete server
9.8.9
DNS Client This option allows you to: create a list of server addresses. This enables you to retrieve a domain name for a given IP address. create a domain search list. DNS client uses this list when a user asks for the IP address list for an incomplete domain name.
177
From the Configuration menu, click on DNS client. The following page is displayed:
Figure 38 Configuring DNS servers

1 2
EmWeb DNS client page
Type the IP address of the unknown domain name in the DNS servers: text box. Click Add. The IP address appears in the DNS servers table. You can add a maximum of three server IP addresses. Each IP address entry has a Delete button associated with it. Click on Delete to remove an IP address from this list. Adding/deleting IP addresses has the same effect as entering the following CLI commands: dnsclient add server dnsclient list server dnsclient delete server Type a search string in the Domain search order: text box.
Configuring DNS search domains

1
178
Click Add. The search string is displayed in the Domain search order table. You can add a maximum of six search strings. Each search string entry has a Delete button associated with it. Click on Delete to remove a string from this list. Adding/deleting domain search strings has the same effect as entering the following CLI commands: dnsclient add searchdomain dnsclient list searchdomain dnsclient delete searchdomain
9.8.10 DNS Relay This option allows you to create, configure and delete DNS relays primary and secondary DNS servers. DNS relay can forward DNS queries to the DNS servers on this list. From the Configuration menu, click on DNS Relay. The following page is displayed:
Figure 39
EmWeb DNS Relay page
Configuring the DNS relay list

1
In the Add new DNS server section, type an address in the New DNS server IP address text box.
179
Click on Apply. The address is displayed in the Edit DHCP server list section. To edit an entry, click on an IP address and type a new entry, then click on Apply. To delete an entry, check the Delete? box for a IP address, then click on Apply. These actions have the same effect as entering the following CLI commands (with the correct values added): dnsrelay add server dnsrelay update dnsrelay list servers dnsrelay delete server
9.8.11 Security This option allows you to configure Security, NAT and Firewall: Security - EmWeb allows you to: enable Security, see Enabling Security on page 181. configure Security interfaces; Configuring security interfaces on page 182.
configure triggers, see Configuring triggers on page 194. NAT - EmWeb allows you to: enable NAT between interfaces; see Configuring NAT on page 183. configure global addresses; see Configuring NAT global addresses on page 185.
configure reserved mapping; see Configuring NAT reserved mapping on page 187. Firewall - EmWeb allows you to: enable Firewall and Firewall Intrusion Detection settings; see Enabling Firewall and/or Intrusion Detection on page 181 set the Firewall security level; see Setting a default security level on page 182. configure Firewall policies, portfilters and validators; see Configuring Firewall policies on page 188, Configuring portfilters on page 190 and Configuring validators on page 192. configure Intrusion Detection settings; see Configuring Intrusion Detection Settings on page 196.
180
From the Configuration menu, click on Security. The following page is displayed:
Figure 40 EmWeb Security page This page contains the default Security settings. Enabling Security You must enable Security before you can enable Firewall and/or Intrusion Detection. In the Security State section:
1 2
Click on the Security Enabled radio button. Click on Change State to update the Security State section. This has the same effect as typing the following CLI commands: security enable security status
Enabling Firewall and/or Intrusion Detection You must create a security interface before you can enable Firewall and/or Intrusion Detection. See Configuring security interfaces on page 182.
181
Once you have created a security interface:

1 2
Click on the Firewall Enabled and/or Intrusion Detection Enabled radio buttons. Click on Change State to update the Security State section. This has the same effect as typing the following CLI commands (depending on which state you want to enable): firewall enable firewall enable IDS security status
Setting a default security level You must have Security and Firewall enabled in order to set a default Security level. See Enabling Security on page 181 and Enabling Firewall and/or Intrusion Detection on page 181.
1 2 3
From the Security Level section, click on the Security Level drop-down list. Click on the level that you want to set; none, high, medium or low. Click on the Change Level button. This has the same effect as typing the following CLI command: firewall set securitylevel
For more information on the configuration of each type of security level, see the Firewall CLI chapter of the ISOS 8.2 CLI Reference Manual: DO-009430-PS and the ISOS Security (NAT and Firewall) Functional Specification: DO-008557-PS. Configuring security interfaces Security interfaces are based on existing LAN services. You must create a LAN service for every security interface that you want to configure. For details of how to create LAN services, see LAN connections on page 162.
1
From the Security Interfaces section, click on Add Interface. The Firewall: Add Interface page is displayed:
182
Figure 41 EmWeb Firewall Add Interface page

2 3
Click on the Name drop-down list and select the LAN service that you want to base your security interface on. Click on the Interface Type drop-down list and specify what kind of interface it is depending on how it connects to the network; external, internal or DMZ. Click on Apply. The Security page is displayed. The Security Interfaces section contains a table that displays information about each security interface that you have created: Name - name of LAN service that the security interface is based on Type of network connection specified NAT setting. It contains hyperlinks that allow you to configure NAT. See Configuring NAT on page 183.
Delete Interface... hyperlink. Click on this to display the Security: Delete Interface page. Check the interface details, then click on the Delete button. These actions have the same effect as entering the following CLI commands: security add interface security list interfaces security delete interface
Configuring NAT To configure NAT, you need to:

1
Enable Security; see Enabling Security on page 181
183
Create at least two different security interface types based on existing LAN services; see Configuring security interfaces on page 182. Once you have created more than one security interface, the NAT column in the Security Interfaces table tells you that you can enable NAT between the existing security interface and a network interface type. For example, if you create an external interface and an internal interface, your table will look like this:
Figure 42 EmWeb Security Interfaces table The NAT column for the external interface tells you that you can enable NAT to internal interfaces. If you also had a DMZ interface configured, this column would also include an Enable NAT to DMZ interfaces button. For more details of NAT configurations, see Configuring security on the ISOS System on page 331.
4
To enable NAT between the external interface and the internal interface type, click on Enable NAT to internal interfaces. The Security page is refreshed and NAT is enabled. To disable NAT between these interfaces, click on Disable NAT to internal interfaces. These actions have the same effect as entering the following CLI commands: nat enable nat disable
Once you have enabled NAT between interfaces, you can: configure global addresses; see Configuring NAT global addresses on page 185. configure reserved mapping; see Configuring NAT reserved mapping on page 187.
184
Configuring NAT global addresses Global address pools allow you to create a pool of outside network addresses that is visible outside your network. Before you can configure global addresses, you need to configure NAT. See Configuring NAT on page 183. If you want to set up a global address pool on your existing NAT enabled interfaces:
1
From the NAT Security Interfaces table, click on the Advanced NAT Configuration hyperlink for the interface that you want to add a global pool to. The following page is displayed:
Figure 43 EmWeb Advanced NAT configuration page

2
Click on Add Global Address Pool The following page is displayed:
Figure 44 EmWeb Firewall Add Global Address Pool page
185
This page allows you to create a pool of network IP addresses that are visible outside your network. Add values for the following table entries: Interface type; the internal address type that you want to map your external global IP addresses to. Click on the drop-down list and select an interface type. Use Subnet Configuration; there are two ways to specify a range of IP addresses. You can either Use Subnet Mask (specify the subnet mask address of the IP address) or Use IP Address Range (specify the first and last IP address in the range). Click on the drop-down list and select a method. type in the IP Address that is visible outside the network Subnet Mask/IP Address 2; the value you specify here depends on the subnet configuration that you are using. If you chose Use Subnet Mask, type in the subnet mask of the IP address. If you chose Use IP Address Range, type in the last IP address in the range of addresses that make up the global address pool.
Once you have configured the table, click on Add global address pool. The table is refreshed and the global address pool is added to your NAT configuration.
To delete a global address pool, click on the Delete hyperlink, then click on the Delete Global Address Pool button. These actions have the same effect as typing the following CLI commands: nat add globalpool nat list globalpools nat delete globalpool Click on Return to Interface List to display the Security Interface Configuration page. To create a reserved mapping, click on the Add Reserved Mapping hyperlink. See Configuring NAT reserved mapping on page 187.
186
Configuring NAT reserved mapping Reserved mapping allows you to map an outside security interface or an IP address from a global pool to an individual IP address inside the network. Mapping is based on transport type and port number. Before you can configure reserved mapping, you need to configure NAT. See Configuring NAT on page 183. If you want to set up a reserved mapping on your existing NAT enabled interfaces:
1
From the NAT Security Interfaces table, click on the Advanced NAT Configuration hyperlink for the interface that you want to add reserved mapping to. The Advanced NAT Configuration page is displayed (see EmWeb Advanced NAT configuration page on page 185). Click on the Add Reserved Mapping hyperlink. The following page is displayed:
Figure 45
3
EmWeb Firewall Add Reserved Mapping page
This page allows you to configure your reserved mapping. Add specific values for the following table entries: Global IP Address; if you are mapping from a global IP address, type the address here. If you are mapping from a security interface, type 0.0.0.0. Internal IP Address; the IP address of an individual host inside your network.
187
Transport Type; specify the transport type that you want to map from the outside interface to the inside. Port Number; the port number that your transport uses.
Once you have configured the table, click on Add reserved mapping. The table is refreshed and the reserved mapping is added to your NAT configuration.
To delete a reserved mapping setup, click on the Delete hyperlink, then click on the Delete Reserved Mapping button. These actions have the same effect as typing the following CLI commands: nat add resvmap globalip nat add resvmap interfacename nat list resvmaps nat delete resvmap Click on Return to Interface List to display the Security Interface Configuration page. Configuring Firewall policies A policy is the collective term for the rules that apply to incoming and outgoing traffic between two interface types. Before you can create a Firewall policy, you need to enable Firewall. See Enabling Firewall and/or Intrusion Detection on page 181. To create and configure a Firewall policy:
1
Go to the Policies, Triggers and Intrusion Detection section of the Security Interface Configuration page. Click on Firewall Policy Configuration. The Firewall Policy Configuration page is displayed. Click on New Policy. The Firewall Add Policy page is displayed:
188
Figure 46
3
EmWeb Firewall Add Policy page
This page allows you to configure your Firewall policy. Add specific values for the following entries: Set the interface types that you want to create a policy between by selecting a type from each of the Between interfaces of types drop down lists.
Set the policy to either block only traffic specified in validators, or allow only traffic specified in validators. For more information on validators, see Configuring validators on page 192. Click on Apply. After a short time, the policy is added to the Firewall configuration.
To display policy details, click on Return to Policy List. The page is refreshed and contains a Current Firewall Policies table:
189
Figure 47 EmWeb Current Firewall Policies table The table contains details of each Firewall policy. You can now configure the policies to include portfilters and validators. See Configuring portfilters on page 190 and Configuring validators on page 192. These actions have the same effect as entering the following CLI commands: firewall add policy firewall list policies Configuring portfilters A portfilter is an individual rule that determines what kind of traffic can pass between two interfaces specified in an existing policy. This section assumes that you have followed the instructions in Configuring Firewall policies on page 188. To configure a portfilter:
1
From the Current Firewall Policies table, click on the Port Filters link for the policy that you want to configure. The page displayed contains three Add Filter hyperlinks that allow you to create three different kinds of portfilter:
190
For a TCP portfilter click on Add TCP Filter. The following page is displayed:
Figure 48 EmWeb Firewall Add TCP Port Filter page Specify the start and end of the port range for the TCP protocol that you want to filter. For information on application port numbers, see http://www.ietf.org/rfc/rfc1700.txt. Then use the Direction drop-down lists to specify whether you want to allow/block inbound traffic, and allow/block outbound traffic. Click on Apply. The Firewall Port Filters page is displayed, containing details of the TCP portfilter that you have just added. For a UDP portfilter click on Add UDP Filter. The Firewall Add UDP Port Filter page is displayed. For details on how to complete the table, follow the above instructions for adding a TCP portfilter. For a non-TCP/UDP portfilter click on Add Raw IP Filter. The following page is displayed:
191
Figure 49 EmWeb Firewall Add Raw IP Filter page Specify the protocol number in the Transport Type text box, for example, for IGMP, enter protocol number 2. For more information on protocol numbers, see http://www.ietf.org/rfc/rfc1700.txt. Then use the Direction drop-down lists to specify whether you want to allow/block inbound traffic, and allow/block outbound traffic. Click on Apply. The Firewall Port Filters page is displayed, containing details of the IP portfilter that you have just added.
2
Each portfilter displayed in the Firewall Port Filters page has a Delete hyperlink assigned to it. To delete a portfilter, click on this link, then at the confirmation page, click on the Delete button. The portfilter is removed from the Firewall configuration.
These actions have the same effect as typing the following CLI commands: firewall add portfilter firewall list portfilters firewall delete portfilter Configuring validators A validator allows/blocks traffic based on the source/destination IP address and netmask. Traffic will be allowed or blocked depending on the validator configuration specified when the policy was created. See
192
Configuring Firewall policies on page 188. This section assumes that you have previously followed the instructions in Configuring Firewall policies on page 188. To configure a validator:
1
From the Current Firewall Policies table, click on the Host Validators link for the policy that you want to configure. The Configure Validators page is displayed. Click on the Add Host Validator link. The following page is displayed:
Figure 50 EmWeb Firewall Add Host Validator page

2 3
In the Host IP Address text box, type the IP address that you want to allow/block. In the Host Subnet Mask text box, type the IP mask address. If you want to filter a range of addresses, you can specify the mask, for example, 255.255.255.0. If you want to filter a single IP address, use the specific IP mask address, for example, 255.255.255.255. Click on the Direction drop-down list and select the direction of traffic that you want the validator to filter. Click on Apply. The Configure Validators page is displayed, containing details of the host validator that you have just added. Each portfilter displayed in the Configure Validators page has a Delete Host Validator hyperlink assigned to it. To delete a validator, click on this link, then at the confirmation page, click on the Delete Host Validator button. The validator is removed from the Firewall configuration.
4 5 6
193
These actions have the same effect as typing the following CLI commands: firewall add validator firewall list validators firewall delete validator Configuring triggers A trigger allows an application to open a secondary port in order to transport packets. The most common applications that require secondary ports are FTP and NetMeeting. This section assumes that you have followed the instructions in Enabling Security on page 181. To configure a trigger:
1
Go to the Policies, Triggers and Intrusion Detection section of the Security Interface Configuration. Click on Firewall Trigger Configuration. The Firewall Trigger Configuration page is displayed. There are no triggers defined at this time. Click on the New Trigger link. The following page is displayed:
Figure 51 EmWeb Firewall Add Trigger page

2
Configure the trigger as follows:

a
Transport Type; select a transport type from the drop-down list, depending on whether you are adding a trigger for a TCP or a UDP application. Port Number Start; type the start of the trigger port range that the primary session uses.
194
c d
Port Number End; type the end of the trigger port range that the primary session uses. Allow Multiple Hosts; select allow if you want a secondary session to be initiated to/from different remote hosts. Select block if you want a secondary session to be initiated only to/from the same remote host. Max Activity Interval; type the maximum interval time (in milliseconds) between the use of secondary port sessions. Enable Session Chaining; select Allow or Block depending on whether you want to allow multi-level TCP session chaining. Enable UDP Session Chaining; select Allow or Block depending on whether you want to allow multi-level UDP and TCP session chaining. You must set Enable Session Chaining to Allow if you want this to work. Binary Address Replacement; select Allow or Block depending on whether you want to use binary address replacement on an existing trigger. Address Translation Type; specify what type of address replacement is set on a trigger. You must set Binary Address Replacement to Allow if you want this to work.
e f g
Once you have configured the trigger, click on Apply. The Firewall Trigger Configuration page is displayed, containing details of the trigger that you have just configured. Each trigger displayed in the Firewall Trigger Configuration page has a Delete hyperlink assigned to it. To delete a trigger, click on this link, then at the confirmation page, click on the Delete button. The Firewall Trigger Configuration page is displayed and details of the deleted trigger have been removed. There are two hyperlinks on the page:
a b
To add a new trigger, click on New Trigger. To display the Security Interface Configuration page, click on Return to Interface List.
These actions have the same effect as typing the following CLI commands: security add trigger security list triggers
195
security set trigger endport security set trigger startport security set trigger multihost security set trigger maxactinterval security set trigger sessionchaining security set trigger security set trigger UDPsessionchaining security set trigger binaryaddressreplacement security set trigger addressreplacement Configuring Intrusion Detection Settings Intrusion Detection settings allow you to protect your network from intrusions such as denial of service (DOS) attacks, port scanning and web spoofing. This section assumes that you have followed the instructions in Enabling Security on page 181 and Enabling Firewall and/or Intrusion Detection on page 181. To configure Intrusion Detection settings:
1
Go to the Policies, Triggers and Intrusion Detection section of the Security Interface Configuration page. Click on Configure Intrusion Detection. The Firewall Configure Intrusion Detection page is displayed:
196
Figure 52 EmWeb Firewall Configure Intrusion Detection page The values displayed in EmWeb Firewall Configure Intrusion Detection page on page 197 are the default values.
2
Configure Intrusion Detection as follows:

a
Use Blacklist; select true or false depending on whether you want external hosts to be blacklisted if the Firewall detects an intrusion from that host. Click on the Clear Blacklist button at the bottom of the page to clear blacklisting of an external host. The Security Interface Configuration page is displayed. Use Victim Protection; select true or false depending on whether you want to protect a victim from an attempted web spoofing attack. DOS Attack Block Duration; type the length of time (in seconds) that the Firewall blocks suspicious hosts for once a DOS attack attempt has been detected. Scan Attack Block Duration; type the length of time (in seconds) that the Firewall blocks suspicious hosts for after it has detected scan activity.
197
Victim Protection Block Duration; type the length of time (in seconds) that the Firewall blocks packets destined for the victim of a spoofing style attack. Maximum TCP Open Handshaking Count; type in the maximum number of unfinished TCP handshaking sessions (per second) that are allowed by Firewall before a SYN Flood is detected. Maximum Ping Count; type in the maximum number of pings (per second) that are allowed before the Firewall detects an Echo Storm DOS attack. Maximum ICMP Count; type in the maximum number of ICMP packets (per second) that are allowed by the Firewall before an ICMP Flood DOS is detected.
Once you have configured Intrusion Detection, click on Apply. The Intrusion Detection settings are applied to the Firewall, and the Security Interface Configuration page is displayed.
These actions have the same effect as typing the following CLI commands: security enable firewall enable IDS firewall set IDS blacklist firewall set IDS victimprotection firewall set IDS DOSattackblock firewall set IDS SCANattackblock firewall set IDS MaxTCPopenhandshake firewall set IDS MaxPING firewall set IDS MaxICMP firewall set IDS blacklist clear
198
9.9
Ports
This option allows you to configure the ports available on your ISOS System, depending on the type of image that you are booting. For details of how port configuration is integrated into the VMI, see VMI Architecture: DO-008266-TC. Configuring ports
1
From the left-hand menu, click on Configuration. From the Configuration menu, click on Ports. A sub-list of ports available on your ISOS System is displayed. The following ports are available for the usb-gateway image: A1 A2 Ethernet Hdlc These ports are defined in the hardware BUN configuration file atmos/source/hardware/initbun/bd6000. From the Ports menu, click on Ethernet. The Ethernet Port Configuration page is displayed:
Figure 53 EmWeb Ethernet Port Configuration page The page displays basic port attributes for the Ethernet port on your ISOS System. Click on one of the attribute names to display help information about each entry.
199
Ports
You can carry out advanced configuration of your Ethernet port attributes. From the Ethernet Port Configuration page, click on View advanced attributes. The Advanced Ethernet Port Configuration page is displayed. Click on one of the advanced attribute names to display help information about each entry. Update the port attributes that are available for editing, then click on Apply to update the advanced configuration, or Reset to revert back to the default advanced configuration settings. Click on the Return to basic attribute list to return to the Ethernet Port Configuration page.
These actions have the same effect as typing the following CLI commands: port ? lists the ports available on your ISOS System. port show displays basic and advanced port configuration port set allows you to update your basic and advanced port configuration.
200
10.Using the ISOS File Manager
This chapter provides information about how to use the ISOS File Manager to manage ISOS image files and image configuration files stored in ISFS and FlashFS.
201
Introduction
10.1
Introduction
This chapter describes how to use the ISOS File Manager to manage the filing systems present in ISOS. Filing systems are used for storing ISOS images and ISOS configuration files. Note The tasks described in this chapter use the ISOS console. It is assumed that you can access the ISOS console from the CLI. For more information, see Entering console commands from the CLI on page 137.
10.2
About the File Manager process

The File Manager (fm) process allows ISFS and FlashFS files to be copied, renamed, removed and displayed. It also allows you to display information about the filing systems themselves. All File Manager console commands start with fm, for example:
fm cat im.conf
Note The File Manager console commands allow the manipulation of critical file systems. You should think carefully about whether you want to make some of the commands available in a released image. This chapter describes some of the more useful fm commands. For more information on the File Manager process and all the fm console commands, see the File Manager Process Functional Specification: DO-008609-PS.
10.3
About FlashFS and ISFS

Flash memory is used on the ISOS System to store a permanent copy of an ISOS image and any configuration data. This data is stored in a non-volatile partitioned filing system known as FlashFS. SDRAM is used on the ISOS System to store a temporary copy of some of the files which are stored in FlashFS. This data is stored in a volatile filing system known as ISFS. ISFS stores a copy of FlashFS files to make them accessible to ISOS application processes for storing of configuration data which can subsequently be written back to FlashFS.
202
Using the ISOS File Manager
For example, setting the IP address of the ISOS System and the ARP server it uses is the type of information that would be configured during a session and then saved for future use as configuration data in FlashFS. The File Manager (fm) process console commands are used to manipulate some aspects of FlashFS and ISFS. For more specific commands for either ISFS or FlashFS filing system you will need to use isfs and flashfs console commands. For more information about all aspects of ISFS and FlashFS, refer to DO-007101-PS, ATMOS ISFS & FLASHFS Functional Specification.
10.4
Multiple FLASH partitions

You can configure FlashFS to use a number of partitions in which to store data. Typically, FlashFS would be made up of two partitions - a main partition and a recovery partition. For information on how a typical ISOS image is partitioned, see Typical image structure on page 63. For more information on building an ISOS image containing an emergency or recovery image, refer to Building an image containing a recovery image on page 83 When you use the config save and flashfs update commands, the information is saved from ISFS and stored in FlashFS. When ISOS starts up, it looks for configuration data in FlashFS Partition 1. If Partition 1 is corrupted, the emergency configuration data in partition two is used instead. For more information on booting FlashFS, see FlashFS boot process on page 204. Using multiple partitioning in FlashFS has the following advantage: Decreases the impact of file corruption in FlashFS. Each partition has its own flash sector, so that if one partition becomes corrupted it will not affect other partitions. 10.4.1 Updating files in FlashFS partitions The following rules apply when you are writing directly to FlashFS partition files: You can only have one FlashFS partition file open at a time. The FlashFS partition is corrupt while the file is open because the checksum is not updated until the file is closed.
203
Choosing the default filesystem/partition
The FlashFS filing system is corrupt while the file is open. This stops the system from trying to boot from a partially-written file. If you have a FlashFS partition file open, you cannot use the following console commands:
config save flashfs update
If you try to use either of these commands an error message will appear. 10.4.2 FlashFS boot process When the boot program looks for a bootable partition in FlashFS (partition one by default), it examines the identification block for each image that it requires. It checks and cross checks the information in the identification block. If errors are discovered, the partition is not used and the boot program looks for another bootable partition (partition two by default).
10.5
Choosing the default filesystem/partition

All the fm commands work on a default filesystem (ISFS or FlashFS). flashfs commands work on a default partition. fm provides commands that enable you to refer to particular filesystems and partitions. FlashFS provides commands that enable you to refer to a particular partition. 10.5.1 Changing the default filesystem You can specify which filesystem you wish to use for each command or change the default filesystem. To change the default filing system to be FlashFS, enter:
fm default flashfs
10.5.2 Checking the default filesystem To check which is the default filesystem, enter:
fm default Current filing system: 'flashfs'
204
10.5.3 Changing the default partition To change the default partition, use the default partition console command:
flashfs default 2
After issuing this command, all commands that are issued without referring to a partition number will act on partition 2. For example:
flashfs wipe
will wipe the contents of partition 2; the default partition. The command:
flashfs wipe 1
will wipe the contents of partition 1. 10.5.4 Checking the default partition To check which partition is your default partition, use the following console command:
flashfs default default is 1
10.5.5 Specifying a filesystem/partition You can also refer to a specific filesystem or partition from fm. For example:
fm cat im.conf fm cat //isfs/im.conf fm cat //flashfs/im.conf/PARTITION=1
The first command displays the im.conf file in the current default filesystem. The second command displays the im.conf file currently stored in ISFS (which maybe the default filesystem) and the third command displays the im.conf file stored in FlashFS partition 1.
205
Listing the contents of ISFS and FlashFS
10.6

You can use the File Manager process (fm) to view the contents of ISFS and FlashFS. For more information on the image files and configuration files which are displayed in the following sections, refer to ISOS Module Configuration files on page 444. 10.6.1 Listing the contents of ISFS After downloading an image to an ISOS System, you can list the contents of ISFS, using one of the following commands:
fm ls isfs fm ls -l isfs fm ls -L isfs
The above commands give progressively more detailed information about the files contained in ISFS. For example, the output for a typical build such as usb-gateway is shown below:
192.168.1.1> fm ls isfs File system: isfs snmpd.cnf~ dhcpd.leases dhclient.leases dhcrelay.conf dhcpd.conf dhclient.conf NPimage image banner.txt cliconsole im.conf.factory im.descriptions translate.tab derived_data.dat im.system initbun initvpn services snmpd.cnf snmpinit translate.tab.sw fluorine.translations idt7710x.translations utopia.translations
206
This command shows the files which are currently contained in ISFS.
192.168.1.1> fm ls -l isfs File system: isfs 215 snmpd.cnf~ 0 dhcpd.leases 0 dhclient.leases 0 dhcrelay.conf 275 dhcpd.conf 124 dhclient.conf 9832 NPimage * 1112406 image * 303 banner.txt * (compressed) 468 cliconsole * (compressed) 698 im.conf.factory * (compressed) 312 im.descriptions * (compressed) 587 translate.tab * (compressed) 52130 derived_data.dat * (compressed) 2080 im.system * 2497 initbun * 832 initvpn * 99 services * 241 snmpd.cnf 41 snmpinit * 1784 translate.tab.sw * 1055 fluorine.translations * 448 idt7710x.translations * 719 utopia.translations *
This command shows the same list of files as shown by the fm ls isfs command, but also shows: Size (in bytes) for each file in the column to the left of the file name. The asterisk alongside the filename indicates that the file was included in the flash.bin image that was downloaded. Some files are already created as part of the initialisation process by certain ISOS modules. For example, DHCP has created many files. These are not marked with an asterisk. If the file is compressed this will also be shown in brackets alongside the file.
207
192.168.1.1> fm ls -L File system: isfs 215 (0x00c76350) 0 (0x00e23b80) 0 (0x00e23bc0) 0 (0x00e23e10) 275 (0x00cdc310) 124 (0x00cdbda0) 9832 (0x00303e00) 1112406 (0x00306500) 303 (0x00415f00) 468 (0x00416100) 698 (0x00416300) 312 (0x00416600) 587 (0x00416800) 52130 (0x00416b00) 2080 (0x00423700) 2497 (0x00424000) 832 (0x00424a00) 99 (0x00424e00) 241 (0x00c757c0) 41 (0x00425000) 1784 (0x00425100) 1055 (0x00425900) 448 (0x00425e00) 719 (0x00426900)
isfs snmpd.cnf~ dhcpd.leases dhclient.leases dhcrelay.conf dhcpd.conf dhclient.conf NPimage * image * banner.txt * cliconsole * im.conf.factory * im.descriptions * translate.tab * derived_data.dat * im.system * initbun * initvpn * services * snmpd.cnf snmpinit * translate.tab.sw * fluorine.translations * idt7710x.translations * utopia.translations *
This command provides similar information as shown by the fm ls isfs command, but also shows the location in memory for each file (logical address in brackets alongside the filename). If you then save the configuration, using the config save command, and list the contents again you will notice that more configuration files have been created in ISFS. For example:
10.0.0.1> config save Saving configuration... Configuration saved.
ISOS processes will write out their configuration setting to their associated configuration file. So, if you now view the contents of ISFS again you will see that new files have been added:
208
192.168.1.1> fm ls -l isfs File system: isfs 0 initconfig 8 initdnsclient 0 resolve 300 initppp 98 initwebserver 0 initportcli 8 initdnsrelay 17 initbridge 1 initreflect 215 snmpd.cnf~ 0 dhcpd.leases 0 dhclient.leases 0 dhcrelay.conf 275 dhcpd.conf 124 dhclient.conf 9832 NPimage * 1112406 image * 303 banner.txt * (compressed) 468 cliconsole * (compressed) 698 im.conf.factory * (compressed) 312 im.descriptions * (compressed) 587 translate.tab * (compressed) 52130 derived_data.dat * (compressed) 2080 im.system * 2497 initbun * 832 initvpn * 94 services 241 snmpd.cnf 41 snmpinit 1784 translate.tab.sw * 1055 fluorine.translations * 448 idt7710x.translations * 719 utopia.translations *
There are now new files which have been created by ISOS processes. Note Some of the config files that were originally marked with an asterisk as downloaded files are no longer marked with an asterisk. Their associated process has written them to
209
FlashFS and so to ISFS they appear to have been added. For example, snmpinit. The files which still contain an asterisk have not been written. For example, the NP image file, npimage. The file snmpinit is an example of a dynamic file and NPimage is an example of a fixed file. It is dynamic files such as configuration ASCII-based files which can be written to FlashFS. Fixed files, such as the NP image file, are not written to FlashFS. If you save the system configuration from the CLI rather than the console, the file im.conf is also created which is the configuration file used by the VMI. For example:
--> system config save Wait for 'configuration saved' message... --> Saving configuration... Configuration saved. --> console enable Switching from CLI to console mode - type 'exit' to return
210
192.168.1.1> fm ls -L File system: isfs 7430 (0x00b78700) 0 (0x00c73cc0) 8 (0x00c73d60) 0 (0x00c74230) 300 (0x00b777a0) 98 (0x00b78480) 0 (0x00c75270) 8 (0x00c75310) 17 (0x00c753b0) 1 (0x00c754a0) 215 (0x00c76350) 0 (0x00e23b80) 0 (0x00e23bc0) 0 (0x00e23e10) 275 (0x00cdc310) 124 (0x00cdbda0) 9832 (0x00303e00) 1112406 (0x00306500) 303 (0x00415f00) 468 (0x00416100) 698 (0x00416300) 312 (0x00416600) 587 (0x00416800) 52130 (0x00416b00) 2080 (0x00423700) 2497 (0x00424000) 832 (0x00424a00) 94 (0x00b77500) 241 (0x00c757c0) 41 (0x00c73e00) 1784 (0x00425100) 1055 (0x00425900) 448 (0x00425e00) 719 (0x00426900)
isfs im.conf initconfig initdnsclient resolve initppp initwebserver initportcli initdnsrelay initbridge initreflect snmpd.cnf~ dhcpd.leases dhclient.leases dhcrelay.conf dhcpd.conf dhclient.conf NPimage * image * banner.txt * cliconsole * im.conf.factory * im.descriptions * translate.tab * derived_data.dat * im.system * initbun * initvpn * services snmpd.cnf snmpinit translate.tab.sw * fluorine.translations * idt7710x.translations * utopia.translations *
For more information about the im.conf file, refer to Module configuration files on page 219. 10.6.2 Listing the contents of FlashFS You can issue similar commands to view the contents of FlashFS:
fm ls flashfs fm ls -l flashfs fm ls -L flashfs
211
For example:
192.168.1.1> fm ls -L File system: flashfs 0 (0x0037fe00) 8 (0x0037fd00) 0 (0x0037fc00) 300 (0x0037fa00) 98 (0x0037f900) 0 (0x0037f800) 8 (0x0037f700) 17 (0x0037f600) 1 (0x0037f500) 215 (0x0037f400) 0 (0x0037f300) 0 (0x0037f200) 0 (0x0037f100) 275 (0x0037ef00) 124 (0x0037ee00) 2080 (0x0037e500) 2497 (0x0037db00) 832 (0x0037d700) 94 (0x0037d600) 241 (0x0037d400) 41 (0x0037d300) 1784 (0x0037cb00) 1055 (0x0037c600) 448 (0x0037c400) 719 (0x0037b800) 9832 (0x00000100) 1112406 (0x00002800) 303 (0x00112200) 468 (0x00112400) 698 (0x00112600) 312 (0x00112900) 587 (0x00112b00) 52130 (0x00112e00) flashfs initconfig * initdnsclient * resolve * initppp * initwebserver * initportcli * initdnsrelay * initbridge * initreflect * snmpd.cnf~ * dhcpd.leases * dhclient.leases * dhcrelay.conf * dhcpd.conf * dhclient.conf * im.system * initbun * initvpn * services * snmpd.cnf * snmpinit * translate.tab.sw * fluorine.translations * idt7710x.translations * utopia.translations * NPimage image banner.txt cliconsole im.conf.factory im.descriptions translate.tab derived_data.dat
212
As with ISFS, following a system config save command from the CLI, the im.conf file is also added:
192.168.1.1> fm ls -L File system: flashfs 7430 (0x0037e100) 0 (0x0037e000) 8 (0x0037df00) 0 (0x0037de00) 300 (0x0037dc00) 98 (0x0037db00) 0 (0x0037da00) 8 (0x0037d900) 17 (0x0037d800) 1 (0x0037d700) 215 (0x0037d600) 0 (0x0037d500) 0 (0x0037d400) 0 (0x0037d300) 275 (0x0037d100) 124 (0x0037d000) 2080 (0x0037c700) 2497 (0x0037bd00) 832 (0x0037b900) 94 (0x0037b800) 241 (0x0037b600) 41 (0x0037b500) 1784 (0x0037ad00) 1055 (0x0037a800) 448 (0x0037a600) 719 (0x00379a00) 9832 (0x00000100) 1112406 (0x00002800) 303 (0x00112200) 468 (0x00112400) 698 (0x00112600) 312 (0x00112900) 587 (0x00112b00) 52130 (0x00112e00) flashfs im.conf * initconfig * initdnsclient * resolve * initppp * initwebserver * initportcli * initdnsrelay * initbridge * initreflect * snmpd.cnf~ * dhcpd.leases * dhclient.leases * dhcrelay.conf * dhcpd.conf * dhclient.conf * im.system * initbun * initvpn * services * snmpd.cnf * snmpinit * translate.tab.sw * fluorine.translations * idt7710x.translations * utopia.translations * NPimage image banner.txt cliconsole im.conf.factory im.descriptions translate.tab derived_data.dat
213
Updating ISFS and FlashFS
10.7
Updating ISFS and FlashFS

10.7.1 Updating ISFS ISFS is the current filing system. Any changes you make to the configuration are stored in ISFS. Thus, ISFS is updated automatically. To permanently save the current configuration of ISFS, you need to update FlashFS. 10.7.2 Updating FlashFS To update the contents of FlashFS, use the console command:
flashfs update
This command updates Flash memory (FlashFS) with the files currently contained in ISFS, which are not yet present in FlashFS. FlashFS effectively provides a backup of all the information contained in ISFS. Note The CLI command system config save performs exactly the same operation as the flashfs update command. For more information about the system commands, refer to the ISOS 8.2 CLI Reference Manual, DO-009430-PS.
10.8
Managing files in ISFS and FlashFS

The ISOS file manager provides many of the standard features you would associate with a file manager: Viewing the contents of a file; see Viewing a file using the cat command on page 214. Copying a file to another file; see Copying a file using the cp command on page 215. Renaming a file; see Renaming a file using the mv command on page 215. Removing a file; see Removing a file using the rm command on page 216. 10.8.1 Viewing a file using the cat command To view a file in the current default filesystem, use the cat command. For example, to view the im.conf file, enter:
fm cat im.conf
214
To view the same file in ISFS or FlashFS, enter (respectively):

fm cat //isfs/im.conf fm cat //flashfs/im.conf
To view the same file in a particular partition of FlashFS, enter:

fm cat //flashfs/im.conf/PARTITION=2
10.8.2 Copying a file using the cp command To copy a file in the current default filesystem, use the cp command. This command creates a copy of the original file to a new file using the specified file-name. No check is made if the new filename already exists. Any existing file will be overwritten. For example, to copy the im.conf file to im.conf.bak, enter:
fm cp im.conf im.conf.bak
To copy the same file in ISFS, enter:

fm cp //isfs/im.conf //isfs/im.conf.bak
Note that you cannot copy a file in the same FlashFS partition. You can only copy files between partitions. For example, to copy the same file between two partitions in FlashFS, enter:
fm cp //flashfs/im.conf/PARTITION=1 //flashfs/im.conf/PARTITION=2
This command copies the im.conf file stored on partition 1 in FlashFS to partition 2 on FlashFS. 10.8.3 Renaming a file using the mv command To rename a file in the current default filesystem, use the mv command. This command renames the original file using the specified filename. No check is made if the new filename already exists. Any existing file will be overwritten. For example, to rename the im.conf file to im.conf.bak, enter:
fm mv im.conf im.conf.bak
To rename the same file in ISFS or FlashFS, enter (respectively):

fm mv //isfs/im.conf //isfs/im.conf.bak fm mv //flashfs/im.conf //flashfs/im.conf.bak
215
Managing files in ISFS and FlashFS
To move the same file between two partitions in FlashFS, enter:

fm mv //flashfs/im.conf/PARTITION=2 //flashfs/im.conf.bak/PARTITION=2
This command moves the im.conf file stored on partition 1 in FlashFS to partition 2 on FlashFS. 10.8.4 Removing a file using the rm command To remove a file from the current default filesystem, use the rm command. For example, to remove the im.conf file, enter:
fm rm im.conf
To remove the same file in ISFS or FlashFS, enter (respectively):

fm rm //isfs/im.conf fm rm //flashfs/im.conf
To remove the same file from a particular partition in FlashFS, enter:

fm rm //flashfs/im.conf/PARTITION=2
This command removes the im.conf file stored in FlashFS partition 2.
216
11.Configuring ISOS modules
This chapter describes the various methods for configuring ISOS modules at run-time.
217
Introduction
11.1
Introduction
This chapter describes the different methods which can be used to configure the modules which are included in an ISOS image. The modules contained in ISOS can be configured in two ways: At compile time; by modifying config.h files. At run time; by issuing configuration commands. This chapter covers the methods for configuring ISOS modules at run-time. (For more information about configuring ISOS at compile-time, refer to DO-007819-TC, How To Program ATMOS.) There are four main ways to configure ISOS at run-time: Issuing commands from ISOS; see Using a Management Tool or Console on page 221. Restoring a saved configuration file; see Restoring a saved configuration from the CLI on page 225. Downloading a configuration file; see By downloading files to ISFS on page 226. Programming Flash; see By programming Flash devices on page 227. The list above is ordered according to the amount of user-intervention required to perform the configuration, ordered from most to least intervention. Issuing commands to configure a module requires a lot of user-intervention. Programming flash devices provides a relatively automated method for configuring ISOS.
11.2
Interaction between configuration methods

It is possible to combine the above configuration methods listed in the previous section, and transfer some files during a network boot while others are stored in Flash.
218
Configuring ISOS modules
However, it is important to remember that a file transferred during a network boot overrides a version stored in flash. Therefore, to avoid confusion, follow these rules when configuring the system: When configuring a system from the console or by using a Management tool, you should ensure that no configuration files are transferred during a network boot. (You can ensure this by removing the configuration file from the configuration directory for the module you wish to configure.) When configuring a system entirely by downloading configuration files to ISFS during a network boot, ensure that there are no configuration files stored in Flash which are not also transferred during the boot. For more information about ISFS and FlashFS, refer to Using the ISOS File Manager on page 201.
11.3
Module configuration files

Each ISOS module has a configuration file associated with it which is used to configure the module at run-time. The configuration file im.conf contains the configuration for all ISOS modules which are supported by the GlobespanVirata Management Interface (VMI). These modules can be configured by any ISOS Management tool that interfaces to the VMI. (For more information about the VMI, refer to DO-008640, ISOS Management Developers Guide.)
219
Module configuration files
The diagram below shows how some of the ISOS modules are configured under ISOS depending on whether they are supported by the VMI:
strates how you would connect up a ISOS System to develop a PC-attached
EmWeb-server ISOS Management tools
CLI
Console VMI
Bridge
PPP
PPTP
SNMP
ISOS Modules supported by the VMI
ISOS Modules not supported by the VMI
im.conf snmpinit
ISFS Configuration files
Figure 54 ISOS Module configuration schematic The name of the configuration file is used to determine the module to which it applies. You should be able to work out the name of the configuration file as the name is derived from the name of the module. For example, snmpinit is the name of the configuration file for the SNMP module. You can see a list of the current configuration files by issuing the console command:
fm ls isfs
This will display a list of images and configuration files stored in ISFS.
220
For a list of the configuration files used by ISOS, refer to ISOS Module Configuration files on page 444. For more information about the configuration commands supported by a module, refer to the ISOS 8.2 CLI Reference Manual, DO-009430-PS.
11.4
Using a Management Tool or Console

Choose the appropriate configuration method for the ISOS module you wish to configure: ISOS modules which are supported by the VMI can be configured by any appropriate Management tool, such as the CLI or Webserver. ISOS modules which are not supported by the VMI can be configured using the console. Note The tasks described in this chapter use the ISOS console. It is assumed that you can access the ISOS console from the CLI. For more information, see Entering console commands from the CLI on page 137. The following sections describe the procedure to follow to configure ISOS modules using a Management tool or the console. 11.4.1 Using a Management Tool To configure ISOS modules using a Management tool, follow the procedure below:
1
Use one of the Management tools provided in ISOS to configure the module. The tools provided are: EmWeb; web server. (For more information on how to setup and use the web server, refer to Using the EmWeb server on page 151.)
CLI; command-line interface. (For more information on how to use the CLI, refer to Using the CLI on page 125.) For more information about configuring ISOS in different supported configurations by issuing commands from the CLI, refer to the following chapters: Configuring the ISOS System in Gateway mode on page 235.
221
Configuring the ISOS System in PC-attached Gateway mode on page 275. Configuring the ISOS System in Switch mode on page 323.
Once all the modules have been configured as required using any of the provided Management tools, you can use the following console command to view the configuration file im.conf:
im show
This command shows the current configuration of the VMI. Note The format of the im.conf file is not very readable and requires knowledge of the VMI design to completely understand the information displayed. (For more information, refer to DO-008766-PS, VMI - File Formats.)
3
Save the configuration listed by the im show command, using the CLI command:
system config save
This command saves the current configuration listing to Flash memory, as indicated by the following messages:
-->system config save Wait for 'configuration saved' message... --> Saving configuration...
After a few seconds, the save is complete:

Configuration saved.
This command saves the configuration for each module to the ISFS file //isfs/im.conf. This file is then written to FlashFS for permanent storage or until the next system config save command is issued. Note The old configuration files for these supported modules are also created in //isfs, but they are by default not used for configuration of the module; the file im.conf is used for configuration.
222
11.4.2 Using the console To configure ISOS modules using the console, follow the procedure below:
1
Configure the ISOS module using the console. For more information on the console commands which are provided for each module, refer to the ISOS 8.2 CLI Reference Manual, DO-009430-PS. Note Any configuration of the BUN module performed using console commands is not saved by the config save command. To permanently reconfigure the BUN module, you need to create/edit the BUN configuration file, initbun and then download this file to ISFS. For more information, refer to By downloading files to ISFS on page 226.
223
Once all the modules have been configured as required, use the following command to view the configuration:
config print
Each module displays its configuration information. The modules which are included in the list include modules whose configuration will be saved when the config save command is used. To see the configuration of a particular module, append the module name to the command. For example, to view the configuration of the webserver module, enter:
config print webserver
The following typical information is returned:

192.168.1.2> config print webserver Module 'webserver': WebServer active configuration: WebServer is enabled. WebServer interface is iplan. WebServer HTTP port is 80. WebServer UPnP port is 280. WebServer archive filename is //expand/isfs/derived_data.dat. The derived archive currently loaded is '//expand/isfs/derived_data.dat'. Management IP address is <any>. Stored configuration: WebServer interface is iplan. WebServer HTTP port is 80. WebServer UPnP port is 280. WebServer archive filename is //expand/isfs/derived_data.dat.
To view the modules which are registered and will have their configurations saved, use the config list command. For example:
config list
produces the following typical information:

8 modules registered: reflect bridge dnsrelay portcli webserver ppp ip
224
dnsclient
Save the configuration listed by the config print command, using the console command:
config save
This command saves the current configuration listing to Flash memory, as indicated by the following messages:
Saving configuration...
After a few seconds, the save is complete:

Saving configuration ... Configuration saved.
This command saves the configuration for each module to the appropriate ISFS configuration file. This file is then written to the FlashFS filing system for permanent storage or until the next config save command is issued.
11.5
Restoring a saved configuration from the CLI

All modules which are supported by the VMI can have a new configuration applied to them using the config restore CLI command. This command restores either a previously saved configuration or the factory default configuration. The configuration files which can be used to restore a saved configuration are: im.conf.backup - saved configuration file. This file is created by the command system config backup. im.conf.factory - default configuration file. This file is provided in every ISOS product build. To save a backup configuration file, enter the command:
system config backup Saving to backup configuration //isfs/im.conf.backup
This command creates a file in ISFS called im.conf.backup. To save a backup configuration to a file other than im.conf.backup, use the command:
system config backup <filename>
where <filename> is the name of an existing isfs file. To restore the im.conf.backup configuration file, enter the command:
system config restore backup
225
By downloading files to ISFS
To restore a configuration from a file other than im.conf.backup, enter the command:
system config restore <filename>
To restore the im.conf.factory file, enter:

system config restore factory
These commands will reconfigure the modules supported by the VMI according to the configuration defined in the selected configuration file.
11.6
By downloading files to ISFS

You can configure ISOS by including a configuration file in a suitable directory location. The resultant ISOS image, containing the configuration file, can then be downloaded to the ISOS System over the network. The procedure to follow is given below:
1
Refer to Module configuration files on page 219 for information about which configuration file you need to use for the module you wish to configure. Note You should only be configuring those modules whose configuration is not saved in the im.conf file.
Create a configuration file for the module you wish to configure, using a suitable text editor. The format of the ISFS configuration files should be an ASCII text file, one command per line, in the same format as the commands which can be given to the module from the CLI or console. (If you need to create an im.conf configuration file, refer to Creating an im.conf configuration file on page 227). Note You should be aware that DOS/Windows and Unix/Linux systems have different conventions for marking line endings in text files. The DOS convention is to use carriage return (ASCII 13) + line feed (ASCII 10), whereas the Unix convention is to use only line feed. ISOS expects configuration files to conform to the Unix line-ending convention. Therefore, if you edit ISFS configuration files on a Windows PC, you will need to use an editor which can save the file with Unix-style line endings.
226
Copy the created configuration file to the directory: atmos/products/<product>/flashfs where <product> is the name of an ISOS product directory. All files stored in this directory will be downloaded to the ISOS System along with the image file. Download the image and configuration files. (For more information about how to download an image over the network to a ISOS System, refer to Booting the ISOS System in Gateway mode on page 99 and Booting the ISOS System in PC-attached mode on page 111.)
11.6.1 Creating an im.conf configuration file Although you can edit the im.conf file, the syntax of this file is not as straightforward as the standard ISFS configuration files. If you wish to configure modules whose configuration is saved in im.conf, you should follow the procedure below:
1
Make configuration changes to the module using a Management tool and then save the configuration to the im.conf file. For more information, refer to Using a Management Tool or Console on page 221. From the console, enter:
fm cat im.conf
This command will display the contents of the im.conf configuration file.
3 4 5
Copy the output of this command into a text file editor. Make any further configuration changes you require. But be very careful with the format of the file when you are making changes. Save the file as im.conf.
Refer back to step 3 in By downloading files to ISFS on page 226 to copy this file into the appropriate download directory.
11.7
By programming Flash devices

The output of the mkflash utility can be used to program one or two Flash devices directly, using a suitable PROM programmer. When the system is booted, the configuration files which are programmed into the Flash devices are copied into ISFS.
227
By programming Flash devices
For more information about how to boot the ISOS System from Flash memory, refer to Configuring Booting of an ISOS System on page 115.
228
12.Compressing an ISOS image
This chapter describes how to compress an ISOS image using the image compression utilities provided in ISOS.
229
Introduction
12.1
Introduction
The latest release of ISOS includes a large, feature-rich software base which can be used to build images which provide a high degree of functionality and features. The drawback to providing all this functionality is that the compiled image (flash.bin) can become quite large and not fit into the memory available on some systems. To solve this problem, ISOS includes a set of image compression tools which can be used to reduce the overall size of the PP run-time image contained in the flash.bin image so that it can fit into the memory available. This chapter describes the compression tools available in ISOS and how they can be used to compress ISOS images. For more detailed information on image compression, refer to ATMOS Image Compression Support: DO-008825-PS.
12.2
Compression overview
12.2.1 When/where is the ISOS image compressed? The ISOS image is compressed during the build process. Typical ISOS systems store their built image in non-volatile memory (FLASH) which is then copied into volatile memory (SDRAM) at run-time. The image is compressed in FLASH and then during the boot-up stage the image is uncompressed and copied into SDRAM. 12.2.2 What image compression utilities are available? There are three compression utilities supported in ISOS: bzip2 zlib vcomp Some of the utilities also provide options which can be used to select how much compression to apply to the image. These utilities are described in About the compression utilities on page 232.
230
Compressing an ISOS image
12.2.3 What parts of the image can be compressed? The images provided in a flash.bin image are described in Images included in a build on page 64. The table below shows the typical sizes of these images and the other components included for an eth-gateway product:
Component PP Boot image NP Boot image NP Runtime image PP Runtime image Configuration area Web pages (derived archive) 64K 8K 16K 450K to 1200K 64K 70K Typical size
Table 26:
flash.bin image breakdown
Compression is applied to the following images during the build process: PP Runtime image. (vcomp, bzip2 and zlib compression only). PP Boot image. (vcomp compression only). You can also configure the build process to compress any additional PHY image you are including in the build. For more information, refer to Including files in an image on page 91. For more information about the image compression options that can be used with the images above, refer to Configuring the compression method on page 236. 12.2.4 What typical compression results can be achieved? Typically, you should be able to achieve a 40-50% reduction in the overall size of an image. Greater compression can be achieved, but this can impact performance. For more information, refer to Typical compression figures on page 234.
231
About the compression utilities
12.2.5 What impact does using compression have on the system? The two areas which you need to consider when using compression are: Performance. Volatile memory requirements. Performance The time taken to decompress an image can be significant for images which have been heavily compressed. Decompression occurs prior to boot-up, so for the most efficient compression schemes there can be a significant delay in boot-up time. For more information, refer to Typical decompression figures on page 235. Volatile memory requirements Each compression scheme requires a certain amount of memory (workspace) to do the actual compression. Different compression schemes require different amounts of workspace. For more information on memory requirements, refer to Typical decompression figures on page 235
12.3
About the compression utilities

The following compression utilities are provided: vcomp; the original ISOS compression scheme based on Lempel-Zif compression. bzip2; a third-party image compression/decompression library developed by Jean-loup Gailly. zlib; a third-party image compression/decompression library developed by Julian Seward. The gzip compression utility used to compress image files uses the zlib libraries. (For more information, refer to Including files in an image on page 91.) In summary, vcomp is the default compression utility used in builds. It provides a good level of compression with little impact on boot-up time. bzip2 provides a high degree of compression but will affect the boot-up time as decompression can cause a significant delay.
232
zlib provides a fair compromise between compression and boot-up time. It performs an effective compression (better than vcomp but not as good as bzip2) and will only cause a small delay in boot-up time (slightly slower than vcomp but much quicker than bzip2). The following sections describe each compression utility and where to look for more detailed information. 12.3.1 vcomp For more detailed information about vcomp, refer to the manual page for vcomp which is provided in ISOS: For Linux and Solaris, enter: man vcomp For Windows, choose Tools Documentation from the Start Menu Start > Programs > Virata Tools<Version number>. This will display a page in your Web browser containing information about all the tools provided in the Tools release, including vcomp. 12.3.2 bzip2 For more information about bzip2, refer to: atmos/source/bzip2/doc/manual_toc.html; your main interest is in the section entitled, How To Use bzip2 which describes the options which can be used with bzip2. 12.3.3 zlib For more information about zlib, refer to: atmos/source/zlib/zlib.h; this file contains descriptions of the options which can be used with zlib. atmos/source/zlib/doc; this directory contains further useful information about zlib.
233
Typical compression figures
12.4
Typical compression figures

The table below shows the results of compressing a typical ISOS image (eth-gateway on a BD6221 Evaluation system):
Compression method None VComp - 32 BZip (with -1 option) BZip (with -9 option) Zlib (with -1 option) ZLIB (with -9 option) Size 2,160,314 1, 299,728 881,012 809,077 1,012,399 996,379 Ratio 60% 41% 37% 47% 46% Memory required 4k 850k 2500k 128k 128k
Table 27:
Image compression comparison
The above table illustrates that there is a trade-off to be made between how much compression can be achieved and the workspace required in memory to perform the compression. Bzip reduces the image size to less than half (37% and 41%) of its original size but requires a large workspace area to perform the compression. VComp reduces the image to 60% of its original size and requires a small amount of workspace memory. ZLib reduces the image to slightly less than half (46% and 47%) of its original size and requires a lot less workspace than BZip. Note that the compression ratios will vary depending on exactly what data is contained in the image. So you must view the above figures as estimate compression values only. Your particular image may produce different compression results. You need to compare this table against the decompression table in the next section to decide which compression method suits your requirements.
234
12.5
Typical decompression figures

The table below shows the results of compressing a ~2MB ISOS image (eth-gateway) on a 80MHz Helium 210-80 processor (as found in a BD6221):
Compression method None VComp Zlib (with -1 option) BZip (with -1 option) Size 2,160,314 1, 299,728 1,012,399 881,012 9 secs 8 secs 44 secs Time required
Table 28:
Image decompression comparison
The table illustrates that images compressed with VComp and Zlib will have a relatively small impact on performance. However, BZip compression will have a relatively big performance impact.
12.6
Choosing a compression method

To choose the compression method you wish to use on the PP image in your builds, you need to edit the file global_config.pkg in atmos/source/software. This file contains global configuration settings which will be applied to all builds on your system. By default, vcomp is the image compression method used. You can change the line:
Set image_compression_method = vcomp
to any of the following values: none; to use no compression. bzip2; to use bzip2 compression. zlib; to use zlib compression. vcomp; to use vcomp compression (default). This compression method will be used in all subsequent builds, unless image_compression_method is set elsewhere. For example, in a hardware file.
235
Configuring the compression method
12.7
Configuring the compression method

To configure the compression method, you can edit the file core.pkg in atmos/source/software/build. In this file you can enter additional options or change the current options defined for each compression method. For example, to use Level 5 compression with bzip2,add -5 to the bzip2 command:
set comp = sh -c 'bzip2 -5 --keep $$1; mv $$1.bz2 $$2' bzip2
To provide verbose output during the compression, add the --verbose option to the bzip2 command:
set comp = sh -c 'bzip2 -5 --keep --verbose $$1; mv $$1.bz2 $$2' bzip2
For information about the different options which can be used with each compression method, refer to the documentation provided on each compression method. (The docs available are listed in About the compression utilities on page 232.)
236
13.Configuring the ISOS System in Gateway mode
This chapter describes how to configure the ISOS System in typical Gateway configurations.
237
Introduction
13.1
Introduction
This chapter describes how to configure the ISOS System in various gateway configurations: Bridged configurations: Ethernet - RFC1483 bridged; see Ethernet - RFC1483 bridged on page 243.
Frame Relay - bridged; see Frame Relay - bridged on page 246. Routed configurations: Ethernet - IPoA routed; see Ethernet - IPoA routed on page 250. Ethernet - BUN RFC1483 routed; see Ethernet BUN RFC1483 routed on page 255. Ethernet - PPP routed; see Ethernet - PPP routed on page 259. PPPoE Client over RFC1483; see PPPoE Client over RFC1483 on page 267. Standalone PPPoE configuration using FRED; see Standalone PPPoE Configuration using FRED on page 274. Multiple PPPoE configuration; see Multiple PPPoE sessions with pass-through using qInterface and pppoe-mux on page 280
Routed using DHCP; see Routed example using DHCP on page 288. Tunnelling configurations: Ethernet - PPTP tunnelling - PPP server; see Ethernet PPTP tunnelling PPP server on page 295. Ethernet - PPTP tunnelling - PPP client; see Ethernet PPTP tunnelling PPP client on page 298.
For troubleshooting information and useful tips on trying to solve any configuration problems refer to Troubleshooting network configurations on page 419. For more information about the commands that you can use to obtain more information about the network that has been setup, refer to Obtaining and changing system setup information on page 387. For more information about the syntax of the commands used in this chapter, refer to the ISOS 8.2 CLI Reference Manual, DO-009430-PS.
238
Configuring the ISOS System in Gateway mode
13.2
Test network setup

13.2.1 Network diagram The configurations in this chapter assume that the following test network is setup, as shown in the diagram below:
PC A Ethernet
ISOS System A
ATM25
PC B
Ethernet
ISOS System B
Figure 55: Demo Network (Gateway) Using this setup, you can configure the ISOS System in a number of ways to show it operating as a particular type of network device. In the diagram above: Each PC is fitted with a 10Base-T or 100Base-T Ethernet network card. Each PC is connected to the Ethernet port on the ISOS System; this may be through an Ethernet hub, or directly using an Ethernet crossover cable. If using Ethernet hubs, you should make sure that there is no direct path via Ethernet from one PC to the other - only via ATM. ATM port 0 of the first ISOS System is connected to ATM port 0 of the second ISOS System, using an ATM crossover cable. (Note that an ATM crossover cable is not the same as an Ethernet crossover cable.)
239
Test network setup
Note The physical location of ATM Port 0 (a1) differs on certain ISOS Systems: For BD3000, BD6100, BD6200 and BD6210 systems: ATM Port 0 is the ATM port furthest from the DC Power In connector.
For BD6221 systems: ATM Port 0 is the port nearest to the DC Power In connector. A serial cable should be connected to the Serial port of each ISOS System. For more information on the port settings, refer to Serial port settings on page 354. For more information on the Terminal programs which you can run on your computer, refer to What additional software applications are needed? on page 20. Apart from the example PPTP configuration, the PCs may run any operating system. The examples only require that the IP address and gateway (default route) of the PC can be changed, and the ping utility can be used to verify connectivity. This chapter does not describe how to change your PCs IP address and gateway.
If you are booting the ISOS Systems over the network and wish to have a BOOTP/TFTP server PC separate from the test PCs, the following configuration is suggested:
PC
BOOT PC
ISOS System
ATM25
ISOS System
BOOT PC
PC
HUB
Ethernet
Ethernet
HUB
Figure 56
Demo network (Gateway) with Bootp/TFTP server
For more information about how to setup booting over Ethernet, refer to Booting the ISOS System in Gateway mode on page 99.
240
13.2.2 Choice of IP addresses All of the IP addresses used in these examples are from one of the blocks reserved by the Internet Assigned Numbers Authority for use on private IP networks. See RFC 1918, Address Allocation for Private Internets for more information. 13.2.3 Choice of VCI The examples in this chapter all use a VCI of 600 or above. The main restriction on choosing a VCI is that all VCIs below 32 are reserved for predefined functions, such as ILMI. However, 600 was chosen as it is also above the range used by many signalling implementations for SVCs. 13.2.4 ISOS System configuration The examples in this chapter describe how to configure your ISOS Systems using each of the following methods: using the CLI using EmWeb If you are configuring using the CLI, you need to understand how to use the CLI interface before you can follow the instructions in this chapter. For more information, refer to Using the CLI on page 125. If you are configuring using EmWeb, you need to understand how to use the EmWeb interface before you can follow the instructions in this chapter. For more information, refer to Using the EmWeb server on page 151. The instructions for configuring the system assume the absence of any previous configuration. Please be sure that any old configuration files have been removed from FLASHFS and the system rebooted, before starting to configure the system. For more information on the configuration files present in ISOS, refer to ISOS Module Configuration files on page 444. You can individually remove files from Flash using the console command:
fm default flashfs
241
Test network setup
fm rm <filename>
For more information, refer to Removing a file using the rm command on page 216. You can erase the entire contents of FLASHFS using the console command:
flashfs wipe
For more information on the use of this command, refer to DO-007101-PS, ISFS / FLASHFS Functional Specification. 13.2.5 Image size In some of the examples in this chapter, you may find that the image you need to build for a particular configuration will not fit in Flash on your ISOS System. If this occurs, then you will need to compress the image. For more information, refer to Compressing an ISOS image on page 229.
242
13.3
Bridged configurations
All of the configurations in this section use the ISOS Bridge module to bridge between Ethernet and an ATM protocol. These configurations are bridging at Layer 2. If you are using the CLI to configure your network, the systems do not need to be configured with any IP address information because both LAN PCs are on the same subnet. If you are using EmWeb, you will need to configure the default LAN IP address for each system. Once the ISOS Systems have been configured, the two PCs should be able to communicate as if they were connected directly by Ethernet. The ISOS Bridge module is described in detail in DO-007087-PS, Transparent Bridge Functional Specification. 13.3.1 Ethernet - RFC1483 bridged Each ISOS System bridges between Ethernet and BUN RFC1483. The RFC1483 encapsulated frames run over a PVC between the two ISOS Systems. The BUN RFC1483 device is described in detail in DO-007605-PS, BUN Devices: RFC1483.
ISOS System A
BUN RFC1483
PC A
ISOS System B
BUN RFC1483
PC B
192.168.100.1
192.168.100.2
Ethernet
VCI 600 VPI 0
Ethernet
Figure 57
1 2
Ethernet-RFC1483 bridged configuration
The outline configuration procedure is as follows: Configure the PCs; see Configure PC A and PC B on page 244 Choose a software image for each ISOS System; see Select ISOS Software images on page 244
243
Configure ISOS System A; see Configure ISOS System A using the CLI on page 244 or Configure ISOS System A using EmWeb on page 245 Configure ISOS System B; see Configure ISOS System B using the CLI or EmWeb on page 246
Configure PC A and PC B
1
Configure PC A as follows: IP address: 192.168.100.1 Subnet mask: 255.255.255.0 Gateway: None IP address: 192.168.100.2 Subnet mask: 255.255.255.0 Gateway: None
Configure PC B as follows:
Select ISOS Software images For ISOS System A and B, use an ISOS image built from the eth-gateway system file with no changes made to any of the hardware or BUN configuration files. Configure ISOS System A using the CLI
1
Clear your current configuration by entering the following command: system config clear Add an Ethernet device to the Bridge. In the following commands, eth1 is the transport name, ethernet is the port name and bridge1 is the Bridge interface name: ethernet add transport eth1 ethernet bridge add interface bridge1 bridge attach bridge1 eth1
244
Add an RFC1483 device to the Bridge, with RFC1483 configured to run on port a1, using VCI 600 and LLC encapsulation. In the following commands, my1483 is the transport name and bridge2 is the Bridge interface name: rfc1483 add transport my1483 a1 0 600 llc bridged bridge add interface bridge2 bridge attach bridge2 my1483 Add an Ethernet device to the Bridge. By default, your Ethernet device is already attached to the Bridge using a default LAN connection called iplan, IP address 192.168.1.1. The LAN IP address must be on the same subnet as your PC IP address. For this configuration, you need to change the default LAN IP address to 192.168.100.3:
a
Configure ISOS System A using EmWeb

1
At the console, enter the following command: ip set interface iplan ipaddress 192.168.100.3 At your web browser, enter the new IP address as the URL: http://192.168.100.3 The EmWeb Welcome page is displayed.
Clear any existing WAN connections, by following the instructions below:

a b
From the left-hand menu, click on Configuration>WAN connections. The WAN connections page is displayed. If there are any connections listed, click on the Delete hyperlink, then click on Delete this connection. Repeat until all WAN connections have been deleted.
Add an RFC1483 device to the Bridge, with RFC1483 configured to run on port a1, using VCI 600 and LLC encapsulation.
a
From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service.
245
Click on the RFC 1483 bridged radio button, then click on Configure. At the WAN connection: RFC 1483 bridged page, complete the following: Description: my1483 VPI: 0 VCI: 600 Encapsulation method: LLC/SNAP Click on Apply.
Configure ISOS System B using the CLI or EmWeb Configure ISOS System B by following the same configuration instructions for ISOS System A. If you are using EmWeb, change the default LAN IP address to 192.168.100.4. 13.3.2 Frame Relay - bridged Each ISOS System bridges between Ethernet and Frame Relay. Frame Relay runs between the two ISOS Systems over an HDLC link. Note You need to modify one of the ISOS System Evaluation Boards so that it can communicate with the other ISOS System over HDLC. For instructions on the necessary modification, refer to the appropriate Hardware Guide for your system. The Frame Relay device is described in detail in BUN Devices: Frame Relay: DO-008218-PS.
hillustrates how you
PC A
ISOS System A
FR port
ISOS System B
FR port
PC B
192.168.100.1
192.168.100.2
Ethernet
HDLC
Ethernet
Figure 58 Ethernet-Frame Relay bridged configuration The outline configuration procedure is as follows:
246
1 2 3
Configure the PCs; see Configure PC A and PC B on page 247 Choose a software image for each ISOS System; see Select ISOS software images on page 247 Configure ISOS System A; see Configure ISOS System A using the CLI on page 248 or Configure ISOS System A using EmWeb on page 249 Configure ISOS System B; see Configure ISOS System B using the CLI or EmWeb on page 250
1
Configure PC A as follows: IP address: 192.168.100.1 Subnet mask: 255.255.255.0 Gateway: None IP address: 192.168.100.2 Subnet mask: 255.255.255.0 Gateway: None
Select ISOS software images For ISOS System A and B, use an ISOS image built from the eth-gateway system file for the ISOS System with support for Frame Relay added. The eth-gateway file calls the generic gateway file to use as its system file. You need to make changes to the configuration in the gateway system file:
1
The following lines need to be added to the gateway system file to provide support for Frame Relay:
Package bun/devices/emu Package bun/devices/assignmac If AticSharedLibrary Package bun/devices/frame_relay Endif
These lines are included in the extra-sw system file. Copy them from this file and paste into the gateway system file. These added lines must be placed after the statement: Package core in the gateway system file.
247
For ISOS System A and B, the Frame relay software port needs to be defined in the software BUN configuration file atmos/products/eth-gateway/flashfs/initbun. Copy the following lines from the initbun file for the extra-sw product, located in atmos/products/extra-sw/flashfs/initbun:
device : fr1 = chameleon, assignmac, emu, FrameRelay # frame relay port port : fr = fr1/Interface=<hdlc>/MapPort=<ethernet>/MapPortConnecte d=<Connected>/MapPortLinkSpeed=<LinkSpeed>
Add these lines to the software BUN configuration file atmos/products/eth-gateway/flashfs/initbun. You also need to add New Attribute details to the port line:
port : fr = fr1/Interface=<hdlc>/MapPort=<ethernet>/MapPortConnecte d=<Connected>/MapPortLinkSpeed=<LinkSpeed>NewAttribute= <bool:VMI=true>/NewAttribute=<bool:outside=true>
Configure ISOS System A using the CLI

1
Clear any existing Bridge interfaces and Ethernet and Frame Relay transports by typing the following command: system config clear Add an Ethernet device to the Bridge. In the following commands, eth1 is the transport name, ethernet is the port name and bridge1 is the Bridge interface name: ethernet add transport eth1 ethernet bridge add interface bridge1 bridge attach bridge1 eth1 Add a Frame Relay device to the Bridge, with Frame Relay configured to run on port fr using DLCI 171. In the following commands, t1 is the transport name and bridgedether is the encapsulation method: framerelay add transport tl fr 171 framerelay set transport t1 encapsulation bridgedether bridge add interface bridge2 bridge attach bridge2 t1
248

1
Add an Ethernet device to the Bridge. By default, your Ethernet device is already attached to the Bridge using a default LAN connection called iplan, IP address 192.168.1.1. The LAN IP address must be on the same subnet as your PC IP address. For this configuration, you need to change the default LAN IP address to 192.168.100.3:
a
Clear any existing WAN connections by following the instructions below:

a b
Add a Frame Relay device to the Bridge, with Frame Relay configured to run on port fr using DLCI 171.
a b
From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the Frame Relay bridged radio button, then click on Configure. At the WAN connection: Frame Relay bridged page, complete the following: Description: FR DLCI: 171 Encapsulation method: Bridged Ethernet Click on Apply. The WAN connections page is displayed, containing details of the new Frame Relay transport. By default, the transport is set to run on port fr. To check this, from the WAN connections table, Click on the Frame Relay Edit link. From the Edit Service page, click on Edit Frame Relay Channel. Check that the Port is set to fr.
249
Routed configurations
Configure ISOS System B using the CLI or EmWeb Configure ISOS System B by following the same configuration instructions for ISOS System A. If you are using EmWeb, change the default LAN IP address to 192.168.100.4.
13.4
All of the configurations in this section use the ISOS ip module to route between Ethernet and an ATM protocol. As these configurations perform IP routing, each part of the network must be on a different subnet. In these examples, three subnets are involved: Between PC A and the Ethernet interface of ISOS System A. Between the ATM interfaces of the two ISOS Systems. Between Ethernet interfaces of ISOS System B and PC B. Once the ISOS Systems have been configured, the two PCs should be able to communicate using any IP protocol. The ISOS ip module is described in detail in DO-400072-TC: ISOS IP Stack Feature and Interface Guide. 13.4.1 Ethernet - IPoA routed Each ISOS System routes between Ethernet and Classical IP over ATM (RFC1577) - this is referred to as IPoA. The IPoA data runs over a PVC between the two ISOS Systems.
250
The IPoA protocol is implemented by the ISOS IP module, so it does not have a separate Functional Specification document.
ISOS System A 192.168.102.2 192.168.101.1 192.168.101.2 ISOS System B 192.168.102.3 192.168.103.3 192.168.103.4
PC A
PC B
Ethernet
VCI 700
Ethernet
Figure 59
1 2 3
Ethernet-IPoA routed configuration
The outline configuration procedure is as follows: Configure the PCs; see Configure PC A and PC B on page 251 Choose a software image for each ISOS System; see Select ISOS software images on page 252 Configure ISOS System A; see Configure ISOS System A using the CLI on page 252 or Configure ISOS System A using EmWeb on page 253 Configure ISOS System B; see Configure ISOS System B using EmWeb on page 254 or Configure ISOS System B using EmWeb on page 254
1
Configure PC A as follows: IP address: 192.168.101.1 Subnet mask: 255.255.255.0 Gateway: 192.168.101.2 IP address: 192.168.103.4 Subnet mask: 255.255.255.0 Gateway: 192.168.103.3
251
Select ISOS software images For ISOS System A and B, use an ISOS image built from the eth-gateway system file. Configure ISOS System A using the CLI
1
Clear your current configuration by entering the following command: system config clear Add the Ethernet device to the router. In the following command, eth1 is the transport name, ethernet is the port name and ip1 is the interface name: ethernet add transport eth1 ethernet ip add interface ip1 192.168.101.2 ip attach ip1 eth1 Add the IPoA device to the router configured to run on VCI 700 with a peak cell rate of 50000 cells per second, using the port named a1. In the following commands, ipoa1 is the transport name and ip2 is the interface name: ipoa add transport ipoa1 pvc a1 0 700 ip add interface ip2 192.168.102.2 ip attach ip2 ipoa1 ipoa transport ipoa1 set pvc 1 pcr 50000 Add a default route, with ISOS System B as the gateway: ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.102.3
252
Configure ISOS System B using the CLI Configure ISOS System B using a configuration similar to ISOS System A. Follow the instructions in Configure ISOS System A using the CLI on page 252, but change the IP addresses as follows: system config clear ethernet add transport eth1 ethernet ip add interface ip1 192.168.103.3 ip attach ip1 eth1 ipoa add transport ipoa1 pvc a1 0 700 ip add interface ip2 192.168.102.3 ip attach ip2 ipoa1 ipoa transport ipoa1 set pvc 1 pcr 50000 ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.102.2 Configure ISOS System A using EmWeb
1
Add the Ethernet device to the router. By default, your Ethernet device is already attached to the router using a default LAN connection called iplan, IP address 192.168.1.1. The LAN IP address must be on the same subnet as your PC IP address. For this configuration, you need to change the default LAN IP address to 192.168.101.2:
a
Clear any existing WAN connections and IP routes by following the instructions below:
a b
253
From the left-hand menu, click on Configuration>IP routes. If there are any routes listed, check the Delete? checkbox and click on Apply. Repeat until all IP routes have been deleted.
Add the IPoA device to the router configured to run on VCI 700 with a peak cell rate of 50000 cells per second, using the port named a1.
a b
From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the IPoA routed radio button, then click on Configure. At the WAN connection: IPoA routed page, complete the following: Description: ipoa1 VPI: 0 VCI: 700 (click on the WAN IP address radio button) WAN IP address: 192.168.102.2 Click on Apply. The WAN connections page is displayed, containing details of the new IPoA transport. By default, the connection is set to run on port a1. From the WAN connections table, Click on the IPoA Edit link. From the Edit Service page, click on Edit ATM Channel. Set the Peak Cell Rate text box to 50000. You do not need to change the other default settings. Click on Change. From the left-hand menu, click on Configuration>IP routes. Click on the Create new IP V4Route link. The Create IP V4Route page is displayed. In the Gateway text box, type 192.168.102.3. You do not need to change the other default settings. Click on OK.
Add a default route, with ISOS System B as the gateway:

a b
Configure ISOS System B using EmWeb Configure ISOS System B using a configuration similar to ISOS System A. Follow the instructions in Configure ISOS System A using the CLI on page 252, but change the IP addresses as follows: Change the IP address of the default iplan interface to 192.168.103.3. Set the IPoA routed WAN IP address to 192.168.102.3.
254
Set the default route Gateway to 192.168.102.2.
13.4.2 Ethernet BUN RFC1483 routed Each ISOS System routes between Ethernet and RFC1483. The RFC1483 data runs over a PVC between the two ISOS Systems.
PC A
PC B
Ethernet
VCI 600
Ethernet
Figure 60
1 2 3
Ethernet-BUN RFC1483 routed configuration
The outline configuration procedure is as follows: Configure the PCs; Configure PC A and PC B on page 255 Choose a software image for each ISOS System; see Select ISOS Software images on page 256 Configure ISOS System A; see Configure ISOS System A using the CLI on page 256 or Configure ISOS System A using EmWeb on page 257 Configure ISOS System B; see Configure ISOS System B using the CLI on page 257 or Configure ISOS System B using EmWeb on page 258
1
Configure PC A as follows: IP address: 192.168.101.1 Subnet mask: 255.255.255.0 Gateway: 192.168.101.2 IP address: 192.168.103.4
255
Subnet mask: 255.255.255.0 Gateway: 192.168.103.3
Select ISOS Software images For ISOS System A and B, use an ISOS image built from the eth-gateway system file. Configure ISOS System A using the CLI
1
Clear any existing IP interfaces and transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: system config clear Add the Ethernet device to the router. In the following commands, eth1 is the name of the transport, ethernet is the port name and ip1 is the interface name: ethernet add transport eth1 ethernet ip add interface ip1 192.168.101.2 ip attach ip1 eth1 Add the RFC1483 device to the router, with RFC1483 configured to run on port a1 using VCI 600, vcmux routed encapsulation. In the following commands, my1483 is the transport name and ip2 is the interface name: rfc1483 add transport my1483 a1 0 600 vcmux routed ip add interface ip2 192.168.102.2 ip attach ip2 my1483 Add a default route, with ISOS System B as the gateway: ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.102.3
256
Configure ISOS System B using the CLI Configure ISOS System B. The configuration here is similar to ISOS System A. Follow the instructions in Configure ISOS System A using the CLI on page 256, but change the IP addresses: system config clear ethernet add transport eth1 ethernet ip add interface ip1 192.168.103.3 ip attach ip1 eth1 rfc1483 add transport my1483 a1 0 600 vcmux routed ip add interface ip2 192.168.102.3 ip attach ip2 my1483 ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.102.2 Configure ISOS System A using EmWeb
1
Add the Ethernet device to the router. By default, your Ethernet device is already attached to the router using a default LAN connection called iplan, IP address 192.168.1.1. For this configuration, you need to change the default LAN IP address to 192.168.101.2:
a
a b
257
Click on Configuration>IP routes. If there are any routes listed, check the Delete? checkbox and click on Apply. Repeat until all IP routes have been deleted.
Add the RFC1483 device to the router, with RFC1483 configured to run on port a1 using VCI 600, vcmux routed encapsulation.
a b
From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the RFC 1483 routed radio button, then click on Configure. At the WAN connection: RFC 1483 routed page, complete the following: Description: my1483 VPI: 0 VCI: 600 Encapsulation method: VcMux (null) (click on the WAN IP address radio button) WAN IP address: 192.168.102.2 Click on Apply. The WAN connections page is displayed, containing details of the new RFC 1483 transport. By default, the connection is set to run on port al. From the left-hand menu, click on Configuration>IP routes. Click on the Create new IP V4Route link. The Create IP V4Route page is displayed. In the Gateway text box, type 192.168.102.3. You do not need to change the other default settings. Click on OK.

a b
Configure ISOS System B using EmWeb Configure ISOS System B. The configuration here is similar to ISOS System A. Follow the instructions in Configure ISOS System A using the CLI on page 256, but change the IP addresses: Change the IP address of the default iplan interface to 192.168.103.3. Set the RFC1483 routed WAN IP address to 192.168.102.3. Set the default route Gateway to 192.168.102.2.
258
13.4.3 Ethernet - PPP routed In this example, each ISOS System routes data between Ethernet and PPP over ATM. The PPP data runs over a PVC between the two ISOS Systems. ISOS System A will be the dial-out (i.e., client) end of the PPP link, and ISOS System B will be the dial-in (i.e., server) end of the link. This type of configuration would be required for a PC connected to a modem and dialling out to a local ISP. In this example, PC A represents the home PC, connected to ISOS System A (modem). ISOS System B represents the PPP server which is dialled from the Home PC via the modem. PPP is described in detail in DO-007078-PS, PPP Functional Specification. In the network, both ISOS Systems are configured as Gateway configurations. (For more information about Gateway configurations, refer to What configurations are supported by an ISOS System? on page 8.)
PC A
PC B
Ethernet
VCI 800 VPI 0
Ethernet
Figure 61 Ethernet-PPP routed configuration The outline configuration procedure is as follows:

1 2 3
Configure the PCs; see Configure PC A and PC B on page 260 Choose a software image for each ISOS System; see Select ISOS software images on page 260 Configure ISOS System A; see Configure ISOS System A using the CLI on page 260 or Configure ISOS System A using EmWeb on page 263
259
Configure ISOS System B; see Configure ISOS System B using the CLI on page 261 or Configure ISOS System B using EmWeb on page 264
1
Configure PC A as follows: IP address: 192.168.101.1 Subnet mask: 255.255.255.0 Gateway: 192.168.101.2 IP address: 192.168.103.4 Subnet mask: 255.255.255.0 Gateway: 192.168.103.3
Select ISOS software images For ISOS System A and B, use an ISOS image built from the eth-gateway system file. Configure ISOS System A using the CLI
1
Clear any existing IP interfaces and transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: ip clear interfaces ip clear routes transports clear dhcpclient update Add the Ethernet device to the router. In the following command, eth1 is the name of the transport, and ethernet is the port name. ethernet add transport eth1 ethernet ip add interface ip1 192.168.101.2 ip attach ip1 eth1
260
Create the PPP transport. The PPP module supports multiple simultaneous connections, so we explicitly specify device 1 here. The following commands configure PPP device 1 for dial-out on VCI 800. pppoa add transport ppp1 dialout pvc 1 a1 0 800 We will be using PPP device 1 and interface 1, which are able to automatically configure the IP address of the router interface, and add a default route when the connection is made. That is why the IP address of the router interface is specified as the remote ip. Configure the PPP transport:
a
CHAP authentication will be used; PPP will supply a username of fred and a password of password: pppoa set transport ppp1 welogin chap pppoa set transport ppp1 username fred pppoa set transport ppp1 password password Ensure that PPP uses the correct IP subnet mask: pppoa set transport ppp1 subnetmask 225.225.225.0 By default, the transport creates a default route to the subnet at the remote end of the PPP link. You do not need to configure this.
Add the PPP device to the router: ip add interface ip2 ip attach ip2 ppp1 Clear any existing IP interfaces and transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: ip clear interfaces ip clear routes transports clear dhcpclient update
Configure ISOS System B using the CLI

1
261
Add the Ethernet device to the router. In the following command, eth1 is the name of the transport, and ethernet is the port name. ethernet add transport eth1 ethernet ip add interface ip1 192.168.103.3 ip attach ip1 eth1 We will be using PPP device 2 and interface 2, because on the dial-in end of the link, we do not require the ability to automatically configure the IP address of the router interface and add a default route when the connection is made. That is why the IP address of the router interface was specified in the previous command. The following command configures PPP device 2 for dial-in on PVC 800. CHAP authentication will be used, and PPP will expect the user fred to login using the password password. pppoa add transport ppp1 dialin pvc 2 a1 0 800 ip add interface ip2 192.168.102.3 pppoa set transport ppp1 theylogin chap pppoa set transport ppp1 remoteip 192.168.102.2 ip attach ip2 ppp1 On the dial-in end of the link, a route to the other PC will not be added manually. The following command adds a default route using ISOS System A as the gateway: ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.102.2 Finally, add a dial-in facility for user fred using password password: system add user fred user change fred You are now logged in as user fred... user password enter new password: password again to verify: password user logout
262

1
a
a b
From the left-hand menu, click on Configuration>WAN connections. The WAN connections page is displayed. If there are any connections listed, click on the Delete hyperlink, then click on Delete this connection. Repeat until all WAN connections have been deleted. Click on Configuration>IP routes. If there are any routes listed, check the Delete? checkbox and click on Apply. Repeat until all IP routes have been deleted.
Add the PPP device to the router. The PPP module supports multiple simultaneous connections, device 1 is used by default. The following instructions configure PPP device 1 for dial-out on VCI 800. We will be using PPP device 1 and interface 1, which are able to automatically configure the IP address of the router interface, and add a default route when the connection is made. That is why the IP address of the router interface is specified as the remote ip. CHAP authentication will be used; PPP will supply a username of fred and a password of password:
a
263
Click on the PPPoA routed radio button, then click on Configure. At the WAN connection: PPPoA routed page, complete the following: Description: ppp1 VPI: 0 VCI: 800 WAN IP address: 0.0.0.0 LLC header mode: off HDLC header mode: off CHAP (click radio button) User name: fred Password: password Click on Configure. The WAN connections page is displayed, containing details of the new PPPoA transport.
Configure ISOS System B using EmWeb

1
a
a
From the left-hand menu, click on Configuration>WAN connections. If there are any connections listed, click on the Delete hyperlink, then click on Delete this connection. Repeat until all WAN connections have been deleted. Click on Configuration>IP routes. If there are any routes listed, check the Delete? checkbox and click on Apply. Repeat until all IP routes have been deleted.
264
We will be using PPP device 2 and interface 2, because on the dial-in end of the link, we do not require the ability to automatically configure the IP address of the router interface and add a default route when the connection is made. The following command configures PPP device 2 for dial-in on PVC 800. CHAP authentication will be used, and PPP will expect the user fred to login using the password password.
a b
From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the PPPoA routed radio button, then click on Configure. At the WAN connection: PPPoA routed page, complete the following: Description: ppp1 VPI: 0 VCI: 800 WAN IP address: 192.168.102.3 LLC header mode: off HDLC header mode: off CHAP (click radio button) Click on Configure. The WAN connections page is displayed, containing details of the new PPPoA transport. From the WAN connections table, click on the ppp1 Edit link. The Edit Service page is displayed. Click on Edit PPP. Complete the following: Server: true Dialout Auth: chap Interface ID: 2 Remote Ip: 192.168.101.2 You do not need to make changes to the other default settings. Click on Change.
c d
e 4
On the dial-in end of the link, a route to the other PC will not be added manually. The following instruction adds a default route using ISOS System A as the gateway:
a
Click on Configuration>IP routes.
265
Click on Create new IP V4Route. In the Gateway text box, type 192.168.102.2. You do not need to make changes to the other default settings. Click on OK.
Finally, add a dial-in facility for user fred using password password:
a
From the left-hand menu, click on Configuration>Authentication. Click on the Create a new user link. The Authentication: create user page is displayed. Complete the following: Username: fred Password: password May login? false Click on Create.
266
13.4.4 PPPoE Client over RFC1483 The ISOS Point-to-Point Protocol over Ethernet (PPPoE (RFC2516)) client allows a PPP connection to a PPPoE Access Concentrator (AC) over an IP network. In this example, the connection is initiated from a PPPoE client to a remote PPPoE server. PPPoE is described in detail in DO-008195-PS, BUN Device: Point to Point Protocol over Ethernet (PPPoE). Consider the following network in which PC A represents a home PC connected to ISOS System A, which plays the role of the users modem, and PC B, which represents the PPP dial-in server:
ISOS System A
BUN RFC1483
PC A
ISOS System B
BUN RFC1483
PC B 192.168.100.1
192.168.101.1
192.168.101.2
Ethernet PPPoE Client
VCI 600 VCI 0 Bridge
Ethernet PPPoE AC
Figure 62
PPPoE Client over RFC1483 configuration
The PPPoE connection is initially established from ISOS System A (dial-out), which contains the PPPoE client, to PC B (dial-in), which is configured as a PPPoE AC. ISOS System B acts as a Bridge allowing ATM/Ethernet traffic transport using RFC1483 (See Ethernet RFC1483 bridged on page 243 for a bridging example). PC B, upon completing the connection with ISOS System A will assign an IP address to the PPPoE client. The AC gives out an address from the range that is configured on the AC application. PC A and PC B should then be able to communicate via the Internet Protocol (IP). The end of the PPP link, which terminates at PC B, is configured here to use an IP address of 192.168.100.1. PC A is configured to use 192.168.101.1. These IP addresses are used to pass PPP Ethernet-encapsulated data over the point-to-point link.
267
The outline configuration procedure is as follows:

1 2 3
Configure the PCs; see Configure PC A and PC B on page 268 Choose an ISOS image for each of the ISOS System; see Select ISOS software images on page 269 Configure ISOS System A; see Configure ISOS System A using the CLI on page 269 or Configure ISOS System A using EmWeb on page 271 Configure ISOS System B; see Configure ISOS System B using the CLI on page 271 or Configure ISOS System B using EmWeb on page 273
1
PC A must have a mechanism to communicate with the PPPoE AC, such as ICMP ping capabilities, or Telnet. Configure PC A as follows:
a
Ethernet interface configuration: IP address: 192.168.101.1 Subnet mask: 255.255.255.0 Gateway: 192.168.101.2 PPP configuration: Dial-out user name: viratauser Dial out password: viratapass Authentication Protocol: CHAP
PC B must have a PPPoE Access Concentrator (server) application installed, and should have ping and/or telnet capabilities. There are several PPPoE Access Concentrator applications available as freeware for Unix-based systems. Here is a list of some of the most popular applications: Windows: RASPPPoE (PPPoE Client and AC/Server application)
UNIX (Linux and Solaris): Roaring Penguin (PPPoE Client and AC/Server application). See the GlobespanVirata Licensee Server Knowledge Base for details of How to set-up Roaring Penguin (PPPoE Client) on Linux. Configure PPPoE AC on PC B as follows: IP address: 192.168.100.1
268
Subnet mask: 255.255.255.0 Set the IP address range as follows: Start of range: 192.168.100.2 End of range: 192.168.100.4
Select ISOS software images For ISOS System A and B, use an ISOS image built from the eth-gateway system file. Before building the image, you need to check the contents of the following configuration file on each system:
1
Eth-gateway system file; atmos/system/eth-gateway. Check that the following lines are present in the eth-gateway system file:
a
The CYAN_POOL1_PREFIX must be configured as 48 bytes or larger for the packet header encapsulation used in PPPoE:
Config.hs CYAN_POOL1_PREFIX (48)
b 2
The BUN pppoe package must be included:

Package bun/devices/pppoe
BUN configuration file for eth-gateway; atmos/products/eth-gateway/flashfs/initbun. The following device and port (physical port 0 on BD6000 Series A and BD6000 Series B) need to have been configured in the ISFS initbun configuration file for the eth-gateway product. Check that the PPPoE driver has been added to the atm device definition in the initbun file:
device : atm = chameleon, debug, pppoe, rfc1483, atm_phy, atm_transport
Also check that the atm device has been defined correctly. This is the default entry:
port : a1 = atm/PhysicalPort=0/PortSpeed=59111/NewAttribute=<bool:V MI=true>/NewAttribute=<bool:outside=true>

1
Clear any existing IP interfaces and transports, and update the DHCP client configuration, by typing the following commands: ip clear interfaces transports clear
269
Add the Ethernet device to ISOS System A; this provides access to the PPPoE client from PC A. In the following command, ETH is the name of the transport, and ethernet is the port name. ethernet add transport ETH ethernet ip add interface myip 192.168.101.2 255.255.255.0 The PPPoE BUN driver uses functionality provided by the PPP module. Configure a PPP channel for an outgoing PPPoE connection to the remote AC using PVC 600. The PPPoE AC in this scenario utilizes CHAP authentication, but PAP authentication may be substituted. PC B will need to be configured for a specific authentication, if desired, before connecting. If no authentication is used, simply omit the welogin command. Since the PPP module supports multiple, simultaneous connections, we will be using PPP device 1 and Interface 1. PPP is able to automatically configure the IP address of the router interface, and add a default route when the connection is made. This is the reason the IP address of the router interface is not specified in the command. TCP MSS Clamp functionality is enabled on the IP interface: ip add interface ip2 ip set interface ip2 tcpmssclamp enabled pppoe add transport PPP dialout pvc 1 a1 0 600 bridge add interface br-eth bridge attach br-eth ETH ip attachbridge myip pppoe set transport PPP welogin chap pppoe set transport PPP username viratauser pppoe set transport PPP password viratapass ip attach ip2 PPP
270

1
Clear any existing IP and Bridge interfaces and transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: ip clear interfaces bridge clear interfaces transports clear dhcpclient update Add the Ethernet device to the Bridge. In the following command, eth1 is the name of the transport, and ethernet is the port name. ethernet add transport eth1 ethernet bridge add interface mybridge1 bridge attach mybridge1 eth1 rfc1483 add transport myrfc1483 a1 0 600 llc bridged bridge add interface mybridge2 bridge attach mybridge2 myrfc1483 Add the Ethernet device to ISOS System A; this provides access to the PPPoE client from PC A. By default, your Ethernet device is already attached to the router using a default LAN connection called iplan, IP address 192.168.1.1. For this configuration, you need to change the default LAN IP address to 192.168.101.2:
a

1

a
From the left-hand menu, click on Configuration>WAN connections.
271
The WAN connections page is displayed. If there are any connections listed, click on the Delete hyperlink, then click on Delete this connection. Repeat until all WAN connections have been deleted.
The PPPoE BUN driver uses functionality provided by the PPP module. Configure a PPP channel for an outgoing PPPoE connection to the remote AC using PVC 600. The PPPoE AC in this scenario utilizes CHAP authentication, but PAP authentication may be substituted. PC B will need to be configured for a specific authentication, if desired, before connecting. If no authentication is used, at the WAN connection edit page, set the Dialout Auth text box to none. Since the PPP module supports multiple, simultaneous connections, we will be using PPP device 1 and Interface 1. PPP is able to automatically configure the IP address of the router interface, and add a default route when the connection is made:
a b
From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the PPPoE routed radio button, then click on Configure. At the WAN connection: PPPoE routed page, complete the following: Description: PPP VPI: 0 VCI: 600 CHAP (click radio button) User name: viratauser Password: viratapass Click on the Edit Tcp Mss Clamp link at the top of the page and set Tcp Mss Clamp to enabled. You do not need to make changes to the other default settings. From the WAN connections table, click on the PPP Edit link. The Edit Service page is displayed. Click on Edit PPP. You can check that the Interface ID is set to 1, and that Dialout Authentication is set to CHAP.
272

1
Add the Ethernet device to the Bridge. By default, your Ethernet device is already attached to the Bridge using a default LAN connection called iplan, IP address 192.168.1.1. The LAN IP address must be on the same subnet as your PC IP address. For this configuration, you need to change the default LAN IP address to 192.168.100.2:
a
At the console, enter the following command: ip set interface iplan ipaddress 192.168.100.2 At your web browser, enter the new IP address as the URL: http://192.168.100.2 The EmWeb Welcome page is displayed. From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the RFC 1483 bridged radio button, then click on Configure. At the WAN connection: RFC 1483 bridged page, complete the following: Description: myrfc1483 VPI: 0 VCI: 600 Encapsulation method: LLC/SNAP Click on Apply. The WAN connections page is displayed, containing details of the new RFC 1483 transport.
c d

a b
273
13.4.5 Standalone PPPoE Configuration using FRED The ISOS FRED BUN Device Driver combined with the Point-to-Point Protocol over Ethernet (PPPoE) BUN client and Chameleon BUN Drivers, allow concurrent PPP connections to a PPPoE Access Concentrator (AC) over an IP network. For more information about the FRED BUN Driver, refer to DO-008287, BUN Devices: Forwarding RFC1483/Ethernet Device (FRED). In this example, two connections are initiated; one is from a PPPoE client located on ISOS System A, the other is a PPPoE software client located on PC A, both simultaneously connecting to a remote PPPoE server on PC C. Consider the following network in which PC A connects directly via the Ethernet with its PC-based local PPPoE client, PC B which represents a home PC connected to ISOS System A (the user's modem) and PC C, which represents the PPP dial-in server:
PC A
PPPoE Client installed Ethernet HUB
ISOS System A
BUN RFC1483
ISOS System B
BUN RFC1483
PC C
192.168.100.1
192.168.101.1
PC B
PPPoE Client 192.168.101.3
VPI 0 VCI 800 Bridge
Ethernet PPPoE AC/Server
Ethernet
Figure 63 PPPoE Configuration using FRED Although the order of device connection is not important, the PPPoE connections in this example are initially established from ISOS System A. It is then followed by a PC A connection, which contains the local
274
software PPPoE client. Both PPPoE clients connect to PC C, which is configured as a PPPoE AC. ISOS System B acts as a Bridge allowing ATM/Ethernet traffic transport using RFC1483. PC C upon completing the connection with PC A and ISOS System A will assign a unique IP address to each client. PC A and PC B should then be able to communicate with the server using the Internet Protocol (IP). The end of the PPP link, which terminates at PC C, is configured here to use an IP address of 192.168.100.1. PC A is configured to use a PPPoE AC supplied IP address, which is on the same subnet at PC C. PC B is configured to use 192.168.101.3. These IP addresses are used to pass PPP Ethernet encapsulated data over the point-to-point link.
1 2 3 4
Configure the PCs; see Configure PC A, PC B and PC C on page 275 Choose an ISOS image for each of the ISOS System; see Select ISOS software images on page 277 Configure ISOS System A; see Configure ISOS System A using the CLI on page 278 Configure ISOS System B; see Configure ISOS System B using the CLI on page 279
Note that EmWeb in ISOS 8.2 does not support this configuration. Configure PC A, PC B and PC C
1 2
PC A must have a Windows or Unix PPPoE software Client installed. PC A and PC B should also have a mechanism to communicate with the PPPoE AC, such as ICMP Ping capabilities, or Telnet. Once the PPP connections have been established, any method to test an IP link can be used. PC C must have a PPPoE Access Concentrator (server) application installed and should also have IP testing capabilities.
There are several PPPoE Client and Server (Access Concentrator) applications available as freeware for Unix and Windows based operating systems. Here is a list of some of the most popular applications: Windows: WinPoet (WindRiver Systems) (PPPoE Client only)
275
RASPPPoE (PPPoE Client and AC/Server application) UNIX (Linux and Solaris) Roaring Penguin (PPPoE Client and AC/Server application). See the GlobespanVirata Licensee Server Knowledge Base for details of How to set-up Roaring Penguin (PPPoE Client) on Linux.
This configuration example uses WinPoet (V2.5) for Windows 2000 as the PPPoE client on Windows and RASPPPoE (V2.2) as the PPPoE server. The table below summarizes the required configuration for the PCs used in this example:
PC
PPP configuration: PC A PPPoE Client installed: WinPoet V2.5 Able to communicate with PC C using ping or telnet. Ethernet interface configuration: IP Address: 192.168.101.3 Subnet mask: 255.255.255.0 Gateway: 192.168.101.1 PPPoE Client NOT installed. Able to communicate with PC C using ping or telnet. Ethernet interface configuration: PC C IP Address: 192.168.100.1 Subnet mask: 255.255.255.0 PPPoE Access Concentrator / Server installed: RASPPPoE (V2.2) with an IP address range specified
Configuration
PC B
WinPoet setup (PC A). The following details should have been setup on the WinPoet client application on PC A: PPP username: viratauser PPP password: viratapass PPP authentication: CHAP
276
RASPPPoE setup (PC C). The following details should have been setup on the RASPPPoE server application on PC C: PPP username: viratauser PPP password: viratapass PPP authentication: CHAP
Select ISOS software images Select an ISOS software image for ISOS Systems A and B. Use an ISOS image built from the eth-gateway system file for each system.
1
For ISOS Systems A and B, add/check that the following device and port (physical port 0 on ISOS System A) have been configured in the respective ISFS initbun configuration files: Note The Port speed=29555 is set for maximum throughput of a 10MB/s Ethernet link. If configuring for a true DSL link (8MB/s), this port speed may have to be set lower for better throughput results.
device : atm = debug, pppoe, rfc1483, atm_phy, atm_transport device : e1 = debug, ethernet, ethernet_phy port : ethernet = e1 port : a1 = atm/PhysicalPort=0/PortSpeed=29555
The following lines must be present in the initbun file:

device : f1 = pppoe, chameleon, fred port : fred = f1
These lines are included in the initbun file for extra-sw located in: atmos/products/extra-sw/flashfs/initbun. Add these lines to the eth-gateway initbun configuration file located in: atmos/products/eth-gateway/flashfs/initbun.
2
For ISOS System A, add/check that the following lines are included in the eth-gateway system file:
a
277
The BUN packages pppoe, chameleon and fred must be included in the system file:
Package bun/devices/pppoe Package bun/devices/chameleon Package bun/devices/fred
For ISOS System A, the consoleinit file needs to be created in the atmos/products/eth-gateway/flashfs directory and the following entries need to be added to this file:
tell bun set port fred / NewChannelAttribute = <U32:rxvci=0> tell bun set port fred / NewChannelAttribute = <U32:rxvpi=0> tell bun set port fred / NewChannelAttribute = <U32:txvci=0> tell bun set port fred / NewChannelAttribute = <U32:txvpi=0> tell bun set port fred / NewChannelAttribute = <BOOL:rfc1483=FALSE> tell bun set port fred / NewChannelAttribute = <BOOL:PortClassAtm=TRUE> tell bun set port fred / NewChannelAttribute = <string:class=""> tell bun set port fred / NewChannelAttribute = <string:mode=""> tell bun set port fred / NewChannelAttribute = <string:type=""> tell bun set port fred / NewPortAttribute = <U32:portspeed=0> tell bun set port fred / NewPortAttribute = <BOOL:Connected=TRUE>
The above commands add the channel attributes to the Chameleon BUN driver that BUN PPPoE needs to open its channel. Configure ISOS System A using the CLI
1
Clear your current configuration by entering the following command: system config clear Create all the interfaces and required transports using the information in the table below:
Port Ethernet Fred rfc1483 PPPoE
ethernet fred -
Transport
ETH FRED WAN PPP
Interface
ip ip2
Bridge Interface
br-eth br-fred br-wan -
278
Table 29: PPPoE and FRED configuration setup Enter the following commands: ip add interface ip 192.168.101.1 255.255.255.0 ip add interface ip2 ethernet add transport ETH ethernet ethernet add transport FRED fred
3
Add an rfc1483 device to the bridge: rfc1483 add transport WAN a1 0 800 llc bridged pppoe add transport PPP dialout pvc 1 fred 0 800 bridge add interface br-eth bridge add interface br-wan bridge add interface br-fred bridge attach br-eth ETH bridge attach br-fred FRED bridge attach br-wan WAN bridge set interface br-wan filtertype pppoe ip attachbridge ip ip attach ip2 PPP pppoe set transport PPP welogin chap pppoe set transport PPP username viratauser pppoe set transport PPP password viratapass Clear any existing IP and Bridge interfaces and transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: ip clear interfaces transports clear dhcpclient update

1
279
Add the rfc1483 bridging configuration: ethernet add transport eth1 ethernet bridge add interface mybridge1 bridge attach mybridge1 eth1 rfc1483 add transport myrfc1483 a1 0 800 llc bridged bridge add interface mybridge2 bridge attach mybridge2 myrfc1483
The PPPoE Client on ISOS system A should be connected, and PC A should now be able to run the local PPPoE Client and connect to the AC/server. PC A and PC B should both be able to ping the PPPoE AC at PC C. 13.4.6 Multiple PPPoE sessions with pass-through using qInterface and pppoe-mux This configuration combines ISOS qInterface and pppoe-mux BUN Device Drivers with the Point-to-Point Protocol over Ethernet (PPPoE) BUN client. This allows multiple PPP sessions over a single RFC1483 or Ethernet transport to a PPPoE Access Concentrator (AC). This configuration uses RFC1483. For more information about the qInterface BUN Driver, refer to BUN Devices: qInterface: DO-009876-PS. For more information about the pppoe-mux BUN Driver, refer to BUN Devices: Multiple PPPoE sessions over a single transport (pppoe-mux): DO-400910-PS. In this example, PC A and PC B represent home PCs connected via Ethernet to ISOS System A. PC B does have PPPoE Client installed, PC A does not. ISOS System B bridges between RFC1483 and Ethernet. Packets from PC A and PC B to ISOS System A are received by the bridge and transported (via ISOS System B) to the WAN using different methods: PC A; packets are routed via one of the two PPP sessions, which are multiplexed into a single virtual connection, over RFC1483 to ISOS System B. ISOS System B bridges the packets back to Ethernet and then forwards them to one of the access concentrators at PC C or PC D. The bridge on ISOS System A has a filter applied to the WAN interface through which only PPPoE packets may pass.
280
PC B; PPPoE packets received by the bridge on ISOS System A are forwarded (via ISOS System B) to the WAN interface and on to the access concentrators at PC C or PC D. This is known as PPPoE pass-through.
Consider the following network:

LAN WAN
ISOS System A PC A
HUB
ISOS System B PC C
BUN RFC1483
Access HUB Concentrators
Router
192.168.111.1
ppp1 ppp2
Bridge
PC B
PPPoE Client Installed
Ethernet
VPI 0 VCI 800
Ethernet
PC D
Figure 64 Multiple PPPoE sessions with pass-through configuration Multiple PPPoE sessions are enabled by the pppoe-mux and qInterface BUN devices that are included in ISOS System As system file configuration. As each discovery packet from PC A passes through pppoe-mux, the BUN device collects the Host-Uniq tags, the access concentrator MAC address and the Session ID. Note A single host MAC address is used for all PPPoE sessions because pppoe-mux acquires the MAC address of the underlying layer. BUN qInterface has two parts; a simple BUN device coupled with a process. It is required because BUN cannot connect directly to a process at a BUN devices bottom edge. BUN qInterface sits at the bottom of a compound device and when it receives a packet from higher in the IP stack (for example, from the pppoe device), it sends the packet further down the stack (in this case, to the bridge). The reverse happens when the bridge receives a PPPoE packet; it goes via the qInterface process to BUN qInterface and then up to pppoe-mux and pppoe. The following diagram illustrates the architecture of the configuration used in ISOS System A:
281
IP stack PPP BUN PPPoE BUN device pi BUN port pppoe
IPv4 IPv6 ARP
BUN PPPoEMux
BUN qinterface
BUN device qi BUN port q1
PPPoE discovery PPPoE session bridge

bridge filter allows only pppoe packets to be transmitted or received
BUN Ethernet
BUN PPPoE (disabled) BUN device atm BUN port a1
Packets from PC A
Packets from PC B
BUN RFC1483
BUN utopia
LAN Figure 65
WAN Multiple PPPoE session IP architecture
282
The outline configuration procedure is as follows:

1 2 3 4 5
Configure PC A and PC B; see Configure PC A and PC B on page 283 Configure PC C and PC D; Configure PC C and PC D on page 283 Choose an ISOS image for each of the ISOS System; see Select ISOS software images on page 277 Configure ISOS System B; see Configure ISOS System B using the CLI on page 286 Configure ISOS System A; see Configure ISOS System A using the CLI on page 278
1 2
PC A must have an IP address on the same subnet as the routers LAN IP address on ISOS System A, for example, 192.168.111.2. PC B must have Windows or Unix PPPoE Client software installed.
Configure PC C and PC D
1
PC C and PC D must have PPPoE Access Concentrator (server) applications installed and should also have IP testing capabilities. There are several PPPoE Client and Server (Access Concentrator) applications available as freeware for Unix and Windows based operating systems. Here is a list of some of the most popular applications: Windows: WinPoet (WindRiver Systems) (PPPoE Client only) RASPPPoE (PPPoE Client and AC/Server application) UNIX (Linux and Solaris) Roaring Penguin (PPPoE Client and AC/Server application). See the GlobespanVirata Licensee Server Knowledge Base for details of How to set-up Roaring Penguin (PPPoE Client) on Linux.
This configuration example uses WinPoet (V2.5) for Windows 2000 as the PPPoE client on Windows and RASPPPoE (V2.2) as the PPPoE server.
283
The table below summarizes the required configuration for the PCs used in this example:
PC Configuration
IP Address: 192.168.111.2 Subnet mask: 255.255.255.0 Gateway IP Address: 192.168.111.1 (ISOS System A) PC A PPP configuration: PPPoE Client NOT installed Able to communicate with PC C and PC D using ping or telnet (once PPP session is established). PPP configuration: PPPoE Client installed: WinPoet V2.5 Able to communicate with PC C and PC D using ping or telnet (once PPP session is established). PPPoE interface configuration: IP Address: 192.168.100.1 Subnet mask: 255.255.255.0 Remote DNS Primary Address: 192.168.150.1 Remote DNS Secondary Address: 192.168.150.2 PPPoE Access Concentrator / Server installed (named pcc): RASPPPoE (V2.2) with an IP address range specified PPPoE interface configuration: IP Address: 192.168.200.2 Subnet mask: 255.255.255.0 PPPoE Access Concentrator / Server installed (named pcd): RASPPPoE (V2.2) with an IP address range specified
PC B
PC C
PC D
WinPoet setup (PC B). The following details should have been setup on the WinPoet client application on PC B: PPP username: viratauser PPP password: viratapass PPP authentication: CHAP RASPPPoE setup (PC C and PC D). The following details should have been setup on the RASPPPoE server application on PCs C and D respectively: PPP username: viratauser PPP password: viratapass PPP authentication: CHAP
284
Select an ISOS software image for ISOS System A Select an ISOS software image for ISOS System A. Use an ISOS image built from the eth-gateway system file.
1
For ISOS System A, check that the following devices and ports are included in the ISFS initbun configuration file located in atmos/products/eth-gateway/flashfs/initbun: Note The Port speed=29555 is set for maximum throughput of a 10MB/s Ethernet link. If configuring for a true DSL link (8MB/s), this port speed may have to be set lower for better throughput results.
device : atm = debug, pppoe, rfc1483, atm_phy, atm_transport device : pi = debug, pppoe, pppoe_mux device : qi = qInterface port : a1 = atm / PhysicalPort = 0 / PortSpeed = 29555 port : q1 = qi/interface=<//bridge/TYPE=PPPOE> port : pppoe = pi/interface=<port=q1>/NewAttribute=<bool:outside=true>
For ISOS System A, check that the following lines are included in the eth-gateway system file:
a
The BUN packages pppoe, pppoe-mux, qinterface and ppp must be included in the system file:
Package Package Package Package bun/devices/pppoe bun/devices/pppoe-mux bun/devices/qinterface ppp
Select an ISOS software image for ISOS System B Select an ISOS software image for ISOS System B. Use an ISOS image built from the eth-gateway system file.
285
For ISOS System B, check that the following devices and ports are included in the ISFS initbun configuration file located in atmos/products/eth-gateway/flashfs/initbun: Note The Port speed=29555 is set for maximum throughput of a 10MB/s Ethernet link. If configuring for a true DSL link (8MB/s), this port speed may have to be set lower for better throughput results.
device : atm = debug, pppoe, rfc1483, atm_phy, atm_transport port : a1 = atm / PhysicalPort = 0 / PortSpeed = 29555
For ISOS System B, check that the following lines are included in the eth-gateway system file:
a
The BUN packages pppoe and ppp must be included in the system file:
Package bun/devices/pppoe Package ppp

1
Clear your current configuration by entering the following command: system config clear Create an Ethernet transport for the LAN and attach it to the bridge: bridge add interface myethernet ethernet add transport eth1 bridge attach myethernet eth1 Create an RFC1483 transport using port a1, VPI 0, VCI 800. Attach the RFC1483 transport to the bridge: rfc1483 add transport my1483 a1 0 800 bridge add interface myrfc1483 bridge attach myrfc1483 my1483
286

1
Clear your current configuration by entering the following command: system config clear Create an Ethernet transport for the LAN and attach it to the bridge: bridge add interface myethernet ethernet add transport eth1 bridge attach myethernet eth1 Create an RFC1483 transport for the WAN using port a1, VPI 0, VCI 800. Attach the RFC1483 transport to the bridge, and set the bridge filter to allow only PPPoE frames through, so that the WAN cannot see the LANs IP packets: rfc1483 add transport my1483 a1 0 800 bridge add interface myrfc1483 bridge set interface myrfc1483 filtertype pppoe bridge attach myrfc1483 my1483 Attach the bridge to the IP stack so that the LAN and WAN are routable: ip add interface ipbridge 192.168.111.1 ip attachbridge ipbridge At this point, the PPPoE Client on PC B can connect to PC C and PC D using PPPoE pass-through via the bridge.
287
Create two PPPoE client sessions and attach them to the IP stack. Both sessions use port pppoe.The first session connects to the PPPoE server (access concentrator) called PC C: ip add interface ppp1 ip set interface ppp1 tcpmssclamp enabled pppoe add transport myppp1 dialout eth 1 pppoe accessconcentrator pcc pppoe set transport myppp1 username viratauser pppoe set transport myppp1 password viratapass pppoe set transport myppp1 specificroute enabled pppoe set transport myppp1 remotedns 192.168.150.1 ip attach ppp1 myppp1 The second session connects to the PPPoE server (access concentrator) called PC D: ip add interface ppp2 ip set interface ppp2 tcpmssclamp enabled pppoe add transport myppp2 dialout eth 2 pppoe accessconcentrator pcd pppoe set transport myppp2 username viratauser pppoe set transport myppp2 password viratapass ip attach ppp2 myppp2
PC A should now connect to the PPPoE Access Concentrators on PC C and PC D via the PPPoE Clients on ISOS System A. 13.4.7 Routed example using DHCP Because the Dynamic Host Configuration Protocol operates using IP broadcasts, it can only operate over certain protocols. For example, Ethernet and ATM Forum LAN Emulation (FLANE) may be used with DHCP, RFC 1483 may be used when bridged to Ethernet or FLANE, but IPoA is not suitable. This example demonstrates DHCP operating over Ethernet.
288
ISOS DHCP is described in detail in its Functional Specifications: DO-007309-PS (Client) and DO-007343-PS (Server). Because DHCP provides a means to configure interfaces, and does not provide data transport itself, this example only describes how to configure an Ethernet interface on which the DHCP client or server operate. This is additional configuration information, which may be used with any of the previous routed examples in this section to produce a complete system. Consider the following network:
PC A
ISOS System A 192.168.102.2
ISOS System B 192.168.102.3 192.168.103.1

DHCP client ATM Ethernet
PC B
192.168.101.1
DHCP client
192.168.101.101 DHCP server
192.168.103.101 DHCP server
Ethernet
Figure 66
Routed using DHCP configuration
Here, ISOS System A is running the DHCP server, and allocates an IP address to PC A. ISOS System B is running the DHCP client, and is allocated an IP address by a server running on PC B. The IP addresses which have been allocated to the DHCP clients are shown in the diagram.
289
If the only aim of the test network is to show DHCP working, the network can be rearranged as follows:
ISOS System A
192.168.101.101
ISOS System B
192.168.101.1
DHCP client Ethernet
DHCP server
Figure 67
DHCP test configuration
It can be seen that this is exactly the same as the previous diagram, except that the two ISOS Systems have been connected together by their Ethernet interfaces (either using an Ethernet crossover cable, or an Ethernet Hub). The software configuration is exactly the same as in the first diagram; the only difference is that this alternative setup allows DHCP to be demonstrated without needing the two PCs. In the first network, a DHCP server is installed and configured on PC B. If using the second example network, neither PC is required. The configuration information below assumes the first example using PCs. Note that EmWeb in ISOS 8.2 does not support this configuration. Configure the PCs Configure the PCs as follows:
1
PC A: IP address: Obtained by DHCP Subnet mask: Obtained by DHCP Gateway: Obtained by DHCP
290
PC B: IP address: 192.168.103.101 Subnet mask: 255.255.255.0 Gateway: 192.168.103.1
The configuration information below assumes the second example using just two ISOS Systems. Select ISOS software images For ISOS Systems A and B, use an ISOS image built from the eth-gateway system file. Configure ISOS System A using the CLI
1
Clear any existing IP interfaces and Ethernet transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: ip clear interfaces transports clear dhcpserver clear subnets dhcpserver update dhcpclient clear interfaceconfigs dhcpclient update Add the Ethernet device to the router. ethernet add transport eth0 ethernet ip add interface ip1 192.168.101.101 ip attach ip1 eth0 Configure the DHCP server as follows: To serve up to 100 clients on the 192.168.101.0 subnet with a maximum lease time of one day (86400 seconds). To tell its clients their subnet mask (255.255.255.0).
291
To take the IP address of the IP interface that it is running on and tell DHCP clients that this is the DNS server and default gateway respectively. dhcpserver set allowunknownclients enable dhcpserver set bootp enable dhcpserver add subnet mysubnet 192.168.101.0 255.255.255.0 192.168.101.1 192.168.101.100 dhcpserver set subnet mysubnet maxleasetime 86400 dhcpserver set subnet mysubnet hostisdnsserver enabled dhcpserver set subnet mysubnet hostisdefaultgateway enabled dhcpserver update Configure ISOS System B using the CLI
1
Clear any existing IP interfaces and transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: ip clear interfaces transports clear dhcpclient update The Ethernet device is added to the router as normal, except the special token dhcp is used instead of an IP address; this tells the IP stack to obtain the address from the DHCP client: ethernet add transport eth1 ethernet ip add interface ip1 ip attach ip1 eth1 ip set interface ip1 dhcp enabled
292
The DHCP client is automatically configured to obtain a lease from the DHCP server, sending its MAC address as the identifier. Many of the following lines specify various timeouts for the client (suitable example values are given). dhcpclient set retry 2000 dhcpclient set reboot 500 dhcpclient set backoff 240 dhcpclient add interfaceconfig mydecl ip1 dhcpclient set interfaceconfig mydecl requestedleasetime 900 dhcpclient update
293
Tunnelling configurations
13.5
The configurations in this section are fundamentally different to the bridged and routed configurations described earlier in this chapter where in both the bridged and the routed examples, the ATM protocol (RFC 1483, IPOA or PPP) runs on the ISOS System. With the tunnelling examples given here, the PPP protocol is initiated by the PC and is tunnelled via PPTP to the ISOS System over an Ethernet link which then switches the session over a PPPoA tunnel to the final ISOS System for session authentication and termination. This encapsulation scheme is illustrated in the diagram below:
PPP PPTP UDP IP PC A ETH ISOS PPP ATM ISOS IP ETH PC B
Figure 68 Tunnelling encapsulation stack schematic
294
13.5.1 Ethernet PPTP tunnelling PPP server PPTP (Point-to-Point Tunnelling Protocol) allows a PPP connection to be tunnelled through an IP network. In this example, the connection is initiated from the PPTP Network Server (PC A). Consider the following network:
192.168.102.2 PC A
PPP ISOS System A
192.168.102.3 ISOS System B 192.168.102.3 PC B
PNS
PAC
PPP server
192.168.103.3
Ethernet VCI 800 VCI 0
192.168.103.4
PPTP 192.168.10.1 192.168.10.2

Ethernet
Figure 69
Ethernet-PPTP tunnelling-PPP server configuration
The PPP connection is established from PC A to ISOS System B. ISOS System B routes between PPP and Ethernet just as it did in the Ethernet - PPP routed on page 259 example earlier in this chapter. PC A and ISOS System A use PPTP in order to tunnel this PPP link through a separate IP network running over Ethernet. PC A provides functionality known as a PNS (PPTP Network Server), and ISOS System A provides functionality known as a PAC (PPTP Access Concentrator). PC A therefore uses two different IP addresses. The end of the PPP link which terminates at PC A is 192.168.102.2. This is the address that PC B, or ISOS System B use when they want to communicate with PC A. But PC A also has the address 192.168.10.1, which refers to its local Ethernet interface. This IP address is only used to transport the tunnelled PPP data to ISOS System A. PPTP is described in detail in DO-007352-PS, PPTP Functional Specification.
295
Once the ISOS Systems have been configured, and once PC A has dialed-out to establish a PPP connection to ISOS System B through the PPTP tunnel, PC A and PC B should be able to communicate using any IP protocol. Note that EmWeb in ISOS 8.2 does not support this configuration. PC Configuration PC A must run an operating system which supports PPTP, providing a PNS. Windows 2000 server provides this.
1
PC A:
a
Ethernet interface configuration: IP address: 192.168.10.1 Subnet mask: 255.255.255.0 Gateway: 192.168.10.2 PPTP configuration: IP address of PAC: 192.168.10.2 Dial-out user name: fred Dial out password: password
Select your ISOS Software images For ISOS System A and B, use an ISOS image built from the eth-gateway system file. The eth-gateway file includes the gateway system file. You need to add the following line to the gateway system file to include support for the PPTP package:
Package pptp

1
Clear any existing IP interfaces or Ethernet and PPPoA transports or PPTP tunnels by typing the following commands: ip clear interfaces transports clear pptp clear tunnels
296
Add the Ethernet device to the router; this provides one endpoint of the PPTP tunnel. In the following command, eth1 is the name of the transport, and ethernet is the port name. ethernet add transport eth1 ethernet ip add interface myip 192.168.10.2 255.255.255.0 ip attach myip eth1 The PPTP module uses functionality provided by the PPP module. Configure PPP channel 1 for an outgoing PPTP connection, using VCI 800. pppoa add transport myppp dialout pvc 1 a1 0 800 Next, create a PPP tunnel, set the IP address of the remote system running the PNS (PC A) and attach the tunnel to the PPP transport: pptp add tunnel mytunnel pptp set tunnel remoteip 192.168.10.1 pptp attach mytunnel myppp
Configure ISOS System B using the CLI ISOS System B is configured exactly the same as PPP server in the Ethernet - PPP routed on page 259.
297
13.5.2 Ethernet PPTP tunnelling PPP client PPTP (Point-to-Point Tunnelling Protocol) allows a PPP connection to be tunnelled through an IP network. In this example, the connection is initiated from the PPPoA peer (ISOS System B). Consider the following network:
192.168.102.2 PC A
PPP ISOS System A
192.168.102.3 ISOS System B 192.168.102.3 PC B
PNS
PAC
PPP Client
192.168.10.2
Ethernet
192.168.103.3
VCI 800
192.168.103.4
PPTP 192.168.10.1 192.168.10.2

Ethernet
Figure 70
Ethernet-PPTP tunnelling-PPP client configuration
The PPP connection is established from ISOS System B to PC A. ISOS System B routes between PPP and Ethernet just as ISOS System A routed between PPP and Ethernet in the example Ethernet - PPP routed on page 259 earlier in this chapter. PC A and ISOS System A use PPTP in order to tunnel this PPP link through a separate IP network running over Ethernet. PC A provides functionality known as a PNS (PPTP Network Server), and ISOS System A provides functionality known as a PAC (PPTP Access Concentrator). PC A therefore uses two different IP addresses. The end of the PPP link which terminates at PC A is 192.168.102.2. This is the address that PC B or ISOS System B, use when they want to communicate with PC A. But PC A also has the address 192.168.10.1, which refers to its local Ethernet interface. This IP address is only used to transport the tunnelled PPP data to ISOS System A.
298
PPTP is described in detail in DO-007352-PS, PPTP Functional Specification. Once the ISOS Systems have been configured, and once ISOS System B has dialed-out to establish a PPP connection to PC A through the PPTP tunnel, PC A and PC B should be able to communicate using any IP protocol. PC Configuration PC A must run an operating system which supports PPTP, providing a PNS. Microsoft Windows 2000 server provides this.
1
PC A:
a
Ethernet interface configuration: IP address: 192.168.10.1 Subnet mask: 255.255.255.0 Gateway: 192.168.10.2 PPTP configuration: IP address of PAC: 192.168.10.2 Dial-in user name: fred Dial in password: password
Select ISOS Software images For ISOS System A, use an ISOS image built from the eth-gateway system file. The eth-gateway file includes the gateway system file. You need to add the following line to the gateway system file to include support for the PPTP package:
Package pptp
299

1
Clear any existing IP interfaces or Ethernet and PPPoA transports or PPTP tunnels by typing the following commands: ip clear interfaces transports clear pptp clear tunnels Add the Ethernet device to the router; this provides one endpoint of the PPTP tunnel. In the following command, eth1 is the name of the transport, and ethernet is the port name. ethernet add transport eth1 ethernet ip add interface myip 192.168.10.2 ip attach myip eth1 The PPTP module uses functionality provided by the PPP module. Configure PPP channel 1 for an incoming PPTP connection, using PPTP tunnel 1, and using PVC 800. pppoa add transport myppp dialin pvc 1 a1 0 800 The HDLC headers also need to be enabled on the PPPoA transport: pppoa set transport myppp headers hdlc enabled Next, configure the PPTP module for its remote IP address 192.168.10.1: pptp add tunnel mytunnel pptp set tunnel remoteip 192.168.10.1 pptp set tunnel mytunnel type dialin pptp attach mytunnel myppp
Configure ISOS System B using the CLI The configuration of the PPP client is explained in the Ethernet - PPP routed on page 259 example for ISOS System A, with the IP address changed. So, replace the line: ip add interface ip1 192.168.101.2 with: ip add interface ip1 192.168.103.3 The network is now configured.
300
14.Configuring the ISOS System in PC-attached Gateway mode
This chapter describes how to configure the ISOS System in typical PC-attached Gateway configurations.
301
Introduction
14.1
Introduction
This chapter describes how to configure the ISOS System in various PC-attached gateway configurations: Bridged configurations: Ethernet - USB bridged; see Ethernet - USB bridged on page 306. Routed configurations: IPoA routed example; see Ethernet - USB / IPoA on page 309. Bridged/Routed configuration: PPPoE routed example; see Ethernet - USB / PPPoE over RFC1483 on page 315.
For more information about PC-attached Gateway configurations, refer to Typical PC-attached Gateway (USB) configuration on page 15. For troubleshooting information and useful tips on trying to solve any configuration problems refer to Troubleshooting network configurations on page 419. For more information about the commands you can use to obtain more information about the network that has been setup, refer to Obtaining and changing system setup information on page 387. For more information about the syntax of the commands used in this chapter, refer to DO-009430-PS, ISOS (8.2) CLI Reference Manual.
302
Configuring the ISOS System in PC-attached Gateway mode
14.2
Test network setup

14.2.1 Network diagram The configurations in this chapter assume that the following test network is setup, as shown in the diagram below:
PC A
Serial to A and B USB Ethernet HUB
ISOS System A
ISOS System B
eth-gateway usb-gateway image image ATM
PC B
Ethernet
Figure 71
Demo network PC (USB)-attached Gateway configuration
Using this setup, you can configure ISOS System A in a number of ways to show it operating as a particular type of PC-attached network device. In the diagram above: Each PC is fitted with an Ethernet network card. PC A is connected to the USB port on ISOS System A. PC B is connected to the Ethernet port on ISOS System A through an Ethernet Hub, or directly using an Ethernet crossover cable. ISOS System A is connected to ISOS System B via ATM. A serial cable should be connected from PC A to the Serial port of ISOS System A. For more information on the port settings, refer to Serial port settings on page 354. For more information on the Terminal programs which you can run on your computer, refer to What additional software applications are needed? on page 20.
303
Test network setup
14.2.2 ISOS System initbun configuration file For the ISOS System, the following ports need to have been configured in the initbun file: ethernet usb-ethernet pc-ethernet These ports are already defined in the default initbun file for usb-gateway:
port : ethernet = ethernet_device / NewAttribute = <bool:inside=true> port : usb-ethernet = gw_fake_ether_device / BackingGroup = "link" / NewAttribute = <bool:inside=true>/NewAttribute = <string:icon=usb-slave> /MapPort=usb/MapPortConnected=connected port : pc-ethernet = vvb_fake_ether_device / BackingGroup = "link" / NewAttribute = <bool:PortClassExposedToVvb=true> / NewAttribute = <bool:PortClassGateway=true>/RxMulticastAllEnable = FALSE
The three Ethernet port definitions are required to support the dual mode operation of PC-attached and Gateway. See PC (USB)-attached Gateway (detailed configuration) on page 16 for more information. This diagram shows the locations of the ports defined in the usb-gateway initbun file. The initbun file for usb-gateway is located in: atmos/products/usb-gateway/flashfs/initbun 14.2.3 Choice of IP addresses All of the IP addresses used in these examples are from one of the blocks reserved by the Internet Assigned Numbers Authority for use on private IP networks. See RFC 1918, Address Allocation for Private Internets for more information. 14.2.4 ISOS System configuration The examples in this chapter describe how to configure your ISOS Systems using each of the following methods: using the CLI using EmWeb
304
If you are configuring using the CLI, you need to understand how to use the CLI interface before you can follow the instructions in this chapter. For more information, refer to Using the CLI on page 125. If you are configuring using EmWeb, you need to understand how to use the EmWeb interface before you can follow the instructions in this chapter. For more information, refer to Using the EmWeb server on page 151. The instructions for configuring the system assume the absence of any previous configuration. Therefore, please be sure that any old configuration files have been removed from FLASHFS (as described in Removing a file using the rm command on page 216), and the system has been rebooted, before starting to configure the system. If the contents of a file is not given in a particular example, either ensure that file is not downloaded and is not in FLASHFS, or that an empty file is downloaded.
305
14.3
14.3.1 Ethernet - USB bridged The configuration in this section uses the ISOS bridge module to bridge between Ethernet and USB. The ISOS bridge module is described in detail in DO-007087-PS, Transparent Bridge Functional Specification.
PC A
Serial to A USB Ethernet HUB
ISOS System A
192.168.88.1 (255.255.255.0)
Bridge
192.168.88.253
PC B
192.168.88.2 (255.255.255.0)
p
Ethernet
Figure 72
Ethernet-USB PC-attached (USB) Gateway configuration
Select ISOS software images Select a software image. For ISOS System A, use an ISOS image built from the usb-gateway system file. (The initbun file must be configured as described in ISOS System initbun configuration file on page 304.) Configure ISOS System A using the CLI
1
Clear any existing IP interfaces, Bridge interfaces or Ethernet transports by typing the following commands: ip clear interfaces bridge clear interfaces transports clear
306
This configuration requires two transports for the Ethernet devices ethernet and usb-ethernet (as defined in the usb-gateway initbun file): ethernet add transport eth1 ethernet ethernet add transport eth2 usb-ethernet Create two interfaces on the bridge and attach the ethernet transports to the bridge interfaces: bridge add interface bridge1 bridge attach bridge1 eth1 bridge add interface bridge2 bridge attach bridge2 eth2 Add the bridge to the router using an IP interface. This will enable you to ping devices that are attached to any interface in the bridge. ip add interface bridge 192.168.88.253 ip attachbridge bridge system config save
You should now be able to send data from all these systems: Ping the router (ISOS System A) from PC B over Ethernet port. Ping the router (ISOS System A) from PC A over USB port. Ping PC A from the router (ISOS System A). Ping PC B from PC A. Configure ISOS System A using EmWeb
1
For this configuration, you need to attach the Ethernet devices called ethernet and usb-ethernet to the bridge. By default, your ethernet device is already attached to the bridge using a default LAN connection called iplan, IP address 192.168.1.1. For this configuration, you need to change the default LAN IP address to 192.168.88.253:
a
307

a b
From the left-hand menu, click on Configuration>WAN connections. The WAN connections page is displayed. If there are any connections listed, click on the Delete hyperlink, then click on Delete this connection. Repeat until all WAN connections have been deleted. From the Status page, click on the LAN Settings hyperlink or from the left-hand menu, click on Configuration>LAN connection. The LAN connections page is displayed. Click on Create a new service. Click on the Ethernet bridged radio button, then click on Configure. At the LAN connection: Ethernet bridged page, complete the following: Description: eth2 Port: usb-ethernet Click on Apply. The LAN connections page is displayed, containing details of the new Ethernet transport. From the left-hand menu, click on Configuration>Save config. At the Save configuration page, click on Save.
To attach the usb-ethernet device to the bridge:

a
c 4
The ethernet devices are attached to the bridge, and the bridge is attached to the router by default via the iplan IP interface. This will enable you to ping devices that are attached to any interface in the bridge.
You should now be able to send data from all these systems: Ping the router (ISOS System A) from PC B over Ethernet port. Ping the router (ISOS System A) from PC A over USB port. Ping PC A from the router (ISOS System A). Ping PC B from PC A.
308
14.4
14.4.1 Ethernet - USB / IPoA The configuration in this section is similar to the IPoA routing setup in Ethernet - IPoA routed on page 246. However, traffic is routed between any of the three interfaces; USB, Ethernet and ATM.
p
PC A 192.168.102.1
USB
ISOS System A 192.168.102.2 192.168.103.2

Ethernet HUB ATM
ISOS System B
192.168.103.3
192.168.101.2
PC B
VCI 700 VPI 0 Ethernet
192.168.101.1
Figure 73
Ethernet-USB IPoA PC (USB)-attached Gateway routed configuration
Select ISOS software images

1 2
For ISOS System A, use an ISOS image built from the usb-gateway system file. For ISOS System B, use an ISOS image built from the eth-gateway system file.
309

1
Clear any existing IP and Bridge interfaces, routes and transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: ip clear interfaces transports clear ip clear routes bridge clear interfaces dhcpclient update Add two new transports for the Ethernet ports ethernet and usb-ethernet: ethernet add transport eth1 ethernet ethernet add transport eth2 usb-ethernet Add the interfaces to the router, for the physical ethernet port: ip add interface ip1 192.168.101.2 ip attach ip1 eth1 and for the usb-ethernet port: ip add interface ip2 192.168.102.2 ip attach ip2 eth2 Add the IPoA device to the router configured to run on VCI 700 with a peak cell rate (pcr) of 50000 cells per second, using the port named atm.In the following commands, ipoa1 is the transport name and ip3 is the interface name: ipoa add transport ipoa1 pvc atm 0 700 ip add interface ip3 192.168.103.2 ip attach ip3 ipoa1 ipoa transport ipoa1 set pvc 1 pcr 50000 Add a default route, with ISOS System B as the gateway: ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.103.3 system config save
310

1
Clear any existing IP interfaces and transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: ip clear interfaces transports clear dhcpclient update Add the IPoA device to the router: ip add interface ipoa 192.168.103.3 ipoa add transport t1 pvc a1 0 700 ip attach ipoa t1 Add a default route, with ISOS System A as the gateway: ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.103.2 system config save
You should now be able to send data from all these systems: Ping the router (ISOS System A) from PC A over the USB port. Ping the router (ISOS System A) from PC B over the Ethernet port. Ping PC A from the router (ISOS System A). Ping PC B from PC A (via the router ISOS System A). Ping the gateway (ISOS System B) from PC A and PC B. Configure ISOS System A using EmWeb
1
For this configuration, you need to attach the Ethernet device called ethernet to the router. By default, your ethernet device is already attached to the router using a default LAN connection called iplan, IP address 192.168.1.1. For this configuration, you need to change the default LAN IP address to 192.168.103.4:
a
311
a b
From the left-hand menu, click on Configuration>WAN connections. The WAN connections page is displayed. If there are any connections listed, click on the Delete hyperlink, then click on Delete this connection. Repeat until all WAN connections have been deleted. From the left-hand menu, click on Configuration>IP routes. If there are any routes listed, check the Delete? checkbox and click on Apply. Repeat until all IP routes have been deleted. From the Status page, click on the LAN Settings hyperlink or from the left-hand menu, click on Configuration>LAN connection. The LAN connections page is displayed. Click on Create a new service. Click on the Ethernet routed radio button, then click on Configure. At the LAN connection: Ethernet routed page, complete the following: Description: eth2 Port: usb-ethernet (Click on the LAN IP address radio button) LAN IP address: 192.168.102.2 Click on Apply. The LAN connections page is displayed, containing details of the new Ethernet transport.
Attach the usb-ethernet device to the router:

a
Add the IPoA device to the router configured to run on VCI 700 with a peak cell rate (pcr) of 50000 cells per second, using the port named atm.
a
312
Click on the IPoA routed radio button, then click on Configure. At the WAN connection: IPoA routed page, complete the following: Description: ipoa1 VPI: 0 VCI: 700 (click on the WAN IP address radio button) WAN IP address: 192.168.103.2 Click on Apply. The WAN connections page is displayed, containing details of the new IPoA transport. From the WAN connections table, Click on the IPoA Edit link. From the Edit Service page, click on Edit ATM Channel. Set the Peak Cell Rate text box to 50000. You do not need to change the other default settings. Click on Change. From the left-hand menu, click on Configuration>IP routes. Click on the Create new IP V4Route link. The Create IP V4Route page is displayed. In the Gateway text box, type 192.168.103.3. You do not need to change the other default settings. Click on OK. From the left-hand menu, click on Configuration>Save config. At the Save configuration page, click on Save.

a b

1
a
313
Clear any existing IP interfaces or Ethernet transports by following the instructions below:
a b
From the left-hand menu, click on Configuration>WAN connections. The WAN connections page is displayed. If there are any connections listed, click on the Delete hyperlink, then click on Delete this connection. Repeat until all WAN connections have been deleted. From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the IPoA routed radio button, then click on Configure. At the WAN connection: IPoA routed page, complete the following: Description: ipoa VPI: 0 VCI: 700 (click on the WAN IP address radio button) WAN IP address: 192.168.103.3 Click on Apply. The WAN connections page is displayed, containing details of the new IPoA transport. From the left-hand menu, click on Configuration>IP routes. Click on the Create new IP V4Route link. The Create IP V4Route page is displayed. In the Gateway text box, type 192.168.103.2. You do not need to change the other default settings. Click on OK. From the left-hand menu, click on Configuration>Save config. At the Save configuration page, click on Save.
Add the IPoA device to the router:

a b
Add a default route, with ISOS System A as the gateway:

a b
You should now be able to send data from all these systems: Ping the router (ISOS System A) from PC A over the USB port. Ping the router (ISOS System A) from PC B over the Ethernet port. Ping PC A from the router (ISOS System A). Ping PC B from PC A (via the router ISOS System A). Ping the gateway (ISOS System B) from PC A and PC B.
314
14.5
Bridged/Routed configurations
14.5.1 Ethernet - USB / PPPoE over RFC1483 The configuration in this section is similar to the PPPoE routing setup in PPPoE Client over RFC1483 on page 254. However, traffic is routed between any of the three interfaces; USB, Ethernet and ATM. PPPoE (over RFC1483) is used to encapsulate Ethernet packets over the ATM link. This configuration is a combination of the bridge and routed examples described in Ethernet - USB bridged on page 306 and Ethernet - USB / IPoA on page 309.
PC A
USB BUN RFC1483 192.168.101.x Bridge 192.168.101.1 Ethernet
ISOS System A
ATM
ISOS System B
BUN RFC1483 Bridge
PC C
192.168.100.1
PC B
VCI 800 VCI 0 PPP session
Ethernet PPPoE AC/Server
PPPoE Client 192.168.101.x
Figure 74 Ethernet-USB/PPPoE PC (USB)-attached Gateway configuration Configure your PCs PC A and PC B should have a mechanism to communicate with the PPPoE AC (PC C), such as ICMP ping capabilities, or Telnet. PC C must have a PPPoE Access Concentrator (server) application installed, and should have ping and/or telnet capabilities. There are several PPPoE Server (Access Concentrator) applications available as freeware for Unix and Windows based operating systems. Here is a list of some of the most popular applications: Windows: RASPPPoE
315
UNIX (Linux and Solaris): Roaring Penguin. See the GlobespanVirata Licensee Server Knowledge Base for details of How to set-up Roaring Penguin (PPPoE Client) on Linux.
This example uses RASPPPoE (V2.2) as the PPPoE server. The PPP Server configuration is as follows: Dial-out user name: viratauser Dial out password: viratapass Authentication Protocol: CHAP Select the ISOS software image for ISOS System A Use an ISOS image built from the usb-gateway system file. The usb-gateway file calls the generic gateway file to use as its system file. Check that the following line is present in the gateway system file for ISOS System A (atmos/system/gateway): The CYAN_POOL1_PREFIX must be configured as 48 bytes or larger for the packet header encapsulation used in PPPoE. (The default value is 128):
The BUN pppoe package must be included. (It is included by default):

Package bun/devices/pppoe
The following device and port (physical port 0 on ISOS System A) need to have been configured in the ISFS initbun configuration file for the usb-gateway product (atmos/products/usb-gateway/flashfs/initbun). Verify that the PPPoE driver is added to the atm_device definition in the initbun file:
device : atm_device = debug, assignmac, chameleon, pppoe, rfc1483, atm_phy, atm_transport
Also, check that the atm_device has been defined correctly. This is the default entry:
port : a1 = atm_device / PhysicalPort = 0 / PortSpeed = 59111 /NewAttribute=<bool:outside=true>
The initbun file must also contain definitions for the Ethernet ports as described in ISOS System initbun configuration file on page 304.
316
Select the ISOS software image for ISOS System B Use an ISOS image built from the eth-gateway system file. Configure ISOS System A using the CLI
1
Clear any existing IP interfaces and transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: ip clear interfaces transports clear dhcpclient update Add two new transports for the Ethernet ports ethernet and usb-ethernet: ethernet add transport eth1 ethernet ethernet add transport eth2 usb-ethernet Create two interfaces on the bridge and attach the Ethernet transports to the bridge interfaces: bridge add interface bridge1 bridge attach bridge1 eth1 bridge add interface bridge2 bridge attach bridge2 eth2 Add the bridge to the router using an IP interface. ip add interface bridge 192.168.101.1 ip attachbridge bridge system config save
317
Add the IP/PPPoE configuration. Configure the PPP device and then attach the PPP device to the interface: pppoe add transport mypppoe dialout pvc 1 atm 0 800 ip add interface ppp_device ip set interface ppp_device tcpmssclamp enabled pppoe set transport mypppoe welogin chap pppoe set transport mypppoe username viratauser pppoe set transport mypppoe password viratapass ip attach ppp_device mypppoe PPP automatically adds the IP address and default route upon connection.

1
Clear any existing IP interfaces and transports. Clearing the IP interfaces also deletes any existing DHCP client settings on those interfaces. This change to DHCP is not updated in the DHCP client configuration until you enter the dhcpclient update command. Type the following commands: ip clear interfaces bridge clear interfaces transports clear dhcpclient update Add the RFC1483 bridging configuration. ethernet add transport eth1 ethernet bridge add interface mybridge1 bridge attach mybridge1 eth1 rfc1483 add transport myrfc1483 a1 0 800 llc bridged bridge add interface mybridge2 bridge attach mybridge2 myrfc1483
PC A and PC B should now both be able to ping the PPPoE AC at PC C, once the PPP session is up and running.
318

1
a
From the Status page, click on the LAN Settings hyperlink or from the left-hand menu, click on Configuration>LAN connection. The LAN connections page is displayed. Click on Change default LAN port IP address. In the Default LAN Port section, click on the Primary IP Address text box and type 192.168.101.1. Click on Apply. At your web browser, enter the following URL: http://192.168.101.1
c 2

a b
From the left-hand menu, click on Configuration>WAN connections. The WAN connections page is displayed. If there are any connections listed, click on the Delete hyperlink, then click on Delete this connection. Repeat until all WAN connections have been deleted. From the Status page, click on the LAN Settings hyperlink or from the left-hand menu, click on Configuration>LAN connection. The LAN connections page is displayed. Click on Create a new service. Click on the Ethernet bridged radio button, then click on Configure. At the LAN connection: Ethernet bridged page, complete the following: Description: eth2 Port: usb-ethernet Click on Apply. The LAN connections page is displayed, containing details of the new Ethernet transport. From the left-hand menu, click on Configuration>Save config. At the Save configuration page, click on Save.
To attach the usb-ethernet device to the bridge:

a
319
4 5
The ethernet devices are attached to the bridge, and the bridge is attached to the router by default via the iplan IP interface. Add the IP/PPPoE configuration. Configure the PPP device and then attach the PPP device to the interface:
a b
From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the PPPoE routed radio button, then click on Configure. At the WAN connection: PPPoE routed page, complete the following: Description: PPP VPI: 0 VCI: 600 CHAP (click on the CHAP radio button) User name: viratauser Password: viratapass Click on the Edit Tcp Mss Clamp link at the top of the page and set Tcp Mss Clamp to enabled. You do not need to make changes to the other default settings. At the WAN Connection: PPPoE routed page, click on Apply. The WAN connections page is displayed, containing details of the new PPPoE transport.
From the WAN connections table, click on the PPP Edit link. The Edit Service page is displayed. Click on Edit PPP. You can check that the Interface ID is set to 1, and that Dialout Authentication is set to CHAP. PPP automatically adds the IP address and default route upon connection.
e

1
Add the RFC1483 bridging configuration. By default, your Ethernet device is already attached to the Bridge using a default LAN connection called iplan, IP address 192.168.1.1. To check this, click on Configuration>Ports>Ethernet and check the IP address and port name.
a
320
Click on the RFC 1483 bridged radio button, then click on Configure. At the WAN connection: RFC 1483 bridged page, complete the following: Description: myrfc1483 VPI: 0 VCI: 800 Encapsulation method: LLC/SNAP Click on Apply. The WAN connections page is displayed, containing details of the new RFC 1483 transport.
PC A and PC B should now both be able to ping the PPPoE AC at PC C, once the PPP session is up and running.
321
322
15.Configuring the ISOS System in Switch mode
This chapter describes how to configure the ISOS System in typical Switch configurations. You need to understand how to use the CLI interface before you can follow the instructions in this chapter. For more information, refer to Using the CLI on page 125.
323
Introduction
15.1
Introduction
This chapter describes how to configure the ISOS System in some typical Switch configurations. The configuration of the ISOS System is performed from the CLI, rather than editing configuration files or programming Flash.
15.2
Pre-requisites
In order to connect up any type of ATM switch configuration, the second ATM port on the ISOS System which is configured as an ATM switch must be enabled. Note: For BD6000 Series systems ATM port 0 is the port on the right (furthest away from the power connector) or nearest to the power connector if using BD6221. It is enabled as port a1. The second ATM port is enabled by default in the initbun file of an atm-switch image. However, you still need to make the following changes to your hardware file:
1
Edit the file:

atmos/source/hardware/<platform>
where platform is the hardware file appropriate for the ISOS system you are using. For example, for a BD6100 system the file to change is bd6100.hw. (For a full list of the appropriate hardware files for all BD6000 Series systems, refer to Hardware type on page 66.)
a
Change the line in this file from:

port : ciao = ciao
to (all on one line):

port : ciao = ciao/UtopiaLevel1Address=2/UtopiaTxMode=2/UtopiaRxMode=2
Add the following line to this file:

config.h IDT_PHY_2_BASE 0xCFF00000
You can now build a new atm-switch image with the second port enabled. Note: For BD6000 Series systems. This second port uses the chip's glueless interface for connection to the Utopia Level 1 ATM25 phy. This glueless interface for Utopia level 1 devices is restricted to ports a2 to a31. These interfaces have a buffer
324 ISOS (8.2 Service Release 2) User Guide DO-009467-PS (Issue 4, 6th Dec 2002)
Configuring the ISOS System in Switch mode
FIFO depth of 1. Users of the glueless connection to Utopia level 1 devices faster than ATM25 should note that this method is not suitable for them, since restricting the FIFO depth to 1 has an unacceptable performance hit on fast ports. If you are in this position, please contact your GlobespanVirata support representative to discuss your options.
15.3
Switch network configuration

This chapter describes how to configure the ISOS System in a typical switch configuration. In the example network, one ISOS System is configured as an ATM switch and connected, over ATM, to two other ISOS Systems that are configured as ATM network nodes. 15.3.1 Network layout The setup for this network is illustrated in the diagram below:
ISOS System - A
Console
ATM25
PC B
Console
ISOS System - ATM
ATM25 Console ISOS System - B
Figure 75 Demo network (Switch)
325
15.3.2 Network connections In the diagram above: The ATM25 connections are made using an ATM crossover cable. (Note that an ATM crossover cable is not the same as an Ethernet crossover cable.) ATM port 0 (a1) of ISOS System A is connected to ATM port 0 (a1) of ISOS System (ATM). ATM port 0 (a1) of ISOS System B is connected to ATM port 1 (a2) of ISOS System (ATM). Note The physical location of ATM Port 0 (a1) is different on BD6000 Series ISOS Systems: For BD6100, BD6200 and BD6210 systems: ATM Port 0 is the ATM port furthest from the DC Power In connector. For BD6221 systems: ATM Port 0 is the port nearest to the DC Power In connector.
15.3.3 Configuring IPoA using SVCs This section describes how to configure an IP connection over ATM (IPoA) (using SVCs) using two ISOS Systems in Gateway mode and a third ISOS System configured as a Switch, as shown in Network layout on page 325. For more information about Gateway configurations, refer to What configurations are supported by an ISOS System? on page 8. Network configuration The settings required for each element of the network is shown in the table below:
System ISOS System (ATM) Feature MAC address ATM25 Port connections ISOS System (A) MAC address IP address Description 00:20:2B:00:75:20 A1, A2 00:20:2B:00:79:B0 1.1.1.1
326
System
Feature ATM25 Port connection A1
Description
ISOS System (B)
MAC address IP address ATM25 Port connection
00:20:2B:00:76:50 1.1.1.2 A1
Setup procedure To set up this configuration, follow the procedure below:

1
Build the following ISOS images for the ISOS System: eth-gateway image. The eth-gateway file includes the gateway system file. You need to include the signalling package, si, in the build. To do this, comment in the following Package line in the gateway system file:
% si includes UNI Signalling, SSCOP and ILMI. Uncomment to include. %Package si
atm-switch. For more information on how to build images, refer to Building an ISOS image on page 79.
2
Download the images to the ISOS Systems: Download the eth-gateway image to both ISOS System (A) and ISOS System (B).
Download the atm-switch image to ISOS System (ATM). For more information on downloading an image, refer to Booting the ISOS System in Gateway mode on page 99.
3
On ISOS System (A), enter the command: ip clear interfaces transports clear ip add interface ipoa1 1.1.1.1 255.0.0.0 ipoa add transport t1 svc ip attach ipoa1 t1
327
Restart ISOS System (A) using the command: system config save system restart The ISOS System will restart. On ISOS System (B), enter the command: ip clear interfaces transports clear ipoa clear transports ip add interface ipoa1 1.1.1.2 255.0.0.0 ipoa add transport t1 svc ip attach ipoa1 t1 Restart ISOS System (B) using the command: system config save system restart The ISOS System will restart. Both ISOS System systems are now configured with an IP device. To confirm that an IPoA device has been added, enter: ip list interfaces The following information is displayed: -->ip list interfaces
IP Interfaces:
ID
Name
IP Address
DHCP
Transport
-----|--------------|------------------|----------|---------------1 | ipoa1 | 1.1.1.2 | disabled | t1
-------------------------------------------------------------------
To confirm that the ARP server has been setup, enter: ipoa list transports The following information is displayed: -->ipoa list transports
IPoA transports:
ID
Name
SVC
ATM ARP Server
-----|------------|----------|--------------------------------------------
328
1 | t1 | ENABLED | here ---------------------------------------------------------------------------
The ISOS System is now functioning as an ARP server. In a typical IP network, only one network device should be functioning as an ARP server. Therefore, we need to re-configure one of the ISOS Systems to use the other ISOS System as its ARP server.
7
To re-configure ISOS System (A) to use ISOS System (B) as its ARP server, enter (on one line): ipoa set transport t1 arpserver 47.00.83.00.00.00.00.00.20.2b.00.75.20.00.20. 2b.00.76.50.00 This command configures ISOS System (A) to use ISOS System (B) as its ARP server, by specifying the ATM address of ISOS System(B). To confirm that this has been setup correctly, enter the following command on ISOS System (A): -->ipoa list transports The following information is returned:
IPoA transports: ID | Name | SVC | ATM ARP Server ---|------|--------|----------------------------------------------------------1 | t1 | ENABLED| 7.00.83.00.00.00.00.00.20.2b.00.75.20.00.20.2b.00.76.50.00 -------------------------------------------------------------------------------
The ARM ARP Server table entry shows the ATM address of ISOS System (B) to be used as the ARP server. You should now be able to send IP packets between the two ISOS Systems.
8
Using the console, enter the following command to enable ilmi on all ATM ports on ISOS System ATM: portcli setportflag all ilmi
329
Using the console, check that ilmi is enabled on ATM port a1 on ISOS System A and B by entering the following command: portcli portinfo If no flag is set for port a1, enable ilmi on this port by entering the following: portcli setportflag a1 ilmi To see the setup, enter: portcli portinfo
port type a1 Utopia (phy) flags +uni40 ilmi
If you now save this configuration using the CLI command system config save, ilmi will still be enabled on a1 after future reboots.
10 From ISOS System (B), enter:
ip ping 1.1.1.1 This attempts to ping ISOS System (A), with IP address (1.1.1.1). The following information is returned: ip: ping - reply received from 1.1.1.1 To see the SVC entries which have been setup, enter the following console command on ISOS System (ATM): switchcli list Note The atm-switch build is not supported by the VMI, so only the console process is provided. The following information is displayed by the command:
Displaying non-permanent entries for all ports for all processes verbosely. port a1 a2 vp 0 0 vc 32 ==> 32 ==> port a2 a1 vp 0 0 vc 32 32 cells 4 4 creator q93b q93b
You can also use the following console command for more information about the setup: q93b info For more information about the commands that you can use to obtain more information about the network that has been setup, refer to Obtaining and changing system setup information on page 387.
330
16.Configuring security on the ISOS System
This chapter describes how to configure security on the ISOS System using Firewall and NAT features in ISOS.
331
Introduction
16.1
Introduction
This chapter describes how to configure Security on the ISOS System. There are two example network setups described in this chapter: a network featuring three ISOS Systems; a Firewall, WAN Router and separate DMZ Router. See Configuring a network containing a Firewall, WAN Router and DMZ Router on page 332. a network featuring two ISOS Systems; a Firewall and a WAN Router. A separate DMZ is created as a virtual interface attached to the Firewalls LAN interface. See Configuring a network containing a Virtual DMZ interface on page 332. 16.1.1 Configuring a network containing a Firewall, WAN Router and DMZ Router If you want to configure a network containing a Firewall, WAN Router and DMZ Router using the CLI, read the following sections: Firewall, WAN Router & DMZ Router network on page 334 Initial Firewall, WAN Router & DMZ Router configuration (CLI) on page 337 Security configuration (CLI) on page 345 NAT example configurations (CLI) on page 346 Firewall example configurations (CLI) on page 348 If you want to configure a network containing a Firewall, WAN Router and DMZ Router using EmWeb, read the following sections: Firewall, WAN Router & DMZ Router network on page 334 Initial Firewall, WAN Router & DMZ Router configuration (EmWeb) on page 353 Configuring the security interfaces (EmWeb) on page 359 Firewall example configurations (EmWeb) on page 378 NAT example configurations (EmWeb) on page 383 16.1.2 Configuring a network containing a Virtual DMZ interface If you want to configure a network containing a virtual DMZ interface using the CLI, read the following sections: Virtual DMZ interface network on page 340 Initial virtual DMZ interface network configuration (CLI) on page 342
332
Configuring security on the ISOS System
Security configuration (CLI) on page 345 NAT example configurations (CLI) on page 346 Firewall example configurations (CLI) on page 348
To configure a network containing a virtual DMZ interface using EmWeb, read the following sections: Virtual DMZ interface network on page 340 Initial virtual DMZ interface configuration (EmWeb) on page 372 Configuring the security interfaces (EmWeb) on page 375 Firewall example configurations (EmWeb) on page 378 NAT example configurations (EmWeb) on page 383 16.1.3 Further information Note - If you are configuring Security using the CLI, you must understand how to use the CLI interface. For more information, refer to Using the CLI on page 141. Note - If you are configuring Security using EmWeb, you must understand how to use the EmWeb interface. For more information, refer to Using the EmWeb server on page 157. For troubleshooting information and useful tips on trying to solve any configuration problems refer to Troubleshooting network configurations on page 421. For more information about the commands you can use to obtain more information about the network that has been setup, refer to Obtaining and changing system setup information on page 387. For more information about the syntax of the commands used in this chapter, refer to the appropriate chapters in the ISOS 8.2 CLI Reference Manual, DO-009430-PS. For more information about Security, refer to the ISOS Security (NAT and Firewall) Functional Specification, DO-008557-PS.
333
Firewall, WAN Router & DMZ Router network
16.2

The following network setup can be used to demonstrate many of the features of the Firewall:
PC A ISOS System (Firewall)
10.1.1.2 Ethernet ATM1
PC B ISOS System (WAN Router)

192.168.100.2 Ethernet
192.168.101.1 10.1.1.1 172.16.2.1
192.168.101.2 192.168.100.1
ATM2
LAN
WAN
172.16.2.2
ISOS System (DMZ Router)

172.16.1.1 Ethernet DMZ
PC C
172.16.1.2
Figure 76 16.2.1
Firewall network configuration setup
Configuration information PC configuration The following table shows the configuration of the PCs included in the network:
PC
A B C
IP address
10.1.1.2 192.168.100.2 172.16.1.2
Netmask
255.255.255.0 255.255.255.0 255.255.255.0
Gateway
10.1.1.1 192.168.100.1 172.16.1.1
334
ISOS System (WAN Router) configuration

ISOS Switch Router Interface Ethernet Ethernet USB
Type WAN LAN DMZ
IP address 192.168.100.1 10.1.1.1 172.16.1.1
Netmask 255.255.255.0 255.255.255.0 255.255.255.0
The following table shows the configuration of the ISOS System (WAN Router) included in the network:
ISOS System (WAN Router)
ATM interface ETH interface Default route
IP address
192.168.101.2 192.168.100.1 0.0.0.0
Netmask
255.255.255.0 255.255.255.0 0.0.0.0
Gateway
192.168.101.1
ISOS System (DMZ Router) configuration The following table shows the configuration of the ISOS System (DMZ Router) included in the network:
ISOS System (DMZ Router)
IP address
172.16.2.2 172.16.1.1 0.0.0.0
Netmask
255.255.255.0 255.255.255.0 0.0.0.0
Gateway
172.16.2.1
335
ISOS System (Firewall) configuration The following table shows the configuration of the ISOS System (Firewall) included in the Demo network:
ISOS System (Firewall)
ETH interface ATM1 (WAN) interface ATM2 (DMZ) interface
IP address
10.1.1.1 192.168.101.1 172.16.2.1
Netmask
255.255.255.0 255.255.255.0 255.255.255.0
ISOS Software images For ISOS System (WAN Router) and (DMZ Router) you can use images built from the eth-gateway system file with no changes. For the ISOS System (Firewall), use the eth-gateway image. (By default, this system file includes Firewall support.) Before building this image, you need to define a second ATM port as two ATM connections are required to connect to the WAN and DMZ areas. Note - For BD6000 Series systems ATM port 0 is the port on the right (furthest away from the power connector) or nearest the power connector if using BD6221. It is enabled as port a1. To enable the second ATM port as port a2, follow the procedure below:
1
Edit the file:

atmos/source/hardware/<platform>
where platform is the hardware file appropriate for the ISOS system that you are using. For example, for a BD6100 system the file to change is atmos/source/hardware/bd6100.hw. (For a full list of the appropriate hardware files for all ISOS systems, refer to Hardware type on page 67.)
a b
Add the following line to this file:

config.h IDT_PHY_2_BASE 0xCFF00000
Change the line in this file from:

port : ciao = ciao
to (all on one line):

port : ciao = ciao/UtopiaLevel1Address=2/UtopiaTxMode=2/UtopiaRxM ode=2
336
Ensure that the hardware BUN configuration file for the ISOS system you are using has defined a second ATM port. For example, if you are using a BD6100 system the hardware BUN configuration file is atmos/source/hardware/initbun/bd6100. Check that this line contains the following port definition:
port : a2 = atm/PhysicalPort=2/PortSpeed=59111/NewAttribute=<bool:V MI=true>/NewAttribute=<bool:outside=true>
The second port should now be enabled when you build a new eth-gateway image. Note - For BD6000 Series systems. This second port uses the chip's glueless interface for connection to the Utopia Level 1 ATM25 phy. This glueless interface for Utopia level 1 devices is restricted to ports a2 to a31. These interfaces have a buffer FIFO depth of 1. Users of the glueless connection to Utopia level 1 devices faster than ATM25 should note that this method is not suitable for them, since restricting the FIFO depth to 1 has an unacceptable performance hit on fast ports. If you are in this position, please contact your GlobespanVirata support representative to discuss your options. You can now configure your security network: If you want to configure the network using the CLI, see Initial Firewall, WAN Router & DMZ Router configuration (CLI) on page 337. If you want to configure the network using EmWeb, see Initial Firewall, WAN Router & DMZ Router configuration (EmWeb) on page 353.
16.3
Initial Firewall, WAN Router & DMZ Router configuration (CLI)

This section contains instructions on configuring the ISOS Systems using the CLI:
1 2
To configure the ISOS System (WAN and DMZ routers ). See Configure the Routers using the CLI on page 338. To configure the ISOS System (Firewall). See Configure the ISOS System (Firewall) using the CLI on page 339.
337
Initial Firewall, WAN Router & DMZ Router configuration (CLI)
Configure the Routers using the CLI The following configuration table shows the example settings used to configure the ISOS Systems as Ethernet/IPoA routers:
ISOS System (Routers)
Ethernet ATM
Transport name
eth1 ipoa1
Interface name
ip1 ip2
The same transport and interface names are used for both routers. To configure your routers, follow the instructions below: For ISOS System (WAN Router):
1
Clear any existing IP interfaces, routes and transports by typing the following commands: ip clear interfaces ip clear routes transports clear Add an Ethernet and an IPoA transport: ethernet add transport eth1 ethernet ip add interface ip1 192.168.100.1 255.255.255.0 ip attach ip1 eth1 ipoa add transport ipoa1 pvc a1 0 100 ip add interface ip2 192.168.101.2 255.255.255.0 ip attach ip2 ipoa1 ipoa transport ipoa1 set pvc 1 pcr 50000 Add a default route, with ISOS System (Firewall) as the gateway: ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.101.1
For ISOS System (DMZ Router):
338
Enter the following commands: ip clear interfaces ip clear routes transports clear ethernet add transport eth1 ethernet ip add interface ip1 172.16.1.1 255.255.255.0 ip attach ip1 eth1 ipoa add transport ipoa1 pvc a1 0 100 ip add interface ip2 172.16.2.2 255.255.255.0 ip attach ip2 ipoa1 ipoa transport ipoa1 set pvc 1 pcr 50000 Add a default route, with ISOS System (Firewall) as the gateway: ip add route default 0.0.0.0 0.0.0.0 gateway 172.16.2.1
For more information about the commands used in this section and further explanation of the configuration steps followed, refer to the full example of this type of configuration in Ethernet - IPoA routed on page 246. Configure the ISOS System (Firewall) using the CLI To configure all the interfaces and routes used by the ISOS System (Firewall) enter the following commands, using the information in the table below:
Ethernet ATM1 ATM2
Transport
eth0 ipoa1 ipoa2
Interface
lan wan dmz
Clear any existing IP interfaces, routes and Ethernet and IPoA transports by typing the following commands: ip clear interfaces ip clear routes ethernet clear transports ipoa clear transports
339
Virtual DMZ interface network
Configure the LAN interface using the following commands: ethernet add transport eth0 ethernet ip add interface lan 10.1.1.1 255.255.255.0 ip attach lan eth0 Configure the DMZ interface using the following commands: ipoa add transport ipoa2 pvc a2 0 100 ip add interface dmz 172.16.2.1 255.255.255.0 ip attach dmz ipoa2 Configure the WAN interface using the following commands: ipoa add transport ipoa1 pvc a1 0 100 ip add interface wan 192.168.101.1 255.255.255.0 ip attach wan ipoa1 Add a route to the DMZ network behind the DMZ router: ip add route ToDMZ 172.16.1.0 255.255.255.0 gateway 172.16.2.2 Add a default route to the WAN network (i.e. 192.168.101.2): ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.101.2
At this point the network can now be configured for various types of security configurations. See Security configuration (CLI) on page 345.
16.4
Virtual DMZ interface network

This section describes how to create a security network where the internal Firewall supports both the LAN and DMZ interfaces - you do not need a separate DMZ Router. In this configuration, the Internal (LAN) and External (WAN) interfaces are defined as before, but the DMZ interface is defined as a virtual interface.
340
Consider the following network:

PC A ISOS System (Firewall)
10.1.1.2 Ethernet HUB <Virtual DMZ> 172.16.1.2 10.1.1.1 <172.16.1.1> LAN WAN ATM1
PC B ISOS System (WAN Router)

192.168.100.2 Ethernet
192.168.101.1
192.168.101.2 192.168.100.1
PC C
Figure 77
Firewall virtual DMZ network configuration setup
The DMZ virtual interface appears as a separate internal interface. DMZ traffic is transported between PC C and the Firewall via the Ethernet transport attached to the LAN interface. 16.4.1 Configuration information PC configuration The following table shows the configuration of the PCs included in the network:
PC
A B C
IP address
10.1.1.2 192.168.100.2 172.16.1.2
Netmask
255.255.255.0 255.255.255.0 255.255.255.0
Gateway
10.1.1.1 192.168.100.1 172.16.1.1
341
Initial virtual DMZ interface network configuration (CLI)
ISOS System (WAN Router) configuration The following table shows the configuration of the ISOS System (WAN Router) included in the network:
ISOS System (WAN Router)
IP address
192.168.101.2 192.168.100.1 0.0.0.0
Netmask
255.255.255.0 255.255.255.0 0.0.0.0
Gateway
192.168.101.1
ISOS System (Firewall) configuration The following table shows the configuration of the ISOS System (Firewall) included in the Demo network:
ETH interface ATM1 (WAN) interface virtual interface
IP address
10.1.1.1 192.168.101.1 172.16.1.1
Netmask
255.255.255.0 255.255.255.0 255.255.255.0
ISOS Software images For ISOS System (WAN Router) use the eth-gateway image. For the ISOS System (Firewall), use the eth-gateway image. (By default, this system file includes Firewall support.) You can now configure your security network: If you want to configure the network using the CLI, see Initial virtual DMZ interface network configuration (CLI) on page 361. If you want to configure the network using EmWeb, see Initial Firewall, WAN Router & DMZ Router configuration (EmWeb) on page 353.
16.5

This section contains instructions on configuring the ISOS Systems using the CLI. To configure the ISOS Systems, follow the steps below:
342
1 2
Configure the ISOS System (WAN router). See Configure the WAN Router using the CLI on page 343. Configure the ISOS System (Firewall). See Configure the ISOS System (Firewall) using the CLI on page 343.
Configure the WAN Router using the CLI To configure the WAN Router, follow the instructions below:
1
Clear any existing IP interfaces, routes and transports by typing the following command: ip clear interfaces ip clear routes transports clear Add an Ethernet and an IPoA transport: ethernet add transport eth1 ethernet ip add interface ip1 192.168.100.1 255.255.255.0 ip attach ip1 eth1 ipoa add transport ipoa1 pvc a1 0 100 ip add interface ip2 192.168.101.2 255.255.255.0 ip attach ip2 ipoa1 ipoa transport ipoa1 set pvc 1 pcr 50000 Add a default route, with ISOS System (Firewall) as the gateway: ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.101.1
For more information about the commands used in this section and further explanation of the configuration steps followed, refer to the full example of this type of configuration in Ethernet - IPoA routed on page 246. Configure the ISOS System (Firewall) using the CLI To configure the interfaces and routes used by the ISOS System (Firewall) enter the following commands:
343
Clear any existing IP interfaces, routes and Ethernet and IPoA transports by typing the following commands: ip clear interfaces ip clear routes ethernet clear transports ipoa clear transports Configure the LAN interface using the following commands: ethernet add transport eth0 ethernet ip add interface lan 10.1.1.1 255.255.255.0 ip attach lan eth0 Configure the virtual DMZ interface using the following commands: ip add interface dmz 172.16.1.1 ip attachvirtual dmz lan The virtual interface dmz is attached to the real LAN interface. The LAN interface (lan) has already been attached to an ethernet transport (eth0). The dmz interface uses the eth0 transport to transfer data. Configure the WAN interface using the following commands: ipoa add transport ipoa1 pvc a1 0 100 ip add interface wan 192.168.101.1 255.255.255.0 ip attach wan ipoa1 Add a default route to the WAN network (i.e., 192.168.101.2): ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.101.2
344
Check that the IP interfaces are configured correctly by entering the following command: ip list interfaces
ID | Name | IP Address | DHCP | Transport
----|----------|-----------------|----------|------------1 | lan 2 | dmz 3 | wan | 10.1.1.1 | 172.16.1.1 | 192.168.101.1 | disabled | eth0 | disabled | [lan] | disabled | ipoa1
----------------------------------------------------------
Notice that the DMZ transport is displayed as [lan]. This shows that the DMZ is attached to the real LAN interface. At this point the network can now be configured for various types of security configurations. See Security configuration (CLI) on page 345.
16.6
Security configuration (CLI)

This section contains instructions on configuring Security using the CLI. You need to:
1 2
Configure the security interfaces on the ISOS System (Firewall). See Configuring the Security interfaces using the CLI on page 345. Start security on the ISOS System (Firewall). See Starting Security using the CLI on page 346.
At this point the network can now be configured for various types of security configurations. The above steps are described in the following sections. 16.6.1 Configuring the Security interfaces using the CLI With all interfaces and routes setup, we can now begin to configure the security interfaces: security add interface lan internal security add interface wan external security add interface dmz dmz
345
NAT example configurations (CLI)
To check that the interfaces have been added, enter: security list interfaces The following output is displayed:
Security Interfaces: ID | Name | Type
---------------------------1 | dmz 2 | wan 3 | lan | dmz | external | internal
----------------------------
16.6.2
Starting Security using the CLI To start Security enter the following command: security enable To check that this has been enabled, enter: security status The following output is displayed:
Security enabled. Firewall disabled. Firewall security level: none. Firewall session logging enabled. Firewall blocking logging enabled. Firewall intrusion logging disabled. NAT disabled
Now you can configure NAT and/or the Firewall. To configure NAT, see NAT example configurations (CLI) on page 346. To configure the Firewall, see Firewall example configurations (CLI) on page 348.
16.7

This section contains instructions on configuring NAT using the CLI.
346
The examples in this section assume that you have followed all the steps in Security configuration (CLI) on page 345. 16.7.1 Enabling NAT (CLI) To enable NAT between the internal (LAN) and external (WAN) Security interfaces, enter the following command: nat enable n1 wan internal This configures NAT to translate addresses from the internal security interface to the wan security interface. To demonstrate the effect of this configuration, execute a ping command from PC A to PC B. If you have access to a packet sniffer, attach this to the WAN side of the network and you can see that the IP address of PC A has changed - been translated by NAT - from 10.1.1.2 to 192.168.101.1. If you ping PC C to PC B, this too will be translated by NAT from 172.16.1.2 to 192.168.101.1 Compare this to the example ping output between PC A to PC B in Firewall portfilters (CLI) on page 350. 16.7.2 Global address pools and reserved map (CLI) This section describes how to create two global address pools on your WAN interface, then use the global addresses to create reserved mappings. The reserved mappings allow NAT to translate packets between the WAN interface and each of the two different inside interfaces (LAN and DMZ). Firstly, create secondary addresses for the addresses that will be added to the global address pool: ip interface wan add secondaryipaddress 100.100.100.100 255.255.255.0 ip add interface wan add secondaryipaddress 100.100.100.101 255.255.255.0 To create two global pools on the WAN interface for each of the inside interfaces (internal and DMZ) enter: nat add globalpool g1 wan internal 100.100.100.100 endaddress 100.100.100.100
347
Firewall example configurations (CLI)
nat add globalpool g2 wan dmz 100.100.100.101 endaddress 100.100.100.101 If you have followed the instructions in Enabling NAT (CLI) on page 365, NAT will already be enabled between the internal and WAN interfaces and between the DMZ and WAN interfaces. To create reserved mappings between the WAN virtual interfaces and the internal PCs IP addresses (internal = 10.1.1.2, DMZ = 172.16.1.2), enter the following commands: nat add resvmp r1 globalip wan 100.100.100.100 10.1.1.2 all nat add resvmp r2 globalip wan 100.100.100.101 172.16.1.2 all To demonstrate the effect of the above commands, execute the following ping commands: ping from PC B to IP address 100.100.100.100. PC A (IP address 10.1.1.2) will be seen to respond to this request. ping from PC B to IP address 100.100.100.101. PC C (IP address 172.16.1.2) will be seen to respond to this request.
16.8

This section contains instructions on configuring the Firewall using the CLI. 16.8.1 Enabling the Firewall To enable the Firewall, enter the following command: firewall enable At this point, the network is secure. All of the defined interfaces are protected; all traffic is blocked between different interface types. 16.8.2 Using a default Security level (CLI) The easiest way to configure the Firewall is by setting a default security level, using the command: firewall set securitylevel {none | high | medium | low | userdefined <slevel>}
348
The high, medium and low levels contain default policy and portfilter configurations for each of your network interface connections, so you do not need to set your own individual policies and portfilters. For more information about the configurations contained in each level, see the Firewall chapter of the ISOS 8.2 CLI Reference Manual: DO-009787-PS. 16.8.3 Creating Firewall policies You can create your own Firewall policies between the security interfaces: firewall add policy etoi external-internal blockonly-val firewall add policy etod external-dmz blockonly-val firewall add policy dtoi dmz-internal blockonly-val To check that the policies have been added, enter:
firewall list policies
The following output is displayed:

Firewall Policies:
ID |
Name
Type 1
Type 2
| Validator Allow Only
-----------------------------------------------------------------1 | dtoi 2 | etod 3 | etoi | dmz | external | external | internal | dmz | internal | false | false | false
------------------------------------------------------------------
If you do not want to set your own policies, and would rather use one of the default Security levels containing predefined policies and portfilters, see Using a default Security level (CLI) on page 348.
349
16.8.4
Firewall portfilters (CLI) These examples assume that you have not set a default Firewall level, but that you have followed all the steps in the previous Firewall sections. Portfilters are individual rules that determine what kind of traffic can pass between two particular interface types. You can add many portfilters to an existing firewall policy. Setting up an ICMP portfilter (CLI) For example, to allow pings between PC A (in the LAN) and PC B (in the WAN) enter the following command: firewall add portfilter ping etoi icmp both The above command adds a portfilter called ping to the firewall policy etoi. etoi is the policy name between the internal (LAN) and external (WAN) security interfaces. The portfilter ping allows the ICMP protocol to be used in both directions. To check that the portfilter has been setup correctly, enter: firewall list portfilters etoi
Firewall Port Filters:
ID |
Name
| Type | Port Range |
In
| Out
| Raw
| TCP
| UDP
-------------------------------------------------------------------1 | ping | 1 | 0 - 0 | true | true | true | false| false
--------------------------------------------------------------------
You can now check that pings are allowed between PC A and PC B: ping 192.168.100.2
PING 192.168.100.2 (192.168.100.2) from 10.1.1.2 : 56(84) bytes of data. 64 bytes from 192.168.100.2: icmp_seq=0 ttl=253 time=2.2 ms 64 bytes from 192.168.100.2: icmp_seq=1 ttl=253 time=2.0 ms 64 bytes from 192.168.100.2: icmp_seq=2 ttl=253 time=2.0 ms 64 bytes from 192.168.100.2: icmp_seq=3 ttl=253 time=1.9 ms 64 bytes from 192.168.100.2: icmp_seq=4 ttl=253 time=1.9 ms
--- 192.168.100.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
350
round-trip min/avg/max = 1.9/2.0/2.2 ms
16.8.5
Firewall validators (CLI) This example assumes that you have followed all the steps in the previous section. Validators allow you to filter traffic based on the source and/or destination IP address and netmask. For example, if PC B was a suspicious host outside the network, you can create a validator that blocks traffic sent to PC A from PC Bs IP address and netmask. The policy etoi is already set to block only the IP address featured in the following validator command: firewall add validator pcb etoi inbound 192.168.100.2 255.255.255.255 This adds a validator called pcb to the firewall policy etoi. etoi is the policy name between the internal (LAN) and external (WAN) security interfaces. The validator pcb only blocks inbound traffic (data sent from PC B to PC A). It does not block outbound traffic, so PC A can still send data to PC B. To block outbound traffic to PC B, delete the existing inbound validator (using the firewall delete validator command) and enter the firewall add validator outbound command. To block inbound and outbound traffic, delete the inbound validator then enter the firewall add validator both command. To check which validators are set on an existing policy, enter the following command:
firewall list validators etoi
Firewall Host Validators: ID | Name | Direction | Host IP | Mask
------------------------------------------------------------1 | pcb | inbound | 192.168.100.2 | 255.255.255.255
-------------------------------------------------------------
16.8.6
Security triggers (CLI) This example assumes that you have followed all the steps in the previous section. Security triggers are used to allow an application to open a secondary port in order to transport data.
351
To setup a trigger on the Firewall to allow Netmeeting (H323) from PC A to PC B, but not from PC B to PC A, enter the following commands: Create an outbound-only portfilter (called h323) for Netmeeting and add it to the etoi policy: firewall add portfilter h323 etoi tcp 1720 1720 outbound Note - If you are using Internet Locator Service (ILS), you also need to create a portfilter for Lightweight Directory Access Protocol (LDAP). LDAP uses TCP port 389. To verify that the portfilter has been added, enter: firewall list portfilters etoi
ID |
Name
| Type |
Port Range
In
| Out
| Raw
| TCP
| UDP
-----------------------------------------------------------------------1 | h323 2 | ping | | 6 1 | 1720 - 1720 | 0 - 0 |false |true |true |true |false |true |true |false
|false |false
------------------------------------------------------------------------
To enable the netmeeting (H323) data channel you need to add a trigger using the command: security add trigger h323-trigger netmeeting To verify that the trigger has been added, enter: security list triggers
Security Triggers: ID | Name | Type | Port Range | Interval
---------------------------------------------------1 | h323-trigger | tcp | 1720 - 1720 | 30000
----------------------------------------------------
This adds a trigger called h323-trigger to allow Netmeeting to pass data through the Firewall. You should now be able to use netmeeting commands to pass data between PC A and PC B.
352
16.8.7
Firewall dmz (CLI) This example assumes that you have followed all the steps in the previous section. To allow HTTP traffic to pass from PC B (WAN) to PC A via the Firewalls DMZ interface, you need to create an inbound HTTP portfilter to the external-dmz policy (etod): Enter the command: firewall add portfilter http etod tcp 80 80 inbound To verify that the portfilter has been added to the etod policy, enter: firewall list portfilters etod The following information is displayed:
ID |
Name | Type |
Port Range
In
| Out
| Raw
| TCP
| UDP
-------------------------------------------------------------------1 | h323 | 6 | 80 - 80 |true |false |false |true |false
--------------------------------------------------------------------
You should now be able to send HTTP traffic from PC B to PC C, via the Firewalls DMZ interface.
16.9
Initial Firewall, WAN Router & DMZ Router configuration (EmWeb)

This section contains instructions on configuring the ISOS Systems using EmWeb for the network displayed in Firewall, WAN Router & DMZ Router network on page 334. To configure the ISOS Systems, follow the steps below:
1 2 3 4 5
Configure the ISOS System (WAN, LAN and DMZ routers ports). Configure the ISOS System (Firewall). Configure all the interfaces and routes on the ISOS System (Firewall). Configure the security interfaces on the ISOS System (Firewall). Start security and enable the Firewall on the ISOS System (Firewall).
353
At this point the network can be configured for various types of security configurations. The above steps are described in the following sections. 16.9.1 Configure the Routers (EmWeb) To configure your routers, follow the instructions below: For ISOS System (WAN Router):
1
Clear any existing IP interfaces, routes and transports:

a
From the Status page, click on the WAN Settings hyperlink or from the left-hand menu, click on Configuration>WAN connections. The WAN connections page is displayed. If there are any connections listed, click on the Delete hyperlink, then click on Delete this connection. Repeat until all WAN connections have been deleted. From the left-hand menu, click on Configuration>IP routes. If there are any routes listed, check the Delete? checkbox and click on Apply. Repeat until all IP routes have been deleted.
a
At the console, enter the following command: ip set interface iplan ipaddress 192.168.100.1 At the PC B web browser, enter the new IP address as the URL: http://192.168.100.1 The EmWeb Welcome page is displayed.
Add an IPoA device to the router configured to run over VCI 100 with a PCR of 50000:
a
354
Click on the IPoA routed radio button, then click on Configure. At the WAN connection: IPoA routed page, complete the following: Description: ipoa1 VPI: 0 VCI: 100 (click on the WAN IP address radio button) WAN IP address: 192.168.101.2 Click on Apply. The WAN connections page is displayed, containing details of the new IPoA transport. From the WAN connections table, Click on the IPoA Edit link. From the Edit Service page, click on Edit ATM Channel. Set the Peak Cell Rate text box to 50000. You do not need to change the other default settings. Click on Change. From the left-hand menu, click on Configuration>IP routes. Click on the Create new IP V4Route link. The Create IP V4Route page is displayed. In the Gateway text box, type 192.168.101.1. You do not need to change the other default settings. Click on OK.
Add a default route, with ISOS System (Firewall) as the gateway:

a b
For ISOS System (DMZ Router):

1

a
Add the Ethernet device to the router. By default, your Ethernet device is already attached to the router using a default LAN connection called iplan, IP address 192.168.1.1. The LAN IP
355
address must be on the same subnet as your PC IP address. For this configuration, you need to change the default LAN IP address to 172.16.1.1:
a b
At the console, enter the following command: ip set interface iplan ipaddress 172.16.1.1 At the PC C web browser, enter the new IP address as the URL: http://172.16.1.1 The EmWeb Welcome page is displayed.
a b
From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the IPoA routed radio button, then click on Configure. At the WAN connection: IPoA routed page, complete the following: Description: ipoa1 VPI: 0 VCI: 100 (click on the WAN IP address radio button) WAN IP address: 172.16.2.2 Click on Apply. The WAN connections page is displayed, containing details of the new IPoA transport. From the WAN connections table, Click on the IPoA Edit link. From the Edit Service page, click on Edit ATM Channel. Set the Peak Cell Rate text box to 50000. You do not need to change the other default settings. Click on Change. From the left-hand menu, click on Configuration>IP routes. Click on the Create new IP V4Route link. The Create IP V4Route page is displayed. In the Gateway text box, type 172.16.2.1. You do not need to change the other default settings. Click on OK.

a b
For more information about the commands used in this section and further explanation of the configuration steps followed, refer to the full example of this type of configuration in Ethernet - IPoA routed on page 246.
356
16.9.2
Configure the ISOS System (Firewall) (EmWeb) To configure the Firewall:

1
Clear any existing IP interfaces, routes and Ethernet and IPoA transports by following the instructions below:
a
Configure the LAN interface. By default, your Ethernet device is already attached to the router using a default LAN connection called iplan, IP address 192.168.1.1. For this configuration, you need to change the default LAN IP address to 10.1.1.1:
a b
At the console, enter the following command: ip set interface iplan ipaddress 10.1.1.1 At the PC A web browser, enter the new IP address as the URL: http://10.1.1.1 The EmWeb Welcome page is displayed. From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the IPoA routed radio button, then click on Configure. At the WAN connection: IPoA routed page, complete the following: Description: ipoa2 VPI: 0 VCI: 100 (click on the WAN IP address radio button) WAN IP address: 172.16.2.1
Configure the DMZ interface using the following instructions:

a b
357
c d
Click on Apply. The WAN connections page is displayed, containing details of the new IPoA transport. The default port setting for new ATM transports is port a1. You need to set ipoa2 to use the second ATM port (a2) - a1 is needed for the WAN interface. From the WAN connections table, click on the ipoa2 Edit link. At the WAN connection edit page, click on the Edit Atm Channel link. At the Port text box, type a2. Click on Change. From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the IPoA routed radio button, then click on Configure. At the WAN connection: IPoA routed page, complete the following: Description: ipoa1 VPI: 0 VCI: 100 (click on the WAN IP address radio button) WAN IP address: 192.168.101.1 Click on Apply. The WAN connections page is displayed, containing details of the new IPoA transport. From the left-hand menu, click on Configuration>IP routes. Click on the Create new IP V4Route link. The Create IP V4Route page is displayed. Type the following: Destination: 172.16.1.0 Gateway: 172.16.2.2 Netmask: 255.255.255.0 You do not need to change the Cost or Interface settings. Click on OK. From the left-hand menu, click on Configuration>IP routes. Click on the Create new IP V4Route link. The Create IP V4Route page is displayed. In the Gateway text box, type 192.168.101.2. You do not need to change the other default settings. Click on OK.
Configure the WAN interface using the following instructions:

a b
c 5
Add a route to the DMZ network behind the DMZ router:

a b
Add a default route to the WAN network (i.e. 192.168.101.2):

a b
358
16.10 Configuring the security interfaces (EmWeb)

With all interfaces and routes setup, we can now begin to configure the security interfaces:
1
From the left-hand menu, click on Configuration>Security. The Security Interface Configuration page is displayed:
From the Security Interfaces section, click on the Add Interface link. At the Add Interface page, configure the following security interface: Name: ipoa-1 Interface Type: external Click on Apply. The Security Interface Configuration page is displayed. The Security Interface section contains a table displaying the security interface that you have just created. Create two more security interfaces by repeating steps two and three, using the following configuration information: a Name: ipoa-0 Interface Type: dmz
359
Configuring the security interfaces (EmWeb)
Name: iplan Interface Type: internal
You can now add Firewall policies between the security interfaces:
1
Scroll down the to the Security Interface Configuration page to the Policies, Triggers and Intrusion Detection section. Click on Firewall Policy Configuration. The Firewall Policy Configuration page is displayed. Click on New Policy. The Firewall Add Policy page is displayed. Configure your first Firewall policy as follows: Between interface of types: external internal Validators will block traffic Click on Apply. The Firewall Policy Configuration page is displayed. The Current Firewall Policies table contains details of the policy that you have just created. Create two more policies by repeating steps two and three using the following configuration information: a Between interface of types: external dmz Validators will block traffic b Between interface of types: dmz internal Validators will block traffic
If you do not want to set your own policies, and would rather use one of the default Security levels containing predefined policies and portfilters, see Using a default Security level (EmWeb) on page 378. 16.10.1 Start Security and enable the Firewall (EmWeb) To start Security and enable the Firewall:
1 2 3
At the Security Interface Configuration page, click on the Security Enabled radio button. Click on Change State. The page is refreshed and Security is enabled. Click on the Firewall Enabled radio button. Click on Change State. The page is refreshed and the Firewall is enabled.
At this point the network is now secure. All the interfaces which have been defined are protected; all traffic is blocked between different interface types.
360
16.10.2 Start Security and enable the Firewall (EmWeb) To start Security and enable the Firewall:
1 2 3
At this point the network is now secure. All the interfaces which have been defined are protected; all traffic is blocked between different interface types. You can now configure the Firewall to allow certain types of data transfer to take place between the PCs on different networks. See Firewall example configurations (EmWeb) on page 378.
16.11 Initial virtual DMZ interface network configuration (CLI)

This section contains instructions on configuring the ISOS Systems using the CLI. To configure the ISOS Systems, follow the steps below:
1 2
Configure the ISOS System (WAN router). See Configure the WAN Router using the CLI on page 343. Configure the ISOS System (Firewall). See Configure the ISOS System (Firewall) using the CLI on page 343.
Configure the WAN Router using the CLI To configure the WAN Router, follow the instructions below:
1
Clear any existing IP interfaces, routes and transports by typing the following command: ip clear interfaces ip clear routes transports clear
361
Add an Ethernet and an IPoA transport: ethernet add transport eth1 ethernet ip add interface ip1 192.168.100.1 255.255.255.0 ip attach ip1 eth1 ipoa add transport ipoa1 pvc a1 0 100 ip add interface ip2 192.168.101.2 255.255.255.0 ip attach ip2 ipoa1 ipoa transport ipoa1 set pvc 1 pcr 50000 Add a default route, with ISOS System (Firewall) as the gateway: ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.101.1
For more information about the commands used in this section and further explanation of the configuration steps followed, refer to the full example of this type of configuration in Ethernet - IPoA routed on page 246. Configure the ISOS System (Firewall) using the CLI To configure the interfaces and routes used by the ISOS System (Firewall) enter the following commands:
1
Clear any existing IP interfaces, routes and Ethernet and IPoA transports by typing the following commands: ip clear interfaces ip clear routes ethernet clear transports ipoa clear transports Configure the LAN interface using the following commands: ethernet add transport eth0 ethernet ip add interface lan 10.1.1.1 255.255.255.0 ip attach lan eth0
362
Configure the virtual DMZ interface using the following commands: ip add interface dmz 172.16.1.1 ip attachvirtual dmz lan The virtual interface dmz_virtual is attached to the real LAN interface. The LAN interface (lan) has already been attached to an ethernet transport (eth0). The dmz_virtual interface uses the eth0 transport to transfer data. Configure the WAN interface using the following commands: ipoa add transport ipoa1 pvc a1 0 100 ip add interface wan 192.168.101.1 255.255.255.0 ip attach wan ipoa1 Add a default route to the WAN network (i.e., 192.168.101.2): ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.101.2
Check that the IP interfaces are configured correctly by entering the following command: ip list interfaces
ID | Name | IP Address | DHCP | Transport
----|----------|-----------------|----------|------------1 | lan 2 | dmz 3 | wan | 10.1.1.1 | 172.16.1.1 | 192.168.101.1 | disabled | eth0 | disabled | [lan] | disabled | ipoa1
----------------------------------------------------------
Notice that the DMZ transport is displayed as [lan]. This shows that the DMZ is attached to the real LAN interface. 16.11.1 Security Configuration (CLI) This section contains instructions on configuring Security using the CLI.
1
Configure the security interfaces on the ISOS System (Firewall). See Configuring security interfaces using the CLI on page 364.
363
Start security and enable the Firewall on the ISOS System (Firewall). See Starting Security and enabling the Firewall using the CLI on page 364.
At this point the network can now be configured for various types of security configurations. The above steps are described in the following sections. Configuring security interfaces using the CLI With all interfaces and routes setup, we can now begin to configure the security interfaces: security add interface lan internal security add interface wan external security add interface dmz dmz To check that the interfaces have been added, enter: security list interfaces The following output is displayed:
Security Interfaces: ID | Name | Type
---------------------------1 | lan 2 | wan 3 | dmz | internal | external | dmz
----------------------------
Starting Security and enabling the Firewall using the CLI To start Security and enable the Firewall, enter the following commands: security enable firewall enable To check that this has been enabled, enter: security status
364

Security enabled. Firewall enabled. Firewall security level: none. Firewall session logging enabled. Firewall blocking logging enabled. Firewall intrusion logging disabled. NAT disabled
16.12 NAT example configurations (CLI)

This section contains instructions on configuring NAT using the CLI. For details of how to carry out the same configurations using EmWeb, see NAT example configurations (EmWeb) on page 383. The examples in this section assume that you have followed all the steps in the previous sections. 16.12.1 Enabling NAT (CLI) To enable NAT between the internal (LAN) and external (WAN) interfaces of the Firewall, enter the following command: nat enable n1 wan internal This configures NAT to translate addresses from the internal security interface to the wan security interface. To enable NAT between the DMZ and WAN interfaces, enter the following command: nat enable n2 wan dmz To demonstrate the effect of this configuration, execute a ping command from PC A to PC B. If you have access to a packet sniffer, attach this to the WAN side of the network and you can see that the IP address of PC A has changed - been translated by NAT from 10.1.1.2 to 192.168.101.1. If you ping PC C to PC B, this too will be translated by NAT from 172.16.1.2 to 192.168.101.1. Compare this to the example ping output between PC A to PC B in Firewall portfilters (CLI) on page 368.
365
16.12.2 Global address pool and reserved map (CLI) This section describes how to create two global address pools on your WAN interface, then use the global addresses to create reserved mappings. The reserved mappings allow NAT to translate packets between the WAN interface and each of the two different inside interfaces (LAN and DMZ). Firstly, create secondary addresses for the addresses that will be added to the global address pool:
ip interface wan add secondaryipaddress 100.100.100.100 255.255.255.0 ip add interface wan add secondaryipaddress 100.100.100.101 255.255.255.0
To create two global pools on the WAN interface for each of the inside interfaces (internal and DMZ) enter:
nat add globalpool g1 wan internal 100.100.100.100 endaddress 100.100.100.100 nat add globalpool g2 wan dmz 100.100.100.101 endaddress 100.100.100.101
If you have followed the instructions in Enabling NAT (CLI) on page 365, NAT will already be enabled between the internal and WAN interfaces and between the DMZ and WAN interfaces. To create reserved mappings between the WAN virtual interfaces and the internal PCs IP addresses (internal = 10.1.1.2, DMZ = 172.16.1.2), enter the following commands:
nat add resvmp r1 interfacename virtual_lan 100.100.100.100 10.1.1.2 all nat add resvmp r2 interfacename virtual_dmz 100.100.200.200 172.16.1.2 all
To demonstrate the effect of the above commands, execute the following ping commands: ping from PC B to IP address 100.100.100.100. PC A (IP address 10.1.1.2) will be seen to respond to this request. ping from PC B to IP address 100.100.100.101. PC C (IP address 172.16.1.2) will be seen to respond to this request.
366
16.13 Firewall example configurations (CLI)

This section contains instructions on configuring the Firewall using the CLI. For details of how to carry out the same configurations using EmWeb, see Configure the ISOS System (Firewall) (EmWeb) on page 357. 16.13.1 Using a default Security level (CLI) The easiest way to configure the Firewall is by setting a default security level, using the command: firewall set securitylevel {none|high|medium|low|userdefined <slevel>} The high, medium and low levels contain default policy and portfilter configurations for each of your network interface connections, so you do not need to set your own individual policies and portfilters. For more information about the configurations contained in each level, see the Firewall chapter of the ISOS 8.2 CLI Reference Manual: DO-009787-PS. 16.13.2 Creating firewall policies You can create your own Firewall policies between the security interfaces: firewall add policy etoi external-internal blockonly-val firewall add policy etod external-dmz blockonly-val firewall add policy dtoi dmz-internal blockonly-val To check that the policies have been added, enter:
firewall list policies
367

Firewall Policies: ID | Name | Type 1 | Type 2 | Validator Allow Only
------------------------------------------------------------------1 | etoi 2 | etod 3 | dtoi | external | external | dmz | internal | dmz | internal | false | false | false
-------------------------------------------------------------------
If you do not want to set your own policies, and would rather use one of the default Security levels containing predefined policies and portfilters, see Using a default Security level (CLI) on page 367. At this point, the network is secure. All of the defined interfaces are protected; all traffic is blocked between different interface types. The next sections describe how to configure the Firewall to allow certain types of data transfer to take place between the PCs on different networks. 16.13.3 Firewall portfilters (CLI) These example assume that you have not set a default Firewall level, and that you have followed all the steps in the previous section, Initial virtual DMZ interface network configuration (CLI) on page 361. Portfilters are individual rules that determine what kind of traffic can pass between two particular interface types. You can add many portfilters to an existing firewall policy. Setting up an ICMP portfilter (CLI) For example, to allow pings between PC A (in the LAN) and PC B (in the WAN) enter the following command: firewall add portfilter ping etoi icmp both The above command adds a portfilter called ping to the firewall policy etoi. etoi is the policy name between the internal (LAN) and external (WAN) security interfaces. The portfilter ping allows the ICMP protocol to be used in both directions. To check that the portfilter has been setup correctly, enter:
368
firewall list portfilters etoi

ID |
Name
| Type | Port Range |
In
| Out
| Raw
| TCP
| UDP
-------------------------------------------------------------------1 | ping | 1 | 0 - 0 | true | true | true | false| false
--------------------------------------------------------------------
You can now check that pings are allowed between PC A and PC B: ip ping 192.168.100.2
--- 192.168.100.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 1.9/2.0/2.2 ms
16.13.4 Firewall validators (CLI) This example assumes that you have followed all the steps in the previous section. Validators allow you to filter traffic based on the source and/or destination IP address and netmask. For example, if PC B was a suspicious host outside the network, you can create a validator that blocks traffic sent to PC A from PC Bs IP address and netmask. The policy etoi is already set to block only the IP address featured in the following validator command:
firewall add validator pcb etoi inbound 192.168.100.2 255.255.255.255
This adds a validator called pcb to the firewall policy etoi. etoi is the policy name between the internal (LAN) and external (WAN) security interfaces.
369
The validator pcb only blocks inbound traffic sent from PC B to PC A via the Firewalls LAN interface. It does not block inbound traffic sent from PC B to PC A via the Firewalls DMZ interface. It also does not block outbound traffic, so PC A can still send data to PC B. To block outbound traffic to PC B, delete the existing inbound validator (using the firewall delete validator command) enter the firewall add validator outbound command. To block inbound and outbound traffic, delete the inbound validator then enter the firewall add validator both command. To check which validators are set on an existing policy, enter the following command:
firewall list validators etoi
Firewall Host Validators: ID | Name | Direction | Host IP | Mask
------------------------------------------------------------1 | pcb | inbound | 192.168.100.2 | 255.255.255.255
-------------------------------------------------------------
16.13.5 Security triggers (CLI) This example assumes that you have followed all the steps in the previous section. Security triggers are used to allow an application to open a secondary port in order to transport data. To setup a trigger on the Firewall to allow Netmeeting (H323) from PC A to PC B via the Firewalls LAN interface, but not from PC B to PC A, enter the following commands: Firstly, create an outbound-only portfilter (called h323) for Netmeeting and add it to the etoi policy: firewall add portfilter h323 etoi tcp 1720 1720 outbound
370
To verify that the portfilter has been added, enter: firewall list portfilters etoi
ID |
Name
| Type |
Port Range
In
| Out
| Raw
| TCP
| UDP
-----------------------------------------------------------------------1 | h323 2 | ping | | 6 1 | 1720 - 1720 | 0 - 0 |false |true |true |true |false |true |true |false
|false |false
------------------------------------------------------------------------
To enable the netmeeting (H323) data channel you need to add a trigger using the command: security add trigger h323-trigger netmeeting To verify that the trigger has been added, enter: security list triggers
Security Triggers: ID | Name | Type | Port Range | Interval
---------------------------------------------------1 | h323-trigger | tcp | 1720 - 1720 | 30000
----------------------------------------------------
This adds a trigger called h323-trigger to allow Netmeeting to pass data through the Firewall. You should now be able to use netmeeting commands to pass data between PC A and PC B via the Firewalls LAN interface. 16.13.6 Firewall dmz (CLI) This example assumes that you have followed all the steps in the previous section. To allow HTTP traffic to pass from PC B (WAN) to PC A via the Firewalls DMZ interface, you need to create an inbound HTTP portfilter to the external-dmz policy (etod): Enter the command: firewall add portfilter http etod tcp 80 80 inbound
371
Initial virtual DMZ interface configuration (EmWeb)
To verify that the portfilter has been added to the etod policy, enter: firewall list portfilters etod The following information is displayed:
ID |
Name | Type |
Port Range
In
| Out
| Raw
| TCP
| UDP
-------------------------------------------------------------------1 | h323 | 6 | 80 - 80 |true |false |false |true |false
--------------------------------------------------------------------
You should now be able to send HTTP traffic from PC B to PC C, via the Firewalls DMZ interface.
16.14 Initial virtual DMZ interface configuration (EmWeb)

This section contains instructions on using EmWeb to configure the network described in Virtual DMZ interface network on page 340. To configure this network, follow the steps below:
1 2 3 4 5
Configure the ISOS System (WAN and LAN router ports). Configure the ISOS System (Firewall). Configure all the interfaces and routes on the ISOS System (Firewall). Configure the security interfaces on the ISOS System (Firewall). Start security and enable the Firewall on the ISOS System (Firewall).
At this point the network can now be configured for various types of security configurations. The above steps are described in the following sections. 16.14.1 Configure the Routers (EmWeb) To configure your routers, follow the instructions below: For ISOS System (WAN Router):
1
372
a
At the console, enter the following command: ip set interface iplan ipaddress 192.168.100.1 At the PC B web browser, enter the new IP address as the URL: http://192.168.100.1 The EmWeb Welcome page is displayed.
a b
From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the IPoA routed radio button, then click on Configure. At the WAN connection: IPoA routed page, complete the following: Description: ipoa1 VPI: 0 VCI: 100 (click on the WAN IP address radio button) WAN IP address: 192.168.101.2 Click on Apply. The WAN connections page is displayed, containing details of the new IPoA transport.
373
From the WAN connections table, Click on the IPoA Edit link. From the Edit Service page, click on Edit ATM Channel. Set the Peak Cell Rate text box to 50000. You do not need to change the other default settings. Click on Change. From the left-hand menu, click on Configuration>IP routes. Click on the Create new IP V4Route link. The Create IP V4Route page is displayed. In the Gateway text box, type 192.168.101.1. You do not need to change the other default settings. Click on OK.

a b
16.14.2 Configure the ISOS System (Firewall) (EmWeb) To configure the Firewall:
1
Clear any existing IP interfaces, routes and Ethernet and IPoA transports by following the instructions below:
a
Configure the LAN interface. By default, your Ethernet device is already attached to the router using a default LAN connection called iplan, IP address 192.168.1.1. For this configuration, you need to change the default LAN IP address to 10.1.1.1:
a b
At the console, enter the following command: ip set interface iplan ipaddress 10.1.1.1 At the PC A web browser, enter the new IP address as the URL: http://10.1.1.1 The EmWeb Welcome page is displayed.
Configure the DMZ virtual interface as follows:
374
Click on the Create a new virtual interface... hyperlink at the bottom of the LAN connections page. On the Create virtual interface page, type the following: IP Address: 172.16.1.1 Netmask: 255.255.255.0 Click on the Apply button. The LAN connections page is displayed. The virtual interfaces section displays details of the DMZ virtual interface that you have created. The virtual interface is called item0 by default. From the left-hand menu, click on Configuration>WAN connections. Click on Create a new service. Click on the IPoA routed radio button, then click on Configure. At the WAN connection: IPoA routed page, complete the following: Description: ipoa1 VPI: 0 VCI: 100 (click on the WAN IP address radio button) WAN IP address: 192.168.101.1 Click on Apply. The WAN connections page is displayed, containing details of the new IPoA transport. From the left-hand menu, click on Configuration>IP routes. Click on the Create new IP V4Route link. The Create IP V4Route page is displayed. In the Gateway text box, type 192.168.101.2. You do not need to change the other default settings. Click on OK.
Configure the WAN interface using the following instructions:

a b
c 5
Add a default route to the WAN network (i.e. 192.168.101.2):

a b
16.14.3 Configuring the security interfaces (EmWeb) With all interfaces and routes setup, we can now begin to configure the security interfaces:
1
From the left-hand menu, click on Configuration>Security. The Security Interface Configuration page is displayed:
375
From the Security Interfaces section, click on the Add Interface link. At the Add Interface page, configure the following security interface: Name: ipoa-1 Interface Type: external Click on Apply. The Security Interface Configuration page is displayed. The Security Interface section contains a table displaying the security interface that you have just created. Create two more security interfaces by repeating steps two and three, using the following configuration information: a Name: item0 Interface Type: dmz b Name: iplan Interface Type: internal
376
You can now add Firewall policies between the security interfaces:
1
Scroll down the to the Security Interface Configuration page to the Policies, Triggers and Intrusion Detection section. Click on Firewall Policy Configuration. The Firewall Policy Configuration page is displayed. Click on New Policy. The Firewall Add Policy page is displayed. Configure your first Firewall policy as follows: Between interface of types: external internal Validators will block traffic Click on Apply. The Firewall Policy Configuration page is displayed. The Current Firewall Policies table contains details of the policy that you have just created. Create two more policies by repeating steps two and three using the following configuration information: a Between interface of types: external dmz Validators will block traffic b Between interface of types: dmz internal Validators will block traffic
If you do not want to set your own policies, and would rather use one of the default Security levels containing predefined policies and portfilters, see Using a default Security level (EmWeb) on page 378. 16.14.4 Start Security and enable the Firewall (EmWeb) To start Security and enable the Firewall:
1 2 3
At this point the network is now secure. All the interfaces which have been defined are protected; all traffic is blocked between different interface types.
377
Firewall example configurations (EmWeb)
You can now configure the Firewall to allow certain types of data transfer to take place between the PCs on different networks. See Firewall example configurations (EmWeb) on page 378.
16.15 Firewall example configurations (EmWeb)

This section contains instructions on configuring the Firewall using EmWeb. For details of how to carry out the same configurations using the CLI, see Firewall example configurations (CLI) on page 348. 16.15.1 Using a default Security level (EmWeb) The easiest way to configure the Firewall is by setting a default security level:
1
At the Security Level section of the Security Interface Configuration page, click on the drop-down list and select the level that you want to set; none, high, medium or low. Click on the Change Level button.
The high, medium and low levels contain default policy and portfilter configurations for each of your network interface connections, so you do not need to set your own individual policies and portfilters. To see the policies and portfilters set by the default level, from the Security Interface Configuration page, click on Firewall Policy Configuration>Port Filters. For more information about the configurations contained in each level, see the Firewall chapter of the ISOS 8.2 CLI Reference Manual: DO-009787-PS. 16.15.2 Firewall portfilters (EmWeb) These example assume that you have not set a default Firewall level, and that you have followed all the steps in the previous section, Initial Firewall, WAN Router & DMZ Router configuration (EmWeb) on page 353. Portfilters are individual rules that determine what kind of traffic can pass between two particular interface types. You can add many portfilters to an existing firewall policy.
378
Setting up an ICMP portfilter (EmWeb) For example, to allow pings between PC A (in the LAN) and PC B (in the WAN) you need to add an ICMP portfilter to the external-internal policy:
1
At the Security Interface Configuration page, click on Firewall Policy Configuration. The Firewall Policy Configuration page is displayed. At the Current Firewall Policies table, click on the Port Filters link that corresponds to the external - internal policy. The Firewall Port Filters: external-internal page is displayed. Click on Add Raw IP Filter. Configure the table by typing the following information about the ICMP portfilter: Transport Type: 1 Direction Inbound: Allow Direction Outbound: Allow Click on Apply. The Firewall Port Filters: external-internal page is displayed, containing details of the portfilter that you have just created.
For details of protocol transport types and ports, see the Assigned Numbers RFC 1700 at http://www.faqs.org/rfcs/rfc1700.html. You can now check that pings are allowed between PC A and PC B, by entering the following at PC A: ping 192.168.100.2
--- 192.168.100.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 1.9/2.0/2.2 ms
16.15.3 Firewall validators (EmWeb) This example assumes that you have followed all of the steps in the previous section.
379
Validators allow you to filter traffic based on the source and/or destination IP address and netmask. For example, if PC B was a suspicious host outside the network, you can create a validator that blocks traffic sent to PC A from PC Bs IP address and netmask. The policy external-internal is already set to block only the IP address featured in the following validator:
1
At the Firewall Policy Configuration page, click on the Host Validators link that corresponds to the external - internal policy. The Configure Validators: external-internal page is displayed. Click on Add Host Validator. The Firewall Add Host Validator page is displayed. Configure the validator by typing the following information: Host IP Address: 192.168.100.2 Host Subnet Mask: 255.255.255.255 Direction: inbound Click on Apply. The Configure Validators page is displayed, containing details of the host validator that you have just created.
This adds a validator to the firewall policy between the internal (LAN) and external (WAN) security interfaces. The validator only blocks inbound traffic (data sent from PC B to PC A). It does not block outbound traffic, so PC A can still send data to PC B. To block outbound traffic to PC B, delete the existing inbound validator (by clicking on Delete Host Validator at the Configure Validators page) and repeat steps two and three, replacing: Direction: inbound with: Direction: outbound To block inbound and outbound traffic, delete the inbound validator then repeat steps two and three replacing: Direction: inbound with: Direction: both
380
16.15.4 Security triggers (EmWeb) This example assumes that you have followed all the steps in the previous section. Security triggers are used to allow an application to open a secondary port in order to transport data. To setup a trigger on the Firewall to allow Netmeeting (H323) from PC A to PC B, but not from PC B to PC A: Firstly, create an outbound-only portfilter for Netmeeting and add it to the external - internal policy:
1
From the left-hand menu click on Configuration>Security to display the Security Interface Configuration page. From the Policies, Triggers and Intrusion Detection section, click on Firewall Policy Configuration. The Firewall Policy Configuration page is displayed. At the Current Firewall Policies table, click on the Port Filters link that corresponds to the external - internal policy. The Firewall Port Filters: external-internal page is displayed. Click on Add TCP Filter. Configure the table by typing the following information about the Netmeeting portfilter: Port Range Start: 1720 Port Range End: 1720 Direction Inbound: Block Direction Outbound: Allow Click on Apply. The Firewall Port Filters: external-internal page is displayed, containing details of the portfilter that you have just created.
For details of protocol transport types and ports, see the Assigned Numbers RFC 1700 at http://www.faqs.org/rfcs/rfc1700.html. To enable the Netmeeting data channel you need to add a trigger:
1
From the left-hand menu click on Configuration>Security to display the Security Interface Configuration page. From the Policies, Triggers and Intrusion Detection section, click on Firewall Trigger Configuration. The Firewall Trigger Configuration page is displayed.
381
Click on New Trigger. At the Firewall Add Trigger page, configure the table by typing the following information: Transport Type: tcp Port Number Start: 1720 Port Number End: 1720 Allow Multiple Hosts: Block Max Activity Interval: 3000 Enable Session Chaining: Block Enable UDP Session Chaining: Block Binary Address Replacement: Block Address Translation Type: none
This adds a trigger called tcp-trigger to allow Netmeeting (H323) to pass data through the Firewall. You should now be able to use netmeeting commands to pass data between PC A and PC B. 16.15.5 Firewall dmz (EmWeb) This example assumes that you have followed all the steps in the previous section. To enable HTTP from PC B (WAN) to PC C (DMZ) you need to create an inbound HTTP portfilter to the external-dmz policy (etod):
1
From the left-hand menu click on Configuration>Security to display the Security Interface Configuration page. From the Policies, Triggers and Intrusion Detection section, click on Firewall Policy Configuration. The Firewall Policy Configuration page is displayed. At the Current Firewall Policies table, click on the Port Filters link that corresponds to the external - dmz policy. The Firewall Port Filters: external-dmz page is displayed. Click on Add TCP Filter. Configure the table by typing the following information about the Netmeeting portfilter: Port Range Start: 80 Port Range End: 80 Direction Inbound: Allow Direction Outbound: Block Click on Apply. The Firewall Port Filters: external-dmz page is displayed, containing details of the portfilter that you have just created.
382
You should now be able to send HTTP data from PC B to PC C. You should not be able to send data from PC C to PC B.
16.16 NAT example configurations (EmWeb)

This section contains instructions on configuring NAT using EmWeb. For details of how to carry out the same configurations using the CLI, see NAT example configurations (CLI) on page 346. The examples in this section assume that you have followed all the steps in the previous sections to configure security and enable the Firewall. 16.16.1 Enabling NAT (EmWeb) To enable NAT between the internal (LAN) and external (WAN) interfaces of the Firewall:
1 2
From the left-hand menu, click on Configuration>Security. The Security Interface Configuration page is displayed. At the Security Interfaces section, click on the Enable NAT to internal interfaces button that corresponds to the ipoa-1 - external interface connection. The page is refreshed and NAT is configured to translate addresses from the internal security interface to the wan security interface.
To demonstrate the effect of this configuration, execute a ping command from PC A to PC B. If you have access to a packet sniffer, attach this to the WAN side of the network and you can see that the IP address of PC A has changed - been translated by NAT - from 10.1.1.2 to 192.168.101.1. Compare this to the example ping output between PC A to PC B in Firewall portfilters (CLI) on page 350. 16.16.2 Global address pool and reserved map (EmWeb) This section describes how to create two global address pools on your WAN interface, then use the global addresses to create reserved mappings. The reserved mappings allow NAT to translate packets between the WAN interface and each of the two different inside interfaces (LAN and DMZ).
383
NAT example configurations (EmWeb)
If you have followed the instructions in Enabling NAT (EmWeb) on page 383, NAT will already be enabled between the internal and WAN interfaces. To enable NAT between the DMZ and WAN interfaces:
1 2
From the left-hand menu, click on Configuration>Security. The Security Interface Configuration page is displayed. At the Security Interfaces section, click on the Enable NAT to DMZ interfaces button that corresponds to the ipoa-1 - external interface connection. The page is refreshed and NAT is configured to translate addresses from the dmz security interface to the wan security interface. At the Security Interface Configuration page scroll down to the Security Interfaces section. Click on the Advanced NAT Configuration link that corresponds to the ipoa-1 - external interface connection. The Advanced NAT Configuration page is displayed. Click on the Add Global Address Pool link. Configure the global address pool by entering the following information: Interface type: internal Use Subnet Configuration: Use IP Address Range IP Address: 100.100.100.100 Subnet Mask/IP Address 2: 100.100.100.100 Click on the Add Global Address Pool button. The Advanced NAT Configuration: ipoa-1 page is displayed, containing details of the global address pool that you have just created. Repeat steps two and three. At step two, change the following configuration: Interface type: dmz Use Subnet Configuration: Use IP Address Range IP Address: 100.100.100.101 Subnet Mask/IP Address 2: 100.100.100.101
Now you can create the global address pools:

1
To create reserved mappings between the global IP addresses and the internal PCs IP addresses (internal = 10.1.1.2, DMZ = 172.16.1.2):
384
From the Advanced NAT Configuration page: ipoa-1, click on the Add Reserved Mapping link. At the Add Reserved Mapping table, enter the following configuration information: Global IP Address: 100.100.100.100 Internal IP Address: 10.1.1.2 Transport Type: all Port Number: 0 Click on the Add Reserved Mapping button. The Advanced NAT Configuration: ipoa-1 page is displayed, containing details of the reserved mapping that you have just created. Repeat steps one and two. At step one, use the following configuration: Global IP address: 100.100.100.101 Internal IP Address: 172.16.1.2 Transport Type: all Port Number: 0
To demonstrate the effect of the above commands, execute the following ping commands: ping from PC B to IP address 100.100.100.100. PC A (IP address 10.1.1.2) will be seen to respond to this request. ping from PC B to IP address 100.100.100.101. PC A (IP address 172.16.1.2) will be seen to respond to this request. Note: You will need to set up a portfilter to allow ICMP traffic to pass between PC B and PC C. See Firewall portfilters (EmWeb) on page 378.
385
NAT example configurations (EmWeb)
386
17.Obtaining and changing system setup information
This chapter provides information about how to obtain and change various system and setup information about the ISOS System.
387
Introduction
17.1
Introduction
This chapter describes how to obtain and change various system and setup information about a ISOS System and the software that is used with it: Obtaining information about images and configuration files; see Image validation and verification on page 388. Obtaining version information for all installed ISOS software packages; see Obtaining software package version information on page 391. Obtaining and changing system information such as network addresses, module information; see Obtaining system information on page 393. Analyzing system setup; Setup analysis on page 396. Obtaining diagnostic information; Getting diagnostic information on page 399. Note You must be able to access the console from the CLI in order to use some of the commands described in this chapter. For information on CLI access permissions, see Access permissions to the CLI on page 129. For details of how to access the console, see Entering console commands from the CLI on page 137.
17.2
Image validation and verification

ISOS supports a variety of GlobespanVirata communication processors. ISOS systems require a number of critical files that have similar names to files on other systems. Image validation makes sure that a file is suitable to run on a particular platform. This prevents inappropriate images being executed during the boot process, and stops images from being overwritten by inappropriate images during download.
388
Obtaining and changing system setup information
Image validation information is stored in a header in the image file. You can manipulate the contents of the image validation header using the image validation library. For details on how to manipulate the image validation library, see ATMOS Image Validation Library Functional Specification: DO-008611-PS. Note To include the image validation library, you must add the line package imagevalidate to your system file. This package is included in many of the default product builds provided in ISOS. The image validation header is added to the beginning of the image during the build process:
Start of image Image validation header Image (possibly compressed) End of image
Figure 78
ISOS Image structure
The File Manager also provides a command which enables you to find out information about an ISOS image. To view details about the ISOS image in the default filesystem, enter the console command:
fm info image
To view details about the ISOS image in ISFS or FlashFS, enter:

fm info //isfs/image fm info //flashfs/image
The following files have image headers which can be read by this command: image NPimage. Both text and binary files are supported by image validation. The headers for text and binary files contain different information: Binary file image validation header:
389
Image validation and verification
Build ID; a unique eighteen-character ID for the image. If you need to contact GlobespanVirata Technical Advice Center (TAC) regarding your image, you will need to give them the build ID. Run-time memory requirements - the amount of memory that the system should contain Size and checksum of the image Compression method of the image Raw header of the binary file
Details about the processor, board support package identifier, chip support package identifier and version of the software Text file image validation header: Build ID; a unique eighteen-character ID for the image. If you need to contact GlobespanVirata Technical Advice Center (TAC) regarding your image, you will need to give them the build ID. Size and checksum of the image Board support package identifier Chip support package identifier Software version
For example, the command:

fm info image
390
returns the following information about the image.

Build date: 25 March 2002 Version: 08.32 Hardware type: 0x02010006, chip type 0x00000004 Chip support package: He100/2xx CSP v2.3 (ISOS 8.2) Board support package: BD62x1 BSP v1.0 (ISOS 8.2) System: USB Hypergate, release: Processor id: 1 System builder id: Not specified Runtime memory required: Not specified Image magic: 0x00000107 text: 0x002486b4 data: 0x00039e3c bss: 0x000715bc entry: 0x00010020 Data compression: Zlib Data size: 1111894 bytes, checksum 0x08ff277d
The most important information shown here is: Build date; provides information about the date the image was built. Chip support package; provides information about the CSP and version of ISOS which was used to build the image. Board support package; provides information about the BSP and version of ISOS which has been used to build the image. System; provides information about the product type that was specified in the build. Checksum; a unique id for the image. You can print the contents of your image validation header using the printf function. For more information on image validation, see the ATMOS Image Validation Library Functional Specification: DO-008611-PS.
17.3
Obtaining software package version information

17.3.1 About isos-ver To discover which versions of ISOS software releases and packages have been installed in a particular ISOS source directory, you can use the isos-ver command. This tool is included as part of the ISOS Tools release.
391
Obtaining software package version information
isos-ver can be used to scan a specified ISOS source directory tree and return information about the various ISOS releases and packages which have been installed in the directory. This includes: Source releases Source release Enhancement packs Source release Service packs Chip Support packages Chip Support package Service packs Board Support packages/Source code overlays Board Support package/Source code overlay Service packs Tools release - but not any patches which have been added to a Tools release For the isos-ver command to return an accurate description of the atmos install directory contents all the software packs in the directory must have been installed with a software version information file (*.ivi) file included in the Zip file. These files are copied into the atmos/version_information directory and used by isos-ver to return information about the packages which have been installed. Version information files have only been used in releases made for ISOS R8.1 and later. Therefore, isos-ver will not return information for ISOS source releases made prior to ISOS R8.1. 17.3.2 Using isos-ver The syntax of the isos-ver command is:
isos-ver [-d <directory>] [-f <version file>]
The options are described below: When executed with the -d option, isos-ver will look in the specified <directory> for all files with an extension *.ivi. For each file it finds isos-ver will display a one line summary of the package associated with this file. When executed with the -f option, isos-ver will attempt to parse the specified <version file> and display a summary of the package associated with this file.
392
When executed with no options, isos-ver will attempt to find a valid version_info directory in the current directory and if this fails it will look for a directory called atmos/version_info. If it finds either of these directories isos-ver will behave as if it was invoked with the -d option.
The information returned by isos-ver for a typical ISOS installation directory called atmos installed on a Linux platform is given below: isos-ver -d atmos/version_info
Version directory: version_info
DO-400599-LS (Issue 3) : (8.2 SR2) ISOS source release DO-400600-LS (Issue 3) : (8.2 SR2) Augustus CSP
GlobespanVirata tools version: 8.20.00.03 O/S version: RedHat version: Libc version: GCC version: Arm-GCC version: 2.95 Linux 2.4.7-10 Red Hat Linux release 7.2 (Enigma) 6
For each software package installed in the directory, isos-ver will display a one line summary containing the following information: The part number of the software package. The issue number of the software package. The major software version of the ISOS release. The version number must be the same for all packages. If two major version numbers are found, an error message will be returned. A description of the software package. 17.3.3 Further information For more information about the isos-ver command and the options which can be used with it, refer to the isos-ver manual page.
17.4
Obtaining system information

This section provides information about how to obtain general information about the operation and configuration of the system.
393
Module information
17.4.1 System information To obtain general system information, use the CLI command:
system info
This command displays the Vendor ID, URL, MAC address and software and hardware versions of your system. This command is now superceded by the isos-ver command. For more information, refer to Obtaining software package version information on page 391. 17.4.2 System uptime To find out how long the ISOS System has been up since it was last rebooted, use the uptime console command:
uptime up 5 hours 39 minutes
This shows that the ISOS System has been up for 5 hours and 39 minutes. 17.4.3 Version information To find out what build and version of ISOS software you have running on the ISOS System, use the version console command. This command is now superceded by the isos-ver command. For more information, refer to Obtaining software package version information on page 391.
17.5
Module information
17.5.1 Version information You can obtain information about the version of each of the ISOS software modules provided with the release. For example, to find out which version of FlashFS you are using on the system, enter the console command: flashfs version FLASHFS v2.20
394
17.5.2 MAC Address information The MAC address of the system can be viewed using the CLI command: system info This will show amongst other things the MAC address of the system. 17.5.3 Changing the MAC address The MAC address of a ISOS System is held on the Serial ROM on the ISOS System. To change the MAC address you need to use the Serial ROM console command configeeprom. To configure the MAC address, follow the procedure below:
1 2
Hold down the space-bar on the keyboard of the PC connected to the ISOS System. Keep holding down the space-bar as the ISOS System boots up. The ISOS System will drop-down to the Serial ROM console prompt, as shown below: SDRAM size = 0x800000 Key pressed, stopping boot. Entered console ... User request. ]
At the ] prompt, enter: configeeprom mac 00:25:2b:00:76:20 This command sets the MAC address to the new value. To confirm that you have set the MAC address correctly, enter: configeeprom mac The following information will be returned:
Valid configuration information found MAC: 00:25:2b:00:76:20
along with other configuration information. For more information about the Serial ROM commands, refer to DO-007286-TC, Helium Boot Procedure Developers Reference document.
395
Setup analysis
17.5.4 Viewing IP addresses The IP addresses which have been configured on the system can be viewed using the CLI command: ip list interfaces
-------------------------------------------------------------------
17.5.5 Setting IP addresses To set the address of the ISOS System to 192.168.1.2, use the ip set interface command. For example: ip set interface iplan ipaddress 192.168.1.1 To confirm that you have set the address, enter: ip list interfaces
-------------------------------------------------------------------
This confirms that the iplan interface is now set to 192.168.1.2.
17.6
Setup analysis
The following commands can be issued from the console to examine the features of any network setup involving the ISOS System. Note You must be able to access the console from the CLI in order to use the setup analysis commands. For information on CLI access permissions, see Access permissions to the CLI on page 129. For details of how to access the console, see Entering console commands from the CLI on page 137.
396
17.6.1 Memory utilization To see how much memory is being used, enter the console command:
chips mem
This command will output the memory used by each process running in ISOS and then total up the memory usage at the end. The typical output returned from this command is shown below:
... Total 3719136 12384 3168 362816 1280 = 4098784
memory free (bytes): total free space 23391696
biggest free block 23078416
useable memory 0x5c3c00 - 0x2000000, 27490480 bytes number of ATMOS_KMEMORY entries is 1205
17.6.2 Module status The general status of most ISOS modules can be viewed using the CLI command show after the module name. For example:
webserver show info
To see more detailed information, use the console command status after the module name. For example:
webserver status
The listing below shows the information that is returned when the two commands are used.
-->webserver show info
Web server configuration:
EmWeb release: R6_1_0 Enabled: true Interface: iplan HTTP port: 80 UPnP port: 280 Management IP address: 0.0.0.0
397
Setup analysis
--> console enable Switching from CLI to console mode - type 'exit' to return
192.168.1.1> webserver status WebServer is enabled. The HTTP port is 80. The UPnP port is 280. The interface is iplan. WebServer archive filename is //expand/isfs/derived_data.dat. The derived archive currently loaded is '//expand/isfs/derived_data.dat'. Variable allocation pool: total pool size free allocated mean alloc chunk max free chunk Buffer pool: total pool size free allocated mean alloc chunk max free chunk 25568 22576 2992 166 19296 99968 45536 54432 78 40784
17.6.3 Transmission / Receive statistics To see the number of packets which have been received and transmitted over a configuration, use the console command:
bun list channels
The output returned from this command for a usb-gateway configuration is shown below:
192.168.1.1> bun list channels Port loopback has no open channels Port join 0: Port usb 0: 1: 2: Port atm 0: oam RxVPI/VCI: 1: oam RxVPI/VCI: 2: oam RxVPI/VCI: 3: oam RxVPI/VCI: TxPkts: 0/0 TxPkts: 0/0 TxPkts: 0/3 TxPkts: 0/4 0/0 0/0 0/0 0/0 RxPkts: RxPkts: RxPkts: RxPkts: 0/0 0/0 0/0 0/0 TxVPI/VCI: TxVPI/VCI: TxVPI/VCI: TxVPI/VCI: 0/0 0/0 0/3 0/4 TxPkts: TxPkts: TxPkts: 0/0 1/0 0/0 RxPkts: RxPkts: RxPkts: 0/0 0/0 0/0 TxPkts: 1/0 RxPkts: 0/0
398
4: ppp TxPkts: 0/100 RxVPI/VCI: 0/100 Port ethernet 0: aticl2cyan TxPkts:
2/0
RxPkts:
0/0
TxVPI/VCI:
3842/0
RxPkts:
9389/0
Port usb-ethernet has no open channels Port pc-ethernet has no open channels Port vvb 0: 1: 2: TxPkts: TxPkts: TxPkts: 1/0 0/0 0/0 RxPkts: RxPkts: RxPkts: 0/0 0/0 0/0
Port ciao does not support channel access
17.7
Getting diagnostic information

Note: You must be able to access the console from the CLI in order to get diagnostic information. All of the commands in this section are console commands. For information on CLI access permissions, see Access permissions to the CLI on page 129. For details of how to access the console, see Entering console commands from the CLI on page 137. Diagnostic information is provided by the ISOS System in two forms: An event buffer which stores events generated by ISOS; see Viewing the event buffer on page 399. Trace output information, which is provided by some ISOS modules; see Setting trace output information on page 400. Some of the trace output information will be written to the event buffer. 17.7.1 Viewing the event buffer Events which are generated by ISOS are written to an event buffer. By default, the events are written in the background, but you can use the event command to enable the display of the events on the console. For example:
event show
From this point, all events generated will be written to the event buffer and displayed on the console. To stop the printing of events to the console, enter:
event unshow
399
You can also view the contents of the event buffer using the event command, with a suitable option. For example, to view the most recent events which have been written to the event buffer, enter:
event r
Up to 24 lines of the event buffer are displayed. For more information on the event command, refer to DO-009430-PS, ISOS (8.2) CLI Reference Manual. 17.7.2 Setting trace output information You can obtain detailed trace information for many of the ISOS software modules, using the trace (or event) command. To receive trace output you must make a debug version of the ISOS image. For more information, refer to Building a debug image on page 80. Note Most ISOS modules support trace information. Some modules call this the trace command, others use the event command. Refer to the Functional Specification for the module to discover which command is used for outputting Trace information. An ISOS module will generate trace information when it is in use. The information is categorized in terms of its severity/importance and you can set the category of trace information you wish to receive.
400
The following table summarizes the category levels and provides a general description of each level, although be aware that some modules may not conform exactly to the levels described below:
Level 1 2 3 4 5 Description Only very serious errors reported. Definite protocol errors or very significant events reported. Links going up/down reported. Every packet and significant state change is reported. Every packet sent/received is disassembled, and hex dumped.
Table 30:
Event level description
In summary, the lower the trace level, the least detailed the event reporting will be. For example, to set level 4 tracing for the q93b module, enter:
q93b event 4 event set to 4
All trace information, up to and including level 4 will be written to background output. To view the output on the console, enter:
event show
Trace information generated will show the level of severity for each event in the output. For example, the following trace information shows level 3 and level 4 information:
q93b: 91904: 3: port a2: Send RESTART q93b: 91904: 3: port a2: Received RESTART q93b: 91904: 4: port a2: Send RESTART ACKNOWLEDGE q93b: 91904: 3: port a2: Restart complete
Trace information at high levels can output a lot of information. To return trace information back to its default level (1) for the q93b module, enter:
q93b event 1
401
402
18.Upgrading an ISOS System
This chapter describes how to upgrade various software images on an ISOS System.
403
Introduction
18.1
Introduction
You may need to update the following software on the ISOS System: Upgrading Serial ROM on page 404. Upgrading Boot ROM on page 410 Updating software from a running image on page 411. This chapter describes the update procedure to follow for all types of software images that can be updated on a ISOS System. Note You must be able to access the console from the CLI in order to carry out some upgrading and updating tasks. For information on CLI access permissions, see Access permissions to the CLI on page 129. For details of how to access the console, see Entering console commands from the CLI on page 137.
18.2
Upgrading Serial ROM

This section contains the following procedures for upgrading the Serial ROM: If you wish to upgrade the Serial ROM with a new version of the Serial ROM image, refer to Updating a ISOS System with a new serial image on page 405. If you have an ISOS System with no on-board Serial ROM, and nothing in the Flash Boot ROM, you will have to program the Serial ROM chip. Refer to Updating an ISOS System with no on-board serial image on page 407. If you wish to personalize the Serial ROM code, for instance to display different manufacturer and device IDs on the PC when the ISOS System is booting over USB. For more information, see Building a serial ROM update package or PROM-programmable image on page 407. 18.2.1 Pre-requisites The following procedures in this section assume that you can meet the following pre-requisites: You have GlobespanVirata Tools V7.12 or later installed. To check this do one of the following tasks:
404
Upgrading an ISOS System
Run the console command virata-tools-ver which reports on the GlobespanVirata Tools version you have installed.
On older GlobespanVirata Tools versions, this command is absent. Instead, examine the path output by the command, which aconfig. The output will contain the version number. You have set up a suitable bootserver to enable images to be downloaded to the ISOS System. (For more information, refer to Booting the ISOS System in Gateway mode on page 99.)
18.2.2 Updating a ISOS System with a new serial image This section describes how to update your Serial ROM. This task involves creating a new Serial image using ISOS tools and then downloading this image to the ISOS System. The procedure below describes how to do this:
1 2
Ensure you have met the pre-requisites of this procedure, as described in Pre-requisites on page 404. Produce an update.bin image for the Serial ROM. To do this, run the command: mkproduct serialboot bd6100 This command produces the following image files: serialrom.bin serialrom.hex
update.bin in the directory:

atmos/build/products/bd6100-serialboot/
The update.bin image is the image you need to download to the ISOS System.
3
Copy the update.bin file to a suitable download directory so that this image can be downloaded to the ISOS System. For more information on how to download an image for your type of configuration, refer to the following chapters: For a PC-attached configuration, refer to Booting the ISOS System in PC-attached mode on page 111. For a Gateway configuration, refer to Booting the ISOS System in Gateway mode on page 99.
405
Download the update.bin file to the ISOS System. You should see the following text appear on the console:
Helium 100/Helium 2xx serial ROM update utility (3.12) ================================ Copyright (C) Virata Limited 2001 Reading in serial rom Found valid config area in serial rom. Old config area will be preserved. Press '!' to update serial ROM. If you're not sure what you're doing, press reset on your board now!
Press ! and wait. The new image is uploaded. The upload takes about 80 seconds and the monitor counts up from 0 to 1FF while it is happening. Caution - Do not reset the ISOS System during this operation as you will end up with a non-functional Serial ROM. The following information is displayed:
Writing serial ROM Sectors Left: Verifying Programming successful VRTA>
The Serial ROM is now upgraded.

6 7
Replace the update.bin file with a normal flash.bin image in your download directory. Reset the ISOS System. You should see the following text appear on the console:
He2xx Family Ethernet / USB boot v3.7 MAC 00:20:2b:80:0e:80 SDRAM 0x01000000 bytes
If the procedure goes wrong and you get into a situation where the Serial ROM does not function, refer to Updating an ISOS System with no on-board serial image on page 407 to update it.
406
18.2.3 Updating an ISOS System with no on-board serial image To update a ISOS System with no current on-board serial image, the Serial ROM chip must be removed from the ISOS System, and programmed using a ROM programmer unit. To prepare an image for programming, follow the procedure below:
1 2
Ensure you have met the pre-requisites of this procedure, as described in Pre-requisites on page 404. Edit the file to include the MAC address of your system. The file to edit is called atmos/source/hf_serialboot/augustus_mksrom.cfg. The line of this file to edit is:
macaddress 0:0:0:0:0:0
If you do not edit this file, the default MAC address 0:0:0:0:0:0 is used in the image. (You can change the MAC address of the system using a special console command. For more information, refer to Changing the MAC address on page 395.)
3
Build the necessary system files using the following command:

mkproduct serialboot bd6100
This command produces the following image files: serialrom.bin serialrom.hex

You can now use the serialrom.bin or serialrom.hex file to program the Serial ROM chip. 18.2.4 Building a serial ROM update package or PROM-programmable image This section explains how to recreate the files used in the previous two sections. You may wish to recreate the files to personalize the manufacturer and device names that are displayed on the PC when the ISOS System is booting over USB.
407
To customize the image files produced, follow the procedure below:

1
Edit the appropriate source files to contain your specific information. For more information about what can be changed or configured, see the comments in atmos/source/hf_serialboot/hf_serialboot.module. If you would like to change the USB manufacturers name and Vendor ID, edit the lines in the following system file, atmos/system/serialboot_main:
Config.hs USB_MANUFACTURER "XYZ Inc." Config.hs USB_VENDOR_ID "My widget"
For product-specific USB information, you should edit the appropriate hardware file in atmos/source/hardware/bd6100.hw.
Edit the file to include the MAC address of your system. The file to edit is called atmos/source/hf_serialboot/augustus_mksrom.cfg. The line of this file to edit is:
macaddress 0:0:0:0:0:0
If you do not edit this file, the default MAC address 0:0:0:0:0:0 is used in the image. (You can change the MAC address of the system using a special console command. For more information, refer to Changing the MAC address on page 395.)
3
Create the serial ROM update package, using the command: mkproduct serialboot bd6100 This command produces the following image files: serialrom.bin serialrom.hex

Copy the update.bin file to a suitable download directory so that this image can be downloaded to the ISOS System.
408
Reboot the ISOS System to download this file. You should see the following text appear on the console:
Helium 100/Helium 2xx serial ROM update utility (3.12) ================================ Copyright (C) Virata Limited 2001 Reading in serial rom Found valid config area in serial rom. Old config area will be preserved. Press '!' to update serial ROM. If you're not sure what you're doing, press reset on your board now!
Press ! and wait. The new image is uploaded. The upload takes about 80 seconds and the monitor counts up from 0 to 1FF while it is happening. Caution - Do not reset the ISOS System during this operation as you will end up with a non-functional Serial ROM. The following information is displayed:
Writing serial ROM Sectors Left: Verifying Programming successful VRTA>
The Serial ROM is now upgraded.

7 8
Replace the update.bin file with a normal flash.bin image in your download directory. Reset the ISOS System. You should see the following text appear on the console:
He2xx Family Ethernet / USB boot v3.7 MAC 00:20:2b:80:0e:80 SDRAM 0x01000000 bytes
If the procedure goes wrong and you get into a situation where the Serial ROM does not function, refer to Updating an ISOS System with no on-board serial image on page 407 to update it.
409
Upgrading Boot ROM
18.3
Upgrading Boot ROM

The Boot ROM program resides in Flash memory in a reserved portion (Boot area) of the first Flash device. This area stores the system files for the Helium Network Processor (NP) and Protocol Processor (PP) (augustus_np_boot and augustus_pp_boot). The Boot area cannot usually be written to during run-time. If the ISOS System boots up correctly, then you do not need to upgrade the Boot ROM. If the ISOS System does not boot up correctly or if you have corrupted this area of Flash in some way, then you will need to upgrade the Boot ROM. This section describes the upgrade procedure to follow:
1
Ensure that you have setup the ISOS System to boot over Ethernet or USB. Gateway configurations: For booting over Ethernet, refer to Booting the ISOS System in Gateway mode on page 99. PC-attached configurations: For booting over USB, refer to Booting the ISOS System in PC-attached mode on page 111.
Build the following image, using the mkproduct command: mkproduct flash-rewrite bd6100 This produces the file:
atmos/build/products/bd6100-flash-rewrite/flash.bin
This file is ready for booting.

3
Copy the flash.bin file to a suitable download directory so that this image can be downloaded to the ISOS System.
410
Reboot the ISOS System to download this file: You should see the following text appear on the console:
Starting mkflash image NBnZ PP Boot 8.2.0.7 (25 March 2002) Copyright (c) 2002 GlobespanVirata, Inc. SDRAM size = 0x1000000 NPnFound valid boot information block Valid configuration (size 256) Flash Rewrite version 8.2.0.7 (25 March 2002) BSP: BD62x1 BSP v1.0 (ISOS 8.2) CSP: He100/2xx CSP v2.3 (ISOS 8.2) NP software version is 0x00000820 (reply took 9us) Copyright (c) 2002 GlobespanVirata, Inc. 0:20:2b:80:e:80>
Type the following command at the prompt:

flashfs rewrite boot.bin
The following information is displayed:

Starting boot sector update: ... succeeded
This writes the boot images to the first 64kb of the Flash memory chips.
6 7
Replace the flash.bin file with a normal flash.bin image in your download directory. Reset the ISOS System.
The ISOS System now contains up-to-date boot images.
18.4
Updating software from a running image

Once the ISOS System is operational and IP network connectivity has been established, it is possible to upgrade the firmware and configuration by using either: FTP; see Using FTP on page 412. TFTP; see Using TFTP on page 415. HTTP; see Upgrade on page 164 This section describes the procedure to follow to upgrade the system using FTP or TFTP.
411
18.4.1 Files which can be copied over You can copy over firmware images and configuration files using either FTP or TFTP. The files and images are copied into ISFS. Any existing files of the same name will be over-written. Once the files are in ISFS you can then save the files to Flash using the CLI command: system config save which will write the files to FlashFS. You can use a special command in TFTP to automatically write the files to FlashFS. If you wish to save the files to another FlashFS partition or rename the files you can use the ISOS File Manager. For more information, refer to Using the ISOS File Manager on page 201. For more information about the location of the image files and configuration files which would typically be copied into ISFS using TFTP or FTP, refer to Building an ISOS image on page 61. 18.4.2 Using FTP In an FTP upgrade the ISOS System is acting as an FTP server and the attached computer is acting as an FTP client. Pre-requisites Check the following points before trying an FTP update. The FTP update requires the image to include the ftpd package. Thus, you need to check that the running image on the ISOS System includes FTP support or that the image you are building includes FTP support. To check whether the running image includes the FTP package, enter the following console command:
help ftpd ftpd [<command>] - send command to ftpd process
If the above message is returned, then the FTP package is installed.
412
To check whether a system file will build an image that includes FTP, check for the following line in the system file:
Package ftpd
If this line is present, and has not been commented out, the system file will produce an image which includes support for FTP. The update also requires adequate free memory on the ISOS System or it will fail. If you need FTP updates to work, you should check through your system file and make sure that you are not including packages that you don't need. (For more information on how to build a custom image and how to remove packages from a build, refer to Building an ISOS image on page 61.)
Usage The example script below demonstrates the use of FTP to update the NP image (image) on the ISOS System: Here is the example FTP session:
jjf magic ~ > ftp ftp> open 192.168.86.202 Connected to 192.168.86.202. 220 ISOS FTP Server (1.00) ready Name (192.168.86.202:jjf): admin 331 User name okay, need password. Password: 230 User logged in, proceed. ftp> lcd ~/atmos/build/bd62x1-np_rt Local directory now /home/jjf/atmos/build/bd62x1-np_rt ftp> binary 200 TYPE command okay. ftp> put image local: image remote: image 200 PORT command okay. 150 BINARY store ready; //isfs/image. 226 Store complete. //isfs/image (9320 bytes) 9320 bytes sent in 0.03 secs (286.1 kB/s) ftp> exit 121 User logging out. jjf magic ~ >
The script example above copies to the ISOS System, a new NP image to ISFS.
413
The actions of each of the commands in the example are described in detail below:
ftp
Start the ftp client program.

open 192.168.86.202
Open a connection to the ISOS System (with IP address 192.168.86.202). If the connection is successful, a message will be displayed by the FTP server.
Name (192.168.86.202:jjf): admin 331 User name okay, need password. Password: 230 User logged in, proceed.
Log in to the ISOS System. For more information, refer to Logging in to the system on page 127.
lcd ~/atmos/build/bd62x1-np_rt
Change to the local directory on the computer which contains the file you wish to copy.
binary
Put FTP into binary mode, as you are copying a binary image.
put image local: image remote: image 200 PORT command okay. 150 BINARY store ready; //isfs/image. 226 Store complete. //isfs/image (9320 bytes) 9320 bytes sent in 0.03 secs (286.1 kB/s)
Copy the NP image file called image. If the transfer is successful, a series of messages will be displayed indicating that the file has been copied.
exit
Exit from the FTP session. The files are copied to ISFS but not written to FlashFS. The write to FlashFS must be performed manually. See Files which can be copied over on page 412. For further information on the FTP update process, refer to DO-008908-PS, ISOS FTP Server.
414
18.4.3 Using TFTP Note The TFTP update described in this section is different from the BOOTP/TFTP boot procedure (described in Booting the ISOS System in Gateway mode on page 99). The BOOTP/TFTP boot in this section uses TFTP code implemented by the Boot ROM, and it can only accept one file, representing the whole of ISFS. Once the ISOS System has a running image, it can be updated using a more sophisticated TFTP protocol that allows many files to be downloaded. It is this update that is described in this section. In a TFTP upgrade the ISOS System is acting as a TFTP server and the attached computer is acting as a TFTP client. Booting the system via TFTP uses the ISOS System as a TFTP client and the attached computer as a TFTP server. Pre-requisites Check the following points before trying a TFTP update. The TFTP update requires the image to include the TFTP package. Thus, you need to check that the running image on the ISOS System includes TFTP support and that the image you are building includes TFTP support. To check whether your running image includes TFTP code, type the console command:
tftp help
at the console prompt. If a list of TFTP commands is displayed, then the TFTP module is installed. To check whether a system file will build an image that includes TFTP, check for the following line in the system file:
Package tftp
If this line is present, and has not been commented out, the system file will produce an image which includes support for TFTP.
415
The update also requires adequate free memory on the ISOS System or it will fail. If you need TFTP updates to work, you should check through your system file and make sure that you are not including packages that you don't need. (For more information on how to remove packages from a build, refer to Building an ISOS image on page 61.) Before performing the update, check that the ISOS System's running image has the TFTP port configured. To do this, enter the console command:
ip portname list
The output should include the line:

tftp 69/UDP
If this line is not included, enter the following console commands:

ip portname add tftp 69/udp config save
Then restart and reboot the ISOS System (e.g., by pressing the Reset button). The ISOS System is now ready to accept a TFTP update. Usage The example script below demonstrates the use of TFTP to update the following software components on the ISOS System: NP image file PP image file snmpinit configuration file Here is the example script:
connect 192.168.219.178 binary put ./password tftplock.key put ./empty tftpupdt.beg put ./PPimage image put ./image NPimage put ./snmpinit snmpinit put ./empty tftpupdt.rbt put ./empty tftpupdt.end
(The command syntax is appropriate for the Unix version of TFTP but is very similar to the Windows NT version.)
416
The script example above copies to the ISOS System, a new PP and NP image and also a new configuration file for the SNMP module. The script assumes that several files exist in the current directory: A file called password containing the single word password. A file called empty of zero length. A PP image file called PPimage. The PP image is created from source and is copied into the build directory for the product you are building. For example, if you build an bd6100-usb-gateway image, the PP image would be located in the directory: atmos/build/bd6100-usb-gateway/ The file is called image.comp. An NP image file called NPimage. The pre-compiled NP image for an ISOS System is provided as a compiled binary. It will be installed in the directory: atmos/build/bd6100-np_rt/ The file is called image. An ISFS configuration file called snmpinit. Note that the names of the local files on your PC can be anything you choose. However, you must copy them over using the filenames specified in the script. In addition, the files do not have to be located in the same directory, but are in this particular example to simplify the script. The actions of each of the commands in the script are described in detail below: connect 192.168.219.178 Connects to the ISOS System (with IP address 192.168.219.178).
binary
Puts TFTP into binary transfer mode.

put ./password tftplock.key
A special file is sent to unlock the ISOS System for update (tftplock.key). TFTP has no security mechanism, so this special file implements a simple password system. The password contained in the file should be the same as the SNMP/Telnet password for the ISOS System.
417
put ./empty tftpupdt.beg
A special file to indicate the beginning of the update process. The contents of this file are ignored, so it can be an empty file.
put ./PPimage image
Copy the PP image file called PPimage as image. This file must be copied using the name image.
put ./image NPimage
Copy the NP image file called image as NPimage. This file must be copied using the name NPimage.
put ./snmpinit snmpinit
Copy the configuration file for the SNMP module. This file must be copied as snmpinit. (For a list of the configuration file names for ISOS modules, refer to ISOS Module Configuration files on page 444.)
put ./empty tftpupdt.rbt
A special file to indicate the end of the update process. The contents of this file are ignored, so it can be an empty file, but the file must be copied using the name tftpupdt.rbt.
put ./empty tftpupdt.end
A special file to indicate that the system should be automatically rebooted after the update process. The contents of this file are ignored, so it can be an empty file, but the file must be copied using the name tftpupdt.end. The script copies the block of files to ISFS on the ISOS System. The files are enclosed in two special files, one at the beginning (tftpupdt.beg) and one at the end (tftpupdt.end). The files are copied to ISFS and then written to FlashFS. The write to FlashFS is triggered by the file tftpupdt.end. For further information on the TFTP update process, refer to DO-007137-PS, TFTP Functional Specification.
418
19.Troubleshooting network configurations
This chapter describes how to troubleshoot problems you may be having with setting up a network configuration. The chapter describes both CLI and Console diagnostic commands.
419
Introduction
19.1
Introduction
This chapter describes some tips for solving configuration problems that you may experience when setting up a network configuration. Note You must be able to access the console from the CLI in order to use some of the commands in this section. For information on CLI access permissions, see Access permissions to the CLI on page 129. For details of how to access the console, see Entering console commands from the CLI on page 137. The following sections are contained in this chapter: General troubleshooting guidelines that you should follow; see General guidelines on page 420. Troubleshooting at the device driver level; see Troubleshooting at the device driver level on page 421. Troubleshooting ATM protocols; see Troubleshooting the ATM protocols on page 423. Troubleshooting bridged systems; see Troubleshooting bridged systems on page 425. Troubleshooting routed systems; see Troubleshooting routed systems on page 426.
19.2
General guidelines
One golden rule to follow is: Always draw a diagram of your network before you start. A good, clear, fully-annotated design plan of your network will save time and difficulty later on. Include IP/ATM address details for all interfaces and label all nodes and entities. All this information will also assist in discussing any technical problems with GlobespanVirata Technical Advice Center. If you have set up one of the networks described in this guide, and you think your network is not working properly, first check if you can ping from one PC to the other. The ping command sends ICMP echo requests to a host and prints a message when it receives responses, and is a standard command supplied with both Linux and Windows IP networking. If you can ping successfully, but higher level protocols such
420
Troubleshooting network configurations
as network drive sharing are not working, it is most likely that the problem is with that part of the PC configuration, rather than the rest of the network. If you cannot ping successfully, try and trace the path of the packets through the network. Follow the progress of the pings from the first PC, through the first ISOS System, through the second ISOS System, to the second PC and back again, as described in Troubleshooting at the device driver level on page 421.
19.3
Troubleshooting at the device driver level

Try the following tests:
1
Check whether packets are being transmitted or received on the PCs Ethernet interface using the command: ifconfig (Linux) or: netstat -e (Windows). If no data is being sent by the PC while you are pinging, double check the PCs network configuration. Check that the packets are being received or transmitted on the Ethernet interface of each ISOS System using the following commands:
console enable bun list channels ethernet:0
or:
console process bun list channels ethernet:0
This will show the number of packets received and transmitted by the BUN Ethernet device. The parameter ethernet:0 means the first port of type Ethernet.
3
If no Ethernet traffic is received by the ISOS System, even when you have verified it is being sent by the PC, or if data is being sent by the ISOS System but not received by the PC, check the Ethernet cable. You should either use an Ethernet crossover cable or two straight-through cables and an Ethernet Hub (set to the correct speed for the ISOS System you are using 10Mbps or 100Mbps).
421
Troubleshooting at the device driver level
Check that each packet leaving the ATM interface of one ISOS System is received by the other ISOS System using the following command:
console enable bun list channels atm:0
or:
console process bun list channels atm:0
to show the number of packets received and transmitted by BUN on each open VC on the first ATM port in the system.
5
There may be a number of different channels in use by different software modules; you can find the channel you are interested in by looking for the VCI you are using in the TxVPI/VCI and RxVPI/VCI fields. The TxPkts and RxPkts fields will then tell you the number of AAL-5 packets transmitted and received respectively. The RxPkts field shows two numbers separated by a slash; the first is the number of packets received successfully, the second is the number of packets received with errors. If the packets leaving each ISOS System are not successfully received by the other ISOS System, check the ATM cable: you should be using an ATM crossover cable, which is not the same as an Ethernet crossover cable. Check that the cable is plugged into ATM port 0 on the ISOS System. Note The physical location of ATM Port 0 (a1) is different on ISOS System systems: For BD6100, BD6200 and BD6210 systems: ATM Port 0 is the ATM port furthest from the DC Power In connector. For BD6221 systems: ATM Port 0 is the port nearest to the DC Power In connector.
422
19.4
Troubleshooting the ATM protocols

Try the following tests:
1
Following the tests in the previous section may tell you that although data is being received at your ISOS Systems Ethernet port, it is never transmitted on the ATM port, or vice versa. In this case, the next thing to check is correct operation of the ATM protocol (RFC1483, PPP or IPOA). Check the ISOS Systems event log. Type the following commands:
console enable event p event n
These commands show the previous (event p) and next (event n) part of the event buffer. They will show any background output, including error messages from modules when the system booted. For example, you may see a message telling you that a protocol module has failed to open a VC. This is most commonly caused by configuring two different protocol modules such that they try to use the same VC.
3
Next check the diagnostic commands provided by the protocol module itself. These are described in detail in DO-009430-PS, ISOS (8.2) CLI Reference Manual. Examples of useful diagnostic commands for the protocols mentioned in this guide - from the CLI - include: IPOA:
ipoa show transport {<name>|<number>}
RFC 1483:
rfc1483 show transport {<name>|<number>}
423
Troubleshooting the ATM protocols
PPP:
pppoa show transport {<name>|<number>}
For example:
rfc 1483 show transport t1 RFC1483 Transport: t1 Description: Default LAN port Encapsulation: LlcBridged ATM port: Tx VPI: Rx VPI: Tx VCI: Rx VCI: a1 0 0 800 800
QOS class: UBR Peak cell rate: 2000 Sustainable cell rate: 0 Minimum cell rate: 0
Burst tolerance: 0 Max. burst size: 0
Examples of useful diagnostic commands for the protocols mentioned in this guide - from the console - include: RFC 1483:
r1483 pvc r1483 status
PPP:
ppp <channel>|all info [all]
Many protocols support a standard set of interface console commands, including a useful stats command which provides statistics on all traffic sent and received by the protocol. For example:
r1483 interface stats [reset] ppp interface <interface>|all stats [reset]
These commands produce a standard set of output, which shows the SNMP statistics gathered for the interface. Here is example output, with some of the values useful for debugging annotated:
Device: ppp1 ifIndex: ifType: 13 6
424
ifMtu: ifSpeed: ifAdminStatus: ifOperStatus: ifLastChange: ifInOctets: ifInUcastPkts: ifInNUcastPkts: ifInDiscards: ifInErrors: ifInUnknownProtos: ifOutOctets: ifOutUcastPkts: ifOutNUcastPkts: ifOutDiscards: ifOutErrors: ifOutQLen:
1514 10000000 2 2 7.27 0 0 0 0 0 0 0 0 0 0 0 0
- total bytes received from network - unicast packets received - broadcast/multicast packets received \ - packets not successfully received / - total bytes sent to network - unicast packets sent - broadcast/multicast packets sent - packets not successfully sent / - packets currently waiting to be sent
19.5
Troubleshooting PPP connections

If you are having problems configuring a PPP connection, entering the following commands can be useful to reinitialise a PPP connection. For example, when setting up a PPPoE connection:
pppoe set transport {<name>|<number>} disabled pppoe set transport {<name>|<number>} enabled
19.6
Troubleshooting bridged systems

Problems in bridged systems are typically easy to diagnose, as the configuration is usually less complex than routed systems. As well as following the troubleshooting tips above, check the following:
425
Troubleshooting routed systems
Ensure the correct transports are attached to the bridge, using the CLI command:
bridge list interfaces
or the console command:

bridge device list
You can find out the MAC addresses of all hosts detected by the bridge on each port, using the console command:
bridge filter
Check that the PCs are configured correctly; they should have IP addresses on the same subnet, as they will communicate directly with each other through the bridged network without needing a gateway. Ensure that the MAC address of the ISOS System is configured correctly. The CLI command:
system info
or the console command:

chips info
will print the systems MAC address; this should be the same as is printed on the label attached to the unit.
19.7

With routed networks, it is best to troubleshoot the system section by section:
1
Check that each PC can ping the IP address of the Ethernet interface of the ISOS System it is directly attached to.
426
If this fails, check that the router interfaces have been configured correctly with the desired devices. From the CLI, enter:
ip list interfaces
to show the current interfaces. Then enter the command:

ip show interface {<name>|<number>}
Ensure none of the devices are listed with #FAILED next to them; this probably means that the device is already in use by the bridge module. If so, remove them using the CLI command:
bridge delete interface {<name>|<number>}
Also refer to the low-level troubleshooting in Troubleshooting at the device driver level on page 421.
3 4
Next, check that each PC can ping the IP address of the ATM interface of the ISOS System it is directly attached to. If this fails, check that the PC has been configured with the correct gateway address. This is the address of the router to which it will forward packets for destinations other than the local network. Each PCs gateway should be the IP address of the Ethernet interface of the ISOS System to which it is connected. Obviously, in all IP networks, the gateway will always be on the same subnet as the machines own IP address. Check that each ISOS System can ping the ATM interface of the other ISOS System, using the CLI command:
ip ping <address>
6 7
If this fails, check the ATM protocol and the low-level troubleshooting tips, as described earlier in this section. If the system still does not work, check the routes on the ISOS Systems. Each ISOS System is directly connected to two of the three subnets present in the whole network, but must have a route to the other subnet (the Ethernet segment to which it is not directly connected). Either a specific route or a default route (as used in the configurations in this chapter) must be added. From the CLI, enter:
ip list routes
to shows the current routes. Then enter the CLI command:

ip show route {<name>|<number>}
Either command will display the current routing table.
427
If problems still persist, check that IP is not picking up spurious routes from other hosts using the RIP protocol. RIP can be disabled using the CLI commands:
ip set interface {<name>|<number>} rip accept none ip set interface {<name>|<number>} rip send none
You can display the whole of the IP modules current configuration using the CLI command:
ip show interface {<name>|<number>}
Refer to DO-009430-PS, ISOS (8.2) CLI Reference Manual, for more information about the output of this command.
428
20.ISOS Modules description
This chapter describes the modules which are used in the configurations supported on a ISOS System running ISOS.
429
Introduction
20.1
Introduction
This chapter describes the various ISOS software modules which can be run on the ISOS System for all supported configurations. A general description is given of the core software and software modules that are provided as part of the GlobespanVirata ISOS software suite. Reading this chapter will help you to appreciate where the various GlobespanVirata software modules would be used and needed in the development of a particular network device. This chapter also includes information about how each of the modules have been implemented by GlobespanVirata and where to find more information about each module. For a more general introduction to the supported configurations, refer to What are the features of each supported configuration? on page 10.
430
ISOS Modules description
20.2
OSI Model
Communications software protocols (or stacks) are typically grouped into layers based upon the services provided to upper layers as well as the services utilized from lower layers. The most commonly used partitioning of these layers is defined in the Open Systems Interconnect (OSI) reference model. This model defines seven layers as briefly summarized in the table below: Layer Layer Name Purpose 1 Physical layer The physical layer provides transparent transmission and reception of a bit stream over a physical connection. The physical layer includes the hardware and electrical interfaces. 2 Data Link The data link layer provides, over the physical layer, a reliable protocol interface. Such functions include error detection and error correction. 3 Network The network layer provides (to the Transport layer) a reliable, in-sequence delivery of data. This layer handles routing and retransmission of packets. Example xDSL, Ethernet PHY, SONET.
ATM, Frame Relay, Ethernet MAC.
IP, ATM call and connection control (Q.2931), ICMP.
431
OSI Model
Layer Layer Name 4 Transport
Session
Purpose Example TCP, UDP The transport layer provides services to the session layer, such as multiplexing of the network interface and providing different classes of service using the network layer. For example, TCP provides a class of service that includes reliability (i.e., retransmission when necessary) whereas UDP provides an unreliable interface. The session layer DNS, DHCP establishes, over the transport layer, a logical conversation or session between two network entities such as a user terminal and a host. Functions such as flow control, configuration, and security (network logon) are performed at this layer.
432
Layer Layer Name 6 Presentation
Application
Purpose The presentation layer implements standards for video and text display formats. Applications use this layer to handle any necessary conversion and formatting transparently. This is the topmost layer that actually makes the services below useful. Applications run at this layer and use the services below to reliably and transparently send and receive formatted data to remote entities.
Example ITU X.410
Telnet, FTP
It should be noted that the OSI model is an abstraction which is useful for discussion but which doesnt rigidly match actual implementations. For example, ATM exhibits characteristics of both layers 2 and 3. For simplicity, many people simply discuss ATM as a layer 2 protocol and, anything above ATM (TCP, IP, Telnet, DHCP, NAT) as layer 3 and above.
20.3
Core processors
The GlobespanVirata Helium communications processor contains two ARM 7 RISC processors: Protocol Processor (PP). Network Processor (NP). The NP acts an intelligent DMA hardware engine to provide real-time support for networking functions such as cell switching and flow control. The PP provides layer 2 and layer 3 protocol processing functions such as UNI signalling and IP Routing. The next section provides a brief description of each of the major protocols currently provided by GlobespanVirata on the PP. In the following sections, the ATM protocols and the encapsulations are considered part of layer 2 even though some portions (such as
433
ISOS
signalling) are technically layer 3 functions. The GlobespanVirata device drivers are part of layer 1. The software categorized as Layer 3 and Higher Protocols represent the top 5 layers of the OSI Reference Model.
20.4
ISOS
The GlobespanVirata OS Kernel, ISOS, is a lightweight RTOS, which runs on Helium. It is a small, flat, operating system kernel optimized for embedded systems used to deliver network services. As a result of this focused purpose, ISOS represents about 15k of code that can be modularly expanded as required to meet the needs of a specific system. The primary tasks of ISOS is task scheduling and inter-process communication and synchronization.
20.5
ATM Protocols
The protocols described in this section are the core of the GlobespanVirata ATM technology. Though implementation details are extremely complex by necessity, the descriptions below provide a straightforward view of the most important components. 20.5.1 ATM Driver The ATM Driver passes data between application software tasks and a physical ATM port. It performs ATM cell segmentation and reassembly (SAR), AAL encapsulation, and multiplexes concurrent data streams. It provides support for ATM Forum UNI 3.0, 3.1 and 4.0 traffic parameters and AAL types and also supports pacing of individual virtual circuits. Note that cell switching between UTOPIA ports on the ISOS System does not take place in the ATM driver that runs on the PP. The switching occurs entirely within the Network Processor, but is controlled and monitored from the Protocol Processor.
434
20.5.2 AAL ATM Adaptation Layer that defines the rules governing segmentation and reassembly of data into cells. Various AALs are defined to support diverse traffic requirements. For example, low latency requirements for voice traffic are best satisfied using AAL-2, while efficiency and throughput are benefits which make AAL-5 more appropriate. 20.5.3 AAL-0 The GlobespanVirata AAL-0 interface passes raw cells through to the NP. AAL-0 is useful because it allows customers to implement an AAL not supported by the GlobespanVirata software on another processor or within the GlobespanVirata software stack. The customers AAL then sends and receives data transparently through the AAL-0 interface. 20.5.4 AAL-2 AAL-2 is typically used for transporting voice traffic. AAL-2 comprises two layers, CPCS and SSCS. The lower layer (CPCS) handles common tasks such as trailer addition, padding, CRC checking. The upper layer (SSCS) handles service specific tasks such as data transmission assurance. 20.5.5 AAL-5 AAL-5 is the most commonly implemented AAL. It provides an efficient and reliable transport for data with the intent of optimizing throughput. 20.5.6 ILMI GlobespanVirata provides an ILMI 4.0 implementation which handles address registration (switch-to-end device) and notification (end-device-to switch) as well as auto-configuration. ILMI uses SNMP over AAL-5 for transport. 20.5.7 OAM Operations Administration and Maintenance. Refers to control packets defined in [I.610] to facilitate network management and administration. The GlobespanVirata I.610 implementation provides full support including AIS/RDI, Loop-Back, Continuity-Check, Performance Monitoring, and an example Console management application.
435
Device Drivers
20.5.8 UNI Signalling Signalling provides a means for dynamically establishing VCs between two points. VCs established in such a manner are called Switched Virtual Circuits (SVCs) as compared to Permanent Virtual Circuits (PVCs) which are provisioned once, when network service is first provided to the CPE. The GlobespanVirata network communications software includes support for all of the standard ATM UNI Signalling standards: UNI 3.0, 3.1, and 4.0 as well as the relevant call and connection control standards (Q.2931 and Q.2971). 20.5.9 SSCOP SSCOP is the reliable transport layer used for signalling. It has the following objectives: Reliable sequential delivery packet retransmissions, etc. Flow control using a credit based scheme Keep alive for connections even when no data is flowing There are two relevant but incompatible versions of SSCOP: Q.SAAL and the ITU Q.2931 (formerly known by CCITT name of Q.93B). GlobespanVirata supports both SSCOP specifications.
20.6
Device Drivers
20.6.1 BUN Device Driver Framework The Broadband Unified Network (BUN) interface provides a generic interface to a broad range of packet and cell based hardware devices. BUN is frequently termed a device driver framework. It isolates hardware-independent functions from hardware-dependent primitives and in doing so, simplifies device driver development, maintenance, and debugging. 20.6.2 I.432 The BUN I.432 driver supports the I.432 interface on Helium including ATM cell pacing and Header Error Control (HEC) generation and reception. The interface is layered on top of the Utopia interface and hence inherently provides VP and VC support as well. The interface
436
provides a method of connection to ADSL PHYs that support I.432. This sometimes provides a less expensive solution than connecting via a Utopia interface. 20.6.3 HDLC The BUN HDLC driver controls HDLC transmission and reception on communications processors, such as Helium, which have a physical HDLC interface. The HDLC device driver is a lightweight process that is not processing intensive. 20.6.4 Ethernet The BUN Ethernet driver provides data transport to and from an Ethernet hardware interface at 10BaseT or 100BaseT. In addition, functions useful for debugging, such as loopback, are also provided. 20.6.5 Frame Relay The BUN Frame Relay driver provides multiple Frame Relay channels over a single HDLC channel. The driver uses two layers of multiplexing: Firstly, each FR channel is identified by Data Link Channel Identifier (DLCI - an analogy of ATM VPI/VCI). Secondly, each DLCI can be multiplexed further if you are using RFC1490 multiprotocol encapsulation over FR. The FR channel can be uniquely identified by DLCI and ProtocolType. The Frame Relay driver supports a complete set of Frame Relay management protocols and also FRF.12 interface and DLCI level segmentation. 20.6.6 PCI There is no PCI support provided on Helium. 20.6.7 USB The GlobespanVirata BUN Driver for Universal Serial Bus (USB) supports the USB 1.1 implementation for Helium.
437
Encapsulations
The GlobespanVirata BUN driver for USB supports Helium as a PC-attached device.
20.7
Encapsulations
The commonly used methods of encapsulating user data to be sent over an ATM link are: IPoA (RFC 1577) PPPoA (RFC 2364) PPPoE Relay Agent RFC 1483 Some of these methods encapsulate layer 2 data (RFC 1483) and some encapsulate layer 3 data (IPoA). These encapsulation processes are considered layer 2 or layer 2.5 protocols, as layer 3 and other layer 2 protocols rely upon them for transport over ATM. The GlobespanVirata flexible architecture allows these encapsulations, and hence the logical connections below them to be treated generically as are other interfaces such as Ethernet. For example, encapsulations can be attached to the Spanning-tree Bridge (see Other Layer 2 Protocols on page 440) or IP Router (see Layer 3 and Higher Protocols on page 440) just as the Ethernet interface can be attached. This provides the ability to easily: route or bridge between ports with traditional packet interfaces and ports with encapsulations or simply route or bridge between ports with encapsulations. 20.7.1 IPoA (RFC 1577) User data in the form of IP packets is encapsulated into AAL-5 PDUs for transport over ATM. The fact that the user data is routed at an IP layer instead of bridged at a MAC layer allows the source and destination to be on different subnets. A notable drawback of IPoA is the lack of authentication and configuration that would be provided by PPP.
438
20.7.2 PPPoA (RFC 2364) From a system perspective, the use of PPPoA is similar to IPoA in that user data for transmission is in the form of IP packets. In this case, however, a PPP session is established (using the GlobespanVirata PPP stack) to the remote NSP. The PPP packets are encapsulated according to RFC 2364 for transmission over an ATM link. On the receive side, the de-encapsulation is performed. The PPP session is terminated in the PP and the IP data can be delivered to the end user over, for example, Ethernet. 20.7.3 PPPoE Relay Agent This encapsulation method is used to transport PPP traffic over Ethernet. Using this encapsulation allows PPP sessions to be terminated on PCs that are connected to the Helium communications processor by Ethernet. In this case, there may be multiple PPP sessions, each from a PC in the CPE to a PPP aggregator, such as a router, in the CO. These multiple sessions can be to separate end networks (for example Internet and Corporate Network). The GlobespanVirata PPPoE relay agent recognises when locally originated PPPoE traffic is to be sent to the CO. Such traffic is, without unnecessary processing, forwarded to the correct destination network. This security is useful to prevent, for example, corporate bound data from being exposed to the Internet. The actual ATM encapsulation used in the PPPoE case is actually RFC 1483 because the local user data, though PPP, is encapsulated into Ethernet frames. 20.7.4 RFC 1483 RFC 1483 provides the simplest method of connecting end stations over an ATM network. User data in the form of Ethernet packets is encapsulated into AAL-5 PDUs for transport over ATM. Like IPoA, RFC 1483 provides no authentication and configuration that would be provided by PPP.
439
Other Layer 2 Protocols
20.8
Other Layer 2 Protocols

20.8.1 Spanning-tree bridge The GlobespanVirata Bridge module provides a transparent bridge between two physically disjoint networks with the spanning-tree option. Without the spanning-tree enabled, the bridge can only be used with network topologies that dont contain loops (redundancy). The spanning-tree algorithm handles redundancy and also increases robustness. 20.8.2 LEC The LAN Emulation Client (LEC) provides an ATM Forum LAN Emulation (LANE) Version 1.0 implementation. ATM Forum LANE is of most importance for LAN deployments of ATM and is not considered to have great relevance to xDSL CPE applications.
20.9
Layer 3 and Higher Protocols

This section assumes that the reader is knowledgeable with the basics of TCP/IP. 20.9.1 TCP The GlobespanVirata Transmission Control Protocol (TCP) is accessed using a standard Berkeley-type sockets interface which allows easy porting of existing Layer 3 and higher software into the GlobespanVirata protocol stack. 20.9.2 IP IP and IP routing are typically discussed together as they are both part of the Network layer (layer 3). However, IP is actually responsible for getting packets to where the router decides they should go. Conformance to IP RFCs is an extremely complex subject. 20.9.3 UDP User Datagram Protocol (UDP) is a peer to TCP that provides an unacknowledged transport protocol to applications. As UDP provides no acknowledgements, packet delivery is not guaranteed. Hence, UDP is best suited for applications that can tolerate periodic data loss. For example, SNMP and ping (ICMP) both use UDP.
440
20.9.4 DHCP The GlobespanVirata implementation of Dynamic Host Control Protocol (DHCP) provides both client and server functions. The client can be used, for example, to obtain a public IP address from an ISP. The DHCP server can be used to configure many local devices with private IP addresses. NAT can then be employed to allow the devices on the private network to send and receive data on the public network by sharing the public IP address. 20.9.5 NAT The Network Address Translator (NAT) implements Port Address Translation (PAT) and provides Network Address Port Translation (NAPT), also known as IP Masquerading. NAT allows a single real IP address on the WAN side to be shared among many devices on the LAN side, each of which have private addresses. 20.9.6 IP Router The GlobespanVirata software provides implementations of RIP v1 and RIP v2, either or both of which can be run on each interface. The IP router is an IPv4 router (no support for IPv6 is provided) which includes support for MTU path discovery. 20.9.7 PPTP The Point-to-Point Tunnelling Protocol (PPTP) provides the ability to transfer PPP data through a secure tunnel over a non-secure network such as the Internet. The usefulness is that the physical and logical terminations of the point-to-point link terminate in the unsecured network while the authentication and control terminate in the secure network. This allows, for example, an ISP to provide world wide local dial-in to corporate users. The corporate users dial into the ISP but their data is tunnelled over the Internet to a corporate PPTP network server (PNS). GlobespanVirata has implemented the client portion of PPTP that provides a PPTP Access Concentrator (PAC). 20.9.8 L2TP GlobespanVirata also provides a Layer 2 Tunnelling Protocol (L2TP) client or Access Concentrator (LAC). L2TP has the same primary function as PPTP that is to securely and transparently tunnel PPP data over an unsecured network.
ISOS (8.2 Service Release 2) User Guide DO-009467-PS (Issue 4, 6th Dec 2002) 441
Miscellaneous
L2TP, however, is a far more complex protocol that provides support for advanced security such as IPSec. PPTP is more commonly used in xDSL applications. Note To use L2TP on Windows 2000, IPSec is required. IPSec support is available from a number of third-party vendors. 20.9.9 Telnet GlobespanVirata provides a simple Telnet server that allows administrative access to the platform over TCP/IP. The implementation supports only a single session at a time. 20.9.10TFTP The GlobespanVirata TFTP implementation is primarily aimed at allowing files to be updated over a network connection. These updates are handled securely through GlobespanVirata extensions to TFTP. Access is provided to files stored on Flash through FlashFS (Flash memory filing system) and to files stored in memory through ISFS (In-Store Filing System).
20.10 Miscellaneous
20.10.1GlobespanVirata IPG The GlobespanVirata Inter-Processor Gateway (IPG) is the hardware interface between the PP and NP. Issues of synchronization and memory contention are transparent to the software process through such hardware assistance as doorbell registers, interrupts, and shared registers. 20.10.2Optional Windows Drivers To support PC-Attached applications such as PCI and USB ADSL modems, GlobespanVirata provides CoNDIS-5 drivers for use on Microsoft Windows 98SE and Windows 2000. The GlobespanVirata implementation extends BUN to the PC using the Virata Virtual Bus (VVB). The VVB simplifies development and maintenance of PC drivers. The CoNDIS-5 drivers allow PC-99 and
442
WHQL compliance and support the Microsoft architecture in which many of the layer 2 and layer 3 protocols (including ATM) are run on the PC. It should be noted, however, that the GlobespanVirata implementation performs SAR of AAL-5 PDUs on the Helium communications processor, which reduces the PC CPU requirements and driver complexity.
443
ISOS Module Configuration files
20.11 ISOS Module Configuration files

The following table lists the configuration files used by the ISOS modules described in this chapter. It also shows which modules store their configuration in the VMI configuration file - im.conf:
Module TR-037 Bridge BUN console DHCP Client DHCP Relay DHCP Server DNS Client DNS Relay Emweb ILMI IP/IPoa NAT OpenDSL PortCLI PPP/PPPoA/ PPPoE PPTP q93b signalling SNMP SNMP v3 TFTP Module name autopvc bridge bun console dhcpclient dhcprelay dhcpserver dnsclient dnsrelay webserver ilmi ip/ipoa nat opendsl portcli ppp pptp q93 snmp snmp tftp Config file No initbridge initbun cliconsole dhclient.conf dhcrelay.conf dhcpd.conf initdnsclient initdnsrelay initwebserver initilmi resolve services initnat No initportcli initppp initpptp initq93b snmpinit snmpd.cnf services In im.conf Yes Yes No No Yes Yes Yes Yes Yes No No Yes No Yes Yes No Yes Yes No No Yes No
444
Table 31:
ISOS Module configuration files
The following files are also normally found in ISFS. They are described in the table below:
Module banner.txt derived_data.dat dhclient.leases dhcpd.leases im.conf Module file webserver webserver dhcp dhcp Description GlobeSpanVirata startup text on CLI EmWeb Derived archive DHCP client lease database DHCP server lease database VMI configuration file used by many ISOS processes to store their configuration. Default VMI configuration file. im.conf.factory im.descriptions This file can be used to restore a default configuration. List of attribute text descriptions. VMI configuration file used to store system-specific Port information for a particular product. PP compiled image file NP compiled image file
im.system
image NPimage
Table 32:
ISOS ISFS files
For more information about how to include files in an image, refer to Including files in an image on page 91.
445
ISOS Module Configuration files
446
A:Installing ISOS System hardware
This chapter provides a quick overview of the BD6000 Series ISOS Systems and their capabilities and explains how to install the systems.
447
What is the ISOS System Evaluation System?
A.1
What is the ISOS System Evaluation System?

The ISOS System is the evaluation and software development system for the GlobespanVirata Helium communications processor family. It provides a proven development platform for evaluating the Helium family processors and supporting software. The term ISOS system Series Evaluation System refers to the following evaluation systems: BD6100 system BD6200, BD6210 systems BD6220 and BD6221 systems The ISOS System system provides standard interfaces which enable new hardware to be added to the system to enhance its functionality. This new functionality can be quickly integrated, using the GlobespanVirata Integrated Software On Silicon (ISOS) technology.
A.2
What are the differences between the BD6000 systems?

The systems contain different variants of the Helium communications processor: The BD6100 system is the evaluation system for the Helium 100 communications processor. The BD6200 system is the evaluation system for the Helium 200 communications processor. The BD6210 system is the evaluation system for the Helium 210 communications processor. The BD6220 system is the evaluation system for the Helium 210-80 communications processor. The BD6221 system is also the evaluation system for the Helium 210-80 communications processor. It is an updated version of the BD6220 system.
448
The main differences between the systems at a user level are the network and expansion interfaces provided. The following table summarizes the differences between all four chips:
Feature Clock speed Network interfaces Expansion interfaces He100 48 Utopia; 10Base-T He200 60 Utopia; MII EIO; USB; PCMCIA He 210 60 Utopia; MII; 10/100 Base-T EIO; USB; PCMCIA He210-80 80 Utopia; MII; 10/100 Base-T EIO; USB; PCMCIA
EIO; USB
The Helium 200 processor does not contain an on-chip Ethernet PHY. On BD6200 systems an Ethernet PHY is provided on the board as an external component which interfaces to the Helium processor via the MII interface. All other processors contain an on-chip physical Ethernet interface called an Ethernet PHY for either 10 or 10/100 Base-T Ethernet connections. The Helium 100 processor does not contain a PCMCIA interface.
A.3
What additional hardware components are needed?

You must have the following hardware components: Serial cable 10BaseT or 100BaseT Ethernet crossover cable ATM crossover cable You may also need the following component, depending on how you will be configuring the ISOS System: USB cable
A.4
How can ISOS System functionality be demonstrated?

To demonstrate the functionality of the ISOS System, you can set up a demonstration network using two ISOS System systems and two PCs.
449
How can ISOS System functionality be demonstrated?
A typical demonstration configuration is shown in the diagram below:

PC
Ethernet
ISOS System
ATM25
PC
Ethernet
ISOS System
Figure 79
Demonstration configuration for ISOS System systems
Using this setup, you can configure the ISOS System system in a number of ways to show it transferring data using different network protocols. Refer to the following chapters for more information about how to configure ISOS System systems: Configuring the ISOS System in Gateway mode on page 235. Configuring the ISOS System in PC-attached Gateway mode on page 275. Configuring the ISOS System in Switch mode on page 323. For more information about the protocols which can be used in the above configurations, refer to What configurations are supported by an ISOS System? on page 8.
450
A.5
To install the ISOS System system in any type of configuration, you need to carry out the following steps:
1 2 3 4
Unpack and inspect the ISOS System system and its components; see Unpacking the ISOS System on page 452. Read all appropriate safety, warning and legal notices; see Reading important notices on page 453. Position the ISOS System; see Positioning the ISOS System on page 453. Connect up the ISOS System; see Connecting the ISOS System on page 453.
The above steps are described in the following sections. After completing this chapter, you will then need to refer to subsequent chapters to install appropriate supporting software.
A.6
Pre-requisites
Before starting the ISOS System installation procedure, ensure that you meet or have considered the following points: There are various configuration options supported for a ISOS System. Ensure that you know which type of basic configuration you wish to setup. (The options available are described in What are the features of each supported configuration? on page 10.) Ensure that you have the correct versions of GlobespanVirata software and tools for the operating system that you are using. Ensure that you have a computer running an operating system which supports your chosen ISOS System configuration. (The currently supported OSs are listed in What software platforms are supported? on page 18.) All the above information is described in Introduction on page 7.
451
Unpacking the ISOS System
A.7
Unpacking the ISOS System

20.11.1Procedure Carefully unpack the ISOS System and all other components in the box. As you remove each component from the box, perform a quick visual check to ensure that no damage has occurred during delivery. 20.11.2Packing list The items that are delivered with the system are listed below: One ISOS System. One power supply unit (to match your local main electricity supply system). One power supply cable, from the main electricity supply to the power supply unit (to match your local main electricity supply system). Packing List. Safety Warning Notice. EMC Warning Notice.
452
A.8
Reading important notices

The following notices must be read before proceeding with the installation: Safety Warning notice. EMC Warning notice. 20.11.3Safety Warning notice A Safety Warning Notice is provided with your system. It must be read before proceeding with the installation. 20.11.4EMC Warning notice An EMC Warning Notice is provided with your system. It must be read before proceeding with the installation.
A.9
Positioning the ISOS System

The ISOS System must be positioned in an area which conforms to EMC requirements. (For more information, refer to EMC Warning notice on page 453.) In addition, you should observe the following considerations when positioning the system: The system is not sealed and should not be exposed to ingress of water or excessive dust. Free air circulation around the units, especially the power supply, should be ensured. The units are disconnected from power by removing the power cable from the electricity supply outlet. Therefore, the system must be located close to a power outlet that is easily accessible.
A.10 Connecting the ISOS System

There are a number of connection options provided by the ISOS System. The options you choose depend upon the configuration of your system. (For more information, refer to What are the features of each supported configuration? on page 10.) The general procedure to follow is:
1
Make all necessary data connections to the ISOS System.
453
Connecting the ISOS System
2 3
Make all necessary management connections to the ISOS System. Make a power connection to the ISOS System.
The above steps are covered in the following sections for each possible configuration supported for the ISOS System. 20.11.5For a Gateway configuration To connect an ISOS System in a Gateway configuration, follow the steps below:
1
For the data connection: connect the Ethernet port on the ISOS System (10BASET or 10/100BASET (depending on the system you are installing)) to the Ethernet port on your computer. The connection can be made using an Ethernet Hub, or directly using an Ethernet crossover cable. For the management connection: connect the Serial port on the ISOS System (RS232) to the Serial port on your computer. (The characteristics of the Terminal connection are given in Serial port settings on page 354.) For the power connection:
a
Connect the DC power supply cable from the AC/DC power supply unit to the power supply port on the ISOS System (DC POWER IN 5V/4A). If you have a switched power supply, connect the AC/DC power supply unit to the electricity supply using the supplied power cable, but do not supply power from the electric supply yet. If you do not have a switched power supply, locate the power supply cable but do not yet plug it in. Warning - If the cable supplied does not match the local system, do not attempt to use it; contact the GlobespanVirata Technical Advice Center for a replacement cable.
454
The following diagram shows the connections which should now be present between your computer and the ISOS System:
PC
ISOS System
Serial
RS232
HUB Ethernet
10/100BaseT DC POWER IN
DC supply
Power supply
p
Figure 80 Connecting the ISOS System (Gateway) The next step is to power on the ISOS System. Refer to Powering on the ISOS System on page 459. 20.11.6For a PC-attached Gateway configuration To connect up an ISOS System in a PC-attached Gateway configuration, follow the steps below:
1
For the data connections:

a
Connect the Ethernet port on the ISOS System (10BASET or 10/100BASET (depending on the system you are installing)) to the Ethernet port on your computer. The connection can be made using an Ethernet Hub, or directly using an Ethernet crossover cable.
455
Connect the USB port on the ISOS System (USB) to the USB port on your computer. The connection can be made using a standard USB interconnect cable.
For the management connection: connect the Serial port on the ISOS System (RS232) to the Serial port on your computer. (The characteristics of the Terminal connection are given in Serial port settings on page 354.) For the power connection:
a
Connect the DC power supply cable from the AC/DC power supply unit to the power supply port on the ISOS System (DC POWER IN 5V/4A). If you have a switched power supply, connect the AC/DC power supply unit to the electricity supply using the supplied power cable, but do not supply power from the electric supply yet. If you do not have a switched power supply, locate the power supply cable but do not plug it in yet. Warning - If the cable supplied does not match the local system, do not attempt to use it; contact the GlobespanVirata Technical Advice Center for a replacement cable.
456
PC
ISOS RS232 USB 10/100BaseT DC POWER IN
Serial USB HUB Ethernet
DC supply
Power supply
p
Figure 81
Connecting the ISOS System (PC-attached Gateway)
The next step is to power on the ISOS System. Refer to Powering on the ISOS System on page 459. 20.11.7For a Switch configuration To connect an ISOS System in a Switch configuration, follow the steps below:
1
For the data connection: connect the ATM25 port on the ISOS System to the ATM port on your ATM network device. The type of ATM cable you use depends on the type of ATM network device you are connecting up with the ISOS System system: For a connection to an ATM switch, use a crossover cable. For a connection to an ATM network end-point such as an ATM NIC card, use a straight-through cable.
457
For the management connection: connect the Serial port on the ISOS System (RS232) to the Serial port on your computer. (The characteristics of the Terminal connection are given in Serial port settings on page 354.) For the power connection:
a
Connect the DC power supply cable from the AC/DC power supply unit to the power supply port on the ISOS System (DC POWER IN 5V/4A). If you have a switched power supply, connect the AC/DC power supply unit to the electricity supply using the supplied power cable, but do not supply power from the electric supply yet. If you do not have a switched power supply, locate the power supply cable but do not plug it in yet. Warning - If the cable supplied does not match the local system, do not attempt to use it; contact the GlobespanVirata Technical Advice Center for a replacement cable.
458
PC
ISOS System
Serial
RS232
ATM25 ATM DC POWER IN ATM Network Node
DC supply
Power supply
p
Figure 82
Connecting the ISOS System (Switch)
The next step is to power on the ISOS System. Refer to Powering on the ISOS System on page 459.
A.11 Powering on the ISOS System

To power up the ISOS System, follow the procedure below:
1 2
Supply power to the ISOS System. When the ISOS System has powered up correctly, the bank of LEDs on the front panel will be lit.
The ISOS System will boot up using the ISOS image it has pre-installed in Flash memory, although, this is a test image and is not suitable for use. Refer to Installing ISOS software on page 27 to install the software and build a usable image.
459
Powering on the ISOS System
460
Index
Symbols
$VIRATA_TOOLS 46 /etc/bootptab 103 /etc/dhcpd.conf 101 /etc/inetd.conf 103 /tftpboot 101 /usr/sbin/bootpd 103 /usr/sbin/tcpd 103 augustus_pp_boot 410
B
Boot ROM 410 Boot ROM console 122, 123 Bootp server 106 BOOTP/TFTP server 240 bootptab 105 BOOTREQUEST 113 Bridge configuration file 444 Bridged configuration examples 238, 302 BUN 436 Bun configuration file 444 bun list channels console command 398 BUN RFC 1483 243
A
AAL encapsulation 434 AAL-2 435 AAL-5 435 aconfig 405 Adobe Acrobat 5 ADSL 9 ADSL PHYs 437 air circulation 453 AIS 435 application layer 433 ARM 7 433 ATM 9 ATM Adaptation Layer 435 ATM crossover cable 239, 326 ATM Driver 434 ATM Forum 434 ATM port 0 239, 326 ATMOS bridge module 243 atm-switch 69 augustus_np_boot 410
C
Caution symbol 5 CCITT 436 CHAP authentication 270, 272 Chip support package 29 chips console command 395 chips mem console command 397 Classical IP 250 CLI access permissions 129 CO 439 CoNDIS-5 442 config list console command 224 config print ip console command 224 Config.h 10
461
configeeprom 121, 122 configuration files 219 console help 139 navigating 138 console enable 137 conventions typographical 4 CPCS 435 CPE 436, 439 CSP 29 customized images 94 CYAN_POOL_PREFIX 269, 277, 285, 286, 316
E
EMC Warning notice 453 Emweb configuration file 444 end stations 439 error correction 431 error detection 431 Ethernet 9 Ethernet driver 437 Ethernet PHY 431 eth-gateway 69 eth-gateway-recovery 69 event buffer 399 event console command 399 extra-sw 69
D
data connections 453 data link layer 431 DC Power In connector 240, 326, 422 Debian (Linux) 35 Debian packages 35 device driver framework 436 dhclient.conf 444 DHCP 432 DHCP client configuration file 444 DHCP relay configuration file 444 DHCP server configuration file 444 dhcpd reload 102 dhcpd.conf 444 dhcpd.leases 101 dhcrelay.conf 444 DMA 433 DNS 432 dpkg 35 DSL PHY 13 Dynamic Host Control Protocol 441
F
Feedback 5 File 202 FLANE 288 Flash booting 17 Flash memory filing system 442 FLASH partitions 203 flash.bin 65 FLASHFS 241, 305 FlashFS 202, 442 flashfs console command 394 flashfs rewrite 411 flashfs update console command 214 flash-rewrite 69, 410 Frame Relay 431 FTP 433
G
Gateway 9 gateway 74
462
Gateway configuration connecting 454, 457 gdbterm 126 Getting Started CD 29 GNU make 23 gunzip 42, 43, 44, 45
H
Hardware type 65 HDLC 9, 437 he_serialboot_main 116 HEC 436 home-router 69 HyperTerminal 24, 127
IP Masquerading 441 ip portname 416 IP Router 9 IP Router configuration file 444 IP Routing 433 IPG 442 IPoA 326, 438 IPSec 442 IPv4 441 IPv6 441 ISFS 10, 202, 442 isfs ls console command 206 ISOS source 30 ISOS tools 33 ISP 441 ITU X.410 433
I
I.432 436 I.610 435 ICMP 431, 440 ICMP Ping 268, 315 ILMI 241, 435 ILMI configuration file 444 image validation header 389 initbridge 444 initbun 444 initilmi 444 initnat 444 initppp 444 initpptp 444 initq93b 444 initwebserver 444 In-Store Filing System 442 Internet Explorer 5 Inter-Processor Gateway 442 IP 440 IP address 396
L
L2TP 441 LAC 441 LAN Emulation Client 440 Layer 2 bridging 243 layer 2.5 protocols 438 line endings 226 Linux 22
M
MAC address 395 management connections 454 Minicom 127 minicom 22 mkflash 227 mkproduct 80, 81, 87, 407 MTU path discovery 441
463
N
NAPT 441 NAT 433, 441 NAT configuration file 444 netmask 101 NetScape Navigator 5 network layer 431 Note symbol 5, 24, 39, 68, 277, 281, 285,
286
PPP Ethernet-encapsulated data 267 PPPoA 438 PPPoA peer 298 PPPoE Access Concentrator 268, 315 PPPoE Access Concentrator (AC) 267 PPPoE Relay Agent 438 PPTP Access Concentrator 295, 441 PPTP configuration file 444 PPTP Network Server 295 presentation layer 433 Product type 65
O
OS Kernel 434 OSI model 433 OSI Reference Model 434
Q
Q.2931 431, 436 Q.2971 436 Q.93B 436 Q.SAAL 436 q93b signalling configuration file 444
P
PAC 298, 441 PAP authentication 270, 272 PAT 441 PC Driver software 52 PC-99 compliance 442 PC-attached Gateway 9 connecting 455 PCI support 437 pci-modem product 65 PDUs 438 peak cell rate 252, 254, 310, 312 physical layer 431 pkgadd 38 PNS 298, 441 Point-to-Point Tunnelling Protocol 441 power connection 454 power supply 452 PPP 9 PPP configuration file 444
R
RDI 435 rebooting 119 RedHat (Linux) 36 RedHat rpms 35 Release notes 32 Reset button 109, 121, 122, 123 resolve 444 RFC 1483 438 RFC 1577 438 RFC 1918 241, 304 RFC 2364 438 RFC1577 250 RIP v1 441 RIP v2 441 RISC processor 433 Routed configuration examples 238
464
routing 431 rpm 37
S
Safety Warning notice 453 SAR 434, 443 serial ROM 405 serialboot_loader 69 services 444 SNMP configuration file 444 SNMP statistics 424 snmpinit 417, 444 Solaris 23, 38 Solaris packages 35 SONET 431 source (CLI) 135 spanning-tree 440 SSCOP 436 SSCS 435 SVC 241 symbolic link 102 Symbols, used in this guide 5 System Properties dialog box 40, 47
tmp, NT environment variable 40 Trace output 399 transparent bridge 440 transport layer 432 Tunnelling configuration examples 238 typographical conventions 4
U
UDP 432, 440 UNI signalling 433 unzip 22 uptime console command 394 USB 9, 437 usb-gateway 69 usb-gateway-lean 69 User Datagram Protocol 440 UTOPIA 434 UTOPIA/EIO port 13
V
VCI 241 VIRATA_TOOLS 36, 37, 39 virata-tools-ver console command 405
T
TCP 432, 440 Telnet 433, 442 temp, NT environment variable 40 TFTP 116 TFTP Boot server 22, 23 TFTP configuration file 444 TFTP server 14 tftpd server 113 tftplock.key 417 tftpupdt.beg 418 tftpupdt.end 418
W
Warning symbol 5 which aconfig 405 WHQL compliance 443 Windows 2000 19 Windows 98 FE 19 Windows 98 SE 19 Windows ME 19 Windows NT 23 Windows NT executables 35
465
WinZip 24
X
xDSL 431, 440, 442
Z
Zip 41
466

Do 009467 PS 4

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Do 009467 PS 4

Загружено:

Авторское право:

Доступные форматы

ISOS (8.

2 Service Release 2) User Guide

http://www.globespanvirata.com GlobespanVirata Headquarters

3. Installing ISOS software 27

4. Installing PC Driver software 51

5. Building an ISOS image 61

6. Booting the ISOS System in Gateway mode 99

7. Configuring Booting of an ISOS System 115

8. Using the CLI 125

9. Using the EmWeb server 141

10. Using the ISOS File Manager 201

11. Configuring ISOS modules 217

12. Compressing an ISOS image 229

13. Configuring the ISOS System in Gateway mode 237

14. Configuring the ISOS System in PC-attached Gateway mode 301

15. Configuring the ISOS System in Switch mode 323

16. Configuring security on the ISOS System 331

17. Obtaining and changing system setup information 387

18. Upgrading an ISOS System 403

19. Troubleshooting network configurations 419

20. ISOS Modules description 429

A: Installing ISOS System hardware 447

1. About this Guide

Structure of this guide

Structure of this guide

About this Guide

About this Guide

Reading this guide

Documentation Reference Roadmap

Documentation Reference Roadmap

ISOS 8.2 (SR2) CLI Ref Manual (DO-009430-PS)

Hardware BD6200/BD6210 BD6220, Hardware Guide (DO-008202-PS)

File system ATMOS ISFS & FLASHFS (DO-007101-PS)

BD6100 Hardware Guide (DO-980097-PS) BD6221 Hardware Guide (DO-008606-SP)

What is an ISOS System?

What configurations are supported by an ISOS System?

How is the ISOS System configured?

What are the features of each supported configuration?

What are the features of each supported configuration?

PC-attached (USB) Gateway features

What are the features of each supported configuration?

Switch The table below defines the features of a Switch configuration:

What is the typical setup for each supported configuration?

What is the typical setup for each supported configuration?

A typical Gateway (bridge) configuration is shown in more detail below:

BUN ATM driver BUN ADSL PHY driver

BUN Ethernet driver

Typical PC-attached (USB) Gateway configuration

What is the typical setup for each supported configuration?

A typical PC-attached Gateway configuration is shown in more detail below:

PC (USB)-attached Gateway (detailed configuration)

What software platforms are supported?

Typical Switch configuration

ATM network device

ATM25 ATM protocols ISOS System

ATM Switch Network ATM25

ATM network device

Typical Switch configuration

What software platforms are supported?

What software development platforms are supported?

What software development platforms are supported?

Supported software platforms for ISOS