The following commands are configurations I set on my BeBox Speedtouch 585 v6, although these commands can also be used on many other Speedtouch routers.
These settings are intended as a guide only and the site does not take any responsibility for changes that you may make to your router and you do so at your own risk.
Telnet into the CLI
To perform most of these operations you will need to telnet into the router to access the CLI (Command Line Interface), to do this from windows:
Start >> Run >> type "cmd" into the box
You will then be presented with a telnet window in which type
open 192.168.1.254
or simply click this link here --> telnet 192.168.1.254
Now enter the username and password.
By default the username is Administrator and the password is left blank.
You should now be presented with the prompt
_{Administrator}=>
Basic CLI commands
help or ? = help information
menu = displays the menu
exit = close
.. exit a group selection
saveall saves the current configuration
{Administrator}=>saveall
Remember to use this command to save any changes that you make.
To set the Speedtouch date and time.
~ Check the system time = system settime
{Administrator}=>system settime
which will return something like:
date = 18/01/1970
time = 01:50:10
timezone = +00:00
daylightsaving = off
uptime = 17 days, 1:50:10
Note: For some reason on some systems, a bug may display the year 2008 as 2000
~ Set the system date and time
{Administrator}=>system settime date=01/05/2008 time = 20:10:15
~ Set British Summer Time (BST/DST)
Set to on|off or enabled|disabled
{Administrator}=>system settime daylightsaving = on
Set a time server (SNTP)
~ To set SNTP so that your router will automatically synchronise with a time server.
Here I'm using Manchester University ntp2d.mcc.ac.uk 130.88.200.4
{Administrator}=>sntp config state=enabled
{Administrator}=>sntp config
state = enabled
poll interval = 60 minute(s)
poll interval (before first sync) = 5 minute(s)
{Administrator}=>sntp add addr=130.88.200.4
{Administrator}=>sntp list
IP Address Version Status Name
130.88.200.4 3 synchronized
Cant log in with IE7
On some firmware versions after you have changed the router password IE7 wont allow you to log in to the router. This can be fixed by using the following command:
{Administrator}=>system config digestauth=disabled
Session Timeout
If you are finding that the telnet session ends quickly and logs you out too soon you can change this.
~ To check the telnet session time length (in seconds):
{Administrator}=>env get var=SESSIONTIMEOUT
~ To change the telnet session timeout enter the number of seconds:
{Administrator}=>env set var=SESSIONTIMEOUT value=600
~ To set to never timeout:
{Administrator}=>env set var=SESSIONTIMEOUT value=0
Set DNS Servers
~ To check which DNS servers are set in the router:
Caution these settings are shown for Be/O2.. users of other ISPs may need to use "Internet"
_{Administrator}=>dns server route list
DNS Server Source Domain Metric Intf State
87.194.0.50 10 RoutedEthoA UP
87.194.0.51 15 RoutedEthoA UP
~ Assign an OpenDNS server 208.67.220.220 to the list:
_{Administrator}=>dns server route add dns=208.67.220.220 metric=5 intf=RoutedEthoA
Note:
The metric figure is a precedence weighting with the lower number getting priority.
If no interface is specified then DNS will be forwarded to all interfaces.
Be and O2 should use "RoutedEthoA". Other users should use "Internet"
Enable NAT Loopback
If you run a server from behind your router, when you type the "external url" NAT will prevent you from accessing the domain due to you being on the "other side" of your router. NAT Loopback enables IP packets from the LAN to pass through and come back on the WAN side and access via the public address.
~ To enable NAT Loopback:
{Administrator}=>ip config natloopback=enabled
Log History
~ Retain router log history across system reboots
{Administrator}=>:systemlog show hist=enabled
Enable SNMP
If you use MRTG or similar to log statistics from your router you will need to enable Simple Network Management Protocol (SNMP) in the router.
~ To check SNMP status:
{Administrator}=>service system list
Idx Name Protocol SrcPort DstPort Group State
-----------------------------------------------------------------------
17 SNMP_AGENT udp 161 disabled
~ To enable SNMP
{Administrator}=>:service system modify name=SNMP_AGENT state=enabled
You may also need to assign snmp to a community, however mine seems to work fine without.
add : Config an SNMP community string to allow snmp access over
IP.
{Administrator}=>snmp community add securityname=RWCommunity communityname=public
~ Detailed SNMP info
{Administrator}=>service system list name=SNMP_AGENT expand=enabled
Make router pingable
By default some routers will block pings and not respond
~ To check PING status:
{Administrator}=>service system list
Idx Name Protocol SrcPort DstPort Group State
-----------------------------------------------------------------------
14 PING_RESPONDER icmp 8 disabled
~ To enable router to respond to PING
{Administrator}=>:service system modify name=PING_RESPONDER state=enabled
~ To assign the ping command to the WAN interface
{Administrator}=>:service system ifadd name=PING_RESPONDER group=wan
~ Detailed info about ping_responder
{Administrator}=>service system list name=PING_RESPONDER expand=enabled
Idx Name Protocol SrcPort DstPort Group
--------------------------------------------------------------------------
1 PING_RESPONDER icmp 8
Description................ ICMP echo responder
Properties................. server
Attributes................. state aclip aclif aclifgroup log
User Managed Attributes.... state aclip aclif aclifgroup log
Attribute Values :
State...................... enabled
Ip Access List............. any
Interface Access List...... any
Interface Group Access List lan wan
Logging.................... disabled
AnnexA / AnnexM
Only applicable on Annex M ISPs and from firmware V6.2.G onwards.
adsl debug multimode config=g992.5_AnnexA
adsl debug multimode config=g992.5_AnnexM
Previous versions - Annex M Speedtouch 585
Reset Users
If for example you have been locked out from the web interface although it may be worthwhile trying system config digestauth=disabled first.
~ List the existing user accounts
{Administrator}=> user list
User Flags Role
---- ----- ----
Administrator U Administrator
tech R TechnicalSupport
BeTech TechnicalSupport
~ Flush the existing user accounts
{Administrator}=> user flush
{Administrator}=> exit
Now Start a new telnet session.
You will not have to authenticate or use user name = "root" with no password (hit the enter key).
~ Add a new user
{Administrator}=> user add
name = admin
password = ****
Please retype password for verification.
password = ****
role = SuperUser (or Administrator)
[hash2] = (leave blank)
[descr] =
[defuser] = enabled (this sets as the default user)
[defremadmin] = enabled (this sets as the default remote administrator)
[deflocadmin] = enabled (this sets as the default local administrator)
:user add name=admin password=_CYP_098f6bcd4621d373cade4e832627b4f6
role=SuperUser defuser=enabled defremadmin=enabled deflocadmin=enabled
Allow remote access to the Web Interface or Telnet
Users that want to remotely manage their routers either through the GUI or via telnet can.
First create a user as above, this gives that user privilege to manage remotely, then telnet to the router. **
service system ifadd name HTTP group wan
service system ifadd name HTTPs group wan
service system ifadd name TELNET group wan
This of course opens the router up to anyone on the internet. To secure access to an IP or range of IP's type the following. **
service system ipadd name HTTP ip 212.23.9.250
service system ipadd name HTTPs ip 82.69.227.30/29
service system ipadd name TELNET ip 212.23.9.250-212.23.9.259
If locking down to IP, remember that it takes effect immediately. If you are connected to the router via telnet from the local network and you lock telnet down to a WAN IP you will be instantly disconnected and be unable to connect from anywhere other than the WAN IP specified. **Make sure to add the IP you are currently connected from first**.
More CLI commands
Credits:
Thanks to Azzaka from ZenInternet for the User + remote access information.
|