cisco router configurationLast edited on Feb 25, 2012

My private network is built around a cisco 2620xm router and a cisco catalyst 3448-XL My router's image is c2600-adventerprisek9-mz.124-25c.bin, and for the switch: c3500xl-c3h2s-mz.120-5.WC17.bin.

DSL connection

My router has a WIC-1ADSL card. Using this, I can connect with my ISP. Note that these settings might only work for my ISP (Teksavvy, in ottawa)

vpdn enable
no ip cef
interface ATM0/0
 no ip address
 atm restart timer 300
 no atm ilmi-keepalive
 bundle enable
 dsl operating-mode auto
 hold-queue 224 in
 pvc 0/35
  pppoe-client dial-pool-number 1
interface Dialer1
 ip address negotiated
 ip access-group 120 in
 ip mtu 1492
 ip nat outside
 ip nat enable
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username your_username password 0 your_password
 ppp ipcp dns request accept
 ppp ipcp address accept
ip forward-protocol nd
! set default route to go through Dialer1 interface
ip route Dialer1

! deny telenet access from outside.
access-list 120 deny   tcp any any eq telnet
access-list 120 permit tcp any any
access-list 120 permit ip any any
dialer-list 1 protocol ip permit

With these settings, your DSL connection should come up. Any host from the outside of your network will be able to access TCP ports (except 23) on your network. More details on NAT will follow.

VLAN trunking

Consider the following configuration:
VLAN 1 hosts the network
VLAN 3 hosts the network
VLAN 10 hosts the network
VLAN 1 and VLAN3 can talk to each other and to the WAN
VLAN 10 can only talk to the WAN

interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address
 ip access-group 101 in
 no ip unreachables
 ip nat inside
 ip virtual-reassembly
interface FastEthernet0/0.3
 encapsulation dot1Q 3
 ip address
 ip access-group 103 in
 no ip unreachables
 ip nat inside
 ip virtual-reassembly
interface FastEthernet0/0.10
 encapsulation dot1Q 3
 ip address
 ip access-group 110 in
 no ip unreachables
 ip nat inside
 ip virtual-reassembly

A subinterface (ie: 0.10) defines a vlan. In this setup, interface 0 is configured to handle VLANs 1,3 and 10 by separating it in 3 different sub-interface. Note that with this configuration, nothing more needs to be done for inter-vlan routing. By assigning an IP paddress to subinterfaces, you tell the router how to route between vlans.

With this configuration, all 3 networks will be able to talk to each other. To prevent VLAN10 to talk to VLAN 1 and 3, you could do the following:

access-list 100 deny   ip
access-list 100 permit ip any any
access-list 100 permit udp any any

access-list 103 deny   ip
access-list 103 permit ip any any
access-list 103 permit udp any any

access-list 110 deny   ip
access-list 110 deny   ip
! deny telneting in gateway from guest network
access-list 110 deny   tcp host eq telnet
access-list 110 permit ip any any
access-list 110 permit udp any any


The following configuration will setup a DHCP server on the router with a different pool for each networks.

! only hand out ip addresses from
ip dhcp excluded-address
ip dhcp excluded-address
! only hand out ip addresses from
ip dhcp excluded-address
ip dhcp excluded-address
! only hand out ip addresses from
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp pool pool_vlan1
   import all
ip dhcp pool pool_vlan3
   import all
ip dhcp pool pool_vlan10
   import all


To use the cisco router as a DNS forwarder, the following simple configuration can be usd

ip dns server

NAT / Port forwarding

I never got port range forwarding to work on my router. I ended up writing 100 lines for a range of 100 ports. But this is not shown here for for sake of simplicity

ip nat translation timeout 3600
ip nat translation tcp-timeout 1200
ip nat translation finrst-timeout 15
ip nat translation syn-timeout 45
! forward port 80 to
ip nat inside source static tcp 80 interface Dialer1 80
! enable NAT on Dialer1 interface
ip nat inside source list 1 interface Dialer1 overload
access-list 1 permit

SpeedTouch 780 DocumentationLast edited on Feb 25, 2012

SPA941 PhoneBookLast edited on Feb 25, 2012

Personal Directory

An annoying thing with that phone is that it is impossible to provision the phone directory automatically. The good thing is, you can fill the list from the web page of the phone. So then, with wireshark I looked at how this information is posted. All you need is the following script that will simulate a browser submitting the list of numbers. You might wanna check the list of input fields ID, I am not sure if they will be the same on each devices depending on firmware version.

$fields = Array("43311","43503","43439","44655","44591","44783","44719","44911","44847","45039",

$conn = mysql_connect("localhost","username","password");
$query = "SELECT * FROM phonebook ORDER BY name;";
$result = mysql_query($query);

$n = mysql_num_rows($result);
while ($record = mysql_fetch_assoc($result)) {
        $name = $record['name'];
        $phone = $record['phone'];
        $name = urlencode($name);
        $field = $fields[$i];
        $list .= "$field=n%3D$name%3Bp%3D$phone";

        if ($i<$n) $list .= "&";

system("wget --post-data '$list' -t 1");

Executing that script will fetch all entries in the mysql server and post them on the phone located at

NGW100 - Different problems and solutionsLast edited on Feb 25, 2012

AVR32 troubleshooting

In this section, I will describe different problems I ran into. Everytime I spend a lot of time trying to figure why something did not work, I will post the found solutions here.

Illegal opcode with conditional instructions

Everytime I was using "addhi" I got an illegal opcode exception. The worse thing was that I was using addhi inside and exception handler. This is because it seems that my CPU uses architecture revision 1. when looking at the isntruction set reference, you can see that these instructions are meant to be used on revision 2 architecture. It is a shame because I couldn't wait to use those.... oh well.

Unrecoverable exception on scall

Everytime I was using "scall", the "unrecoverable exception" was issued instead of EVBA+0x100. I found out that this is because EVBA was not alligned on a 8kb oundary

Copying to parallel flash using u-boot

The address ranges in the AT49BV642D datasheet are 16bit words! So when they say that the sector 23 resides from 0x80000 up to 0x87FFF, it really means from 0x100000 to 0x107FFF.

ASID field in page table

I could understand from the architecture document that the ASID field in a page table entry (from the TLB) is used by the MMU to match the current process ID. What I could not understand was that the ASID field is matched... against what? Yes it is matched against the processID but where is the current proces ID stored? It is in the TLBEHI register. so the TLBEHI[ASID] field should not only be filled before loading a page in the TLB, it should be loaded ALL the time since it will be used for the comparison as well.

Locking entries in TLB

When setting DLA or ILA in MMUCR, make sure you change DRP or IRP accordingly. If you lock the first entry and leave DRP (or IRP) to 0, you will never be able to write anything in the TLB

INTC not working properly, values written to IPR are read back as zero

Make sure that INTC is enabled in PBBMASK (See power manager)

Comparing a page with buffer on the dataflash always says that the page matches even though it is different

When I was reading a page (using 0x87) , then writting something else to buffer1. A buffer comparison always returned that the pages matched. To fix this, I am now using buffer2 to write and compare. It solves the problem but it doesn't make any sense.

MACB: RBQP increases when receiving frames but descriptor's ownership flag does not change

It is important to load RBQP with a physical address (not virtual address). Descriptors must also be loaded with physical addresses. Also, even if reading descriptors from the P2 segment (uncached memory), it is important to invalidate the cache ("cache r0[0],0b1011").

AVR32 assembly tipLast edited on Feb 25, 2012

Cool instructions

on this page, I will describe some instructions I found interesting on the AVR32 CPUs.


Those two instructions are powerfull. BFTEXU allows you to extract 'n' bits starting at position 'm' in register 'X' and store the result in register 'Y' at position 0 and pad the rest with zeros. Basically, it does all that for you in 1 cycle only:

    bfextu  r5,r8,5,4

is the same as:

    mov    r5,r8
    lsr    r5,5
    mov    r8,0x0F
    and.w  r5,r8

SUBHS r,i will substract 'i' from 'r' and store the result in 'r' only if the carry flag is cleared. Otherwise, it will behave as a NOP. Knowing this, it would be easy to write a function that converts a 32bit number into its ascii representation. Assume that the follwing function takes 'r8' as the input number and we will output each char on the serial port from the MSB to LSB

    swap.b  r8
    mov     r4,4            ; we will do 4 iterations, one for each byte
1:  bfextu  r5,r8,4,4       ; get me the high nibble
    sub     r5,-48          ; substracting -48 is the same as adding 48 right?
    cp      r5,58           ; is the ascii char over '9'?
    subhs   r5,-7           ; if ascii overflowed '9', then add 7 to make it a letter
    rcall   sendSerial

    bfextu  r5,r8,0,4       ; get me the low nibble
    sub     r5,-48          ; substracting -48 is the same as adding 48 right?
    cp      r5,58           ; is the ascii char over '9'?
    subhs   r5,-7           ; if ascii overflowed '9', then add 7 to make it a letter
    rcall   sendSerial

    lsr     r8,8
    sub     r4,1
    brne    1b


When writing an FFT on a x86 architecture, you dream of having access to such an instruction. BREV allows you to transform 00000000000000000000000000100110 into 01100100000000000000000000000000. It is a bit reversal. I just did that in one cycle only with one instruction. Can you imagine doing that in C? looping through each bit, making shifts, 'OR' etc...


BLD r,n lets you take bit 'n' from register 'r' and store it in the carry flag. Having this in the carry flag lets you make a conditional branch the way you like without even having to compare anything. Without that instruction, you would need to 'AND' the register with a bit mask, compare the result with 0 and branch conditionally. With BLD, I don't even have to change any registers and I save "AND" step.