Dandy vBNG User Guide

This document provides a guide for configuring the Dandy vBNG router. It includes instructions on how to set up various aspects of the router, such as Network, Radius, NAT, Log, user accounts, etc. By following this guide, you can ensure that your Dandy vBNG router is properly configured and optimized for your specific needs.

Useful Tips

Always disable any hyper threading (Logical) and Virtualization in bios.
Default CLI Login: username = admin Password = Dandy@123
Default web login username = test1 Password = test1
"commit" to save the configuration and "commit discard" to exit without saving.
Use double TAB for next available commands.
Press 'q' to exit from displaying command.
Bold highlighted are commonly used commands.
Always keep a copy (backup) of your configuration in a text file.
Always use normal putty to connect to the server via SSH.
Change admin password and delete users which are not required. (set system login user admin authentication password )
Changes in IPv4 or IPv6 pools require a restart of the PPPoE service.
restart service pppoe-server (This command will restart the PPPoE server, disconnecting all users and reconnecting them.)
Set your web address again to restart web service (if anything gets stuck in the web or in show interfaces):
```
set system web address <your wan IP> port <port number>
```
We primarily use set, delete, and show commands. set is used to set a command, delete is used to delete the respective command, and show is used to display configurations or details. To delete a command, replace set with delete for that specific command.
Useful commands:
- ```
show configuration set
```
  (See all configurations in set format - press 'q' to exit)
- ```
show interfaces
```
  (To see all interfaces)
- ```
show system status
```
  (To see the status of the system)

Index

Interface Configuration
Radius Configuration
IP-POOL
Adding VLAN and Service Name
System Configuration (S-NAT)
Create Route Policy
System Configuration (Users)
Log Server
Local Users (Without Radius)
Displaying Configuration
IPoE Configuration
Web Services
DNS Server
Ookla Speedtest Server
Routing Mode (BGP, OSPF, IS-IS)
Filtering/Firewall (DPI)

Interface Configuration

set interfaces ethernet <interface> address <address/mask>

{Enter IP address and Mask}

delete interfaces ethernet <interface> address <address/mask>

set interfaces ethernet <interface> ipv6-address <address/mask>

{Enter IPv6 address and Mask}

delete interfaces ethernet <interface> ipv6-address <address/mask>

set interfaces ethernet <interface> gateway <address>

{Enter Default Gateway address}

delete interfaces ethernet <interface> gateway <address>

set interfaces ethernet <interface> ipv6-gateway <address>

{Enter Default IPv6 Gateway address}

delete interfaces ethernet <interface> ipv6-gateway <address>

set interfaces ethernet <interface.vlan> address <address/mask>

{Enter IP address on VLAN interface and Mask}

delete interfaces ethernet <interface.vlan> address <address/mask>

set interfaces bonding <bond number> <address/mask> <downdelay> <gateway> <hash-policy> <ipv6-address>

{Bonding interfaces}

Example:

set interfaces bonding bond8 address 103.100.100.2/30 set interfaces bonding bond8 downdelay 400 set interfaces bonding bond8 gateway 103.100.100.1 set interfaces bonding bond8 hash-policy layer2+3 set interfaces bonding bond8 ipv6-address 2407:45c0::6/126 set interfaces bonding bond8 ipv6-gateway 2407:45c0::5 set interfaces bonding bond8 lacp-rate 1 set interfaces bonding bond8 member interface enp4s0f0 set interfaces bonding bond8 member interface enp4s0f1 set interfaces bonding bond8 miimon 100 set interfaces bonding bond8 mode 4 set interfaces bonding bond8 updelay 800

delete interfaces bonding bond8
Back to Top
Radius Configuration

set service pppoe-server access-concentrator <name>

{Name of your NAS}

set service pppoe-server ip-pool gw-ip-address <address>

{Server WAN IP}

set service pppoe-server ipv6-pool gw-ip-address <address>

{Server IPv6 WAN IP}

set service pppoe-server authentication radius nas-ip-address <address>

{Server WAN IP}

set service pppoe-server authentication radius nas-identifier <name>

{Identity of your NAS for Radius}

set service pppoe-server authentication radius attribute mikrotik

{To use MikroTik type attribute with Radius}

set service pppoe-server authentication radius server <address> key <your key>

{Enter your Radius Server address and secret key}

set service pppoe-server authentication radius server <address> acct-port <value>

{Default accounting port is 1813}

set service pppoe-server authentication radius server <address> port <value>

{Default authentication port is 1812}

set service pppoe-server authentication radius dae-server <address> port <value> key

{Enter (Incoming) DAE-server address same as WAN IP and port number with secret key}

set service pppoe-server dns-servers dns1 <address>

{Enter Your First DNS server for PPPoE users}

set service pppoe-server ipv6-dns-servers dns1 <address>

{Enter Your First IPv6 DNS server for PPPoE users}

set service pppoe-server dns-servers dns2 <address>

{Enter Your Secondary DNS server for PPPoE users}

set service pppoe-server ipv6-dns-servers dns2 <address>

{Enter Your Secondary IPv6 DNS server for PPPoE users}

set service pppoe-server authentication radius acct-timeout <value>

{Default value is 0}

set service pppoe-server authentication radius timeout <value>

{Default value is 3}

set service pppoe-server authentication radius max-try <value>

{Default value is 3}

set service pppoe-server authentication radius server <address> fail-time <value>

{Default value is 0}

set service pppoe-server authentication radius server <address> max-fail <value>

{Default value is 10}

set service pppoe-server authentication radius server <address> req-limit <value>

{Default value is 0}

set service pppoe-server authentication radius server <address> weight <value>

{Default value is 1}

set service pppoe-server authentication radius acct-delay-time <value>

{Default value is 0}

set service pppoe-server authentication radius acct-interim-interval <value>

{Default value is 30}

set service pppoe-server authentication radius acct-interim-jitter <value>

{Default value is 60}
Back to Top
IP-POOL

set service pppoe-server ip-pool address <address> name <name>

{Name your first private IP pool – Default is pool1}

delete service pppoe-server ip-pool address <name>

set service pppoe-server ip-pool address <address> name <name> next <name>

{Add another pool}

set service pppoe-server ip-pool gateway-address <address>

{Address must be your wan ip}

set service pppoe-server ip-pool-name <name>

{Your first pool name}

set service pppoe-server ipv6-pool-name <name>

{Name your first private IPv6 pool}

set service pppoe-server ipv6-pool-delegate-name <name>

{Name your first private IPv6 delegated pool}

set service pppoe-server ipv6-pool address <address/mask,prefix length> name <name>

delete service pppoe-server ipv6-pool address <pool> name <name>

set service pppoe-server ipv6-pool delegated-address <address/mask,prefix length> name <name>

delete service pppoe-server ipv6-pool delegated-address <pool> name <name>

set service pppoe-server ipv6-pool gateway-address <address>

{Address must be your wan ipv6 address}

set service pppoe-server ipv6-pool-name <name>

{Your first ipv6 pool name}
Back to Top
Adding VLAN

set service pppoe-server interface <interface> descriptions <descriptions>

{PPPoE request to listen on Direct Interface}

delete service pppoe-server interface <interface>

set service pppoe-server interface <interface> vlan-id <number> descriptions <descriptions>

{PPPoE request to listen on VLAN Interface}

delete service pppoe-server interface <interface> vlan-id <number>

Add Service Name

set service pppoe-server service-name blank enable/disable

{Set Service-name blank globally – to all interfaces}

set service pppoe-server service-name <name> interface <interface>

{Set Service name to physical Interface}

delete service pppoe-server service-name <name> interface <interface>

set service pppoe-server service-name <name> interface <interface> vlan-id <number>

{Set service name to VLAN interface}

delete service pppoe-server service-name <name> interface <interface> vlan-id <number>

set service pppoe-server service-name anyname interface <interface> vlan-id <number>

{Set blank or any service name to VLAN interface}

delete service pppoe-server service-name <name> interface <interface> vlan-id <number> description

set service pppoe-server service-name blank interface <interface> vlan-id <number>

{Set blank or any service name to accept blank on VLAN interface (disable blank service name globally)}

delete service pppoe-server service-name blank interface <interface> vlan-id <number>
Back to Top
System Configuration (S-NAT)

set system snat source-address-pool <pool> translation IP <public ip> out-interface <wan-interface>

{Set private IP pool mentioned in IP pool address, out-interface will be your WAN interface}

{Default source-address-pool is 10.56.0.0/16}

delete system snat source-address-pool <pool> translation IP <public ip> out-interface <wan-interface>

set system snat source-address-pool <pool> translation IP <public ip>,<public ip> out-interface <wan-interface>

{Set Multiple Public IPs}

delete system snat source-address-pool <pool> translation IP <public ip>,<public ip> out-interface <wan-interface>

set system snat source-address-pool <pool> translation pool <public ip pool> out-interface <wan-interface>

{Set private IP pool mentioned in IP pool address, out-interface will be your WAN interface}

{Default source-address-pool is 10.56.0.0/16}

set system snat source-address-pool <pool> translation pool <public ip pool>,<public ip pool>out-interface <wan-interface>

{Set Multiple Public IP pools}

delete system snat source-address-pool <pool> translation pool <public ip pool>,<public ip pool> out-interface <wan-interface>

set system host-name

{Set your system host name – which you can see in your web login}
Back to Top
Create Route Policy

(Default bypass route policy created for IX pools. Can be added and removed)

set policy route ix network 1.0.0.0/24

set policy route ix network6 2404:f340::/32

delete policy route <name>

set policy route <name>

{Set a policy route}

delete policy route <name>

set policy route ix qos cbq all <50mbit>

{Per connection base bandwidth limit on ix list 50mbps to all connection}

delete policy route ix qos cbq

set policy route ix qos cbq plus <30mbit>

{Per connection base bandwidth limit on ix list i.e. Package rate(20mbps)+30mbps = 50mbps}

delete policy route ix qos cbq

set policy route ix qos cbq multiply <4>

{Per connection base bandwidth limit on ix list i.e. Package rate (20mbps) x4 =80mbps}

delete policy route ix qos cbq

set policy qos <ppp0> rate-limit download 40mbit

{Change the ppp0 rate-limit manually}

set policy qos all rate-limit download 40mbit

{Change all PPPoE connection limit download speed to 40mbit manually}
Back to Top
System Configuration (Users)

set system login user dandy authentication password <password>

set system login user dandy level admin

set system login user read authentication password <password>

set system login user read level user

set system login user super authentication password <password>

set system login user super level superadmin

{Create user along with level permissions} {superadmin is the highest level}
Back to Top
Log Server

set system log-server address <address> port <number> netflowv9

set system log-server address <address> port <number> syslog

{Sending Logs to a single Log server}

set system log-server address <address>,<address> port <number>,<number> netflowv9

{Sending Logs to Multiple Log servers – If ports are the same, you can use a single port number in port for both servers}

delete system log-server address <address>,<address> port 2055,2056 netflowv9

---------------------Add more pools for log generation-----------------

set system log-server source-ip-pool 103.99.100.0/28

set system log-server source-ip-pool 103.99.101.0/29

{Add IPv4 pool to generate logs}

set system log-server source-ipv6-pool 2001:db8:3000:1::/48

{Add IPv6 pool to generate logs}

NOTE: We recommend Netflow V9 log format to generate logs
Back to Top
Local Users (Without Radius)

set service pppoe-server local-user username <username> password <password> speed download 100mbit upload 100mbit

{The user will get an IP address from the pool assigned in ip-pool address}

set service pppoe-server local-user username <username> password <password> speed download 100mbit upload 100mbit address <address>

{You can set a different IP address for the user}

delete service pppoe-server local-user username <username>

NOTE: If a user is added locally, priority is assigned to the local user, and a request is not sent to the Radius server.
Back to Top
Displaying Configuration

show configuration set

{Show you all configurations in set format} (Press "q" to quit)

show configuration

{Show you all configurations} (Press "q" to quit)

show interfaces

{Interface details}

show system status

{Check your System Status including PPPoE connections}

show interfaces ethernet

{Show all interfaces along with configuration}

show interfaces ethernet blink count 10

{Find out interfaces by blinking interface}

show interfaces ethernet

{Show selected interfaces along with configuration}

show interface connections

{Number of PPPoE Connections on each interface}

show connections

{See all PPPoE connections}

show connections log

{See all PPPoE Authentication logs} (Press "q" to quit)

show connections

{Search PPPoE client by username}

disconnect user

{Disconnect a user}

show policy set

{See all policies}

show policy route

{Show all route policies}

show policy route

{Show route policy by name}

show service

{See all services configurations}

show service pppoe-server

{See all PPPoE Services configurations}

show service pppoe-server service-name

{See all Service Names}

show service pppoe-server service-name interface

{See all Service names on Interfaces}

show service pppoe-server authentication

show service pppoe-server authentication radius

show service pppoe-server authentication radius dae-server

show service pppoe-server dns-servers

show service pppoe-server interface

show service pppoe-server interface

{See all PPPoE services by Interface name}

show service pppoe-server ip-pool

{See all IP pools configured}

show service pppoe-server ip-pool-name

show system

show system host-name

show system snat

{See all SNAT configurations}

show system snat source-address pool

{See all SNAT source pools of private IPs}

show system snat translation pool

{See all Translation Public IP pools}
Back to Top
IPoE Configuration

NOTE: PPPoE and IPoE won’t work on the same physical interfaces. VLAN can be used the same as PPPoE.

set service ipoe-server idle-timeout 60

{Set idle timeout for IPoE users}

set service ipoe-server interface eno2 description TEST

{Set interface and description for IPoE users}

set service ipoe-server network 10.20.30.0/29 gateway 10.20.30.1 interface eno2

{Set IP pool of the IPoE user and bind it into interface}

set service ipoe-server interface eno3 vlan-id 100 description TEST

{Set VLAN interface and description for IPoE users}

set service ipoe-server network 10.50.60.0/29 gateway 10.50.60.1 interface eno2 vlan-id 100

{Set IP pool of the IPoE user and bind it into VLAN interface}

{To delete the above configuration, use delete instead of set and commit}
Back to Top
Web Services

Web service is only for monitoring the status of the system, interfaces, and users.

set system web address 103.120.211.138 port 8000

set system web login user abcd authentication password <password>

{Creating user for web login}

set system web login user test authentication password <password>

set system web login user test interface eno2 vlan-id 81

{Creating and allowing user to monitor only selected interfaces in web login}

To restart web service, just set the web address again and commit:

set system web address 103.120.211.138 port 8000
Back to Top
DNS Server

DNS Caching Server

set system dns enable/disable

{Enable to start and Disable to stop DNS services}

set system dns address <103.103.102.2> ### your WAN IP set system dns address <127.0.0.1> ### localhost

set system dns port 53 ### your DNS port number

{Always keep port 53}

set system dns allow-pool <10.56.0.0/16> ### allow your private IP pools set system dns allow-pool <103.103.101.0/24> ### Allow IP pool for live IPs set system dns allow-pool <103.103.102.2/32> ### allow your server WAN IP

{NOTE: Your WAN IP pool or WAN IP address should be allowed}

set system dns threads <20> ### Set CPU cores

{Use all available cores}

set service pppoe-server dns-servers dns1 103.103.102.2 set service pppoe-server dns-servers dns2 8.8.8.8

{Change your PPPoE server DNS1 to serve your users}

restart system dns

{To restart DNS service}
Back to Top
Ookla Speedtest Server

Configure Ookla Speedtest Server

set system speedtest server enable/disable

{Enable to start and Disable to stop DNS services}

NOTE: Point your speedtest server IP.

Use Ookla user guide for more details.
Back to Top
Routing Mode (BGP, OSPF, IS-IS)

Entering Routing Mode

set system routing

{Only Super user level is allowed to access routing mode} {Cisco type command to configure router}

NOTE: Do not change any IP address from routing mode
Back to Top
Filtering/Firewall (DPI)

Enabling DPI

set filter ethernet <interface> type pppoe

{Interface of your PPPoE where unwanted packets drop}

set filter ethernet <interface> type wan

{Your WAN interface to prioritize packets}

[To delete command, use delete instead of set and commit]
Back to Top