Advanced configuration with SpeedTouch 780

I needed to do some more advanced configurations with my SpeedTouch 780, enable SNMP, change DNS servers and  manage routes; which isn’t possible through the Web page, that’s when I started to think if there was another way to manage the device and there is one, a good old telnet session to the router with the default user of Administrator(with capital A), no password (just press enter) and you’re there. Now to help with your way around you might wan’t to look to the CLI reference manual (download from Thompson partners) and then start messing with it.

Enable SNMP

Shall we start with SNMP first then. There are four distinct different things that you will need to do before SNMP is available from the WAN interface. Set the system information, enable the SNMP_AGENT and assign it to an interface, finaly set the SNMP community name.
_{Administrator}=> :snmp config sysContact="ET phone home" sysName="don't call me names please" sysLocation="here can't you see me?"
_{Administrator}=> :service system modify name SNMP_AGENT state=enabled
_{Administrator}=> :service system ifadd name=SNMP_AGENT group=wan
_{Administrator}=> :snmp community add securityname=ROCommunity communityname=public_change_me
_{Administrator}=> :snmp community add securityname=RWCommunity communityname=private_change_me

Don’t forget to change the value of the communityname.

Change DNS servers

Change the DNS servers to other than the ones assigned from your ISP. This might sound a bit ridiculous but I prefer to use OpenDNS, to the ones provided by my ISP; their free package provide statistics, domain filtering among other features.

_{Administrator}=> :dns server route flush
_{Administrator}=> :dns server route add dns=208.67.222.222 metric=1 intf=RoutedEthoA
_{Administrator}=> :dns server route add dns=208.67.220.220 metric=1 intf=RoutedEthoA
_{Administrator}=> :dns server route list

Add routes

At last but not the least adding routes, in my case I have a ASA5505 sitting on the same network but I wan’t traffic for some networks (let’s say 192.168.55.0/24 and 10.0.11.0/24) to be sent to the ASA so it gets sent over a IPSEC VPN to a client network
_{Administrator}=> :ip rtadd dst=192.168.55.0/24 gateway=192.168.1.1
_{Administrator}=> :ip rtadd dst=10.0.11.0/24 gateway=192.168.1.1

Wakeup on lan

Wakeup on lan

The wake up on lan works by sending a magic packet to the network interface of a powered off computer. The network card reads the incoming packet and turns on the computer if the magic packet was addressed to its MAC address.

The Magic Packet

A Magic Packet is a UDP packet with a length of 102 bytes, where the first 6 bytes are 0xff followed by the MAC address, repeated 16 times, of the computer to receive and power on upon receiving the packet. A sample Magic Packet sent to the broadcast address 192.168.5.255.

magic packet

Yes, the MAC address that I used in the example was macadd; and yes I know that it isn’t a valid MAC address.

Generating the Magic Packet

No special/proprietary software is required to generate a Magic Packet; I use the following PERL script, which is called from a PHP page, this way I can wake up my computer from the internet.

#!/usr/bin/perl -w

use strict;
use IO::Socket::INET;

#
# Settings
#
my $out_host = $ARGV[0];
my $mac = $ARGV[2];
my $out_port = $ARGV[1];
my $out_proto = "UDP";

#Create the socket to connect to the server
my $out_sock = IO::Socket::INET->new(
        PeerAddr => $out_host,
        PeerPort => $out_port,
        Proto => $out_proto
        );
die "Could not connect to socket: $!n" unless $out_sock;
send_magic_packet($out_sock, $mac);
close($out_sock);
print "Magic packet was sentn";

#
# Fuctions
#

# Creates and send the magic packet
sub send_magic_packet{
        ( my $_socket, my $mac_address) = @_;

        my $payload = "xFFxFFxFFxFFxFFxFF";
        my $hex_mac;
        my $mac;

        # convert to hex
        foreach (split /[:-]/, $mac_address) {
                $mac .= chr(hex($_));
        }

        for (my $c = 1; $c <= 16; $c++)
        {
                $hex_mac .= $mac;
        }

        print $_socket $payload.$hex_mac;
}

Implementing wakeup on lan

Once decided which software to generate the magic packets, there are two ways to implement it. On the local LAN or through the a Internet.

On the local network

This is the easiest to implement, as the magic packet just needs to be sent to the broadcast address, as I’ve done with the sample packet, of the local network and the switch factory will deliver a copy of the packet to all the connected computers on that network, and the computer that has its MAC address on Magic Packet will power on.

Over the internet

Things get slightly more complicated when sending the Magic Packet over the internet, because the Magic Packet must transverse a firewall/router before reaching the computer on the private network. The solution is to address the packet to the public IP address of the router and use NAT to send the Magic Packet to a computer on the private network, another configuration that must be done on the router, is adding a static ARP with the MAC address and the IP address used on the NAT rule of the computer to wake up. This must be done because once the computer is powered off its MAC address will be removed from the router ARP table once the ARP table timeout is reached. From that point on the router won’t know how to deliver the Magic Packet to the computer on the private network.

To create the correct NAT and ARP rules, read the router manufacturers manual. Below as an example the commands used on CISCO and Speedtouch.

SpeedTouch 710

_{Administrator}=> :ip arpadd intf=LocalNetwork ip=192.168.5.10 hwaddr=aa:bb:cc:dd:ee:ff
_{Administrator}=> :nat mapadd intf=RoutedEthoA type=napt outside_addr=A.B.C.D outside_port=7 inside_addr=192.168.5.10 inside_port=7 protocol=udp

CISCO

router(config)# arp 192.168.5.10 aabb.ccdd.eeff
router(config)# ip nat inside source static udp 192.168.5.10 7 A.B.C.D 7 extendable