Simple sample Prolink Load Balancing Cryptone.Net
Tuesday, December 11, 2007Config Show
System Configuration Setting
=========================================================================
Firmware: Version : TMH121-A V1013-MB2.4-E
Release Date : Jan 24 2006
Printout Time : SUN NOV 25 16:30:40 2007
Time Zone : GM+08:00
Primary NTP IP: time.chttl.com.tw
Secondary NTP : stdtime.gov.hk
=========================================================
LAN status: IP address : 192.168.1.1
MAC address : 00:D0:DA:00:18:51
Mask : 255.255.255.0
Dhcp status : Enable
Dhcp IP Start : 192.168.1.12 - 192.168.1.20
DNS IP address: 203.130.193.74
=========================================================
DHCP
reserved IP: MAC address IP address
-----------------------------------
=========================================================
WAN status: 1.IP address : 192.168.11.100
Netmask : 255.255.255.0
MAC address : 00.d0.da.00.18.52
Connect To : InterNet
Current status: Enable
Healthy Check : NoDefault
Type : Static IP
Primary DNS : 192.168.11.254
Secondary DNS : 203.130.193.74
GatewayAddress: 192.168.11.254
Schedule : Disable
---------------------------------------------------------
2.IP address : 192.168.12.100
Netmask : 255.255.255.0
MAC address : 00.d0.da.00.18.53
Connect To : InterNet
Current status: Enable
Healthy Check : NoDefault
Type : Static IP
Primary DNS : 192.168.12.254
Secondary DNS : 203.130.193.74
GatewayAddress: 192.168.12.254
Schedule : Disable
=========================================================
Routing setup: Work mode : Basic NAT mode
Static Route :
Network NetMask Gateway Status
-------------------------------------------------------
---------------------------------------------------------
Dynamic Route : Status: Disable
=========================================================
Routing Table: Network NetMask Gateway
---------------------------------------------------
0.0.0.0 0.0.0.0 192.168.12.254
192.168.1.0 255.255.255.0 192.168.1.1
192.168.11.0 255.255.255.0 192.168.11.100
192.168.12.0 255.255.255.0 192.168.12.100
=========================================================
IP Filtering: No. IP address Port Pass/Drop status
-------------------------------------------------------------------------------------------
=========================================================
Remote
IP Filtering: No. IP address Status
---------------------------
=========================================================
DoS Defense: Function Parameter Time of Lock Status
---------------------------------------------------------
Oversized Ping 32 Enable
Port Scan 1000 5 Enable
TCP SYN Flooding (Wan) 1000 5 Enable
TCP SYN Flooding (Lan) 1000 5 Enable
ICMP Flooding (Wan) 1000 5 Enable
ICMP Flooding (Lan) 1000 5 Enable
UDP Flooding (Wan) 1000 5 Enable
UDP Flooding (Lan) 1000 5 Enable
=========================================================
ALG: Options Status
---------------------------------------------------------
Ipsec Pass Through (Port 500) Disable
PPTP Pass Through (Port 1723) Disable
VOIP Pass Through Disable
=========================================================
Virtual Server: ID Global_Port Local_Port Local_IP_address Status
-----------------------------------------------------
---------------------------------------------------------
Group: StartPort EndPort Local_IP_address TCP/UDP Status
-----------------------------------------------------
=========================================================
Multi-DMZ Host: No. DMZ_Host_IP_address IP_address_from_ISP Status
-----------------------------------------------------
---------------------------------------------------------
Dynamic-IP-DMZ: Wan HOST_IP_address Status
----------------------------------
1 0.0.0.0 Disable
2 0.0.0.0 Disable
=========================================================
Multi-NAT: No LAN_IP_address NetMask Wan_IP Wan_No
---------------------------------------------------------
=========================================================
Load Balance: Weight Round Robin
Wan 1: 1
Wan 2: 1
=========================================================
Dynamic DNS: Status : Disable
=========================================================
Proxy Server: Status: Disable
=========================================================
Mail Alert : Status: Disable
=========================================================
URL Filtering : Status: Disable
=========================================================
Throughput
Control : Wan DownLoad(kbits/s) UpLoad(kbits/s) Port Usage% Status
---------------------------------------------------------
1. 384 64
---------------------------------------------------------
2. 384 64
=========================================================
WAN CONTROL:
Special : StartPort EndPort Select-WAN Status
Application ----------------------------------------
1000 3127 Wan1 Enable
3129 8079 Wan1 Enable
8081 65000 Wan1 Enable
1 1000 Wan2 Enable
3128 3128 Wan2 Enable
8080 8080 Wan2 Enable
6667 7000 Wan2 Enable
5050 5060 Wan2 Enable
---------------------------------------------------------
IP binding : No Start-Remote-IP End-Remote-IP StartPort EndPort Select-WAN Status
-------------------------------------------------------------------------
1. 0.0.0.0 0.0.0.0 1000 3127 Wan1 Enable
2. 0.0.0.0 0.0.0.0 3129 8079 Wan1 Enable
3. 0.0.0.0 0.0.0.0 8081 65000 Wan1 Enable
4. 0.0.0.0 0.0.0.0 1 1000 Wan2 Enable
5. 0.0.0.0 0.0.0.0 3128 3128 Wan2 Enable
6. 0.0.0.0 0.0.0.0 8080 8080 Wan2 Enable
7. 0.0.0.0 0.0.0.0 6667 7000 Wan2 Enable
8. 0.0.0.0 0.0.0.0 5050 5060 Wan2 Enable
---------------------------------------------------------
Special IP : Start-IP-Address End-IP-Address WAN Status
Assignment --------------------------------------------
=========================================================
QoS IP Control: Local_IP_address DownLoad(kbits) UpLoad(kbits) Wan-Apply Min/Max Status
------------------------------------------------------------------------
=========================================================
Remote Control: Status: Disable
=========================================================
MAC IP binding: Status : Enable
Selection: BLOCK all packets
which were not in the following list
MAC-Address IP-Address
----------------------------------
=========================================================================Simple Sample DLINK Load Balancing Configuration
Wan 1 Configuration
config wan 2
Config Porting LoadBalancing for trafik priority
dlink statistics
Detail CISCO DSLAM
Monday, December 10, 2007User EXEC Mode
When you log in to the Cisco DSLAM, you are in user EXEC, or simply EXEC, command mode. The EXEC mode commands available at the user level are a subset of those available at the privileged level. The user EXEC mode commands allow you to connect to remote switches, change terminal settings on a temporary basis, perform basic tests, and list system information.
The user EXEC mode prompt consists of the DSLAM host name followed by the angle bracket (>):
Frodo>
or
DSLAM>
The default host name is DSLAM, unless it has been changed through use of the host name global configuration command.
Privileged EXEC Mode
The privileged EXEC mode command set includes all user EXEC mode commands and the configure command, through which you can access global configuration mode and the remaining configuration submodes. Privileged EXEC mode also includes high-level testing commands, such as debug, and commands that display potentially secure information.
To enter or exit privileged EXEC mode, follow these steps:
Command Task
Step 1
DSLAM> enable
Password:password
Enter privileged EXEC mode from EXECmode.1
Step 2
DSLAM#
Enter privileged EXEC commands.
Step 3
DSLAM# disable
DSLAM>
Exit privileged EXEC mode and return to EXEC mode.2
1The prompt changes to the DSLAM host name followed by the pound sign (#).
2The prompt changes back to the DSLAM host name followed by the angle bracket (>).
The system administrator uses the enable password global configuration command to set the password, which is case sensitive. If an enable password was not set, you can access privileged EXEC mode only from the console.
ROM Monitor Mode
ROM monitor mode provides access to a basic system kernel, from which you can boot the Cisco DSLAM or perform diagnostic tests. The system can enter ROM mode automatically if the Cisco DSLAM does not find a valid system image, or if the configuration file is corrupted. The ROM monitor prompt is rommon x> without the DSLAM host name. The x represents the number of commands entered into the prompt.
You can also enter ROM monitor mode by interrupting the boot sequence with the Break key during loading.
To return to EXEC mode from ROM monitor mode, use the cont command:
rommon 1> cont
DSLAM>
Global Configuration Mode
Global configuration mode provides access to commands that apply to the entire system. From global configuration mode you can also enter the other configuration modes described in these sections.
Command Task
Step 1
DSLAM# configure
or
DSLAM# configure terminal
Enter global configuration mode from privileged EXEC mode.
Step 2
Configuring from terminal, memory,
or network [terminal]?
This prompt appears only if you use the first option in Step 1. Specify the source of the configuration commands at the prompt. You can specify the terminal, NVRAM, or a file stored on a network server as the source of configuration commands. The default is to enter commands from the terminal console.
Step 3
DSLAM(config)#
Enter configuration commands.1
Step 4
DSLAM(config)# exit
Exit global configuration mode and return to privileged EXEC mode.
1The prompt changes to (config)#.
Interface Configuration Mode
Interface configuration mode provides access to commands that apply to an interface. Use these commands to modify the operation of an interface such as an ATM, Ethernet, or asynchronous port.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# interface interface-type
interface-number
Enter interface configuration mode from global configuration mode.1
Step 3
DSLAM(config-if)# exit
Exit interface configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-if)#.
Profile Configuration Mode
Profile configuration mode provides access to DSL profile commands. (See "Configuring Digital Subscriber Lines".)
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# dsl-profile profile-name
Enter profile configuration mode and specify a profile.1
Step 3
DSLAM(cfg-dsl-profile)# exit
Exit profile mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (cfg-dsl-profile)#.
Line Configuration Mode
Line configuration mode provides access to commands used to configure lines on the DSLAM.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# line line-index
Enter line configuration mode from global configuration mode.1
Step 3
DSLAM(config-line)# exit
Exit profile mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-line)#.
ATM Router Configuration Mode
ATM router configuration mode provides access to commands used to configure Private Network-to-Network Interface (PNNI) routing.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# atm router pnni
Enter ATM router configuration mode from global configuration mode.1
Step 3
DSLAM(config-atm-router)# exit
Exit ATM router configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-atm-router)#.
PNNI Node Configuration Mode
The PNNI node configuration mode is a submode of ATM router configuration mode and provides access to commands you use to configure PNNI nodes on the Cisco DSLAM.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# atm router pnni
Enter ATM router configuration mode from global configuration mode.1
Step 3
DSLAM(config-atm-router)# node
node-index
Enter PNNI node configuration mode from ATM router configuration mode.2
Step 4
DSLAM(config-pnni-node)# exit
Exit PNNI node configuration mode and return to ATM router configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-atm-router)#.
2The prompt changes to (config-pnni-node)#.
Auto-sync Configuration Mode
The auto-sync configuration mode is a submode for automatically synchronizing the configuration/flash between the Cisco primary and secondary redundant NI-2s.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# auto-sync
Enter auto-sync configuration mode.1
Step 3
DSLAM(config-auto-sync)# file
Enter the configuration or flash file that you want to be automatically synchronized.
Step 4
DSLAM(config-auto-sync)# exit
Exit auto-sync configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-auto-sync)#.
Redundancy Configuration Mode
The redundancy configuration mode provides access to commands used to configure redundancy on the DSLAM.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# redundancy
Enter redundancy configuration mode from global configuration mode.1
Step 3
DSLAM(config-red)# exit
Exit redundancy configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-red)#.
VRF Configuration Mode
The VPN routing/forwarding instance (VRF) configuration mode provides access to commands used to configure a VRF on the DSLAM.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# ip vrf vrf-name
Enter VRF configuration mode from global configuration mode.1
Step 3
DSLAM(config-vrf)# exit
Exit VRF configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-vrf)#.
DHCP Pool Configuration Mode
The DHCP configuration mode provides access to commands used to configure a DHCP server on the DSLAM.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# ip dhcp pool name
Enter DHCP pool configuration mode from global configuration mode.1
Step 3
DSLAM(config-dhcp)# exit
Exit DHCP configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-dhcp)#.
ATM Accounting File Configuration Mode
ATM accounting file configuration mode provides access to commands used to configure a file for accounting and billing of virtual circuits (VCs).
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# atm accounting file
accounting-filename
Enter ATM accounting file configuration mode from global configuration mode.1
Step 3
DSLAM(config-acct-file)# exit
Exit ATM accounting file configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-acct-file)#.
ATM Accounting Selection Configuration Mode
ATM accounting selection configuration mode provides access to commands used to specify the connection data to be gathered from the DSLAM.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# atm accounting selection
accounting-selection-index
Enter ATM accounting selection configuration mode from global configuration mode.1
Step 3
DSLAM(config-acct-sel)# exit
Exit ATM accounting selection configuration mode and return to global configuration mode. Enter end to return to privileged EXECmode.
1The prompt changes to (config-acct-sel)#.
ATM E.164 Translation Table Configuration Mode
ATM E.164 translation table configuration mode provides access to commands that you use to configure the translation table that maps native E.164 format addresses to ATM end system (AESA) format addresses.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# atm e164 translation-table
Enter ATM E.164 translation table configuration mode from global configuration mode.1
Step 3
DSLAM(config-atm-e164)# exit
Exit ATM E.164 translation table configuration mode and return to global configuration mode. Enter end to return to privileged EXECmode.
1The prompt changes to (config-atm-e164)#.
ATM Signaling Diagnostics Configuration Mode
ATM signaling diagnostics configuration mode provides access to commands used to configure the signaling diagnostics table.
Command Task
Step 1
DSLAM# configure terminal
Go to global configuration mode.
Step 2
DSLAM(config)# atm signalling diagnostics
Enter ATM signaling diagnostics configuration mode.
Step 3
DSLAM(cfg-atmsig-diag)# exit
Exit ATM signaling diagnostics configuration mode and return to global configuration mode. Enter end to return to privileged EXECmode.
Using Context-Sensitive Help
The user interface provides context-sensitive help in all modes. This section describes how to configure and display context-sensitive help.
Configuring Help for Terminal Sessions
The following commands configure full help.
Command Task
DSLAM# terminal full-help
In privileged EXEC mode, configure the current terminal session to receive help for the full set of user-level commands.
DSLAM(config-line)# full-help
In line configuration mode, configure a specific line to allow users without privileged access to obtain full help.
Displaying Context-Sensitive Help
To get help specific to a command mode, a command, a keyword, or an argument, perform one of these tasks:
Command Task
help
Obtain a brief description of the help system in any command mode.
abbreviated-command-entry?
Obtain a list of commands that begin with a particular character string.
abbreviated-command-entry
Complete a partial command name.
?
List all commands available for a particular command mode.
command ?
List the associated keywords of a command.
command keyword ?
List the associated arguments of a keyword.
To view a list of commands that begin with a particular character sequence, type those characters followed immediately by the question mark (?). Do not include a space. This form of help is called word help, because it completes a word for you.
In this example, the system displays the possible commands in privileged EXEC mode that begin with "co."
DSLAM# co?
configure connect copy
This form helps you determine the minimum subset that you can use to abbreviate a command.
Command Syntax Help
To list keywords or arguments, enter a question mark (?) in place of a keyword or argument. Include a space before the ?. This form of help is called command syntax help, because it reminds you which keywords or arguments are applicable based on the command, keywords, and arguments you have already entered.
This example demonstrates the use of command syntax help to complete the access-list command. Entering the question mark (?) displays the allowed arguments:
DSLAM(config)# access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
Enter the access list number, 99, followed by a question mark (?) to display the allowed keywords:
DSLAM(config)# access-list 99 ?
deny Specify packets to reject
permit Specify packets to forward
Enter the deny argument followed by a question mark (?) to display the next argument (host name or IP address) and two keywords:
DSLAM(config)# access-list 99 deny ?
Hostname or A.B.C.D Address to match
any Any source host
host A single host address
Enter the IP address followed by a question mark (?) to display a final (optional) argument. The
DSLAM(config)# access-list 99 deny 131.108.134.0 ?
A.B.C.D Wildcard bits
DSLAM(config)#
The system adds an entry to access list 99 that denies access to all hosts on subnet 131.108.134.0.
Checking Command Syntax
The user interface provides an error indicator (^) that appears in the command string in which you have entered an incorrect or incomplete command, keyword, or argument.
This example shows a command entry that is correct up to the last element:
DSLAM# clock set 13:04:30 28 apr 98
^
% Invalid input detected at '^' marker.
The caret symbol (^) and help response indicate the location in which the error occurs. To list the correct syntax, re-enter the command, substituting a question mark (?) where the error occurred:
DSLAM# clock set 13:32:00 23 February ?
<1993-2035> Year
DSLAM# clock set 13:32:00 23 February
Enter the year, using the correct syntax, and press Enter to execute the command:
DSLAM# clock set 13:32:00 23 February 1993
Using the Command History Features
The user interface provides a history or record of commands you enter. You can use the command history feature for recalling long or complex commands or entries, including access lists. With the command history feature, you can complete the tasks in the following sections:
* Setting the Command History Buffer Size
* Recalling Commands
* Disabling the Command History Feature
Setting the Command History Buffer Size
By default, the system records ten command lines in its history buffer. Use the following commands to set the number of command lines the system records:
Command Task
DSLAM# terminal history [size
number-of-lines]
In privileged EXEC mode, enable the command history feature for the current terminal session.
DSLAM(config-line)# history
[size number-of-lines]
In line configuration mode, enable the command history feature for a specific line.
Recalling Commands
To recall commands from the history buffer, perform one of these tasks:
Key Sequence/Command Task
Press Ctrl-P or the Up Arrow key.1 Recall commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands.
Press Ctrl-N or the Down Arrow key.1 Return to more recent commands in the history buffer after recalling commands with Ctrl-P or the Up Arrow key. Repeat the key sequence to recall successively more recent commands.
DSLAM> show
history
While in EXEC mode, list the last several commands you have just entered.
1The arrow keys function only on ANSI-compatible terminals such as VT100s.
Disabling the Command History Feature
The command history feature is automatically enabled. Use the following commands to disable it:
Command Task
DSLAM> terminal no
history
In EXEC mode, disable the command history feature for the current terminal session.
DSLAM(config-line)
# no history
In line configuration mode, configure the line to disable the command history feature.
Enabling Enhanced Editing Mode
Although the current software release enables the enhanced editing mode by default, you can disable it and revert to the editing mode of previous software releases. Use the following commands to re-enable the enhanced editing mode:
Command Task
DSLAM> terminal
editing
In EXEC mode, enable the enhanced editing features for the current terminal session.
DSLAM(config-line)
# editing
In line configuration mode, enable the enhanced editing features for a specific line.
Moving Around on the Command Line
Use these keystrokes to move the cursor around on the command line for corrections or changes:
Keystrokes Task
1The arrow keys function only on ANSI-compatible terminals such as VT100s.
Completing a Partial Command Name
If you cannot remember a complete command name, you can use Tab to allow the system to complete a partial entry:
Keystrokes Task
If your keyboard does not have Tab, press Ctrl-I instead.
In this example, when you enter the letters conf and press Tab, the system provides the complete command:
DSLAM# conf
DSLAM# configure
If you enter an ambiguous set of characters, the system generates an error message. To display the list of legal commands beginning with the specified string, enter a question mark (?) after you see the error message. See the "Using Word Help" section.
Pasting in Buffer Entries
The system provides a buffer that contains the last ten items you deleted. You can recall these items and paste them in the command line by using these keystrokes:
Keystrokes Task
The buffer contains only the last ten items you have deleted or cut. If you press Esc Y more than 10 times, you cycle back to the first buffer entry.
Editing Command Lines that Wrap
The new editing command set provides a wraparound feature for commands that extend beyond a single line on the screen. When the cursor reaches the right margin, the command line shifts 10 spaces to the left. You cannot see the first 10 characters of the line, but you can scroll back and check the syntax at the beginning of the command. To scroll back, use these keystrokes:
Keystrokes Task
1The arrow keys function only on ANSI-compatible terminals such as VT100s.
In the following example, the access-list command entry extends beyond one line. When the cursor reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar sign ($) indicates that the line has been scrolled to the left. Each time the cursor reaches the end of the line, the line is again shifted ten spaces to the left.
DSLAM(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1
DSLAM(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25
DSLAM(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq
DSLAM(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45
When you complete the entry, press Ctrl-A to check the complete syntax before pressing Return to execute the command. The dollar sign ($) appears at the end of the line to indicate that the line has scrolled to the right:
DSLAM(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$
The Cisco DSLAM default is a terminal screen that is 80 columns wide. If you have a width other than that, use the terminal width command to provide the correct width.
Use line wrapping together with the command history feature to recall and modify previous complex command entries.
Deleting Entries
Use any of these keystrokes to delete command entries if you make a mistake or change your mind:
Keystrokes Task
Scrolling Down a Line or a Screen
When you use the help facility to list the commands available in a particular mode, the list is often longer than the terminal screen can display. In such cases, a More prompt appears at the bottom of the screen. To respond to the More prompt, use these keystrokes:
Keystrokes Task
Redisplaying the Current Command Line
If you enter a command and a message appears on your screen, you can easily recall your current command line entry. To do so, use these keystrokes:
Keystrokes Task
Transposing Mistyped Characters
If you have mistyped a command entry, you can transpose the mistyped characters by using these keystrokes:
Keystrokes Task
Controlling Capitalization
You can capitalize or lowercase words or capitalize a set of letters with these keystrokes:
Keystrokes Task
Designating a Keystroke as a Command Entry
To use a particular keystroke as an executable command, insert a system code:
Keystrokes Task
Disabling Enhanced Editing Mode
To disable enhanced editing mode and revert to the editing mode, use this command in privileged EXEC mode:
Command Task
DSLAM# terminal no
editing
Disable the enhanced editing features for the local line.
If you have prebuilt scripts that do not interact well when enhanced editing is enabled, you can disable enhanced editing mode. To re-enable enhanced editing mode, use the terminal editing command.
Ending a Session
After you use the setup command or another configuration command, exit the Cisco DSLAM and quit the session.
To end a session, use this EXEC command:
Command Task
DSLAM> quit
End the session.
Command DSLAM CISCO
Table 1-1: Command Modes
Command Mode Access Method Prompt Exit Method
EXEC (user) Log in to the switch or Cisco DSLAM.
DSLAM>
Use the logout command.
Privileged EXEC From user EXEC mode, use the enable command and enter your password.
DSLAM#
To return to user EXEC mode, use the disablecommand.
ROM monitor From privileged EXEC mode, use the reload command. Press Break during the first 60 seconds while the system boots.
rommon x>
The x represents the number of commands that have been entered at the DSLAM prompt. To exit to ROM monitor mode, use the contcommand.
Global configuration From privileged EXEC mode, use the configure command. Use the keyword terminal to enter commands from your terminal.
DSLAM(config)#
To exit to privileged EXEC mode, use the exit or end command or press Ctrl-Z.
Interface configuration From global configuration mode, enter by specifying an interface with the interface command.
DSLAM(config-if)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Profile configuration From global configuration mode, enter by specifying a profile with a dsl-profile command.
DSLAM(cfg-dsl-profile)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Line configuration From global configuration mode, enter by specifying a management interface with a line command.
DSLAM(config-line)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM router configuration From global configuration mode, configure the ATM router configuration with the atm router pnni command.
DSLAM(config-atm-router)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
PNNI node configuration From ATM router configuration mode, configure the PNNI routing node with the node command.
DSLAM(config-pnni-node)#
To exit to ATM router configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Auto-sync configuration From global configuration mode, configure redundancy synchronization features with the auto-sync command.
DSLAM(config-auto-sync)
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Redundancy configuration From global configuration mode, configure additional redundancy options with the redundancy command.
DSLAM(config-red)
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
VRF configuration From global configuration mode, configure a VPN routing/forwarding (VRF) routing table with the ip vrf command.
DSLAM(config-vrf)
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
DHCP pool configuration From global configuration mode, configure the DHCP address pool name and enter DHCP pool configuration mode, with the ip dhcp pool command.
DSLAM(dhcp-config)
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM accounting file configuration From global configuration mode, define an ATM accounting file with the atm accounting file command.
DSLAM(config-acct-file)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM accounting selection configuration From global configuration mode, define an ATM accounting selection table entry with the atm accounting selection command.
DSLAM(config-acct-sel)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM E.164 translation table configuration From global configuration mode, enter the atm e164 translation-table command.
DSLAM(config-atm-e164)
To exit to privileged EXECmode, use the exitcommand, the end command, or press Ctrl-Z.
ATM signaling diagnostics configuration From global configuration mode, enter the command atm signalling diagnostics index.
DSLAM(cfg-atmsig-diag)
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Trobule Shoting Speedy!!!
Saturday, December 8, 2007A. DSL Indicator dead:
1. check the RJ 11 Cable Position.
2. check phone line qulity ( god or bad noise )
3. check paralel cable if u have. my be short the cable.
B.DSL indicator on but speedy cannot connect:
1. The Problem From Costumer
a. Check modem configuration right or not. if wrong the message when u dial are error 678
b. position connection tyope ppoe or bride with vpi 8 vci 8. if wrong message diplayed are error 678
c. check your id and password right or not.if not message display error 691
d. have you use the id mobile. message error 691. casue 1 id 1 phone no.
2. Problem from PT.Telkom Side
a. we check the NMS on phone central, if port error indication display to costumer are error 678/691. so we must rest with nms or manual with command:
DSL# reset card 1/1 if you want reset all use 1 module.
b. Cek NMS apa module DSLAM yang hang, jika iya lakukan shutdown module DSLAM
DSL#conf t Interface M 1
DSL#shutdown
DSL#Ex
DSL#write mem
c. Cabut module yang bermasalah beberapa waktu. dan konek kan lagi. setelah itu baru di aktifkan lagi module DSLAMnya dengan command line no shutdown. indikator error 678
DSL#conf t Interface M 1
DSL#no shutdown
DSL#Ex
DSL#write mem
d. DSLAM ok tidak ada masalah dipastikan permasalahan di sisi RADIUS dan RAS server
Regard
IP Filter di DSLAM Dasan
ip filter add permit all all tcp all all
ip filter add permit all all udp all all
ip filter add permit all all tcp all 80
ip filter add permit all all tcp all 23
ip filter add permit all all tcp all 21
ip filter add permit all all tcp all 25
ip filter add permit all all tcp all 110
ip filter add permit all all tcp all 443
ip filter add permit all all tcp all 194
ip filter add permit all all tcp all 162
ip filter add permit all all tcp all 161
ip filter add permit all all tcp all 22
ip filter add permit all all tcp all 6670
ip filter add permit all all tcp all 6669
ip filter add permit all all tcp all 6668
ip filter add permit all all tcp all 6667
ip filter add permit all all tcp all 6666
ip filter add permit all all tcp all 6665
ip filter add permit all all tcp all 6664
ip filter add permit all all tcp all 6663
ip filter add permit all all tcp all 6662
ip filter add permit all all tcp all 6661
ip filter add deny all all tcp all 2601
ip filter add deny all 192.168.200.0/24 tcp all 21
ip filter add deny all all tcp all 445
ip filter add deny all all tcp all 68
ip filter add deny all all udp all 68
ip filter add deny all all udp all 69
ip filter add deny all all tcp all 81
ip filter add deny all all tcp all 111
ip filter add deny all all udp all 111
ip filter add deny all all tcp all 113
ip filter add deny all all tcp all 135
ip filter add deny all all udp all 135
ip filter add deny all all udp all 137
ip filter add deny all all udp all 138
ip filter add deny all all tcp all 139
ip filter add deny all all udp all 139
ip filter add deny all all tcp all 444
ip filter add deny all all tcp all 445
ip filter add deny all all udp all 445
ip filter add deny all all tcp all 554
ip filter add deny all all tcp all 593
ip filter add deny all all tcp all 665
ip filter add deny all all tcp all 749
ip filter add deny all all udp all 749
ip filter add deny all all tcp all 751
ip filter add deny all all udp all 751
ip filter add deny all all tcp all 1000
ip filter add deny all all tcp all 1001
ip filter add deny all all tcp all 1080
ip filter add deny all all udp all 1433
ip filter add deny all all udp all 1434
ip filter add deny all all tcp all 1639
ip filter add deny all all tcp all 1640
ip filter add deny all all tcp all 1720
ip filter add deny all all udp all 1720
ip filter add deny all all udp all 2001
ip filter add deny all all tcp all 2283
ip filter add deny all all tcp all 2556
ip filter add deny all all tcp all 2745
ip filter add deny all all tcp all 3127
ip filter add deny all all tcp all 3128
ip filter add deny all all tcp all 3264
ip filter add deny all all udp all 3264
ip filter add deny all all tcp all 3306
ip filter add deny all all tcp all 4444
ip filter add deny all all tcp all 4899
ip filter add deny all all tcp all 5060
ip filter add deny all all udp all 5060
ip filter add deny all all tcp all 6101
ip filter add deny all all tcp all 6129
ip filter add deny all all tcp all 6777
ip filter add deny all all tcp all 6778
ip filter add deny all all tcp all 6789
ip filter add deny all all tcp all 7070
ip filter add deny all all udp all 7070
ip filter add deny all all tcp all 7100
ip filter add deny all all tcp all 8554
ip filter add deny all all udp all 8554
ip filter add deny all all tcp all 10080
ip filter add deny all all tcp all 10082
ip filter add deny all all tcp all 31337
ip filter add deny all all tcp all 57005
ip filter add deny all all tcp all 2535
ip filter add deny all all udp all 2535
ip filter add deny all all tcp all 3410
ip filter add deny all all udp all 3410
ip filter add deny all all tcp all 5554
ip filter add deny all all udp all 5554
ip filter add deny all all tcp all 8866
ip filter add deny all all udp all 8866
ip filter add deny all all tcp all 9898
ip filter add deny all all udp all 9898
ip filter add deny all all tcp all 10000
ip filter add deny all all udp all 10000
ip filter add deny all all tcp all 12345
ip filter add deny all all udp all 12345
ip filter add deny all all tcp all 17300
ip filter add deny all all udp all 17300
ip filter add deny all all tcp all 27374
ip filter add deny all all udp all 27374
ip filter add deny all all tcp all 65506
ip filter add deny all all udp all 65506
--------------------------------------------------------------------------------
DSLAM Cisco Command
Table 1-1: Command Modes
Command Mode Access Method Prompt Exit Method
EXEC (user) Log in to the switch or Cisco DSLAM. DSLAM>
Use the logout command.
Privileged EXEC From user EXEC mode, use the enable command and enter your password. DSLAM#
To return to user EXEC mode, use the disablecommand.
ROM monitor From privileged EXEC mode, use the reload command. Press Break during the first 60 seconds while the system boots. rommon x>
The x represents the number of commands that have been entered at the DSLAM prompt. To exit to ROM monitor mode, use the contcommand.
Global configuration From privileged EXEC mode, use the configure command. Use the keyword terminal to enter commands from your terminal. DSLAM(config)#
To exit to privileged EXEC mode, use the exit or end command or press Ctrl-Z.
Interface configuration From global configuration mode, enter by specifying an interface with the interface command. DSLAM(config-if)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Profile configuration From global configuration mode, enter by specifying a profile with a dsl-profile command. DSLAM(cfg-dsl-profile)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Line configuration From global configuration mode, enter by specifying a management interface with a line command. DSLAM(config-line)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM router configuration From global configuration mode, configure the ATM router configuration with the atm router pnni command. DSLAM(config-atm-router)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
PNNI node configuration From ATM router configuration mode, configure the PNNI routing node with the node command. DSLAM(config-pnni-node)#
To exit to ATM router configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Auto-sync configuration From global configuration mode, configure redundancy synchronization features with the auto-sync command. DSLAM(config-auto-sync) To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Redundancy configuration From global configuration mode, configure additional redundancy options with the redundancy command. DSLAM(config-red) To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
VRF configuration From global configuration mode, configure a VPN routing/forwarding (VRF) routing table with the ip vrf command. DSLAM(config-vrf) To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
DHCP pool configuration From global configuration mode, configure the DHCP address pool name and enter DHCP pool configuration mode, with the ip dhcp pool command. DSLAM(dhcp-config) To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM accounting file configuration From global configuration mode, define an ATM accounting file with the atm accounting file command. DSLAM(config-acct-file)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM accounting selection configuration From global configuration mode, define an ATM accounting selection table entry with the atm accounting selection command. DSLAM(config-acct-sel)#
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM E.164 translation table configuration From global configuration mode, enter the atm e164 translation-table command. DSLAM(config-atm-e164)
To exit to privileged EXECmode, use the exitcommand, the end command, or press Ctrl-Z.
ATM signaling diagnostics configuration From global configuration mode, enter the command atm signalling diagnostics index. DSLAM(cfg-atmsig-diag)
To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Detail CISCO DSLAM
User EXEC Mode
When you log in to the Cisco DSLAM, you are in user EXEC, or simply EXEC, command mode. The EXEC mode commands available at the user level are a subset of those available at the privileged level. The user EXEC mode commands allow you to connect to remote switches, change terminal settings on a temporary basis, perform basic tests, and list system information.
The user EXEC mode prompt consists of the DSLAM host name followed by the angle bracket (>):
Frodo>or
DSLAM>The default host name is DSLAM, unless it has been changed through use of the host name global configuration command.
Privileged EXEC Mode
The privileged EXEC mode command set includes all user EXEC mode commands and the configure command, through which you can access global configuration mode and the remaining configuration submodes. Privileged EXEC mode also includes high-level testing commands, such as debug, and commands that display potentially secure information.
To enter or exit privileged EXEC mode, follow these steps:
Command Task
Step 1 DSLAM> enable
Password:password
Enter privileged EXEC mode from EXECmode.1
Step 2 DSLAM# Enter privileged EXEC commands.
Step 3 DSLAM# disable
DSLAM> Exit privileged EXEC mode and return to EXEC mode.2
1The prompt changes to the DSLAM host name followed by the pound sign (#).
2The prompt changes back to the DSLAM host name followed by the angle bracket (>).
The system administrator uses the enable password global configuration command to set the password, which is case sensitive. If an enable password was not set, you can access privileged EXEC mode only from the console.
ROM Monitor Mode
ROM monitor mode provides access to a basic system kernel, from which you can boot the Cisco DSLAM or perform diagnostic tests. The system can enter ROM mode automatically if the Cisco DSLAM does not find a valid system image, or if the configuration file is corrupted. The ROM monitor prompt is rommon x> without the DSLAM host name. The x represents the number of commands entered into the prompt.
You can also enter ROM monitor mode by interrupting the boot sequence with the Break key during loading.
To return to EXEC mode from ROM monitor mode, use the cont command:
rommon 1> cont
DSLAM>Global Configuration Mode
Global configuration mode provides access to commands that apply to the entire system. From global configuration mode you can also enter the other configuration modes described in these sections.
Command Task
Step 1 DSLAM# configure
or
DSLAM# configure terminal
Enter global configuration mode from privileged EXEC mode.
Step 2 Configuring from terminal, memory,
or network [terminal]?
This prompt appears only if you use the first option in Step 1. Specify the source of the configuration commands at the prompt. You can specify the terminal, NVRAM, or a file stored on a network server as the source of configuration commands. The default is to enter commands from the terminal console.
Step 3 DSLAM(config)# Enter configuration commands.1
Step 4 DSLAM(config)# exit
Exit global configuration mode and return to privileged EXEC mode.
1The prompt changes to (config)#.
Interface Configuration Mode
Interface configuration mode provides access to commands that apply to an interface. Use these commands to modify the operation of an interface such as an ATM, Ethernet, or asynchronous port.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# interface interface-type
interface-number Enter interface configuration mode from global configuration mode.1
Step 3 DSLAM(config-if)# exit
Exit interface configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-if)#.
Profile Configuration Mode
Profile configuration mode provides access to DSL profile commands. (See “Configuring Digital Subscriber Lines”.)
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# dsl-profile profile-name
Enter profile configuration mode and specify a profile.1
Step 3 DSLAM(cfg-dsl-profile)# exit
Exit profile mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (cfg-dsl-profile)#.
Line Configuration Mode
Line configuration mode provides access to commands used to configure lines on the DSLAM.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# line line-index
Enter line configuration mode from global configuration mode.1
Step 3 DSLAM(config-line)# exit
Exit profile mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-line)#.
ATM Router Configuration Mode
ATM router configuration mode provides access to commands used to configure Private Network-to-Network Interface (PNNI) routing.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# atm router pnni
Enter ATM router configuration mode from global configuration mode.1
Step 3 DSLAM(config-atm-router)# exit
Exit ATM router configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-atm-router)#.
PNNI Node Configuration Mode
The PNNI node configuration mode is a submode of ATM router configuration mode and provides access to commands you use to configure PNNI nodes on the Cisco DSLAM.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# atm router pnni
Enter ATM router configuration mode from global configuration mode.1
Step 3 DSLAM(config-atm-router)# node
node-index
Enter PNNI node configuration mode from ATM router configuration mode.2
Step 4 DSLAM(config-pnni-node)# exit
Exit PNNI node configuration mode and return to ATM router configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-atm-router)#.
2The prompt changes to (config-pnni-node)#.
Auto-sync Configuration Mode
The auto-sync configuration mode is a submode for automatically synchronizing the configuration/flash between the Cisco primary and secondary redundant NI-2s.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# auto-sync
Enter auto-sync configuration mode.1
Step 3 DSLAM(config-auto-sync)# file
Enter the configuration or flash file that you want to be automatically synchronized.
Step 4 DSLAM(config-auto-sync)# exit
Exit auto-sync configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-auto-sync)#.
Redundancy Configuration Mode
The redundancy configuration mode provides access to commands used to configure redundancy on the DSLAM.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# redundancy
Enter redundancy configuration mode from global configuration mode.1
Step 3 DSLAM(config-red)# exit
Exit redundancy configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-red)#.
VRF Configuration Mode
The VPN routing/forwarding instance (VRF) configuration mode provides access to commands used to configure a VRF on the DSLAM.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# ip vrf vrf-name
Enter VRF configuration mode from global configuration mode.1
Step 3 DSLAM(config-vrf)# exit
Exit VRF configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-vrf)#.
DHCP Pool Configuration Mode
The DHCP configuration mode provides access to commands used to configure a DHCP server on the DSLAM.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# ip dhcp pool name Enter DHCP pool configuration mode from global configuration mode.1
Step 3 DSLAM(config-dhcp)# exit
Exit DHCP configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-dhcp)#.
ATM Accounting File Configuration Mode
ATM accounting file configuration mode provides access to commands used to configure a file for accounting and billing of virtual circuits (VCs).
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# atm accounting file
accounting-filename
Enter ATM accounting file configuration mode from global configuration mode.1
Step 3 DSLAM(config-acct-file)# exit
Exit ATM accounting file configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-acct-file)#.
ATM Accounting Selection Configuration Mode
ATM accounting selection configuration mode provides access to commands used to specify the connection data to be gathered from the DSLAM.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# atm accounting selection
accounting-selection-index
Enter ATM accounting selection configuration mode from global configuration mode.1
Step 3 DSLAM(config-acct-sel)# exit
Exit ATM accounting selection configuration mode and return to global configuration mode. Enter end to return to privileged EXECmode.
1The prompt changes to (config-acct-sel)#.
ATM E.164 Translation Table Configuration Mode
ATM E.164 translation table configuration mode provides access to commands that you use to configure the translation table that maps native E.164 format addresses to ATM end system (AESA) format addresses.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# atm e164 translation-table
Enter ATM E.164 translation table configuration mode from global configuration mode.1
Step 3 DSLAM(config-atm-e164)# exit
Exit ATM E.164 translation table configuration mode and return to global configuration mode. Enter end to return to privileged EXECmode.
1The prompt changes to (config-atm-e164)#.
ATM Signaling Diagnostics Configuration Mode
ATM signaling diagnostics configuration mode provides access to commands used to configure the signaling diagnostics table.
Command Task
Step 1 DSLAM# configure terminal
Go to global configuration mode.
Step 2 DSLAM(config)# atm signalling diagnostics
Enter ATM signaling diagnostics configuration mode.
Step 3 DSLAM(cfg-atmsig-diag)# exit
Exit ATM signaling diagnostics configuration mode and return to global configuration mode. Enter end to return to privileged EXECmode.
Using Context-Sensitive Help
The user interface provides context-sensitive help in all modes. This section describes how to configure and display context-sensitive help.
Configuring Help for Terminal Sessions
The following commands configure full help.
Command Task
DSLAM# terminal full-help
In privileged EXEC mode, configure the current terminal session to receive help for the full set of user-level commands.
DSLAM(config-line)# full-help
In line configuration mode, configure a specific line to allow users without privileged access to obtain full help.
Displaying Context-Sensitive Help
To get help specific to a command mode, a command, a keyword, or an argument, perform one of these tasks:
Command Task
help
Obtain a brief description of the help system in any command mode.
abbreviated-command-entry?
Obtain a list of commands that begin with a particular character string.
abbreviated-command-entry
Complete a partial command name.
?
List all commands available for a particular command mode.
command ?
List the associated keywords of a command.
command keyword ?
List the associated arguments of a keyword.
To view a list of commands that begin with a particular character sequence, type those characters followed immediately by the question mark (?). Do not include a space. This form of help is called word help, because it completes a word for you.
In this example, the system displays the possible commands in privileged EXEC mode that begin with “co.”
DSLAM# co?
configure connect copyThis form helps you determine the minimum subset that you can use to abbreviate a command.
Command Syntax Help
To list keywords or arguments, enter a question mark (?) in place of a keyword or argument. Include a space before the ?. This form of help is called command syntax help, because it reminds you which keywords or arguments are applicable based on the command, keywords, and arguments you have already entered.
This example demonstrates the use of command syntax help to complete the access-list command. Entering the question mark (?) displays the allowed arguments:
DSLAM(config)# access-list ?
<1-99> IP standard access list
<100-199> IP extended access listEnter the access list number, 99, followed by a question mark (?) to display the allowed keywords:
DSLAM(config)# access-list 99 ?
deny Specify packets to reject
permit Specify packets to forwardEnter the deny argument followed by a question mark (?) to display the next argument (host name or IP address) and two keywords:
DSLAM(config)# access-list 99 deny ?
Hostname or A.B.C.D Address to match
any Any source host
host A single host addressEnter the IP address followed by a question mark (?) to display a final (optional) argument. The
DSLAM(config)# access-list 99 deny 131.108.134.0 ?
A.B.C.D Wildcard bits
DSLAM(config)#
The system adds an entry to access list 99 that denies access to all hosts on subnet 131.108.134.0.
Checking Command Syntax
The user interface provides an error indicator (^) that appears in the command string in which you have entered an incorrect or incomplete command, keyword, or argument.
This example shows a command entry that is correct up to the last element:
DSLAM# clock set 13:04:30 28 apr 98
^
% Invalid input detected at ‘^’ marker.The caret symbol (^) and help response indicate the location in which the error occurs. To list the correct syntax, re-enter the command, substituting a question mark (?) where the error occurred:
DSLAM# clock set 13:32:00 23 February ?
<1993-2035> Year
DSLAM# clock set 13:32:00 23 February
Enter the year, using the correct syntax, and press Enter to execute the command:
DSLAM# clock set 13:32:00 23 February 1993
Using the Command History Features
The user interface provides a history or record of commands you enter. You can use the command history feature for recalling long or complex commands or entries, including access lists. With the command history feature, you can complete the tasks in the following sections:
Setting the Command History Buffer Size
Recalling Commands
Disabling the Command History Feature
Setting the Command History Buffer Size
By default, the system records ten command lines in its history buffer. Use the following commands to set the number of command lines the system records:
Command Task
DSLAM# terminal history [size
number-of-lines] In privileged EXEC mode, enable the command history feature for the current terminal session.
DSLAM(config-line)# history
[size number-of-lines] In line configuration mode, enable the command history feature for a specific line.
Recalling Commands
To recall commands from the history buffer, perform one of these tasks:
Key Sequence/Command Task
Press Ctrl-P or the Up Arrow key.1 Recall commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands.
Press Ctrl-N or the Down Arrow key.1 Return to more recent commands in the history buffer after recalling commands with Ctrl-P or the Up Arrow key. Repeat the key sequence to recall successively more recent commands.
DSLAM> show
history
While in EXEC mode, list the last several commands you have just entered.
1The arrow keys function only on ANSI-compatible terminals such as VT100s.
Disabling the Command History Feature
The command history feature is automatically enabled. Use the following commands to disable it:
Command Task
DSLAM> terminal no
history
In EXEC mode, disable the command history feature for the current terminal session.
DSLAM(config-line)
# no history In line configuration mode, configure the line to disable the command history feature.
Enabling Enhanced Editing Mode
Although the current software release enables the enhanced editing mode by default, you can disable it and revert to the editing mode of previous software releases. Use the following commands to re-enable the enhanced editing mode:
Command Task
DSLAM> terminal
editing
In EXEC mode, enable the enhanced editing features for the current terminal session.
DSLAM(config-line)
# editing
In line configuration mode, enable the enhanced editing features for a specific line.
Moving Around on the Command Line
Use these keystrokes to move the cursor around on the command line for corrections or changes:
Keystrokes Task
1The arrow keys function only on ANSI-compatible terminals such as VT100s.
Completing a Partial Command Name
If you cannot remember a complete command name, you can use Tab to allow the system to complete a partial entry:
Keystrokes Task
If your keyboard does not have Tab, press Ctrl-I instead.
In this example, when you enter the letters conf and press Tab, the system provides the complete command:
DSLAM# conf
DSLAM# configure
If you enter an ambiguous set of characters, the system generates an error message. To display the list of legal commands beginning with the specified string, enter a question mark (?) after you see the error message. See the “Using Word Help” section.
Pasting in Buffer Entries
The system provides a buffer that contains the last ten items you deleted. You can recall these items and paste them in the command line by using these keystrokes:
Keystrokes Task
The buffer contains only the last ten items you have deleted or cut. If you press Esc Y more than 10 times, you cycle back to the first buffer entry.
Editing Command Lines that Wrap
The new editing command set provides a wraparound feature for commands that extend beyond a single line on the screen. When the cursor reaches the right margin, the command line shifts 10 spaces to the left. You cannot see the first 10 characters of the line, but you can scroll back and check the syntax at the beginning of the command. To scroll back, use these keystrokes:
Keystrokes Task
1The arrow keys function only on ANSI-compatible terminals such as VT100s.
In the following example, the access-list command entry extends beyond one line. When the cursor reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar sign ($) indicates that the line has been scrolled to the left. Each time the cursor reaches the end of the line, the line is again shifted ten spaces to the left.
DSLAM(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1
DSLAM(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25
DSLAM(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq
DSLAM(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45
When you complete the entry, press Ctrl-A to check the complete syntax before pressing Return to execute the command. The dollar sign ($) appears at the end of the line to indicate that the line has scrolled to the right:
DSLAM(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$
The Cisco DSLAM default is a terminal screen that is 80 columns wide. If you have a width other than that, use the terminal width command to provide the correct width.
Use line wrapping together with the command history feature to recall and modify previous complex command entries.
Deleting Entries
Use any of these keystrokes to delete command entries if you make a mistake or change your mind:
Keystrokes Task
Scrolling Down a Line or a Screen
When you use the help facility to list the commands available in a particular mode, the list is often longer than the terminal screen can display. In such cases, a More prompt appears at the bottom of the screen. To respond to the More prompt, use these keystrokes:
Keystrokes Task
Redisplaying the Current Command Line
If you enter a command and a message appears on your screen, you can easily recall your current command line entry. To do so, use these keystrokes:
Keystrokes Task
Transposing Mistyped Characters
If you have mistyped a command entry, you can transpose the mistyped characters by using these keystrokes:
Keystrokes Task
Controlling Capitalization
You can capitalize or lowercase words or capitalize a set of letters with these keystrokes:
Keystrokes Task
Designating a Keystroke as a Command Entry
To use a particular keystroke as an executable command, insert a system code:
Keystrokes Task
Disabling Enhanced Editing Mode
To disable enhanced editing mode and revert to the editing mode, use this command in privileged EXEC mode:
Command Task
DSLAM# terminal no
editing
Disable the enhanced editing features for the local line.
If you have prebuilt scripts that do not interact well when enhanced editing is enabled, you can disable enhanced editing mode. To re-enable enhanced editing mode, use the terminal editing command.
Ending a Session
After you use the setup command or another configuration command, exit the Cisco DSLAM and quit the session.
To end a session, use this EXEC command:
Command Task
DSLAM> quit
End the session.
Queue with Masquerading and Internal Web-Proxy
01. Introduction
This page will tak about how to make QUEUE TREE in RouterOS that also running
Web-Proxy and Masquerading. Several topics in forum say it's impossible to do.
In version 2.9.x, we can not know which traffic is HIT and which traffic is MISS
from web-proxy. Several people want to make a configuration, to let cache data in
proxy (HIT traffic) deliver in maximum possible speed. In other word, if we already
have the requested data, those process will not queued.
In ver 3.0 we can do this, using TOS header modification in web-proxy feature.
We can set any TOS value for the HIT traffic, and make it as parameter in mangle.
02. Basic Setup
First, let's set the basic setting first. I'm using a machine with 2 network
interface:
---------------------------------------------------------------------------------
admin@instaler] > in pr
# NAME TYPE RX-RATE TX-RATE MTU
0 R public ether 0 0 1500
1 R lan wlan 0 0 1500
---------------------------------------------------------------------------------
And this is the IP Address for each interface:
---------------------------------------------------------------------------------
[admin@instaler] > ip ad pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.217/24 192.168.0.0 192.168.0.255 public
1 172.21.1.1/24 172.21.1.0 172.21.1.255 lan
---------------------------------------------------------------------------------
Don't forget to set the transparant web-proxy. We set cache-hit-dscp: 4.
---------------------------------------------------------------------------------
[admin@instaler] > ip proxy pr
enabled: yes
src-address: 0.0.0.0
port: 3128
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-drive: system
cache-administrator: "webmaster"
max-cache-size: none
cache-on-disk: yes
maximal-client-connections: 600
maximal-server-connections: 600
max-fresh-time: 3d
serialize-connections: yes
cache-hit-dscp: 4
---------------------------------------------------------------------------------
03. Firewall NAT
Make 2 NAT rules, 1 for Masquerading, and the other for redirecting transparant proxy.
---------------------------------------------------------------------------------
[admin@instaler] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=public
src-address=172.21.1.0/24 action=masquerade
1 chain=dstnat in-interface=lan src-address=172.21.1.0/24
protocol=tcp dst-port=80 action=redirect to-ports=3128
04. Mangle Setup
And now is the most important part in this case.
---------------------------------------------------------------------------------
If we want to make HIT traffic from web proxy not queued, we have to make a mangle
to handle this traffic. Put this rule on the beginning of the mangle, as it will
check first.
---------------------------------------------------------------------------------
[admin@instaler] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; HIT TRAFFIC FROM PROXY
chain=output out-interface=lan
dscp=4 action=mark-packet
new-packet-mark=proxy-hit passthrough=no
---------------------------------------------------------------------------------
As we will make Queue for uplink and downlink traffic, we need 2 packet-mark. In this
example, we use "test-up" for uplink traffic, and "test-down" for downlink traffic.
For uplink traffic, it's quite simple. We need only one rule, using SRC-ADDRESS and
IN-INTERFACE parameters, and using PREROUTING chain. Rule number #1. But for downlink,
we have to make sevaral rules. As we use masquerading, we need Connection Mark,
named as "test-conn". Rule no #2. Then we have to make 2 more rules. First rule is
for non-HTTP connection / direct connection. We use chain forward, as the data traveling
through the router. Rule no #3.
The second rule is for data coming from web-proxy to the client (MISS traffic).
We use OUTPUT chain, as the data coming from internal process in the router itself.
Rule no #4.
For both rules (no #3 and #4) we named it "test-down".
Please be aware, we use passthrough only for connection mark (rule no #2).
---------------------------------------------------------------------------------
[admin@instaler] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
1 ;;; UP TRAFFIC
chain=prerouting in-interface=lan
src-address=172.21.1.0/24 action=mark-packet
new-packet-mark=test-up passthrough=no
2 ;;; CONN-MARK
chain=forward src-address=172.21.1.0/24
action=mark-connection
new-connection-mark=test-conn passthrough=yes
3 ;;; DOWN-DIRECT CONNECTION
chain=forward in-interface=public
connection-mark=test-conn action=mark-packet
new-packet-mark=test-down passthrough=no
4 ;;; DOWN-VIA PROXY
chain=output out-interface=lan
dst-address=172.21.1.0/24 action=mark-packet
new-packet-mark=test-down passthrough=no
---------------------------------------------------------------------------------
05. Queue Tree Setup
And now, the queue tree setting. We need one rule for downlink and one rule for
uplink. Be careful when choosing the parent. for downlink traffic, we use parent
"lan", the interface name for local network. And for uplink, we are using parent
"global-in".
---------------------------------------------------------------------------------
[admin@instaler] > queue tree pr
Flags: X - disabled, I - invalid
0 name="downstream" parent=lan packet-mark=test-down
limit-at=32000 queue=default priority=8
max-limit=32000 burst-limit=0
burst-threshold=0 burst-time=0s
1 name="upstream" parent=global-in
packet-mark=test-up limit-at=32000
queue=default priority=8
max-limit=32000 burst-limit=0
burst-threshold=0 burst-time=0s
---------------------------------------------------------------------------------
You can use those mangle also with PCQ.
Edited by primadonal
www.primadonal.com
primadonal[at]yahoo.com
Two gateways failover with load balancingwo gateways failover with load balancing
Tuesday, November 27, 2007wo gateways failover with load balancing
First of all, you need a working system based on these examples: Improved Load Balancing over Multiple Gateways with Persistent Sessions or Improved Load Balancing over Multiple Gateways.
[edit] Route
According to the examples above, you have:
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10
Now you have to change these lines to:
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 distance=2
If ping fails to 10.111.0.1, then all traffic marked odd go's to the gateway 10.112.0.1, the oposite is also true.
All local traffic go's to the 10.112.0.1 as it's distance is smaller, if 10.112.0.1 fails, then 10.111.0.1 takes over.
The router pings gateway every 10 seconds and if to consecutive pings to the gateway fail, the route is considered dead. So, then testing keep in mind, that gateway failure is detected in 20 to 30 seconds.
[edit] NAT
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
change to:
/ip firewall nat
add chain=srcnat src-address=192.168.0.0/24 action=masquerade
Two gateways failover
This example explains how to use multiple gateways with one taking over when first fails. It begins with adding the gateways. Set bigger distance value for the secondary one, and check-gateway for the first one:
/ip route add gateway=192.168.1.1 check-gateway=ping
/ip route add gateway=192.168.2.1 distance=2
That's all, there are no more steps!
The first gateway will begin as it's distance is smaller (default 0); the check-gateway will make sure it's up; when the ping will fail, it will disable the first gateway and the second will take over; when first one comes up, it will return to it's function.
Multi node management
This article, a work in progress, describes how to remotely monitor and manage one or more groups of bridged routers from a central location. The configuration instructions for RouterOS are based on WinBox, and are not intended for copy/paste. Use them as guidelines.
Contents
[hide]
* 1 Network Topology
* 2 Basic Solution - single remote subnet
o 2.1 On the Gateway Router:
o 2.2 On the Windows PC where WinBox or the Dude is run:
* 3 Solution with Hotspot on Gateway Router
* 4 Solution with Firewall/Router between Modem and Gateway Router
* 5 Solution with multiple remote subnets
[edit] Network Topology
At the network monitoring location, you want to use the Dude or WinBox to monitor and manage all of the remote routers.
Each remote bridged network looks like this:
* A cable modem or DSL modem, referred to in this article as The Modem, at a remote location
* A router, referred to in this article as the Gateway Router, connected to the Modem using a public IP address
* A bunch of routers wirelessly connected to the Gateway Router via WDS
* All of the routers having addresses on the same private subnet
* The Gateway Router is using NAT to masquerade the private subnet
You might also have these complications:
* The Gateway Router might be running a Hotspot
* There might be a non-MikroTik firewall or router between the Modem and Gateway Router
* There might be several remote subnets
[edit] Basic Solution - single remote subnet
The following 2 procedures will setup a PPTP server on the gateway router and a PPTP client on the network management PC.
When you activate the connection to the gateway router from your PC, the Dude or WinBox will appear to be on the private side of the gateway router, on the bridged subnet, and WinBox and/or the Dude will be able to connect directly to any router or all of them at once. Port forwarding is not needed.
[edit] On the Gateway Router:
ppp->pptp server->enabled (check all authentication boxes)
ppp->secrets->add
name =
password =
service = pptp
local address =
remote address =
[edit] On the Windows PC where WinBox or the Dude is run:
The following prodedure is for Windows XP SP2.
Start->Control Panel->Network Connections->Create a new connection
Connect to the network at my workplace Next>
Virtual Private Network Connection Next>
Select a name to call this VPN Next>
Do not dial the initial connection Next>
Enter the IP address of the PUBLIC side of the Gateway Router
[edit] Solution with Hotspot on Gateway Router
Since the other routers are behind the hotspot, they will not be able to communicate with the VPN tunnel in the Gateway Router, even though they are all on the same subnet. To permit access through the hotspot to each of the other routers, create an IP Binding entry as shown below for each router that is behind the hotspot. The IP addresses assigned to the routers can be outside the hotspot address pool if you prefer.
For each router, whose private ip address is of the form 192.168.x.y:
ip->hotspot->IP Bindings->Add
Address: 192.168.x.y
To Address: 192.168.x.y
Type: bypassed
[edit] Solution with Firewall/Router between Modem and Gateway Router
Assume the gateway router has IP address 192.168.a.b as viewed by the firewall/router. On the firewall/router between the Modem and the Gateway Router, do the following:
Forward port 1723 (PPTP) to IP address 192.168.a.b
Forward protocol 47 (GRE) to IP address 192.168.a.b
Note that some routers cannot forward protocols, only ports. In this case, you will NOT be able to create a VPN tunnel to the gateway router. Also, some routers can forward protocol 47, but the mechanism to do so is undocumented. There are also routers that will forward protocol 47 automatically when you forward port 1723. Consult the documentation for your router, and if you don't find any mention of PPTP or port 1723, try finding a user forum where this subject is discussed.
[edit] Solution with multiple remote subnets
Create a separate VPN tunnel to each bridged network
SNMP MRTG
1. Introduction
In this text is described how to configure Mikrotik RouterOS and mrtg (FreeBSD). You must be root on nix mashine and ports collection is installed. Web server must be configured and running on BSD mashine. In this example Web server is Apache server. All information about mrtg and apache can be found at homepages: http://www.mrtg.org http://www.apache.org
[edit] 2. RouterOS SNMP Configuration
/ snmp
set enabled=yes contact="your@mail.com" location="SomeCountry"
/ snmp community
set public name="public" address=192.168.0.5/32 read-access=yes
Ip address 192.168.0.5 is address of BSD mashine where mrtg will be installed.
[edit] 2. MRTG Installation and Configuration
Now we install and configure mrtg on BSD mashine.
cd /usr/ports/net-mgmt/
make
make install
Now we need to create configuration file for mrtg. It can be done automatically by cfgmaker program.192.168.0.1 is ip of RouterOS.
cfgmaker public@192.168.0.1 --output=/usr/local/etc/mrtg.cfg
Change WorkDir value in created mrtg file with text editor. WorkDir value specifies where html files will be created.
It must be same as DocumentRoot value in apache configuration.
For example:
### Global Config Options
# for UNIX
WorkDir: /usr/local/www/data/
### Global Defaults
# to get bits instead of bytes and graphs growing to the right
Options[_]: growright, bits
EnableIPv6: no
######################################################################
# System: Mikrotik
# Description: router
# Contact: your@mail.com
# Location: SomeCountry
######################################################################
Execute mrtg with your config to create html files.
mrtg /usr/local/etc/mrtg.cfg
Now in directory /usr/local/www/data are html files for every interface in MT.
Add this string to crontab to update graphs automatically every 5 minutes
*/5 * * * * root mrtg /usr/local/etc/mrtg.cfg
Now we can create 1 html file with graphs for all interfaces
indexmaker /usr/local/etc/mrtg.cfg --output=/usr/local/www/data/index.html
Here is a sample configuration to monitor the power on a RB333 router using MRTG and SNMP
plotting the results with the correct scale and values:
This should be entered into an existing mrtg.conf file replacing IP_Address with your IP address and MT with your community string
### Input Voltage
Target[IP_Address-voltage]:.1.3.6.1.4.1.14988.1.1.3.8.0&.1.3.6.1.4.1.14988.1.1.3.8.0:MT@IP_Address
AbsMax[IP_Address-voltage]: 200
MaxBytes[IP_Address-voltage]: 200
Title[IP_Address-voltage]: Input Voltage for a monitored -333
PageTop[IP_Address-voltage]:
Input Voltage RB333 being monitored
| System: | RB333 being monitored |
| Maintainer: | managee |
| Description: | Voltage for Monitored 333 |
Options[IP_Address-voltage]: gauge,growright,nopercent, noo, expscale
YLegend[IP_Address-voltage]: Volts
YTicsFactor[IP_Address-voltage]: 0.1
Factor[IP_Address-voltage]: 0.1
ShortLegend[IP_Address-voltage]: V
LegendI[IP_Address-voltage]: Input Voltage
[[Category: Monitoring]]
SNMP PHP
This small example is a PHP script, that uses SNMP to read signal strength values from wireless registration table and publish on web page. This example can be quickly transformed to read other values available for SNMP. To use scripts you need Mikrotik RouterOS, tested for version 2.9.xx (not yet for 3.0), PHP version 4 or 5, Web server (Apache, IIS). Configure Apache, and PHP only thing that needs attention is enabled snmp extension for PHP. In Windows in php.ini section Windows Extensions uncomment line
extension=php_snmp.dll .
Enable snmp on Mikrotik, and if needed, unblock UDP port 161. Copy scripts to WEB folder. Open index.php find line
$ip="hostname"; //Change IP to your host names, address
$mask_mac=false; //Use to mask MAC adress (true / false );
Replace hostname with IP address of Mikrotik, if you don’t want to see complete MAC address change false to true and now open the page in browser. You now see MAC address and signal strength. Page is auto refreshed every 10 seconds and reads values from SNMP.
The PHP code, to be saved as a .php file:
| MAC | Signal strenght(dBm) |
|---|---|
| Please check SNMP settings and IP address | |
NTH in RouterOS 3.x
In v3.0 it is a little different implementation of NTH. It has only two parameters 'every' and 'packet'.
How it works in v3.0
Every rule has its own counter. When rule receives packet counter for current rule is increased by one. If counter matches value of 'every' packet will be matched and counter will be set to zero.
If passthrough is not set then packets will be marked as follows:
- first rule nth=2,1 rule will match every first packet of 2, hence, 50% of all the traffic that is matched by the rules
- second rule if passthrough=no will match ONLY 25% of traffic because in 3.0 you need only one rule to catch traffic not like 2.9
Example
how it is possible to match 50% of all traffic only with one rule:
/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=2,1;
If more than one rule is needed, then there are two ways to match packets:
- first rule sees all packets and matches 1/3 of all, second rule sees 2/3 of packets and matches 1/2, third rule sees and matches all packets that passed through first two rules ( 1/3 of all packets ).
/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=no;
add action=mark-packet chain=prerouting new-packet-mark=BBB nth=2,1 passthrough=no;
add action=mark-packet chain=prerouting new-packet-mark=CCC ;
- all rules can see all packets and each rule matches every 3-rd packet.
/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=yes;
add action=mark-packet chain=prerouting new-packet-mark=BBB nth=3,2 passthrough=yes;
add action=mark-packet chain=prerouting new-packet-mark=CCC nth=3,3 passthrough=yes;
L7 security
layer7-protocol is a method of looking for patterns in connections.
First, add Regexp strings to the protocols menu, to define strings you will be looking for.
/ip firewall layer7-protocol add=
Then, use the defined protocols in firewall:
/ip firewall filter add layer7-protocol=
RouterOS will look for these strings in all connections passing the firewall rule where you use this. As this is resource intensive, make sure to filter out all good traffic before it hits this rule.
You can download a script with a list of common programs here (only for RouterOS v3 RC6). Pattern libraries can be found on the layer7 project page and on the protocol wiki.
