Administrator’s Handbook
72
Application Layer Gateway (ALG) commands
These commands allow you to enable or disable the router’s support for a variety of Application Layer Gateways
(ALGs). An application layer gateway (ALG) is a NAT component that helps certain application sessions to pass
cleanly through NAT. Each ALG has a slightly different function based on the particular application’s protocol-spe-
cific requirements.
An internal client first establishes a connection with the ALG. The ALG determines if the connection should be
allowed or not and then establishes a connection with the destination computer. All communications go through
two connections – client to ALG and ALG to destination. The ALG monitors all traffic against its rules before decid-
ing whether or not to forward it. The ALG is the only address seen by the public Internet so the internal network is
concealed. In some situations, it may be desirable to disable some of the ALGs.
set ip alg ftp [ on | off ]
Turns the FTP (File Transfer Protocol) ALG for file transfers on or off. Default is on.
set ip alg h323 [ on | off ]
Turns the H323 ALG for audio, video, and data communications across IP-based networks on or off. Default is
on.
set ip alg pptp [ on | off ]
Turns the PPTP (Point-to-Point Transfer Protocol) ALG for authentication on or off. Default is on.
set ip alg sip [ on | off ]
Turns the SIP (Session Initiation Protocol) ALG for voice communication initiation on or off. Default is on.
set ip alg tftp [ on | off ]
Turns the TFTP (Trivial File Transfer Protocol) ALG for simple file transfers and firmware updates on or off.
Default is on.
Link commands
links represent physical connections. Currently, port-based VLAN support is provided at this level.
set link name name type [ ethernet... ]
Specifies whether the type of the link named name is ethernet or some other.
(ethernet is the only type currently. Subsequent releases will support various PPP cases.)
set link name name igmp-snooping [ off | on ]
Turns igmp-snooping off or on on the link named name.
set link name name port-vlan ports [ lan | ptm | vc-1 | vc-2 ]
Specifies a port-based VLAN on the selected ports on the link named name.
set link name name port-vlan priority [ 0 - 7 ]
Specifies the 802.1p priority bit. If you set this to a value greater than 0, all packets of this VLAN with unmarked
priority bits (pbits) will be re-marked to this priority.
Comments to this Manuals