|
This chapter provides an overview of the Cisco Broadband Operating System (CBOS) and its features. CBOS is the common operating system for all Cisco Customer Premise Equipment (CPE), including the Cisco 627, Cisco 633, Cisco 673, Cisco 675, the Cisco 675e, the Cisco 677, and the Cisco 678.
The CBOS is modeled after the Cisco Internetworking Operating System (IOS) and features a similar command syntax and format.
This chapter includes the following sections:
For more information on using the CBOS, refer to "Using the Command Line Interface."
The list below defines the terminology used in this chapter.
CBOS Release 2.3.0 adds Port Address Translation (PAT) enhancements as discussed in the following sections.
CBOS Release 2.3.0 adds PAT support for Microsoft WINS-based applications:
CBOS Release 2.3.0 adds PAT support for UDP network-directed as well as subnetwork-directed broadcasts.
CBOS Release 2.3.0 adds PAT support for non-encrypted remote shell (rsh), remote copy (rcp), and remote login (rlogin) protocols.
CBOS Release 2.3.0 adds Network Address Translation (NAT) enhancements that allow NAT to be applied to each interface. This means you can apply NAT to the Ethernet, logical WAN interfaces and the VIPs (virtual interfaces). With the latest NAT enhancements, eth0, vip0 through vip2 can be configured as inside or outside interfaces and wan0-0 through wan 0-3 can be configured as outside interfaces for NAT.
When NAT is enabled, NAT translates only inside to outside and outside to inside traffic. Traffic that remains within its own respective boundary (inside to inside or outside to outside) is not translated.
Use the current commands to globally configure interface timeout values. No new commands are added to create dynamic NAT table entries because the network generates these based on traffic. The NAT commands in Table 1 have not changed:
Command | Description |
---|---|
set nat { enable | disable } | Global on and off command for all interfaces |
set nat disable | Disables NAT on all interfaces |
set nat entry add | Adds a static NAT entry |
set nat entry delete | Deletes a static NAT entry |
set nat outside ip address | Adds a specific static NAT entry to the WAN0-0 table |
show nat | Displays all NAT entries, including static and wildcard Wildcard entries display as asterisks. |
Table 2 lists new commands to set NAT protocols for specific interfaces.
Command | Description |
---|---|
set nat outside ip ip address | Sets Outside Global IP Address for the WAN0-0 Interface as in CBOS 2.2 |
set interface wan0-1 outside ip 172.167.20.42 | Sets a specific outside IP address for WAN0-1 interface |
set int eth0 inside | Sets ETH0 interface as an inside network |
set int vip0 inside | Sets virtual interface 0 as an inside network |
Enhancements to the show nat command includes the NAT Status and Network Side for all Interfaces. The following is an example of the new format:
sh nat Example
cbos#sh nat
NAT is currently enabled
Port Network Global
eth0 Inside
wan0-0 Outside 192.161.23.4
vip0 Outside
vip1 Outside
vip2 Outside
Local IP Port Global IP Port Timer Flags Proto Interface
***** ********** 0 0x3041 *** eth0
CBOS Release 2.3.0 recognizes IP Precedence bits defining Type of Service (TOS) in the IP header and routes IP packets based on this value. With this enhancement, you can use IP Precedence to route packets to a specific interface.
IP Precedence bits map to individual interfaces according to the following rules:
IP Precedence bits route IP packets to individual interfaces according to the following rules:
New extensions to the CBOS Release 2.3.0 CLI allow users with enable-level access to configure and map IP Precedence values to different interfaces. The syntax for the new command is:
set route add ip ip_address gateway gw_address precedence nTable 3 shows examples of this command.
Command | Description |
---|---|
set route add ip 192.200.1.0 gw 192.100.10.1 precedence 5 | Routes packet from network 192.200.1.0 with a precedence of 5 to the gateway at 192.100.10.1 |
set route add ip 192.200.1.0 gw wan0-1 precedence 5 | Sets IP Precedence to 5 for gateway interface |
set route default wan0-1 precedence 5 | Sets a default route for precedence 5 packets to wan0-1 |
The set route command can accept either an IP address or an interface as valid entries according to the command syntax set route default { ip-address | interface } or set route add ip ip-address gw { ip-address | interface }. When using IP address as a gateway, the gateway address must exist in one of WAN interfaces. Use show route to display WAN addresses.
Enhancements to the set route default command include a precedence field that defines the default routes for packets with Precedence bits set. The syntax for the set route default command is:
set route default { ip address | interface } precedence nThe show route command now includes a column [P] showing the precedence level. The following is an example of the new format:
#show route
[TARGET] [MASK] [GATEWAY] [M] [P] [TYPE] [IF] [AGE
0.0.0.0 0.0.0.0 0.0.0.0 1 SA WAN0-0 0
0.0.0.0 0.0.0.0 0.0.0.0 1 5 SAR WAN0-1 0
192.168.10.0 255.255.255.0 0.0.0.0 1 LA ETH0 0
192.168.1.0 255.255.255.0 0.0.0.0 1 A WAN0-0 0
192.168.2.0 255.255.255.0 0.0.0.0 1 AR WAN0-1 0
WAN Interfaces...
192.168.1.72 255.255.255.255 0.0.0.0 1 HA WAN0-0 0
192.168.2.72 255.255.255.255 0.0.0.0 1 HA WAN0-1 0
192.168.3.72 255.255.255.255 0.0.0.0 1 HA WAN0-2 0
CBOS Release 2.3.0 enhances its TFTP Client and Server programs to perform checksum validation for image and configuration file transfers. Image and configuration files will be written to NVRAM only after a successful checksum validation.
Caution The running configuration will be deleted when a TFTP file transfer is done. |
CBOS Release 2.3.0 defines new factory default settings. These settings apply to the Cisco 675 only:
set ppp wan0-0 ipcp 0.0.0.0The GSI 3.2 firmware update provides for lower baud rates to the 17 Kbaud and 64 Kbaud. CBOS Release 2.3.0 supports these rates in the Cisco 675 and 675e. The Cisco 677 can support these rates after downloading the CBOS Release 2.3 image. Service providers now have wider range of desirable rates from which to chose for these products. (See Table 4 and Table 5.)
Bit Rate per Constellation Size (kb/s) | ||||||||
---|---|---|---|---|---|---|---|---|
Symbol Rate (Kbaud) | Signal | 256 uncoded | 256 | 128 | 64 | 32 | 16 | 8 |
136 | Payload with RS | 1024 | 896 | 768 | 640 | 512 | 384 | 256 |
340 | Payload with RS | 2560 | 2240 | 1920 | 1600 | 1280 | 960 | 640 |
680 | Payload with RS | 5120 | 4480 | F/A | 3200 | F/A | 1920 | F/A |
952 | Payload with RS | 7168 | 6272 | F/A | 4480 | F/A | 2688 | F/A |
Downstream Kbaud | Upstream Kbaud |
---|---|
136 | 17 |
136 | 68 |
136 | 136 |
340 | 68 |
340 | 136 |
680 | 136 |
952 | 136 |
The show rates command now includes entries with the additional baud rate combinations. The following is an example of the additional listings:
cbos#show rates
Possible ATM/ADSL Line Rates
Downstream Upstream (Kbps)
---------------------------------------------
952 Kbaud Downstream ----- 136 Kbaud Upstream
7168 1088
6272 952
4480 680
2688 408
---------------------------------------------
680 Kbaud Downstream ----- 136 Kbaud Upstream
5120 1088
4480 952
3200 680
1920 408
---------------------------------------------
340 Kbaud Downstream ----- 136 Kbaud Upstream
2560 1088
2240 952
1920 816
1600 680
1280 544
960 408
640 272
91
340 Kbaud Downstream ----- 68 Kbaud Upstream
2560 544
2240 476
1920 408
1600 340
1280 272
960 204
640 136
45
---------------------------------------------
136 Kbaud Downstream ----- 136Kbaud Upstream
1024 1088
896 952
768 816
640 680
512 544
384 408
256 272
136 Kbaud Downstream ----- 68 Kbaud Upstream
1024 544
896 476
768 408
640 340
512 272
384 204
256 136
45
136 Kbaud Downstream ----- 17 Kbaud Upstream
1024 136
896 119
768 102
640 85
512 68
384 51
256 34
11
New extensions to the CBOS Release 2.3.0 CLI allow a user with exec-level access to set the upstream transmit power. The syntax for the command is:
set interface wan0 txpower value_in_dbValid values are:
CBOS Release 2.3.0 enables you to learn the starting addresses for the DCHP pool. CBOS Release 2.3.0 enhancements use the mask learned during IPCP negotiation to define the range of IP addresses.
CBOS Release 2.3.0 adds new blink patterns to the WAN Link LED to indicate the connection state of the Cisco 675 in more detail.
Blink Pattern/Rate | Description |
---|---|
Steady ON | A link is established to the WAN port. All parameters for physical and logical connections are correctly set. The equipment successfully transmits and receives data. |
Continuous rapid blinking, about 3 blinks per second | The equipment is trying to establish a connection. The pattern continues until a connection is established. |
Intermittent blinking. For the Cisco 675: 6 rapid blinks followed by a 2-second pause before repeating. For the Cisco 676 or 677: 5 rapid blinks followed by a 2-second pause before repeating. | The equipment is trying to establish a physical connection. At this time, the training session is not yet completed; there are no logical connections and negotiated line conditions with other equipment (such as DSLAMs) are not yet established. |
OFF | Check all connections. Ensure the WAN0 interface is not disabled. |
Use the set filter command to specify and modify IP filtering conventions for the Cisco 67x.
set filter {
code} {on | off | reset} [deny | allow] {incoming | outgoing} {interface eth0 | wan0-0 | all}{src-ip src-mask dest-ip dest-mask} [protocol TCP | UDP | ICMP] [srcport lo - hi] [destport lo - hi]
code | Enter the filter number to be modified. Valid filter code values are 0 through 19. |
on | off | reset | Enables, disables or resets the filter. Reset allows you to reset a filter to default values without removing an entire configuration. |
deny | allow | Specifies whether the filter is to allow or deny packets that match the filter's address and mask. |
incoming | outgoing | Specifies direction of traffic to be filtered; required. |
interface eth0 | wan0-0 | all | Displays the Interface on which to apply the filter. This can be a particular interface such as eth0 or wan0-x or all interfaces. |
src-ip | Enter the source IP address for packets. |
src-mask | Enter the mask to be applied to source IP address. This allows the filter to match a group of incoming IP addresses. |
dest-ip | Enter the destination IP address of outgoing packets. |
dest-mask | Enter the mask to be applied to destination IP address. This allows the filter to match a group of outgoing IP addresses. |
protocol TCP | UDP | ICMP | Specify which protocol to match; optional. |
srcport lo - hi | Displays the inclusive range of source port numbers to block; 1 - 65535 matches all source ports. |
destport lo - hi | Displays the inclusive range of destination port numbers to block; 1 - 65535 matches all destination ports. |
Enable
Usage Guidelines
Use the set filter command to specify IP filtering conventions. The Cisco 67x has 20 filters that can be applied to TCP, UDP and ICMP packets passing through the router's interfaces. Enabled filters are applied to packets in sequential order according to filter number.
The rules that govern the filter command are:
The following example blocks all web access.
set filter 0 on deny all 0.0.0.0. 0.0.0.0 0.0.0.0. port 80
The following example blocks all telnet access from the 192.168.0.25 network.
set filter 1 on deny all 192.168.0.0 255.255.255.0 0.0.0.0. 0.0.0.0 port 23
The following example accepts telnet access from the host 192.168.0.25.
set filter 2 on allow all 192.168.0.25 255.255.255.255 0.0.0.0. 0.0.0.0 port 23
The following example blocks all FTP access on a wan port.
set filter 3 on deny wan0-1 0.0.0.0. 0.0.0.0 0.0.0.0. 0.0.0.0 port 21
The following example turns off the first filter.
set filter 0 off
This section describes the CBOS-supported features that are common to the Cisco Customer Premise Equipment (CPE) product line.
Configurationless provisioning provides:
The combination of DHCP and NAT in the Cisco PPP/ATM environment supports a configurationless CPE provisioning by automatically configuring both the Cisco 67x and the associated SOHO network at power-on. A minimal configuration is required in the user PC (typically a single check-box to enable DHCP operation) but all PCs within the network have identical settings which simplifies initial provisioning and network support.
Two components make up the dynamic host configuration protocol on the Cisco 67x:
When the Cisco 67x DHCP server operates in:
The configuration information that the Cisco 67x DHCP server is able to assign to SOHO clients includes, but is not limited to, the following:
The Cisco 67x operates as a DHCP client as follows:
1. A PPP session is established over wan0-0.
2. The Cisco 67x (see Figure 1-7) sends a DHCP client request to the service provider's network.
3. The Cisco 67x obtains configuration information from the service provider's DHCP server.
4. The Cisco 67x turns into a DHCP server and can configure SOHO clients (PC#1, PC#2, and PC#3).
5. When the DHCP server is enabled, the Cisco 67x must contain a valid DHCP configuration, which has been either manually provisioned or obtained during a previous client transaction.
If this is the first time the Cisco 67x has performed a client request, it ignores all network traffic until the Cisco 67x client transaction has completed.
6. The Cisco 67x saves the client configuration information obtained during the client transaction to NVRAM for subsequent use.
If a client transaction results in configuration information that differs from that which is stored in NVRAM, the Cisco 67x saves the new configuration to NVRAM and uses the new information on the subsequent power-cycle.
NAT in the Cisco 67x translates private (or Internet-invalid) IP addresses to public (Internet-valid) IP addresses. By dynamically creating a table of translation information each time data is exchanged with any network outside of the SOHO network, the CPE device allows multiple PCs to oversubscribe a single, public IP address. This powerful feature both conserves IP addresses and minimizes customer reconfiguration of a local SOHO network.
Use NAT if you cannot use a network's internal private addresses outside either for security reasons or because the addresses are invalid outside the network.
Network Address Translation is predominantly application-independent, with the exception of FTP. However, the Cisco implementation of NAT fully supports full-rate FTP. Applications that include IP addresses within the packet payload will fail without special NAT-wise consideration.
Other benefits of the Cisco implementation of NAT on CPE products include:
When both NAT and DHCP are enabled, the Cisco 67x becomes virtually configurationless. NAT obtains the public address used for translation in the same manner as described above. However, DHCP does not require any additional provisioning since NAT translates all address information to the outside, public address. You can use a DHCP client transaction to obtain DNS, WINS, and other information for subsequent SOHO DHCP server operation, but this is not required.
When a DHCP client transaction is in progress, the Cisco 67x delays NAT implementation until the client transaction completes. This ensures that the most current information is used for server operation.
The end result for the SOHO users (PC#1, PC#2, and PC#3) (see Figure 1-7) is as follows:
1. SOHO users turn on their un-configured machines with DHCP enabled. Within seconds, they are surfing the Internet using a configuration totally and transparently supplied by their service provider.
2. Clients are not affected by changes at the service provider.
In addition to DHCP and NAT, CBOS also supports the applications, listed below, for management and control of the system:
/etc/syslog.conf
configuration file (remember to use tabs, not spaces). Several systems, such as Linux and FreeBSD, have SYSLOG set up properly by default.nsrouter.c67x.<version #>ima.hr
. You can also use TFTP to archive an image of your CBOS configuration file. This configuration file can be named anything you wish as long as you can view and edit the file with a standard text editor. Use the.cfg
extension to make the configuration file easy to locate and to assure that it can be viewed and edited by a standard text editor. Archive an image of your configuration file before making changes to it so you can easily recover the old file if necessary. When uploading a configuration file to the 67x, you must name the configuration file nscfg.cfg
before uploading.The CBOS includes two interfaces you can use to configure and operate the Cisco 67x:
From the CBOS prompt, use the help command to display the online help system for a specified command. Refer to "Using the Command Line Interface," for more information on the help command. To access the Help Facility, enter the following command from the command line:
help [command-name]or
? [command-name]For example, to display information about the show version command, enter:
help show version
or
? show version
Posted: Thu Mar 23 05:41:59 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.