Instruction/ maintenance manual of the product WO1003n Funkwerk
Go to page of 516
Manual bintec Next Generation WLAN Reference Copyright© V ersion 9.1.12 (3672), 2015 bintec elmeg GmbH bintec elmeg GmbH Manual bintec Ne xt Gener ation WLAN 1.
Legal Notice W arranty This publication is subject t o change. bintec elmeg GmbH of f er s no warr anty whatsoev er f or inf ormation contained in this manu- al. bintec elmeg GmbH is not liab le f or any dir ect, indirect, collat eral, consequential or an y other damage connected t o the deliv er y , supply or use of this man ual.
T able of Cont ents Chapter 1 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 .1 bintec W1 00 1n, W1 003n, W2003n, W2003n-ext and W2004n . . . . . . 1 1 .1 .1 Set ting up and connecting . . . . . . . . . . . . . . . . . . . . .
Chapter 2 Basic configuration . . . . . . . . . . . . . . . . . . . . . . 25 2.1 P reset tings . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.1 .1 P reconfigur ed data . . . . . . . . . . . . . . . . . . . . . . . . 25 2.1 .2 Sof t ware update .
5.2 Global Set tings . . . . . . . . . . . . . . . . . . . . . . . . . . 56 5.2.1 S ystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 5.2.2 P asswor ds . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 5.2.3 D ate and Time . .
7 .1 .1 Interf aces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 2 7 .2 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 16 7 .2.1 VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 18 7 .2.2 P or t Configuration .
9.4.3 Active Clients . . . . . . . . . . . . . . . . . . . . . . . . . . 180 9.4.4 Wireless Networ ks (VSS) . . . . . . . . . . . . . . . . . . . . . 1 82 9.4.5 Client Management . . . . . . . . . . . . . . . . . . . . . . . . 182 9.5 Neighbor Monitoring .
1 0.6.1 Drop In Gr oups . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Chapter 1 1 R outing P rotocols . . . . . . . . . . . . . . . . . . . . . . 241 1 1 .1 RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 1 1 .1 .1 RIP Int erfaces .
Chapter 1 4 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 1 4.1 IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 1 4.1 .1 IPSec P eers . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 1 4.1 .2 Phase-1 P rofiles .
1 5.4 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 1 5.4.1 Service List . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 1 5.4.2 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Chapter 1 6 Local Services .
1 6.7 HotSpot Gat ew ay . . . . . . . . . . . . . . . . . . . . . . . . . 402 1 6.7 .1 HotSpot Gate way . . . . . . . . . . . . . . . . . . . . . . . . . 404 1 6.7 .2 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408 1 6.8 W ake-On-LAN .
1 8.4.2 SNMP T rap Hosts . . . . . . . . . . . . . . . . . . . . . . . . 436 Chapter 1 9 Monit or ing . . . . . . . . . . . . . . . . . . . . . . . . . . 437 1 9.1 Int ernal Log . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 1 9.1 .1 Sy stem Messages .
Inde x . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493 bintec elmeg GmbH T able of C ontents bintec Ne xt Generation WLAN xi.
T able of C ontents bintec elmeg GmbH xii bintec Ne xt Generation WLAN.
Chapter 1 Installation Note Please read the saf et y notices carefull y bef ore inst alling and star ting up your de vice. These are supplied with the de vice. 1 .1 bintec W1 0 0 1n, W1 0 03n, W20 03n, W20 03n-e xt and W20 04n 1 .1 .1 Set ting up and connecting Note All you need f or this are the cables supplied with the equipment.
F ig. 2: Connection options bintec W1 0 0 1n and bintec W1 0 03n When set ting up and connecting, carry out the steps in the f ollowing sequence: (1) Antennas F or bintec W20 03n-ext scr ew the st andard ant ennas (accessory) on to the con- nector s provided f or this purpose.
(1 00–240 V). The status LED signal that your de vice is correctly connect ed to the power suppl y . Optionally , power can be supplied thr ough a standard P oE injector (par t number 5530000082). Installation The access points are t o be mounted either on the wall or on the ceiling , or use as a table- top de vice.
F ig. 3: Ceilingmounting 1 .1 .2 Connect ors All the connections are locat ed on the underside of the device . bintec W1 0 0 1n and bintec W1 0 03n has an Ether net por t, bintec W20 03n , bint ec W20 03n-ext and bintec W2004n hav e t wo Ethernet por ts.
3 PO WER Soc ket for po wer suppl y 1 .1 .3 LEDs The LEDs show the radio st atus and radio activity of your de vice. Note Note that the n umber of active WLAN LEDs depends on the n umber of e xisting wire- less modules. The LEDs on bintec W1 0 03n , bintec W20 03n , bint ec W20 03n-ext and bint ec W20 04n are arr anged as follo ws: F ig.
F ig. 6: LEDs of bintec W1 0 0 1n In operation mode, the LEDs display the f ollowing status inf or mation for y our de vice: LED status display LED Status Infor mation LAN No function PWR (gr een) off The power suppl y is not connected. If other LEDs are on, also Err or.
Cable sets/mains unit/other Documentation W all or ceiling mounting (printed) User's Guide (on D VD) Saf et y notices bintec W1 0 03n Ethernet cable (RJ-45, STP) Self-adhesive f eet W all or ceil.
Pr operty V alue Dimensions and weights: Equipment dimensions without cable (W x L x H) ca. 1 62 x 1 45 x 45 mm Weight appro x. 1,000 g (with WLAN modules) LEDs bintec W1 0 0 1n : 3 (1x LAN, 1x P ow e.
Pr operty V alue Antenna connection bintec W1 0 0 1n , bintec W1 0 03n : 2 internal antennas bintec W2003n : 4 internal antennas bintec W2003n-ext : 4 ext er ne dualband antennas bintec W2004n : 6 internal antennas T ransmit P ower (WLAN) max.
1 .2 bintec WI1 0 03n 1 .2.1 Setting up and connecting Note All you need f or this are the cables supplied with the equipment. The de vice bintec WI1 0 03n uses ext er nal antennas.
Note The de vices are supplied without a mains unit. The po wer adapt er with EU plug (par t number 550000 1254) is av ailable as an accessory . Connect the de vice to a mains sock et. Use the pow er cord and insert it in the appro- priate sock et on your de vice.
1 .2.2 Connectors All the connections are locat ed on the underside of the device . bintec WI1 0 03n have two Ethernet por ts. The connections are arr anged as follo ws: F ig.
LED Status Infor mation on (static) Error on (flashing) Ready WLAN 1/2 (gr een) of f Radio or all assigned VSS inactiv e on (slowl y flashing) VSS is active , no client connected on (f ast flashing) V.
The f eatures ar e summarised in the follo wing tab le: General P roduct Feat ures Pr operty V alue Dimensions and weights: Equipment dimensions without cable (W x L x H) ca. 1 49 x 1 23 x 31 mm Weight appro x. 750 g (with WLAN modules) LEDs 1x P ower , 2x WLAN P ower consumption of the device max.
1 .2.6 Reset If the configuration is incorr ect or if your de vice cannot be accessed, you can r eset the de vice to the e x works standard set tings using the Reset but ton on the bot tom of the de vice. All e xisting configuration dat a will be deleted.
F ig. 1 0: Connectors of bintec W O20 03n When set ting up and connecting, carry out the steps in the f ollowing sequence: (1) Antennas Scre w standard antennas (accessory) on to the connect ors pr ovided for this pur - pose. Radio module 1 is assigned t o connector s 1 -1 / 1 -2; radio module 2 to connect ors 2-1 / 2-2.
Use just one of the por ts ETH1 and ETH2 , the second por t is used to cascade a number of de vices. If you use both Ethernet connections on the same switch, loops may be f or med. A standar d patch cable (RJ45-RJ45) is s ymmetrical. It is theref ore not possible t o mix up the cable ends .
T o attach the de vice to the wall, use the br ack et supplied with your device . T o attach the de vice on the mast, use the thef t prot ector is av ailable as an accessory (par t number 5520000 144). Optional thef t prot ection is also av ailable (K ensington loc k).
por t 4 LEDs LED display f or status and WLAN 5 Grounding Connect or f or mandatory ground connection 6 ETH1 / ETH2 1 0/1 00/1 000 Base-T Ethernet interfaces; P oE is sup- por ted on ETH1 1 .3.3 LEDs The LEDs show the radio st atus and radio activity of your de vice.
LED Colour Status Infor mation WLAN2 gr een of f Radio or all assigned VSS inactive gr een on (slo wly f lash- ing) VSS is active , no client connected gr een on (f ast flashing) VSS is active, at least one client connect ed 4 inactive .
General P roduct Feat ures Pr operty V alue Dimensions and weights: Equipment dimensions without cable and antennas (W x L x H) 1 40 x 1 78 x 66 mm Weight appro x. 1260 g (with WLAN modules) LEDs 1x Status, 2x WLAN P ower consumption of the device 1 3 W max.
1 .3.6 Reset There is a hall ef fect s witch/sensor for the r eset function. Mov e a magnet close to the reset s witch which is positioned bet ween the Ethernet connectors and the LEDs t o trigger a re- set. Note If you delet e the boot configuration using the GUI , all passwor ds will be reset and the current boot conf iguration delet ed.
F ig. 1 3: Ethernet 1 0/1 00/1 000 BA SE-T interface (RJ45 sock et) The pin assignment f or the Ether net 1 0/1 00/1 000 Base-T interf ace (RJ45 socket) is as f ol- lows: RJ45 socet for LAN connection Pin F unktion 1 P air 0 + 2 P air 0 - 3 P air 1 + 4 P air 2 + 5 P air 2 - 6 P air 1 - 7 P air 3 + 8 P air 3 - 1 .
Pin F unktion 3 V CC- - Negativ e power v oltage 4 RxD - Receiv e ser ial interf ace 5 GND - GND serial interf ace 1 .6 F r equencies and channels Dif ferent certification regulations appl y around the w orld. ETSI standards generall y apply (predominantl y used in Europe).
Chapter 2 Basic conf iguration Y ou can use the Dime Manager (IP address assignment) and the GUI (other configuration steps) f or the basic configuration of y our device . The basic configuration is e xplained below step-b y-st ep . A detailed online help s yst em gives y ou extra support.
Y ou can use the Dime Manager to assign a ne w IP address and the requir ed pass- wor d to y our de vice. Note Please note: If your de vice has obtained an IP address dynamicall y from a DHCP server operat ed in your network for the basic configur ation, the fallbac k IP address 1 92.
• Internet Explorer oder Mozilla Fir efo x • Installed net work card (Ethernet) • D VD dr ive • TCP/IP protocol inst alled (see Configuring a PC on page 28 ) 2.3 Pr eparation T o prepare f or configuration, you need t o... • Obtain the data requir ed for the basic configur ation.
Access data Example v alue Y our values IP address of y our access point Netmask of your access point Access P oint mode If you run your de vice in Access P oint mode, you can set up the r equired wireless net- works.
nections (Windo ws XP) or Control P anel -> Networ k and Sharing Cent er -> Change Adapter Set tings (Windows 7). (2) Click on LAN Connection . (3) Click on Pr oper ties in the status window . (4) Look f or the Internet P rot ocol (TCP/IP) entr y in the list of net work components.
(a) Place the D VD pro vided in the D VD drive of y our configuration PC . The installation wizard should st ar t automaticall y . If it does not, open the follo wing file on the D VD us- ing your f ile bro wser: . (b) Follo w the instructions in the installation wizard.
F ig. 16: IP addr ess assignment with the Dime Manag er (3) Enter the network parameters ( Device name , IP addr ess , Netmask and Gate way ) and click on OK .
F ig. 1 7: GUI Login Star t the configuration int erface as f ollows: (a) Enter the IP addr ess of your de vice in the address line of your W eb browser .
(d) Click OK . (e) Stor e the configuration using the Save configur ation but ton abov e the menu naviga- tion. Note the f ollowing rules on passwor d use: • The passwor d must not be easy to guess . Names, car registration n umbers , dates of bir th, etc.
Note Windo ws XP allows se veral menus t o be modified. Depending on the configuration, the path to the wir eless net work connection you want t o configure may be dif fer ent to that described above . Conf iguring the WLAN A dapter under W indows 7 A popup window inf or ms you about all wireless networks within reach.
er an updated v ersion of the sy stem sof t ware is av ailable. If so , your de vice will be updated automaticall y . When installation of the new sof t ware is complet e, you will be in vited t o re- star t the de vice. Caution Af ter confirming with Go , the update cannot be abor ted.
Chapter 3 A ccess and conf iguration This chapter describes all the access and configur ation options. 3.1 Access Options The various access options ar e present ed below . Select the procedure t o suit your needs. There ar e various ways y ou can access your de vice to configur e it: • Via your LAN 3.
3.1 .1 .2 T elnet Apar t from configur ation using a web br owser , with a T elnet connection you can also ac- cess the SNMP shell and use other configuration options . Y ou do not need any additional sof t ware on y our PC to set up a T elnet connection to y our de vice.
see Login on page 39 ). (2) Enter for the input pr ompt. Y ou are no w in the Flash Management shell. (3) Call up a list of all the f iles saved on the de vice: .
P roceed as f ollows t o log in on your device via SSH: If you hav e made sure that all the ke ys needed ar e available on the de vice, you hav e to check whether an SSH client is inst alled on your PC . Most UNIX and Linux distributions in- stall a SSH client b y default.
Login name P assw ord A uthorisations # # R ead and change syst em variables, sav e configurations; use GUI . 2 $ Read and write s ystem v ar iables (e xcept pass words) (changes are lost when y ou switch of f your device).
The status page of the GUI opens in the bro wser . SNMP shell Log into the SNMP shell as f ollows: (1) Enter y our user name e.g. # , and confirm with Retur n . (2) Enter y our user passwor d, e.g . # , and confir m with Ret urn .
With the GUI you can perf or m all the configuration tasks easil y and convenientl y . It is integ- rat ed in your de vice and is available in English. If r equired, other languages can be down- loaded from the do wnload area of www .bintec-elmeg.com and installed on your de vice.
3.3.1 .1 Calling up GUI (1) Check whether the de vice is connected and s witched on and that all the necessar y cables ar e correctly connect ed. (2) Check the set tings of the PC from which y ou want t o configur e your de vice (see Con- figuring a PC on page 28 ).
Header F ig. 20: GUI header GUI header Menu P osition Languag e : In the dropdo wn menu, choose the language in which you w ant to display the GUI . Here y ou can choose the lan- guage in which you perf or m the configuration. German and English are av ailable.
F ig. 22: Menus The Save conf iguration but ton is found in the navig ation bar . If you sav e a current configuration, y ou can save this as the boot configuration or y ou can also archiv e the pre vious boot configuration as a bac kup.
-> Sof twar e &Configuration menu, select Action = 0$ $($ and click on Go . The archiv ed backup is used as the current boot conf iguration. The navigation bar also cont ains the main configuration men us and their sub-menus.
But ton P osition menu and the Sy stem Management -> Certificates -> CRLs menu, this b ut ton activ ates the sub-menus f or configuration of the cer tificate or CRL imports. In the Sy stem Management -> Certificates -> Certificate List menu, this b ut ton activ ates the sub-menu f or the configuration of the cer tificate r equest.
GUI list options Menu P osition Update Int er val Her e you can set the interval in which the vie w is to be updat ed. T o do this, enter a period in seconds in the input field and con- firm it with . Filt er Y ou can have the list entries filt ered and displayed accor ding to cer tain criteria.
Menu P osition played on the f irst page . The menu contains either a list of all the conf igured entries or the basic set tings for the function concerned. Sub-menu The New but ton is av ailable in each men u in which a list of all the configur ed entries is displayed.
Menu P osition the mouse. Internal lists e.g . Click . A new list entry is creat ed. Enter the corr espond- ing data. If list input fields r emain empt y , these are not sav ed when you conf irm with OK .
Note Please note that not all de vices have the full range of functions . Check the sof t ware of your de vice on the corresponding product page under www .bintec-elmeg.com . 3.3.2 SNMP shell SNMP (Simple Net work Management P rotocol) is a pr otocol that def ines how y ou can ac- cess the configuration set tings.
Chapter 4 A ssistants The Assistants menu of fer s step-b y-st ep instructions for the f ollowing basic configuration tasks: • First st eps • Internet A ccess • VPN • Wir eless LAN • V oIP P.
Chapter 5 S yst em Management The Sy stem Management menu contains general s yst em information and settings . Y ou see a sy stem st atus ov er view . Global sy stem paramet ers such as the sy stem name, date/time , pass wor ds and licences are managed and the access and authentication meth- ods are conf igured.
F ig. 25: Syst em Manag ement -> Status The menu Sy stem Management -> Status consists of the follo wing fields: Fields in the S ystem Inf ormation menu. Field V alue Uptime Displays the time past since the de vice was reboot ed. Sy stem Date Displays the curr ent sy stem date and s yst em time.
Field V alue Activ e IPSec T unnels Displays the n umber of currentl y activ e IPSec tunnels in relation to the n umber of configur ed IPSec tunnels. Fields in the Ph ysical Interfaces menu. Field V alue Interface - Connection Infor mation - Link The ph ysical int erf aces are list ed here and their most impor tant set tings are shown.
5.2 Global Set tings The basic sy stem parameter s are managed in the Global Settings menu. 5.2.1 Sy stem Y our device's basic s yst em data is ent ered in the Sy stem Management -> Global Set tings -> Sy stem menu.
Field V alue Contact Ent er the rele vant contact per son. Here you can ent er the e- mail address of the s ystem administrat or, f or ex ample. A charact er string with a maximum of 255 character s is pos- sible . Maximum Number of Sy slog Entries Enter the maxim um number of sy slog messages that are stor ed internally in the de vice.
Field V alue Maximum Number of Accounting Log Entries Enter the maxim um number of login process entries that ar e stor ed inter nally in the de vice. P ossible v alues are to . The def ault value is Manual WLAN Contr ol- ler IP Ad dress This function is only av ailable on de vices with a wireless LAN controller .
F ig. 27: Syst em Manag ement -> Global Settings -> Passw ords Note All bintec elmeg de vices are deliv ered with the same username and passw ord.
Field V alue munity Fields in the Global P asswor d Options menu Field V alue Show pass wor ds and ke ys in c lear text Define whether the pass words ar e to be display ed in clear te xt (plain te xt). The function is enabled with )$% The function is disabled b y default.
F ig. 28: Syst em Manag ement -> Global Settings -> Date and Time Y ou have the f ollowing options f or determining the sy stem time (local time): ISDN/Manual In de vices with an ISDN interf ace, the sy stem time can be updat ed via ISDN, i. e. the date and time are t aken fr om the ISDN when the fir st outgoing call is made.
Y ou can obtain the s yst em time automaticall y , e.g. using v arious time ser ver s. T o ensure that the de vice uses the desired curr ent time, y ou should configure one or more time serv - ers .
Fields in the men u A utomatic Time Set tings (Time Prot ocol) Field Description ISDN Timeserver Only f or devices with an ISDN int erface. Determine whether the sy stem time is t o be updated via ISDN. If a time ser ver is conf igured, the time is only det ermined over ISDN until a successful update is r eceived from this time server .
Field Description • +$ : This time ser ver is not curr ently used f or the time re- quest. Third Timeserv er Ent er the third time server , by using either a domain name or an IP address . In addition, select the prot ocol for the time server request.
Field Description Inter nal Time Server Select whether the internal timeser ver is t o be used. The function is activat ed by selecting !. . Time requests from a client will be ans wered with the curr ent sy stem time. This is given as GMT , without offset.
por t section at www .bintec-elmeg .com . Please follow the online licensing instructions. (Please also note the inf or mation on the licence card f or licences at additional cost.) Y ou will then receiv e an e-mail containing the follo wing data: • Licence Key and • Licence Serial Number .
Activ ating extra licences Y ou activat e extra licences b y adding the receiv ed licence information in the S yst em Man- agement -> Global Set tings -> Sy stem Licences -> New menu. The menu Sy stem Management -> Global Settings -> Sy stem Licences -> New consists of the f ollowing fields: Fields in the Basic Set tings menu.
Bridging connects net wor ks of the same type. In contrast to r outing, bridges operate at lay - er 2 of the OSI model (data link lay er), are independent of higher -lev el protocols and tr ans- mit data pac kets using MA C addresses. D ata transmission is transparent, which means the inf or mation contained in the data pac kets is not interpreted.
Example: ' (fir st wireless network on the first wir eless module) The name of the bridge link is made up of the follo wing par ts: (a) Abbre viation for int erf ace type (b) Numbe.
F ig. 30: Syst em Manag ement -> Interface Mode / Bridge Groups -> Interfaces The Sy stem Management -> Interface Mode / Bridge Gr oups -> Interfaces menu consists of the f ollowing fields: Fields in the Int erfaces menu. Field Description Interface Descr iption Displays the name of the int erface.
F ig. 31: Syst em Manag ement -> Interface Mode / Bridge Groups -> Interfaces -> Add The Sy stem Management -> Interface Mode / Bridge Gr oups -> Interfaces -> Add menu consists of the f ollowing fields: Fields in the Int erfaces menu.
use the MA C Bridge. The Sy stem Management -> Interface Mode / Bridge Gr oups -> Interfaces -> menu consists of the f ollowing fields: Fields in the Layer -2.5 Options menu. Field V alue Interface Shows the int erf ace that is being edited. Wildcar d Mode Select the Wildcar d mode you want t o use on the interf ace.
Field V alue The function is enabled with !. . The function is disabled b y default. 5.4 Administr ative A ccess In this menu, y ou can configur e the administrativ e access to the de vice. 5.4.1 Access In the Sy stem Management -> Administr ative A ccess -> Access menu, a list of all IP - capable int erfaces is displayed.
Field Description Rest ore Default Set- tings Only when y ou make changes to the administrativ e access con- figuration ar e rele vant access rules set up and activ ated. Y ou can rest ore the default set tings with the icon. 5.4.1 .1 A dd Select the Ad d but ton to conf igure administr ative access f or additional interf aces.
F ig. 35: Syst em Manag ement -> Administrativ e Access -> SSH Y ou need an SSH client application, e.g . P uTTY , t o be able t o reach the SSH Daemon. If you wish t o use SSH Login together with the P uTTY client, you may need t o comply with some special configuration r equirements, f or which we have pr epared F A Qs.
Field V alue f ace. The function is activat ed by selecting !. . The function is enabled b y default. SSH P or t Here y ou can enter the por t via which the SSH connection is to be estab lished.
Field V alue RSA Ke y Status Shows the st atus of the RS A ke y . If an RS A ke y has not been generated yet, +$ ( is displayed in r ed and a link, * , is provided. If y ou select the link, the generation pr ocess is triggered and the view is up- dated.
Field V alue Compression Select whether data compr ession should be used. The function is activat ed by selecting !. . The function is disabled b y default. TCP Keepaliv es Select whether the device is t o send keepaliv e packets . The function is activat ed by selecting !.
F ig. 36: Syst em Manag ement -> Administrativ e Access -> SNMP The menu Sy stem Management -> Administr ative A ccess -> SNMP consists of the follo w- ing fields: Fields in the Basic Set tings menu. Field V alue SNMP V ersion Select the SNMP ver sion your de vice is to use to list en for e x - ternal SNMP access.
.
Field V alue If an access request is r eceived by y our de vice, a r equest is sent to the RADIUS server if no corr esponding connection par t- ner has been f ound on your de vice.
F ig. 37: Syst em Manag ement -> Remote A uthentication -> RADIUS -> New The Sy stem Management -> Remot e A uthentication -> RADIUS -> New menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field V alue A uthentication T ype Select what the RADIUS server is to be used f or .
Field V alue • &+ >6? : The RADIUS ser ver is used f or controlling access to a wir eless net work. • A"49 : The RADIUS ser ver is used f or authenticating IPSec peers via XA uth.
Field V alue ser ver s for a gr oup are queried according to Pr iority and the P olicy . P ossible v alues: • +% (def ault value): Ent er a new group description in the t ext field. • 1 *$ : Select this entr y for special applications , such as Hotspot Ser ver conf iguration.
Field V alue The def ault value is (1 second). Alive Chec k Here y ou can activat e a check of the accessibility of a RADIUS ser ver in Stat us 1$% . An Alive Chec k is carr ied out regularly (e very 20 seconds) by sending an A CCESS_REQUEST t o the IP address of the RADI- US ser ver .
Field V alue ried out. 5.5.2 T A C ACS+ T AC ACS+ permits access control f or your de vice, net work access ser ver s (NAS) and other net work components via one or more central server s.
F ig. 38: Syst em Manag ement -> Remote A uthentication -> T A C ACS+ -> Ne w The Sy stem Management -> Remot e A uthentication -> T AC A CS+ -> New menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description A uthentication T ype Display s which T AC ACS+ function is t o be used.
Field Description authentication. If no response is giv en or access is denied (only if P olicy = +$)$' ), the entr y with the next- highest prior ity is used. The availab le values are to , the def ault value is .
Field Description Block Time Enter the time in seconds f or which the status of the current ser ver shall r emain block ed. When the b lock has ended, the ser ver is set t o the status spe- cified in the Entry active field. The possible v alues are to @ , the def ault value is .
Fields in the Global R ADIUS Options menu. Field Description A uthentication for PPP Dialin By def ault, the follo wing authentication sequence is used for in- coming calls with RADIUS: Fir st CLID , then PPP and then PPP with RADIUS. Options: • 0.
F ig. 40: Syst em Manag ement -> Configuration A ccess -> Access P rofiles 5.6.1 .1 Edit or Ne w Choose the icon to edit e xisting entr ies. Choose the New but ton to cr eate additional ac- cess prof iles.
F ig. 41: Syst em Manag ement -> Configuration A ccess -> Access P rofiles -> New The menu Sy stem Management -> Configur ation Access -> Access P rof iles -> New con- sists of the f ollowing fields: Fields in the men u Basic Set tings Field Description Description Enter a unique name f or the access profile .
Fields in the men u But tons Field Description Save conf iguration If you activ ate the but ton Save configur ation the user is per - mit ted to sav e configur ations. Note Note that the pass words in the sav ed file can be vie wed in clear te xt. Enable or disab le Save configur ation .
Field Description Menus Y ou see all the menus fr om the GUI's navigation bar . Menus that contain at least one sub-menu ar e flagged by and . The icon indicates pages . When y ou create a ne w access prof ile, no elements ar e as- signed yet, i.
F ig. 42: Syst em Manag ement -> Configuration A ccess -> Users Y ou can click the b ut ton t o display the details of the configured user . Y ou can see which fields and menus ar e assigned to the user .
F ig. 43: Syst em Manag ement -> Configuration A ccess -> Users -> The icon means that Read-only is per mit ted. If a r ow is f lagged with the icon the inf or mation is released f or reading and writing. The icon indicates b locked entries. 5.
F ig. 44: Syst em Manag ement -> Configuration A ccess -> Users -> New The menu Sy stem Management -> Configur ation Access -> Users -> New consists of the f ollowing fields: Fields in the men u Basic Set tings Field Description User Enter a unique name f or the user .
Field Description If inter secting access profiles ar e assigned to a user , read and write hav e a higher prior ity than Read-onl y . But tons cannot be set to the set ting Read-only .
5.7 .1 .1 Edit Click the icon to display the cont ent of the selected object (ke y , cer tificate , or request). F ig. 45: Syst em Manag ement -> Cer tificates -> Certificate List -> The cer tificates and k eys themsel ves cannot be changed, but a f ew e xternal at tributes can be changed, depending on the type of the selected entr y .
Field Description Description Shows the name of the certificate , ke y , or request. Certificate is C A Certi- ficat e Mark the cer tificate as a cer tificat e from a trust wor th y cer tifica- tion authorit y (C A). Certificates issued b y this C A are accept ed dur ing authentica- tion.
Caution It is e xtremel y impor tant f or VPN securit y that the integ rit y of all cer tificates manuall y marked as trust wor thy (cer tification authority and user cer tificates) is ensur ed.
F ig. 46: Syst em Manag ement -> Cer tificates -> Certificate List -> Certificate R equest The menu Sy stem Management -> Certificates -> Certificate List -> Certificate R equest consists of the f ollowing fields: Fields in the Certif icate R equest menu.
Field Description field. This f ile must be pro vided to the C A and the receiv ed cer tificate m ust then be impor ted manuall y to your de vice. • ! : The ke y is request ed from a C A using the Simple Cer - tificat e Enrolment P rotocol. Generat e Pr ivat e Key Onl y f or Mode = ; Select an algorithm for k ey cr eation.
Field Description not configur ed on the de vice, the v alidit y of cer tificates fr om this C A is not checked. • <name of an existing certificate>: If all the necessary cer tific- ates ar e already availab le in the sy stem, you select these manuall y .
Field Description If the field is not select ed, enter the name components in Com- mon Name , E-mail , Organizational Unit , Organization , Loc- ality , State/P ro vince and Country . The function is disabled b y default. Summary Only f or Custom = enabled.
Field Description #1 , #2 , #3 F or each entr y , define the type of name and enter additional subject names. P ossible v alues: • +$ (def ault value): No additional name is ent ered. • 0 : An IP address is enter ed. • 1+ : A DNS name is entered.
F ig. 47: Syst em Manag ement -> Cer tificates -> Certificate List -> Import The menu Sy stem Management -> Certificates -> Certificate List -> Import consists of the f ollowing fields: Fields in the Import menu. Field Description Exter nal Filename Enter the f ile path and name of the cer tificat e to be imported, or use Bro wse.
If a ke y is no longer to be used, e.g . because it has fallen int o the wrong hands or has been lost, the corresponding certificate is declar ed inv alid. The cer tification authority re vok es the cer tificate and pub lishes it on a cer tificat e blac klist, so-called CRL.
.
Chapter 6 Ph y sical Int erfaces In this menu, y ou configur e the ph ysical int erf aces that you hav e used when connecting your g atew ay . The configuration int erface only sho ws the interf aces that are av ailable on your de vice.
Field Description P or t Shows the r espective port. The numbering corresponds to the numbering of the Ether net por ts on the back of the de vice. Interface Displays the int erface assigned to the Ethernet por t here. Configur ed Speed / Mode Select the mode in which the interf ace is to run.
Chapter 7 LAN In this menu, y ou configur e the addresses in y our LAN and can str ucture y our local net work using VLANs. 7 .1 IP Configur ation In this menu, y ou can edit the IP configuration of the LAN and Ethernet interf aces of your de vice. 7 .
Example of subnets If your de vice is connected to a LAN that consists of two subnets, y ou should enter a second IP Ad dress / Netmask . The fir st subnet has t wo hosts with the IP addresses 1 92.1 68.42.1 and 1 92.168.42.2, f or e xample , and the second subnet has t wo hosts with the IP addresses 1 92.
Field Description Select the Ethernet interface f or which the vir tual interf ace is to be configur ed. Ad dress Mode Select how an IP addr ess is assigned to the interf ace. P ossible v alues: • (def ault value): The int erface is assigned a static IP address in IP Ad dress / Netmask .
Field Description Use built-in is activat ed by def ault. VLAN ID Only f or Interface Mode = 4(( >D&+? This option only applies f or routing interf aces. Assign the inter - f ace to a VLAN b y entering the VLAN ID of the r elev ant VLAN.
Field Description Pr oxy ARP Select whether your de vice is to respond t o ARP requests from its own LAN on behalf of def ined remot e terminals. The function is activat ed by selecting !. . The function is disabled b y default. TCP-MSS Clamping Select whether your de vice is to apply MSS Clamping .
F ig. 52: VL AN segmenting VLAN for Br idging and VLAN for R outing In the LAN -> VLAN menu, VLANs (vir tual LANs) are conf igured with int erfaces that operat e in Bridging mode. Using the VLAN menu, y ou can make all the set tings needed for this and quer y their status.
7 .2.1 VLANs In this menu, y ou can display all the VLANs already conf igured, edit y our settings and cr e- ate ne w VLANs. By default, the ;( VLAN with VLAN Identifier = is available , to which all int erfaces are assigned.
Field Description f or mation) or "(( (i.e. without VLAN information). 7 .2.2 P or t Configur ation In this menu, y ou can define and vie w the rules for r eceiving frames at the VLAN por ts.
7 .2.3 A dministration In this menu, y ou make general set tings f or a VLAN. The options must be configur ed sep- arat ely f or each br idge group . F ig.
Chapter 8 W ireless LAN In the case of wireless LAN or Wir eless LAN (WLAN = Wireless Local Ar ea Net work), this relat es to the creation of a networ k using wireless t echnology . Netw ork functions Like a wir ed net work, a WLAN of f ers all the main networ k functions.
An amendment to the T elecommunications A ct (TKG) allowed the 5.8 GHz band (5755 MHz - 5875 MHz) to be used f or so-called BFW A applications (Broadband F ixed W ireless Access). This simpl y requires r egistration with the F ederal Net wor k Agenc y .
F ig. 57: Wireless LAN -> WLAN -> Radio Settings -> f or Operation Mode $ - 7( &/ ; F ig.
Fields in the men u Wir eless Settings Field Description Operation Mode Define the mode in which the wir eless module of your de vice is to oper ate . P ossible v alues: • 3 (def ault value): The wir eless module is not active.
Field Description Channel The number of channels y ou can select depends on the countr y set ting. Please consult the data sheet f or your de vice. Access P oint Mode / Bridge Mode: Conf iguring the n.
Field Description Bandwidth F or Operation Mode = $ - 7( &/ ; or 7( &/ Not f or Operation Band = 8 *9E 0-3$$ Select how man y channels are t o be used.
Field Description Wir eless Mode Select the wireless t echnology that the access point is to use. Only f or Operation Mode = $ - 7( &/ ;.
Field Description 802.1 1a or 802.1 1n. Airtime fairness This function is not availab le for all de vices. The Airtime fairness function ensures that the access point's send resour ces are distributed int elligently t o the connected cli- ents. This means that a po werful client (e.
Field Description The currentl y selected channels are display ed here . With Ad d you can add channels. If all av ailable channels are displayed, y ou cannot add any more entries. Y ou can delete entries with the icon. RTS Thr eshold Here, y ou select how the R TS/CTS mechanism is to be s witched on/of f .
F ig. 59: Wireless LAN -> WLAN -> Radio Settings -> -> Ad vanced Set tings for Operation Mode Fields in the men u Ad vanced Set tings for Access Client Mode. Field Description Scan channels Choose the channels which the WLAN client aut omatically scans f or availab le wireless net works.
Field Description radio connection becomes weak er. • +$ :$( : The WLAN client searches f or availab le wire- less net works if it is no longer connected to a wir eless net- work. • $ :$( : Specify the individual roaming paramet- ers .
Field Description liseconds. The value can onl y be modified for Roaming Pr ofile = $ :$( . The def ault value is .
f ers the highest le vel of securit y , but this security mode is only reall y suitable f or compan- ies, because it r equires a centr al authentication ser ver . P rivate user s should choose WEP or pref erabl y WP A-PSK with higher security as their secur ity mode.
Security measur es T o protect the data tr ansf erred o v er the WLAN, the follo wing configuration steps should be carried out in the Wir eless LAN -> WLAN -> Wir eless Networks (VSS) -> New menu, where necessar y: • Change the access passwor ds for your de vice.
F ig. 60: Wireless LAN -> WLAN -> Wireless Netw orks (VSS) -> -> New The Wir eless LAN -> WLAN -> Wir eless Networks (VSS) -> -> New menu consists of the f ollowing fields: Fields in the men u Service Set Par ameters Field Description Networ k Name (SSID) Enter the name of the wir eless net work (SSID).
Field Description be permitt ed within a radio cell. The function is activat ed by selecting !. . The function is enabled b y default. U-APSD Select whether the Unscheduled Aut omatic P ower S av e Deliv - er y (U-APSD) mode is to be enab led.
Field Description WP A Mode Onl y for Security Mode = and ! Select whether you w ant to use WP A (with TKIP encr yption) or WP A 2 (with AES encr yption), or both. P ossible v alues: • (def ault value): WP A and WP A 2 can be applied.
Field Description Note Change the def ault P reshared K ey! If the k ey has not been changed, your de vice will not be protect ed against unau- thorised access! EAP Pr eauthentifica- tion Only f or Security Mode = ! Select whether the EAP preauthentif ication function is to be ac- tivat ed.
Field Description ivel y rejected when the Max. number of clients - har d limit is reached. The value of the Max. number of c lients - sof t limit must be the same as or less than that of the Max. number of c lients - hard limit . The def ault value is .
Field Description The function is disabled b y default. Allow ed Ad dresses Use Ad d to make entries and ent er the MAC addr esses ( MAC Ad dress ) of the clients to be permit ted. Fields in the men u Bandwidth limitation f or each WLAN c lient Field Description Rx Shaping Select a bandwidth limitation in the r eceive dir ection.
Field Description come alive at the right time and r eceive the dat a. P ossible v alues are to . The def ault value is . IGMP Snooping IGMP snooping r educes the data traf fic and thus the net work load, as Multicast pack ets from the LAN are not f orwarded.
F ig. 61: Wireless LAN -> WLAN -> Client Link -> The Wir eless LAN -> WLAN -> Client Link -> menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Networ k Name (SSID) Enter the name of the wir eless net work (SSID).
Field Description Enter a char acter string with the right number of character s for the selected WEP mode . F or ! 8 you need a char acter string with 5 character s, f or ! 8 with 1 3 charact ers , e.g . )$ for ! 8 , % for ! 8 .
8.1 .3.2 Client Link Scan Af ter the desired Client Links hav e been configur ed, the icon is sho wn in the list. Y ou use this icon to open the Scan menu. F ig. 62: Wireless LAN -> WLAN -> Client Link -> Scan Af ter successful scanning, a selection of pot ential scan par tners is display ed in the scan list.
Field Description Mode Shows the security mode (encr yption and authentication) for the wireless network. Signal Displays the signal str ength of the detected client link in dBm. Connected Displays the st atus of the link on your client. Action Y ou can change the status of the client link.
Field Description Bridge Link Name (ID) Depending on whether you operat e the radio module as access point or as wireless bridge link, you cr eate a bridge link in mas- ter or in slav e mode. If the radio module operat es in Access P oint mode, the bridge link is in master mode .
Field Description P ossible v alues are all the countries configur ed on the de vice's wireless module . The range of channels av ailable f or selection ( Channel in the Wir eless LAN -> WLAN -> Radio Settings menu) changes de- pending on the countr y set ting.
Chapter 9 W ireless LAN Contr oller By using the wireless LAN contr oller, y ou can set up and manage a WLAN infrastr ucture with multiple access points (APs). The WLAN contr oller has a Wizar d which assists you in the configuration of y our access points.
9.1 .1 Basic Settings Here y ou can configure all of the v arious settings that y ou require f or the actual wireless LAN controller . The wireless LAN contr oller uses the following set tings: Region Select the countr y in which the wireless contr oller is to be operated.
9.1 .2 Radio Pr of ile Select which frequenc y band your WLAN contr oller shall use. If the 8 *9E :$ $ is set then the 2.4 GHz frequenc y band is used. If the *9E :$ $ is set then the 5 GHz frequenc y band is used.
Enter an A SCII string with a maximum of 32 character s. Also select whether the Networ k Name (SSID) D. is to be transmit ted. Security Mode Select the securit y mode (encr yption and authentication) for the wir eless net work. Please note: ! means 802.
Note Bef ore y ou continue , please ensure that all access points that the WLAN contr oller shall manage are corr ectly wired and s witched on. 9.1 .4 Star t automatic installation Y ou will see a list of all detect ed access points. If you wish t o change the settings of a det ected AP , click on in the corresponding entry .
The number of channels y ou can select depends on the countr y set ting. Please consult the data sheet f or your device . Note Conf iguring the net wor k name (SSID) in Access P oint mode means that w.
Under Configur e the Aler t Service for WLAN surveillance , click Start to monit or your managed APs. Y ou are tak en to the External Reporting -> Aler t Service -> Alert Recipient menu with the def ault setting Event = ;( $ .
Field Description The range of channels that can be used v aries depending on the countr y set ting. The def ault value is *# . Interface Select the interf ace to be used f or the wireless contr oller.
Field Description Slave AP location Select whether the APs that the wireless LAN contr oller is to manage are locat ed in the LAN or the WAN. P ossible v alues: • &$ >&+? (def.
9.3.1 Slave A ccess P oints F ig. 66: Wireless LAN Contr oller -> Slave AP configur ation -> Slave Access P oints In the Wir eless LAN Controller -> Slave AP conf iguration -> Slave A ccess P oints menu a list of all APs f ound with the wizard is display ed.
Status Meaning Of fline The AP is either administrativel y disabled or switched of f or has its power suppl y cut off etc. 9.3.1 .1 Edit Choose the icon to edit e xisting entr ies. Y ou can also delete entries using the icon. If you hav e deleted APs , these will be loc- ated ag ain but shall not be configur ed.
Field Description Location Displays the locality of the AP . The locations are given n umbers if no location has been enter ed. Y ou can ent er another locality . Name Displays the name of the AP . Y ou can change the name. Description Enter a unique description f or the AP .
Field Description if they ar e operating on the same or closely adjacent wireless channels. So if y ou are oper ating t wo or more r adio net works close to each other , it is advisable t o allocate the net works to dif ferent channels .
9.3.2 Radio Pr of iles F ig. 68: Wireless LAN Contr oller -> Slave AP configur ation -> Radio Prof iles An ov er view of all creat ed wireless module pr ofiles is displayed in the Wireless LAN Con- troller -> Slave AP conf iguration -> Radio Pr of iles menu.
F ig. 69: Wireless LAN Contr oller -> Slave AP configur ation -> Radio Prof iles -> / New The Wir eless LAN Controller -> Slave AP conf iguration -> Radio Pr ofiles -> / New menu con.
Field Description your network. Operation Band Select the frequenc y band of the wireless module pr ofile . P ossible v alues: • 8 *9E 0-3$$ (default v alue): Y our de vice is oper - ated at 2.4 GHz (mode 802.1 1b , mode 802.1 1g and mode 802.
Fields in the men u P erfor mance Set tings Field Description Wir eless Mode Select the wireless t echnology that the access point is to use. F or Operation Band = 8 *9E 0-3$$ P ossible v alues: • ( : The device operat es only in accordance with 802.
Field Description Max. T ransmission Rate Select the transmission speed. P ossible v alues: • $ (def ault value): The tr ansmission speed is determined automaticall y .
Field Description lected. This ensur es that no channels overlap , i.e. a distance of f our channels is maintained bet ween the channels used. This is useful if more access points ar e used with overlapping radio cells. P ossible v alues: • : All channels can be dialled when a channel is selected.
Field Description RTS Thr eshold Here y ou can specify the data packet length thr eshold in bytes (1 ..2346) as of which the RTS/CTS mechanism is t o be used. This makes sense if se veral clients that ar e not in each other's wireless r ange are run in one access point.
Field Description The function is enabled with !. . The function is not activat ed by def ault. 9.3.3 Wir eless Networks (VSS) F ig. 70: Wireless LAN Contr oller -> Slave AP configur.
F ig. 71: Wireless LAN Contr oller -> Slave AP configur ation -> Wireless Netw orks (VSS) -> New The Wir eless LAN Controller -> Slave AP conf iguration -> Wir eless Networks (VSS) ->.
Field Description be permitt ed within a radio cell. The function is activat ed by selecting !. . The function is enabled b y default. ARP Pr ocessing Select whether the ARP processing function should be enab led.
Field Description • ! : 802.1 1x T ransmit Ke y Only f or Security Mode = ! 8 or ! 8 Select one of the ke ys configur ed in WEP Key as a standard ke y . The def ault value is # . WEP Ke y 1 -4 Onl y for Security Mode = ! 8 , ! 8 Enter the WEP k ey .
Field Description Select the type of encr yption you want t o apply t o WP A2. P ossible v alues: • ! (def ault value): AES is used. • 40 : TKIP is used. • ! 40 : AES or TKIP is used. Pr eshared Key Only f or Security Mode = Enter the WP A pass word.
Field Description less module depends on the specifications of the r espective WLAN module. This maximum is distrub uted acr oss all wireless net works configured f or this radio module. No mor e new wir e- less net works can be created and a w ar ning message will ap- pear if the maximum number of clients is r eached.
Field Description value): The function is not used f or this VSS. This is useful if clients are t o switch bet ween dif ferent r adio cells with as lit tle delay as possible , e. g . with V oice over WLAN. • F8 *9E . : P ref erence is giv en to accept- ing clients in the 2.
Field Description Blacklist b locktime Enter the time f or which an entr y in the dynamic blacklist r e- mains valid. Def ault value is seconds. Fields in the men u VLAN Field Description VLAN Select whether the VLAN segmentation is t o be used for this wireless network.
9.4 Monitor ing This menu is used t o monitor y our WLAN infrastructure . Note In order t o ensure adequate timing between the WLAN Controller and the connect ed Slave APs , the inter nal time ser ver of the WLAN C ontroller should be enabled.
9.4.1 WLAN Contr oller F ig. 72: Wireless LAN Contr oller -> Monitoring -> WLAN Controller In the Wir eless LAN Controller -> Monitor ing -> WLAN Controller menu, an ov er view of the most rele vant W ireless LAN C ontroller paramet ers is displayed.
Status Meaning AP managed Displays the number of managed access points . WLAN Controller: VSS throughput Displays the dat a traf fic in receiv e and transmit direction in byt es per second. CPU usage [%] Display s the percent aged CPU load ov er time.
F ig. 7 4: W ireless LAN Contr oller -> Monitor ing -> Slave A ccess Points -> Ov er view V alues in the Ov erview list Status Meaning Throughput Displays the r eceived and transmit ted data traf fic per radio mod- ule ov er time. Connected c lients Displays the n umber of connected clients per radio module o ver time.
F ig. 75: Wireless LAN Contr oller -> Monitoring -> Slave Access P oints -> Radio V alues in the Radio list Status Meaning Throughput/c lient Displays the r eceived and transmit ted data traf fic per client ov er time. 9.4.3 Activ e Clients F ig.
P ossible values for Stat us Status Meaning None The client is no longer in a v alid status. Logon The client is currentl y logging on with the WLAN. Associat ed The client is logged on with the WLAN. A uthenticate The client is in the process of being authenticat ed.
9.4.4 Wir eless Networks (VSS) F ig. 78: Wireless LAN Contr oller -> Monitoring -> Wireless Netw orks (VSS) In the Wir eless LAN Controller -> Monitor ing -> Wir eless Networks (VSS) menu, an over - view of the curr ently used AP is displayed.
9.5 Neighbor Monitor ing This menu serves the monitoring of r emote access points . 9.5.1 Neighbor APs F ig. 80: Wireless LAN Contr oller + Neighbor Monitoring -> Neighbor APs In the Wir eless LAN Controller + Neighbor Monitor ing -> Neighbor APs menu, the adja- cent AP's f ound during the scan are displayed.
9.5.2 Rogue APs F ig. 81: Wireless LAN Contr oller + Neighbor Monitoring -> Rogue APs APs which are using an SSID fr om their own net work but are not managed b y Wireless LAN Controller are display ed in the Wireless LAN Contr oller + Neighbor Monitor ing -> Rogue APs menu.
9.5.3 R ogue Clients F ig. 82: Wireless LAN Contr oller + Neighbor Monitoring -> Rogue Clients The Wir eless LAN Controller + Neighbor Monitor ing -> Rogue Clients menu displays the clients which have at tempt ed to g ain unauthor ised access to the networ k and which are theref ore on the blac klist.
9.5.3.1 New Choose the New but ton t o configur e additional blac klist entr ies. F ig. 83: Wireless LAN Contr oller + Neighbor Monitoring -> Rogue Clients -> New The menu consists of the f ollo.
9.6.1 Fir mwar e Maintenance F ig. 84: Wireless LAN Contr oller -> Maintenance -> Firmw are Maint enance In the Wir eless LAN Controller -> Maintenance -> Fir mwar e Maintenance menu, a list of all Managed Access P oints is displayed.
Field Description Action Select the action you wish t o ex ecute . Af ter each task, a window is display ed showing the other st eps that are r equired. P ossible v alues: • " # $% : Y ou can also star t an update of the sy stem sof t ware .
Chapter 1 0 Netw orking 1 0.1 Rout es Default Rout e With a def ault route , all data is aut omatically f orwarded t o one connection if no other suit- able r oute is availab le. If y ou set up access to the Internet, you must conf igure the r oute to your Int er net Ser vice P ro vider (ISP) as a def ault rout e.
F ig. 85: Network -> Routes -> IPv4 Route Conf iguration -> New with Rout e Class = Standard. If the !6 option is selected f or the Rout e Class , an extr a configuration section opens. F ig. 86: Network -> Routes -> IPv4 Route Conf iguration -> New with Rout e Class Extended = !.
fields: Fields in the men u Basic P aramet ers Field Description Rout e T ype Select the type of rout e. P ossible v alues: • 1 :$ ' 0 : Route via a specif ic in- terf ace which is to be used if no other suitab le rout e is avail- able .
Field Description ceived b y DHCP are supplemented b y routing inf or mation about a par ticular net work. Note When the DHCP lease e xpires or when the de vice is re- star ted, the r outes that consist from the combination of DH- CP set tings and those made here are initiall y deleted once more fr om the active routing .
Field Description When Rout e T ype = +%$/ :$ ' 0 Also enter the r elev ant netmask in the second field.
Field Description • # (def ault value): The r oute is valid f or all por t numbers. • ( : Enables the entry of a por t number . • :( : Enables the entry of a range of por t numbers. • '( : Entr y of pr ivileged por t numbers: 0 .
Field Description according t o RFC 3260 is used to signal the prior ity of IP pack ets (indicated in binar y format). • 1 1 D : Diff erentiated Services Code P oint according t o RFC 3260 is used to signal the prior ity of IP pack ets (indicated in decimal format).
1 0.1 .2 IPv4 R outing T able A list of all IPv4 rout es is displayed in the Network -> Routes -> IPv4 Routing T able menu. The rout es do not all need to be active , but can be activ ated at any time b y rele vant data traf fic.
Field Description Extended R oute Displays whether a r oute has been configur ed with advanced paramet ers . Pr otocol Displays ho w the entr y has been creat ed , e.g. manuall y ( &$ ) or via one of the availab le protocols . Delete Y ou can delete entries with the symbol.
Field Description P ossible v alues: • !. $ : Back Rout e V erify is activ- ated f or all interf aces.
F ig. 89: Networking -> NA T -> NA T Interfaces F or ev er y NA T interf ace, the +4 ' , &$$./ ' , 1# and 4 )$() can be selected.
Field Description If PPTP P assthrough is enabled, the de vice itself cannot be configur ed as a tunnel endpoint. P or tforwar dings Sho ws the number of por tf orwar ding rules configured in Net- wor king -> NA T -> NA T Configur ation . 1 0.2.
Field Description Interface Select the interf ace for which NA T is to be configur ed. P ossible v alues: • # (def ault value): NA T is configur ed f or all interf aces. • <0 = : Select one of the interf aces from the list.
Field Description within the e xisting connection are allo wed. In the NA T Configur ation -> Specify original tr af fic menu, you can configur e for which data traf fic NA T is to be used.
Field Description • # (def ault value) • 9 • )$ • !* • ! • ** • *:! • 9; • 0 ; • 0*; • 0* • 0*: • 0 • 00 • 0&a.
Field Description original data pack ets, as the case arises. Original Destination IP Ad dress/Netmask Only f or T ype of traf fic = $( >1$ +4? Enter the destination IP addr ess and corresponding netmask of the original data pack ets, as the case arises.
Field Description Destination P or t/Range Only f or T ype of traf fic = $($( >$ +4? , NA T method = # , Service = .
Field Description 4 , "1 , 4 -"1 and Original Source P or t/Range = or # $ Leave the sour ce por t as it appears or ent er a new source port to which the original source port is to be translat ed.
Note Note that the int erfaces that are combined int o a load balancing group must hav e rout es with the same metr ic. If necessar y , go to the Networking -> Routes menu and check the entries there . 1 0.3.1 .1 Ne w Choose the New but ton t o creat e additional groups.
Field Description of the tot al data rat e handled by the int erfaces. The curr ent data rat e based on the data traf fic is decisiv e in both the send and receiv e direction.
F ig. 92: Networking -> Load Balancing -> Load Balancing Groups -> Add Fields in the Basic P arameter s menu. Field Description Group Descr iption Shows the description of the interf ace group . Distrib ution P olicy Displays the type of data traf fic selected.
Field Description cisive f actor . The menu Ad vanced Set tings consists of the following f ields: Fields in the A dvanced Set tings menu. Field Description Rout e Selector The Rout e Selector parameter is an additional criterion to help define a load balancing gr oup more precisel y .
Field Description ancing status now v ar ies according t o the status of the assigned host sur veillance entry . Select the IP address f or the route t o be monitored.
F ig. 93: Networking -> Load Balancing -> Special Session Handling -> New The Networ king -> Load Balancing -> Special Session Handling -> New menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Admin Stat us Select whether the Special Session Handling should be activ - ated.
Field Description • G • ) • )( • C • # • ) • The def ault value is " . Pr otocol Select a prot ocol, if requir ed.
Field Description • +%$/ : Enter the net work address and the r elated net- mask. Source P ort/Rang e Enter , if requir ed, a source port number or a range of source por t numbers . P ossible v alues: • (def ault value): The destination port is not specified.
1 0.4 QoS QoS (Quality of Ser vice) makes it possible t o distr ibut e the availab le bandwidths eff ectively and intelligentl y . Cer tain applications can be given pr ef erence and bandwidth r eserved f or them. This is an advant age, especiall y f or time-critical applications such as V oIP .
Field Description Description Enter the name of the f ilter . Service Select one of the preconf igured services. The e xtensiv e range of ser vices configur ed e x works includes the follo wing: • .
Field Description dress/Netmask corr esponding netmask. Destination P or t/Range Only f or Prot ocol = 4 or "1 Enter a destination port number or a range of destination por t number s. P ossible v alues: • (def ault value): The destination port is not specified.
Field Description • 43 1 D : The TOS v alue is specified in decimal f or mat, e.g . 63. • 43 96 D : The TOS v alue is specified in he xadecimal f or mat, e.g. 3F . COS Filt er (802.
Fields in the Basic P arameter s menu. Field Description Class map Choose the class plan y ou want t o creat e or edit. P ossible v alues: • +% (def ault value): Y ou can creat e a new class plan with this set ting.
Field Description The function is disabled b y default. Class ID Only f or High Prior ity Class not active . Choose a number which assigns the data pac kets to a class . Note The class ID is a label to assign dat a pack ets to specif ic classes. (The class ID does not def ine the prior ity .
Field Description The def ault value is ' . Interfaces Only f or Class map = +% When cr eating a new class plan, select the interf aces to which you w ant to link the class plan. A class plan can be assigned t o multiple int erfaces .
F ig. 96: Networking -> QoS -> QoS Interfaces/P olicies -> New The Networ king -> QoS -> QoS Interfaces/P olicies -> New menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Interface Select the interf ace for which QoS is t o be configur ed.
Field Description T raf fic shaping Activat e or deactivate dat a rate limiting in the send dir ection. The function is enabled with !. . The function is disabled b y default. Maximum Upload Speed Only f or T raf fic shaping = enabled. Enter a maxim um data rat e f or the selected int erface in the send direction in kbit per second.
Field Description ing is ' and Prot ocol Header Siz e below Layer 3 is not " >$$$ 9 3I? . Select the encr yption method used f or the IPSec connection.
Field Description • %# : Real Time Jit ter C ontrol is al way s active, e ven if no real time dat a is rout ed. Queues/P olicies Conf igure the desir ed QoS queues.
Field Description Choose the prior ity of the queue. P ossible values ar e (high prior ity) to 8 (low priorit y). The def ault value is . W eight Only f or Prior itisation Algorithm = () :$ :$. or () 2 H( Choose the prior ity of the queue.
Field Description Enable or disab le the function. The function controls the band- width limit. If Ov erbooking allowed is activated, the bandwidth limit set f or this queue can be e x ceeded, as long as free bandwidth e xists on the interf ace.
Field Description ure ensur es a smaller long-ter m queue size f or TCP -based data traf fic, so that traf fic b ursts can also usuall y be transmit ted without large pac ket losses. The function is activat ed with !. . The function is disabled b y default.
A filt er describes a cer tain par t of the IP data traf fic based on the sour ce and/or destination IP address , netmask, prot ocol and source and/or destination por t. Y ou use the rules that you set up in the access lists to t ell the gate way what t o do with the filt ered dat a pack ets, i.
1 0.5.1 Access F ilter This menu is f or configuration of access filt er Each filt er describes a cer tain par t of the IP traf fic and defines , for e xample, the IP addr esses, the prot ocol, the source port or the des- tination por t. A list of all access filt ers is display ed in the Networking -> Access Rules -> Access Filt er menu.
Field Description Description Enter a description f or the filt er. Service Select one of the preconf igured services. The e xtensiv e range of ser vices configur ed e x works includes the follo wing:.
Field Description Y ou can define a filt er that takes the status of the TCP connec- tions into account. P ossible v alues: • # (def ault value): All TCP pac kets match the filt er . • !.) : All TCP packets that w ould not open any ne w TCP connection on routing o ver the g atew ay match the filt er .
Field Description number s. DSCP/T OS Filter (Layer 3) Select the T ype of Ser vice (TOS). P ossible v alues: • 0($ (def ault value): The type of ser vice is ignored.
F ig. 99: Networking -> Access Rules -> Rule Chains 1 0.5.2.1 Edit or Ne w Choose the icon to edit e xisting entr ies. T o configure access lists , select the New but- ton.
Field Description Access F ilter Select an IP filt er . If the rule chain is new , select the filt er to be set at the f irst point of the rule chain. If the rule chain already e xists, select the f ilter t o be attached t o the rule chain. Action Define the action t o be tak en f or a filt ered dat a pack et.
F ig. 1 0 1: Networking -> Access Rules -> Interface Assignment 1 0.5.3.1 Edit or Ne w Choose the icon to edit e xisting entr ies. Choose the New but ton to configur e additional assignments.
Field Description is denied. P ossible v alues: • +$ $ : No syslog message . • 0$ (def ault value): A s yslog message is generated with the prot ocol number , source IP addr ess and source por t number . • 1 : A syslog message is gener ated with the cont ents of the fir st 64 byt es of the denied packet.
F ig. 1 03: Networ king -> Drop In -> Drop In Gr oups -> New The Networ king -> Drop In -> Drop In Gr oups -> New menu consists of the f ollowing f ields: Fields in the Basic P arameter s menu. Field Description Group Descr iption Enter a unique name f or the Drop In group .
Field Description The function is disabled b y default. Networ k Configur ation Select how an IP address / netmask is assigned t o the Drop In net work. P ossible v alues: • (def ault value) • 19 Networ k Ad dress Only f or Networ k Configur ation = Enter the network address of the Drop In net work.
Field Description • 3% 0 Interface Selection Select all the por ts which are t o be included in the Drop In gr oup (in the net work).
Chapter 1 1 R outing P rot ocols 1 1 .1 RIP The entries in the routing tab le can be defined staticall y or the routing tab le can be updated constantl y by dynamic e xchange of r outing information bet ween se veral de vices. This ex - change is controlled b y a Routing P rotocol, e .
F ig. 1 05: Routing P rotocols -> RIP -> RIP Interfaces -> The menu Networ king -> RIP -> RIP Interfaces -> consists of the f ollowing f ields: Fields in the RIP P arameter s for men u.
Field Description • +$ (def ault value): RIP is not enab led. • :0 D : Enables sending and receiving of v ersion 1 RIP pack ets. • :0 D : Enables sending and receiving of v ersion 2 RIP pack ets. • :0 D-D :Enables sending and receiving RIP pac kets of both ver sion 1 and 2.
tion. Y ou configur e a filt er f or a def ault rout e with the f ollowing v alues: • IP Addr ess / Netmask = no entr y f or IP address (this corr esponds to IP addr ess 0.0.0.0), f or netmask = 255.255.255.255 A list of all RIP filt ers is display ed in the Routing Pr otocols -> RIP -> RIP Filter menu.
Field Description Interface Select the interf ace to which the rule to be configur ed applies. IP Ad dress / Netmask Enter the IP addr ess and netmask to which the rule is to be ap- plied.
1 1 .1 .3 RIP Options F ig. 1 08: Routing P rotocols -> RIP -> RIP Options The menu Routing P rotocols -> RIP -> RIP Options consists of the follo wing fields: Fields in the Global RIP P arameter s menu.
Field Description (=“Net work is not reachable “). The function is enabled with !. . The function is disabled b y default. RFC 2453 V ariable Timer F or the timers described in RFC 2453, select whether the same values that y ou can configure in the Timer for RIP V2 (RFC 2453) menu should be used.
Field Description Garbage Collection Timer Only f or RFC 2453 V ariable Timer = !. The Garbage Collection T imer is star ted as soon as the r oute timeout has e xpired. Af ter this timeout, the inv alid rout e is deleted from the IPROUTET ABLE if no update is carried out f or the rout e.
Chapter 1 2 Multicast What is m ulticasting? Many ne w communication t echnologies are based on comm unication from one sender t o se ver al recipients . Theref ore, modern telecommunication s ystems such as v oice over IP or video and audio streaming (e .
dedicated host, b ut rather a group , i.e. during the routing of multicast pac kets , the decisive f actor is whether a r ecipient is in a logged-in subnet.
1 2.1 .1 Gener al In the Multicast -> General -> General menu y ou can disable or enab le the multicast func- tion. F ig. 1 09: Multicast -> General -> General The Multicast -> General -> General menu consists of the f ollowing fields: Fields in the Basic Set tings menu.
1 2.2.1 IGMP In this menu, y ou configur e the interf aces on which IGMP is to be enabled. 1 2.2.1 .1 Edit or New Choose the icon to edit e xisting entr ies.
Field Description Time within which hosts must r espond. The hosts randoml y select a time delay from this int er val bef ore sending the r esponse. This spreads the load in networks with sev eral hosts, impr oving per - f or mance. P ossible v alues are F to F .
IGMP P ro xy enables y ou to simulat e sev eral locally connect ed interf aces as a subnet to an adjacent rout er. Queries coming in t o the IGMP P ro xy interf ace are f orwar ded to the local subnets. Local r epor ts are f orwarded on the IPGM P ro xy interf ace.
F ig. 1 1 2: Multicast -> IGMP -> Options The Multicast -> IGMP -> Options menu consists of the f ollowing fields: Fields in the Basic Set tings menu.
Field Description sources per g roup . The def ault value is 8 . IGMP State Limit Enter the maxim um permitt ed tot al number of incoming queries and messages per second. The def ault value is , i.e. the number of IGMP status mes- sages is not limited.
Field Description this, chec k !. Disable the option if y ou only want t o forw ard one defined mul- ticast gr oup to a particular interface . The option is deactivat ed by def ault. Multicast Group A d- dress Only f or All Multicast Groups = not active.
F ig. 1 1 4: Multicast -> PIM -> PIM Interfaces 1 2.4.1 .1 Edit or New Choose the icon to edit e xisting entr ies. T o configure PIM lists , select the New but ton.
Field Description Use as Stub int erface Determine whether or not the interf ace is used for PIM data pack ets. This parameter allo ws you t o use an interface f or IG- MP , for e xample , whilst pre venting (f ake) PIM messages. If this function is deactivat ed (default v alue), the PIM data pac k- ets f or this interf ace are bloc ked.
Field Description This indicates ho w long a PIM rout e is available . As soon as the Hello Hold Time has e xpired and no other Hello messages have been r eceived, the PIM rout er will be classed as unavail- able . P ossible v alues: to @ seconds.
Field Description Ov erride Interv al Define the v alue that the gate way ent ers in the Ov er - ride_Interval field f or the LAN P rune Delay option. Ov erride Interv al defines the maximum time a downstr eam rout er can wait until sending a prune override message.
The Multicast -> PIM -> PIM Rendezv ous Points -> New menu consists of the f ollowing fields: Fields in the PIM R endezvous P oint Settings menu. Field Description Multicast Group Range Select the Multicast gr oup f or the PIM Rendezv ouz point.
1 2.4.3 PIM Options F ig. 1 18: Multicast -> PIM -> PIM Options The Multicast -> PIM -> PIM Options menu consists of the f ollowing fields: Fields in the Basic Set tings menu. Field Description PIM Status Select whether PIM should be activat ed.
Chapter 1 3 W AN This menu of fer s various options f or configuring accesses or connections from your LAN t o the W AN. Y ou can also optimise voice transmission her e f or telephone calls o ver the Int er - net. 1 3.1 Inter net + Dialup In this menu, y ou can set up Internet access or dialup connections.
A uthentication If a call is receiv ed, PPP authentication is carr ied out with the connection par tner depend- ing on the configuration, bef ore the call is accept ed.
1 3.1 .1 PPP oE A list of all PPT oE interfaces is display ed in the W AN -> Inter net + Dialup -> PPP oE menu. PPP ov er Ether net (PPP oE) is the use of the P oint-to-P oint P rot ocol (PPP) net work pro- tocol o ver an Ethernet connection. T oday , PPP oE is used for ADSL connections in Ger - many .
Fields in the Basic P arameter s menu. Field Description Description Enter a name t o uniquely identify the PPP oE par tner . The first charact er in this field must not be a n umber No special charac- ter s or umlauts must be used.
Field Description VLAN ID Only if VLAN is enabled. Enter the VLAN-ID that y ou received fr om your pr ovider . Alw ays on Select whether the interf ace should alway s be activ ated. The function is enabled with !. . The function is disabled b y default.
Field Description The function is enabled b y default. Creat e NA T P olicy Specify whether Net work Addr ess T ranslation (NA T) is t o be ac- tivat ed.
Field Description P ossible v alues: • (def ault value): Onl y r un P AP (PPP P asswor d Authentic- ation P rot ocol); the passw ord is tr ansf erred unencrypted. • 9 : Only run CHAP (PPP Challenge Handshake A uthentic- ation P rot ocol as per RFC 1 994); pass wor d is transf erred en- cr ypted.
Field Description MTU Ent er the maximum pac ket siz e (Maximum T ransfer Unit, MTU) in byt es that is allowed f or the connection. With def ault value $ , the value is specified b y link control at connection setup . If you disab le $ , you can enter a v alue.
F ig. 1 20: W AN -> Internet + Dialup -> PPTP -> New The menu W AN -> Internet + Dialup -> PPTP -> New consists of the follo wing fields: Fields in the Basic P arameter s menu. Field Description Description Enter a name f or uniquely identifying the internet connection.
Field Description When using the int er nal DSL modem, select here the EthoA in- terf ace configured in Physical Interfaces -> A TM -> Pr of iles -> New , e.g . )$ . User Name Ent er the user name. P assw ord Enter the pass word.
Field Description defined as the def ault route . The function is enabled with !. . The function is enabled b y default. Creat e NA T P olicy Specify whether Net work Addr ess T ranslation (NA T) is t o be ac- tivat ed. The function is enabled with !.
Field Description The def ault value is . A uthentication Select the authentication protocol f or this Internet connection. Select the authentication specified b y your pr ovider . P ossible v alues: • (def ault value): Onl y r un P AP (PPP P asswor d Authentic- ation P rot ocol); the passw ord is tr ansf erred unencrypted.
Field Description selected Ethernet por t. Local PPTP IP Ad dress Assign the PPTP interf ace an IP address that is used as the source addr ess. The def ault value is 8 . Remot e PPTP IP Ad- dress Enter the IP addr ess of the PPTP par tner .
F ig. 1 21: W AN -> Internet + Dialup -> IP Pools -> New Fields in the men u Basic P aramet ers Field Description IP P ool Name Enter any description to uniquel y identify the IP pool. IP Ad dress Range Enter the f irst (f irst f ield) and last (second field) IP address of the IP address pool.
1 3.2.1 .1 New Click the New but ton t o optimise voice tr ansmission f or other interf aces. F ig. 1 22: W AN -> Real Time Jitt er Control -> Controlled Interfaces -> New The menu W AN -> Real Time Jit ter Control -> Controlled Int erfaces -> New consists of the f ollowing fields: Fields in the Basic Set tings menu.
Chapter 1 4 VPN A connection that uses the Internet as a "transpor t medium" but is not pub licly accessib le is ref erred to as a VPN (V ir tual P rivate Network). Only authorised users have access t o such a VPN, which is seemingly also r eferred t o as a VPN tunnel.
The routing-based method of fer s various advantages o v er the policy -based method, e.g., NA T/P A T within a tunnel, IPSec in combination with routing prot ocols and the creation of VPN backup scenarios. W ith the routing-based method, the configur ed or dynamically learned routes ar e used to negotiat e the IPSec phase 2 SAs.
F ig. 1 23: VPN -> IPSec -> IPSec Peers P eer Monitor ing The menu f or monitoring a peer is called by selecting the but ton f or the peer in the peer list. See V alues in the IPSec T unnels list on page 439 . 1 4.1 .1 .1 New Choose the New but ton t o set up more IPSec peer s.
F ig. 1 24: VPN -> IPSec -> IPSec Peers -> New The menu VPN -> IPSec -> IPSec P eers -> New consists of the f ollowing fields: Fields in the men u P eer P aramet ers 1 4 VPN bintec e.
Field Description Administr ative Status Select the st atus to which y ou wish to set the peer af ter saving the peer configuration. P ossible v alues: • " (def ault value): The peer is av ailable f or set ting up a tunnel immediatel y aft er saving the configuration.
Field Description sion 1 • 0!' : Internet Ke x Exchange P rotocol V ersion 2 A uthentication Method Only f or Internet Ke y Exchange = 0!' Select the authentication method.
Field Description ternative subject name b y default. Make sur e you and your peer both use the same name, i.e . that your local ID and the peer ID your partner configures f or you are identical. Pr eshared Key Enter the pass word agr eed with the peer.
Field Description ;$ Select whether the rout e to this IPSec peer is to be def ined as the def ault rout e. The function is enabled with !.
bintec elmeg Gate ways suppor t t wo dif ferent methods f or establishing IPSec connections: • a method based on policies and • a method based on routing.
F ig. 1 25: VPN -> IPSec -> IPSec Peers -> New -> Add Fields in the men u Basic P aramet ers Field Description Description Enter a description f or the filt er. Pr otocol Select a prot ocol. The # option (default v alue) matches all prot ocols.
Field Description (= -1) means that the por t remains unspecif ied. Destination IP Ad- dress/Netmask Enter the destination IP addr ess and corresponding netmask of the data pac kets . Destination P or t Only for Prot ocol = 4 or "1 Enter the destination port of the data pack ets.
Field Description XA UTH Prof ile Select a profile cr eated in VPN -> IPSec -> XA UTH Prof iles if you wish to use this IPSec peer XA uth for authentication. If XA uth is used together with IKE C onfig Mode , the transac- tions f or XAuth ar e carr ied out befor e the transactions for IKE Conf ig Mode.
Field Description set ting under Public Interface Mode . Pub lic Interface Mode Specify how strictly the set ting under Public Interface is handled. P ossible v alues: • 2$ : Only the selected int erface is used, whate ver the pri- orities in the current routing t able .
Field Description • 0' (def ault value): Deactiv ates P ro xy ARP f or this IPSec peer . • " $ 1$ : Y our device onl y responds t o an ARP re- quest if the status of the connection t o the IPSec peer is " (active) or 1$ (dor mant).
Note If a tunnel is to be set up t o a peer, the int erface ov er which the tunnel is to be imple- mented is activ ated fir st by the IPSec D aemon. If IPSec with DynDNS is configur ed on the local de vice, the own IP addr ess is propagat ed first and then the ISDN call is sent to the r emote device .
Note The callback conf iguration should be the same on the t wo de vices so that your device is able t o identify the IP address information from the called peer . The f ollowing r oles are possib le: • One side takes on the activ e role , the other the passive role .
Field Description Mode Select the Callbac k Mode. P ossible v alues: • 0' (def ault value): IPSec callbac k is deactivated. The local de vice neither reacts t o incoming ISDN calls nor initiates ISDN calls to the r emote device .
Field Description P ossible v alues: • $ . $ : Y our device aut omatically de- termines the most fav ourable mode . It fir st tries all D channel modes bef ore s witching to the B channel. (Costs ar e incurred f or using the B channel.
F ig. 1 26: VPN -> IPSec -> Phase-1 Prof iles In the Default column, you can mark the prof ile to be used as the default pr ofile. 1 4.1 .2.1 New Choose the New (at Creat e new IKEv1 P rof ile or Create new IKEv2 P rofile ) but ton t o creat e additional profiles.
F ig. 1 27: VPN -> IPSec -> Phase-1 Prof iles -> New The menu VPN -> IPSec -> Phase-1 Pr ofiles -> New consists of the follo wing fields: Fields in the Phase-1 (IKE) P arameter s menu. Field Description Description Enter a description that uniquel y defines the type of rule.
Field Description (Adv anced Encr yption Standard). It is rat ed as just as secure as Rijndael (AES), but is slo wer . • 7$%) : Blowfish is a v ery secure and fast algorithm.
Field Description ation or the hash algorithms is based on the author ’ s knowledge and opinion at the time of creating this User Guide . In par ticular , the quality of the algor ithms is subject to r elativ e aspects and may change due to mathematical or cryptogr aphic dev elop- ments.
Field Description • ) # (def ault value): If y ou do not use cer tific- ates f or the authentication, you can select P reshar ed K ey s. These are conf igured during peer configur ation in the VPN -> IPSec -> IPSec P eers .
Field Description Local ID T ype Only f or Phase-1 (IKE) Paramet ers Select the local ID type. P ossible v alues: • 2# H 1$ + >2H1+? • !.
Fields in the A dvanced Set tings menu. Field Description Alive Chec k Only f or Phase-1 (IKE) Paramet ers Select the method to be used t o check the functionality of the IPSec connection. In addition to the def ault method Dead P eer Detection (DPD), the (proprietary) Hear tbeat method is implemented.
Field Description Block Time Define ho w long a peer is bloc ked f or tunnel setups aft er a phase 1 tunnel setup has f ailed. This only af fects locall y initiated setup at tempts. P ossible v alues are to 8 (seconds); means the value in the def ault profile is used and means that the peer is ne ver b locked.
Field Description This option can only be conf igured if certificates ar e loaded. 1 4.1 .3 Phase-2 P rof iles Y ou can define pr ofiles f or phase 2 of the tunnel setup just as for phase 1 . In the VPN -> IPSec -> Phase-2 Pr ofiles menu, a list of all configured IPSec phase 2 pr ofiles is displayed.
F ig. 1 29: VPN -> IPSec -> Phase-2 Prof iles -> New The menu VPN -> IPSec -> Phase-2 Pr ofiles -> New consists of the follo wing fields: Fields in the Phase-2 (IPSEC) P arameter s menu. Field Description Description Enter a description that uniquel y identifies the pr ofile.
Field Description ! , a ke y length of 128 bits is used. • ! : Rijndael has been nominated as AES due to its f ast ke y setup , low memor y requir ements, high le vel of secur - ity against at tacks and general speed. Her e, it is used with a ke y length of 128 bits .
Field Description used to pr otect the ke ys of a r enewed phase 2 S A, ev en if the ke ys of the phase 1 SA hav e become known. The field has the f ollowing options: • >B 7? : During the Diff ie-Hellman ke y calculation, mod- ular e xponentiation at 7 68 bits is used to cr eate the encr yption material.
Field Description IP Compression Select whether compr ession is to be activ ated befor e data en- cr yption. If data is compr essed ef f ectivel y , this can result in higher perf or mance and a low er volume of dat a to be trans- f erred.
1 4.1 .4 XA UTH P rof iles In the XA UTH Prof iles menu a list of all XA UTH prof iles is displayed. Extended A uthentication for IPSec (XA uth) is an additional authentication method for IPSec tunnel users .
The VPN -> IPSec -> XA UTH Prof iles -> New menu consists of the f ollowing f ields: Fields in the Basic P arameter s menu. Field Description Description Enter a description f or this XA uth prof ile. Role Select the r ole of the gat ew ay for XA uth authentication.
.
Field Description DNS ser ver . 1 4.1 .6 Options F ig. 1 32: VPN -> IPSec -> Options The menu VPN -> IPSec -> Options consists of the f ollowing fields: Fields in the Global Options men u. Field Description Enable IPSec Select whether y ou want t o activ ate IPSec.
Field Description This cancels all set tings made dur ing the IPSec configuration. Once the configuration is delet ed, you can star t with a com- pletel y new IPSec configuration. Y ou can only delet e the configur ation if Enable IPSec = not ac- tivat ed.
Field Description The function is enabled with !. . The function is disabled b y default. Send Initial Contact Message Select whether IKE Initial Contact messages ar e to be sent dur - ing IKE (phase 1) if no SAs with a peer e xist. The function is enabled with !.
Field Description quest P ayloads end during IKE (phase 1) are to be ignor ed. The function is enabled with !. . The function is disabled b y default. Send Certificate R e- quest P ayloads Select whether cer tificate r equests are to be sent during IKE (phase 1).
• L2TP LNS Mode (L2TP Net wor k Ser ver): f or incoming connections only • L2TP LAC Mode (L2TP A ccess Concentrat or): for outgoing connections onl y Note the f ollowing when configuring the ser ver and client: An L2TP tunnel pr ofile must be creat ed on each of the t wo sides (LA C and LNS).
Fields in the Basic P arameter s menu. Field Description Description Enter a description f or the current pr ofile. The de vice automaticall y names the prof iles &4 and number s them, but the v alue can be changed. Local Hostname Enter the host name f or LNS or LAC .
Field Description Remot e IP Ad dress Enter the f ix ed IP address of the LNS used as the destination address f or connections based on this profile . The destination must be a de vice that can behave like an LNS .
Field Description value means that no L2TP HELLO messages ar e sent. Minimum Time between R etries Enter the minim um time (in seconds) that your de vice waits be- f ore r esending a L2TP control pac ket for which it r eceived no re- sponse. The wait time is dynamicall y e xtended until it r eaches the Max - imum Time betw een Retries .
F ig. 1 34: VPN -> L2TP -> Users -> New The menu VPN -> L2TP -> Users -> New consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Description Enter a name f or uniquely identifying the L2TP par tner .
Field Description L2TP net work ser ver (LNS) or the functions of a L2TP access concentrat or client (LAC client). P ossible v alues: • &+ (def ault value): If y ou select this option, the L2TP par tner is configur ed so that it accepts L2TP tunnels and rest ores the encapsulated PPP tr af fic f low .
Field Description • (def ault value): Y ou enter a static IP addr ess. • $' 0 : Only f or Connection T ype = &+ . Y our device dynamicall y assigns an IP address to the r emote terminal.
Fields in the A dvanced Set tings menu. Field Description Block af ter connection failure f or Enter the w ait time in seconds bef ore the de vice should tr y again af ter an at tempt to set up a connection has f ailed. The def ault value is @ .
Field Description check ed by sending LCP echo requests or r eplies. This is r e- commended f or leased lines, PPTP and L2TP connections. The function is enabled with !. . The function is enabled b y default. Pr ioritize TCP A CK P ack ets Select whether the TCP download is t o be optimised in the e vent of int ensive TCP upload.
Field Description til someone actually w ants to use the r oute. • " $# : Y our device r esponds to an ARP r equest only if the status of the connection t o the L2TP par tner is " (active), i.e. a connection already e xists to the L2TP par tner .
Field Description The function is disabled b y default. 1 4.3 PPTP The P oint-to-P oint T unnelling P rot ocol (=PPTP) can be used to set up an encrypted PPTP tunnel to pr ovide securit y for data tr af fic ov er an existing IP connection. Fir st a connection to an ISP (=Internet Ser vice P rovider) is set up at both sit es.
1 4.3.1 .1 New Click on New to set up further PPTP par tners . F ig. 1 36: VPN -> PPTP -> PPTP T unnels -> New The VPN -> PPTP -> PPTP T unnels -> New menu consists of the f ollowing f ields: Fields in the PPTP P ar tner P aramet ers menu.
Field Description Description Enter a unique name f or the tunnel. The fir st charact er in this field must not be a n umber No special charact ers or umlauts must be used. PPTP Mode Enter the r ole to be assigned to the PPTP int erf ace. P ossible v alues: • + (def ault value): this assigns the PPTP int erface the role of PPTP ser ver .
Fields in the IP Mode and R outes menu. Field Description IP Ad dress Mode Select whether y our de vice is to be assigned a st atic IP address or whether it should be assigned this dynamically . P ossible v alues: • (def ault value): Y ou enter a static IP addr ess.
Field Description • ; : The lower the v alue, the higher the priorit y of the rout e (possible values ). The default v alue is .
Field Description P ossible v alues: • +$ : MPP encr yption is not used. • !. (def ault value): MPP encryption V2 with 1 28 bit is used to RFC 3078. • $% $. : MPP encr yption V2 with 128 bit is used as compatible with Micr osoft and Cisco .
Field Description propag ated or OSPF prot ocol pack ets sent over this int erf ace. • 0' : OSPF is disabled f or this interf ace. Pr oxy ARP Mode Select whether your de vice is to ans wer APR r equests from your LAN on behalf of the specif ic PPTP par tner .
Field Description cial applications. Incoming ISDN Num- ber Only if Callback is enabled. Enter the ISDN n umber from which the r emote de vice calls the local de vice (calling par t y number).
Field Description GRE Windo w Adaption Select whether the GRE Windo w Adapt ation is to be enab led. This adaptation onl y becomes necessar y if you hav e installed ser vice pack 1 fr om Microsof t Windo ws XP .
1 4.3.3.1 Edit or New Choose the New but ton t o set up new IP addr ess pools. Choose the icon t o edit existing entries. F ig. 1 38: VPN -> PPTP -> IP Pools -> New Fields in the men u Basic P aramet ers Field Description IP P ool Name Enter any description to uniquel y identify the IP pool.
ov er this interface is then encapsulat ed using GRE and sent to the specified r ecipient. 1 4.4.1 GRE T unnels A list of all configur ed GRE tunnels is displayed in the VPN -> GRE -> GRE T unnels menu. 1 4.4.1 .1 New Choose the New but ton t o set up new GRE tunnels .
Field Description Default Rout e If you enab le the Default Route , all data is automaticall y rout ed to one connection. The function is disabled b y default. Local IP Ad dress Here , enter the (LAN-side) IP addr ess that is to be used as your de vice's source addr ess f or your o wn pack ets through the GRE tunnel.
Chapter 1 5 F ire wall The Stat eful Inspection Fir ewall (SIF) pr ovided f or bintec elmeg gat ew ays is a po werful se- curit y featur e. The SIF with dynamic pack et filtering has a decisive adv an.
One of the basic functions of NA T is the translation of the local IP addresses of your LAN into the global IP addr esses you are assigned b y your ISP and vice v ersa. All connections initiated e xternally are f irst b locked, i.e . ev er y packet y our device cannot assign t o an exist- ing connection is reject ed.
in succession until a rule matches. If ov er lapping occurs, i.e . more than one filter rule matches a pack et, only the fir st rule is ex ecuted. This means that if the fir st rule denies a pack et, whereas a later rule allows it, the pac ket is r ejected.
Field Description Source Select one of the preconf igured aliases f or the source of the pack et. In the list, all W AN/LAN interf aces, int erf ace gr oups (see Fire- wall -> Interfaces -> Grou.
Field Description Action Select the action to be applied t o a filter ed pack et. P ossible v alues: • (def ault value): The pac kets are f orwarded on the basis of the entries. • 1# : The packets ar e rejected. • :K : The packets ar e rejected.
1 5.1 .2 QoS More and mor e applications need increasingly lar ger bandwidths, which ar e not alw ays availab le. Quality of Ser vice (QoS) makes it possible t o distribute the av ailable bandwidths ef fectiv ely and int elligently . Cer tain applications can be given pr eference and bandwidth r e- ser ved f or them.
Field Description Filt er Rules This field contains a list of all conf igured f ire wall policies f or which QoS was activ ated ( Apply QoS = !. under Fire- wall -> P olicies -> Filt er Rules -> New ).
Fields in the Global F irew all Options menu. Field Description Fir ewall Stat us Enable or disable the f ire wall function. The function is enabled with !. The function is enabled b y default. Logged Actions Select the fir ew all sy slog lev el.
Field Description P ossible v alues are @ to 8 . The def ault value is 8 . Other Inactivity Enter the inactivity time aft er which a session of another type is to be r egarded as e xpired (in seconds). P ossible v alues are @ to 8 .
Field Description Description Enter the desir ed descr iption of the interf ace group . Members Select the members of the group fr om the available int erfaces.
Field Description • :( : Enter an IP address r ange with a star t and end address . Ad dress / Subnet Only for Address T ype = - . Enter the IP addr ess of the host or a net work address and the relat ed netmask.
Field Description Selection Select the members of the g roup fr om the availab le Addresses . T o do this, activat e the F ields in the Selection column. 1 5.4 Ser vices 1 5.4.1 Service List In the Fir ewall -> Services -> Service List menu, a list of all av ailable services is displayed.
Field Description specified port number is verified. If a por t range is t o be check ed, enter the upper limit here . P ossible v alues are to @ . Source P ort Rang e Only f or Prot ocol = 4 , "1-4 or "1 In the fir st field, ent er the source port to be check ed, if applic- able .
Field Description Code Selection options f or the ICMP codes are onl y available f or T ype = 1$ ). P ossible v alues: • # (def ault value) • + "). • 9$ ").
F ig. 1 48: Fire wall -> Ser vices -> Groups -> New The menu Fir ewall -> Services -> Groups -> New consists of the follo wing fields: Fields in the Basic P arameter s menu. Field Description Description Enter the desir ed descr iption of the ser vice group .
Chapter 1 6 Local Services This menu of fer s ser vices f or the f ollowing application ar eas: • Name resolution (DNS) • Configuration via w eb bro wser (HTTPS) • Locating of dynamic IP address.
Y our device can also r eceive the global name servers dynamicall y via PPP or DHCP and transf er them dynamically if necessar y . Strat egy f or name resolution on y our device A DNS request is handl.
1 6.1 .1 Global Set tings F ig. 1 49: Local Ser vices -> DNS -> Global Set tings The menu Local Services -> DNS -> Global Set tings consists of the following f ields: Fields in the Basic P arameter s menu Field Description Domain Name Ent er the standar d domain name of your de vice.
Field Description i.e. successfull y resol ved names and IP addresses ar e to be stor ed in the cache. The function is activat ed by selecting !. . The function is enabled b y default. Negative Cac he Select whether the negative dynamic cache is t o be activated, i.
Fields in the IP ad dress t o use for DNS/WINS server assignment menu Field Description As DHCP Serv er Select which name ser ver addr esses are sent to the DHCP cli- ent if your de vice is used as DHCP ser ver . P ossible v alues: • +$ : No name ser ver addr ess is sent.
F ig. 150: Local Ser vices -> DNS -> DNS Server s -> New The Local Services -> DNS -> DNS Servers -> New menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Admin Stat us Select whether the DNS ser ver should be enab led.
Field Description • 1# (def ault value) Interface Select the interf ace to which the DNS server pair is to be as- signed. F or Interface Mode = 1# A global DNS ser ver is cr eated with the set ting +$ .
The menu Local Services -> DNS -> Static Hosts -> New consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description DNS Hostname Enter the host name t o which the IP Addr ess defined in this menu is t o be assigned if a positive r esponse is received t o a DNS request.
1 6.1 .4.1 New Choose the New but ton t o set up additional f orwar dings. F ig. 152: Local Ser vices -> DNS -> Domain F orwarding -> New The menu Local Services -> DNS -> Domain F orwar ding -> New consists of the f ollowing fields: Fields in the F orwar ding Par ameters menu.
Field Description The entr y can star t with the wildcard "*", e .g. "*.bintec-elmeg .com". If you ent er a name without a leading wildcard "*" a leading wild- card "*" is supplement ed as soon as you confirm with OK .
Y ou can select individual entries using the checkbo x in the corresponding line , or select them all using the Select all but ton. A dynamic entr y can be conv er ted t o a static entr y by marking the entr y and confirming with Make static . This corresponding entry disappears fr om the list and is displayed in the list in the Static Hosts menu.
Field Description centage. Successfully Answ ered Quer ies Shows the number of successfull y answer ed requests (positiv e and negativ e). Server F ailures Shows the number of r equests that were not ans wer ed by an y name ser ver (either positiv ely or negativ ely).
Field Description Local Certificate Select a cer tificat e that you w ant to use f or the HTTPS connec- tion. P ossible v alues: • 0 (def ault value): Select this option if y ou want to use the cer tificate b uilt into the de vice.
1 6.3.1 .1 New Choose the New but ton t o set up fur ther DynDNS registr ations to be updat ed. F ig. 156: Local Ser vices -> DynDNS Client -> DynDNS Update -> New The menu Local Services -> DynDNS Client -> DynDNS Update -> New consists of the f ol- lowing f ields: Fields in the Basic P arameter s menu.
Field Description figur ed stat e and their prot ocols are suppor ted. Other DynDNS pr ovider s can be configur ed in the Local Ser- vices -> DynDNS Client -> DynDNS Pr ovider menu. The def ault value is 1#1+ . Enable update Select whether the DynDNS entry configured here is t o be activ- ated.
F ig. 157: Local Ser vices -> DynDNS Client -> DynDNS P ro vider -> New The menu Local Services -> DynDNS Client -> DynDNS Pr ovider -> New consists of the fol- lowing f ields: Fields in the Basic P arameter s menu. Field Description Pr ovider Name Ent er a name f or this entr y .
Field Description • 9+ • 1L+ • *1094;& • *104 • $ 1#1+ • 1!6 Update Int erval Enter the minim um time (in seconds) that your de vice must wait bef ore it is allo wed t o propag ate its curr ent IP address to the DynDNS pr ovider ag ain.
1 6.4.1 .1 Edit or New Choose the New but ton t o set up new IP addr ess pools. Choose the icon t o edit exist- ing entries. F ig. 158: Local Ser vices -> DHCP Server -> IP P ool Configur ation -> New Fields in the men u Basic P aramet ers Field Description IP P ool Name Enter any description to uniquel y identify the IP pool.
Note In the e x works state the DHCP pool is pr econfigured with the IP addr esses 1 92.168.0.1 0 to 1 92.1 68.0.49 and is used if there is no other DHCP server av ailable in the net work. 1 6.4.2.1 Edit or New Choose the New but ton t o set up new DHCP pools .
Field Description P ool Usag e Select of the DHCP pool is t o be used for requests fr om clients in a net work directly connect ed to an Ethernet interface , or if it is to be used f or DHCP requests from a r emote net work that are sent to y our device via a DHCP relay st ation.
Field Description P ossible v alues for Option : • 4 ' (def ault value): Ent er the IP address of the time ser ver t o be sent to the client. • 1+ ' : Enter the IP address of the DNS server t o be sent to the client.
Choose the icon to edit an e xisting entr y . In the popup menu, you conf igure manuf ac- turer -specific set tings in the DHCP ser ver f or specific telephones, f or ex ample.
Field Description shall be transmit ted f or the DHCP ser ver . P ossible v alues: • 3) (def ault value) • . APN Only für Select vendor = . Enter the A ccess Point Namen (APN) of the SIM car d. PIN Only für Select vendor = .
1 6.4.3.1 New Choose the New but ton t o set up new IP/MA C bindings. F ig. 160: Local Ser vices -> DHCP Server -> IP/MA C Binding -> New The menu Local Services -> DHCP Server -> IP/MA C Binding -> New consists of the follo w- ing fields: Fields in the Basic P arameter s menu.
F ig. 161: Local Ser vices -> DHCP Server -> DHCP R elay Settings The menu Local Services -> DHCP Server -> DHCP Relay Set tings consists of the follow - ing fields: Fields in the Basic P arameter s menu. Field Description Pr imary DHCP Server Enter the IP addr ess of a ser ver to which BootP or DHCP r e- quests are t o be forwar ded.
Caution The configuration of actions that ar e not available as def aults requires e xtensiv e know - ledge of the method of operation of bint ec elmeg gat ew ays. An incorrect conf iguration can cause considerab le disruption dur ing operation. If applicab le, sav e the original configuration on y our PC.
The menu Local Services -> Scheduling -> T rigger -> New consists of the follo wing fields: Fields in the men u Basic P aramet ers Field Description Event List Y ou can creat e a new e vent list with +% (default v alue). Y ou give this list a name with Description .
Field Description But ton is to be triggered. The F unction Butt on is on the case of an RS353 seriens device . T o do so, pr ess this F unction But ton for one second. • *!3 M$ : Operations configur ed and assigned in Actions are initiat ed, when the defined GEO Zones take on a specified status .
Field Description bination of Index V ariable (usually an index v ar iable which is flagged with *) and Index V alue . Use Index V ariables to creat e more entries with Add .
Field Description Enter the IP addr ess whose accessibilit y is to be check ed. Source IP A ddress Only f or Event T ype ( 4 Enter an IP addr ess to be used as sender address f or the ping test.
Fields in the men u Select time interval Field Description Time Condition For Event T ype 4 only Fir st select the t ype of time entr y in Condition T ype . P ossible v alues: • /# : Select a weekday in Condition Settings . • $ (def ault value): In Condition Settings , select a par - ticular period.
1 6.5.2 A ctions In the Local Services -> Scheduling -> Actions menu is display ed a list of all operations to be initiated b y ev ents or ev ent chains configured in Local Services -> Scheduling -> T rigger . 1 6.5.2.1 New Choose the New but ton t o configur e additional operations.
Field Description • ( 4 : Accessibility of an IP address is check ed. • ;( : A cer tificate is t o be rene wed, deleted or ent ered. • *9E &+ 7 : Only f or de vices with a wireless LAN.
Field Description MIB T able . Only the MIB tab les present in the respectiv e area are display ed. Command Mode Only if Command T ype = ;07-+; Select how the MIB entry is to be manipulated. P ossible set tings: • )( 6( # (def ault value): An e xisting entr y shall be modified.
Field Description If the initiator is inactiv e ( T rigger Status 0' ), the MIB variab le is described with the value enter ed in Inactive V alue .
Field Description • $% $ " ' (def ault value): The lat est software will be do wnloaded from the up- date server .
Field Description • 1 $($ • $# $($ F or Command T ype = ;( Select which operation y ou wish to perf or m on a cer tificate file .
Field Description Enter the f ile name under which it should be saved on the serv - er . Local File Name Only wher e Command T ype = $($ ;( and Actio.
Field Description The function is disabled b y default. Reboot af ter ex ecution Only if Command T ype = $($ ;( Select whether your de vice should restart aft er the intended Ac- tion . The function is disabled b y default.
Field Description The def ault value is @ . Server A ddress Only wher e Command T ype = ;( and Action = 0$ Enter the URL of the server fr om which a cer tificat e file is t o be retrie ved.
Field Description Enter a description under which the SCEP cer tificat e on your de vice is to be sav ed. URL SCEP Server URL Only wher e Command T ype = ;( and Action = ! Enter the URL of the SCEP server , e.
Field Description steps of the enr olment inter nally . This is an advantage if enr ol- ment cannot be concluded immediatel y . If the status has not been saved, the incomplet e registration cannot be complet ed.
Field Description Operation Mode ( Inact- ive ) Only wher e Command T ype = &+, 3$ ;$ Select the requir ed operating mode for the select ed radio mod- ule if it currentl y has the status 1$% . Y ou may select from any of the operating modes that y our device supports.
Y ou can monitor t emperatur e with de vices from the bintec WI ser ies. Note This function cannot be configur ed on your de vice for connections that ar e authentic- ated via a RADIUS server . 1 6.6.1 Hosts A list of all monitor ed hosts is displayed in the Local Services -> Surveillance -> Hosts menu.
Field Description def ault gat ew ay . The gr oup IDs are aut omatically cr eated from to . If an entr y has not yet been cr eated, a new gr oup is created using the +% 01 option. If entr ies have been cr eated, you can select one from the list of cr eated groups .
Field Description Successful T rials Specify how man y pings need to be ans wered f or the host to be reg arded as accessible . Y ou can use this set ting to specify , for e xample, when a host is deemed to be accessib le once more, and used ag ain, instead of a backup de vice.
F ig. 166: Local Ser vices -> Surveillance -> Interfaces -> New The menu Local Services -> Surveillance -> Interfaces -> New consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Monitor ed Interface Select the interf ace on your de vice that is to be monitor ed.
1 6.6.3 Ping Gener at or In the Local Services -> Surveillance -> Ping Generat or menu, a list of all configured, aut o- matically gener ated pings is display ed. 1 6.6.3.1 Edit or New Choose the icon to edit e xisting entr ies. Choose the New but ton to cr eate additional pings.
Field Description The def ault value is . T rials Enter the n umber of ping tests t o be perf ormed until Destina- tion IP Ad dress as "). applies. The def ault value is @ . 1 6.7 HotSpot Gate w ay The HotSpot Solution allows pr ovision of pub lic Internet accesses (using WLAN or wired Ethernet).
A uthentication -> RADIUS -> New with Group Descr iption ($ ) • bintec elmeg Hotspot hosting (ar ticle number 551 0000 1 98) • Access data • Documentation • Software licensing Please note that y ou must first activ ate the licence.
1 6.7 .1 HotSpot Gate way In the HotSpot Gate way menu, you can configur e the bintec elmeg gat eway installed onsite f or the Hotspot Solution . A list of all configur ed hotspot net works is displayed in the Local Services -> HotSpot Gate way -> HotSpot Gate way menu.
F ig. 169: Local Ser vices -> HotSpot Gate way -> HotSpot Gateway -> The Local Services -> HotSpot Gate way -> HotSpot Gate way -> menu consists of the f ollowing fields: Fields in the men u Basic P aramet ers Field Description Interface Choose the interf ace to which the Hotspot LAN or WLAN is con- nected.
Field Description Domain at the HotSpot Server Enter the domain name that y ou used when setting up the Hot- Spot ser ver f or this customer . The domain name is requir ed so that the Hotspot ser ver can distinguish between the dif f erent cli- ents (customer s).
Field Description The f ollowing languages ar e suppor ted: !() , 1) , 0$ , 2O , !P$ , $(Q and + . The language can be changed on the star t/login page at any time.
Field Description P op-Up window for status indication Specify whether the de vice uses pop-up windows t o display the status. The function is enabled b y default.
1 6.8 W ake-On-LAN With the function W ake-On-LAN you can start net work devices that ar e switched of f via an integ rated network card. The net work card also needs a pow er supply , ev en when the com- puter is s witched off .
Field Description Service Select one of the preconf igured services. The e xtensiv e range of ser vices configur ed e x works includes the follo wing: • '# • .
Field Description Destination P or t/Range Only f or Prot ocol = 4 or "1 Enter a destination port number or a range of destination por t number s. P ossible v alues: • (def ault value): The destination port is not specified.
Field Description • 43 96 D : The TOS v alue is specified in he xadecimal f or mat, e.g. 3F . COS Filt er (802.1p/Layer 2) Enter the service class of the IP pack ets (Class of Ser vice, CoS). P ossible v alues are whole number s bet ween and B .
Field Description W ake-On-LAN Rule Chain Select whether to cr eate a new rule chain or to edit an e xisting one. P ossible v alues: • +% (def ault value): Y ou can creat e a new rule chain with this set ting.
Field Description Send WOL pac ket ov er Interface Select the interf ace which is to be used to send the W ake on LAN magic pack et. T arget MAC-A ddress Only wher e Action = 0'$/ 3&.
Field Description Interface Select the interf ace for which a conf igured rule chain is to be as- signed. Rule Chain Select a rule chain. bintec elmeg GmbH 1 6 Local Ser vices bintec Ne xt Generation .
Chapter 1 7 Maintenance This menu pr ovides y ou with numer ous functions for maint aining your de vice. It fir stly pro vides a menu f or testing availability within the net work. Y ou can manage your sy stem configuration f iles. If more r ecent sy stem sof t ware is av ailable, y ou can use this menu t o in- stall it.
1 7 .1 .2 DNS T est F ig. 1 75: Maintenance -> Diagnostics -> DNS T est The DNS test is used t o check whether the domain name of a par ticular host is correctly r e- solv ed. The Output field displays the DSN t est messages. The ping t est is launched by en- tering the domain name to be t ested in DNS Addr ess and clicking the Go but ton.
Y ou use the tracerout e test to display the r oute to a particular address (IP address or do- main name), if this can be reached. The Output field display s the tracer oute t est mes- sages. The ping t est is launched by ent er ing the IP address t o be test ed in T racerout e Ad- dress and clicking the Go but ton.
stor ed in the wor king memor y (RAM). The contents of the RAM ar e lost if the device is s witched of f . So if you modify y our configuration and want t o keep these changes f or the ne xt time you .
The Maintenance -> Sof twar e &Configuration -> Options menu consists of the f ollowing fields: Fields in the Cur rently Installed Sof tware menu. Field Description BOSS Shows the curr ent sof t war e ver sion loaded on your de vice. Sy stem Logic Shows the curr ent sy stem logic loaded on your de vice.
Field Description ./ '$ .$$ $($ the current configuration w as saved as boot configuration and the pr evi- ous boot configuration w as also archived. Y ou can load back the ar chiv ed boot configuration.
Field Description Select the source of the updat e. P ossible v alues: • &$ 2 (def ault value): The s yst em software file is stor ed locally on your PC . • 944 ' : The file is stor ed on a remot e ser ver specified in the URL .
Field Description Enter the ne w name of the configuration file . 1 7 .3 Reboot 1 7 .3.1 S ystem R eboot In this menu, y ou can trigger an immediate reboot of y our device. Once y our syst em has rest ar ted, y ou must call the GUI again and log in. P ay att ention to the LEDs on y our device.
Chapter 1 8 Exter nal Reporting In this sy stem menu, you def ine what sy stem prot ocol messages are sav ed on which com- puter s, and whether the sy stem administrat or should receive an e-mail f or cer tain ev ents. Inf or mation on IP data traf fic can also be sav ed--depending on the individual interf aces.
A list of all configur ed sy stem log ser ver s displayed in the External Reporting -> Sy slog -> Sy slog Ser ver s menu. 1 8.1 .1 .1 New Select the New but ton t o set up additional sy slog ser vers .
Field Description • 1.( (lowest priority) Sy slog messages are only sent t o the host if they hav e a higher or identical prior ity to that indicated, i.e . at sy slog lev el 1.( all messages generated ar e f orwar ded to the host. Facility Enter the sy slog f acility on the host.
1 8.2 IP Accounting In modern net works, inf ormation about the t ype and number of data pac kets sent and r e- ceived o ver the net work connections is oft en collected for commer cial reasons. This inf or m- ation is e xtremel y impor tant f or Internet Ser vice P rovider s that bill their customers b y data volume .
F ig. 181: External R eporting -> IP Accounting -> Options In the Exter nal Reporting -> IP Accounting -> Options menu, y ou can define the Log F ormat of the IP accounting messages. The messages can contain charact er strings in any or der , sequences separated b y a slash, e.
1 8.3 Aler t Service It was pr e viously possib le to send sy slog messages from the r outer to an y sy slog host. De- pending on the configuration, e-mail alerts are sent to the administr ator as soon as r elev ant sy slog messages appear. 1 8.3.1 Alert Recipient A list of Sy slog messages is displayed in the Aler t Recipient menu.
Field Description P ossible v alues: • E-mail • SMS Recipient Ent er the recipient's e-mail addr ess. The entry is limited t o 40 charact ers . Message Compression Select whether the te xt in the aler t E-mail is to be shor tened. The e-mail then contains the s yslog message onl y once plus the number of r elev ant ev ents.
Field Description enter ed therefor e usually contains wildcards . T o be informed of all sy slog messages of the selected lev el, just enter "*". Sev erity Select the se verity lev el which the str ing configured in the Matching String field must r each to trigger an e-mail aler t.
1 8.3.2 Alert Settings F ig. 183: External R eporting -> Aler t Service -> Alert Settings The menu Exter nal Reporting -> Alert Ser vice -> Alert Settings consists of the follo wing fields: Fields in the Basic P arameter s menu. Field Description Alert Ser vice Select whether the aler t ser vice is to be enab led f or the inter - f ace.
Field Description SMTP Server Enter the addr ess (IP address or valid DNS name) of the mail ser ver t o be used for sending the mails. The entr y is limited t o 40 characters . SMTP P or t Encr yption of e-mails (SSL / TLS). The field SMTP P or t is per default pr eset to and SSL En- cr yption is enabled.
Field Description SMS Device Y ou can receiv e notification of sy stem alerts in te xt messages. Select the de vice to be used t o send the te xt message. Maximum SMS per Day Limit the maximum number of SMS sent during a single day . Activ ating +$ &$ allows an y number of SMS to be sent.
F ig. 184: External R eporting -> SNMP -> SNMP T rap Options The menu Exter nal Reporting -> SNMP -> SNMP T rap Options consists of the following fields: Fields in the Basic P arameter s menu. Field Description SNMP T rap Broadcast- ing Select whether the transf er of SNMP traps is to be activ ated.
1 8.4.2 SNMP T r ap Hosts In this menu, y ou specify the IP addresses t o which your de vice is to send the SNMP traps . In the Exter nal Reporting -> SNMP -> SNMP T rap Hosts menu, a list of all configured SN- MP trap hosts is display ed. 1 8.4.
Chapter 1 9 Monit or ing This menu contains inf or mation that enable y ou to locat e prob lems in your net work and monitor activities , e.g . at your de vice's W AN interf ace.
Field Description Subsy stem Displays which subs ystem of the de vice generated the mes- sage. Message Displays the message te xt. 1 9.2 IPSec 1 9.2.1 IPSec T unnels A list of all configur ed IPSec tunnel pro viders is display ed in the Monitor ing -> IPSec -> IPSec T unnels menu.
F ig. 188: Monitoring -> IPSec -> IPSec T unnels -> V alues in the IPSec T unnels list Field Description Description Shows the description of the peer . Local IP Ad dress Sho ws the W AN IP address of your de vice. Remot e IP Ad dress Shows the W AN IP address of the connection partner .
Field Description Role / Algorithm / Life- time remaining / Status IPSec (Phase-2) SA s (x) Role / Algorithm / Life- time remaining / Status Shows the paramet ers of the IPSec (Phase 2) SAs . Messages The syst em messages for this IPSec tunnel are display ed here.
Field Description Status Displays the n umber of IPSec tunnels by their curr ent status . • Up : Currently activ e IPSec tunnels. • Going up : IPSec tunnels currently in the tunnel setup phase . • Blocked : IPSec tunnels that are bloc ked. • Dormant : Currently inactiv e IPSec tunnels.
F ig. 190: Monitoring -> Interfaces -> Statistics Change the status of the int erface b y clicking the or the but ton in the Action column. V alues in the Statistics list Field Description No. Shows the serial number of the int erface . Description Displays the name of the int erface.
F ig. 191: Monitoring -> Interfaces -> Statistics -> V alues in the Statistics list Field Description Description Displays the name of the int erface. MA C Address Displays the int erf ace te xt. IP Ad dress / Netmask Shows the IP addr ess and the netmask.
1 9.4 WLAN 1 9.4.1 WLANx In the Monitor ing -> WLAN -> WLAN menu, curr ent values and activities of the WLAN int er - f ace are display ed. The v alues for wir eless mode 802.
Field Description Rx P ack ets Shows the t otal number of r eceived pack ets for the data rat e shown in mbps . Y ou can choose the Ad vanced but ton to go t o an ov er view of more details .
Description Meaning ceived successfull y sent with a unicast address . MSDUs that could not be transmit ted Displays the n umber of MSDUs that could not be sent. F rame tr ansmissions without A CK received Displays the n umber of sent framesf or which an ackno wledge- ment frame was not r eceived.
Field Description ent is logged in. Tx P ack ets Shows the tot al number of pac kets sent. Rx P ack ets Shows the t otal number of pac kets receiv ed. Signal dBm (RSSI1, RSSI2, RSSI3) Shows the r eceived signal str ength in dBm. Noise dBm Sho ws the receiv ed noise strength in dBm.
F ig. 195: Monitoring -> WLAN -> VSS -> <connected client> -> V alues in the list <Connected Client> Field Description Client MA C Address Shows the MA C address of the associated client. IP Ad dress Shows the IP address of the client.
Field Description wireless connection. V alues: • > 25 dB ex cellent • 15 – 25 dB good • 2 – 15 dB bor der line • 0 – 2 dB bad. Data Rate mbps Shows the curr ent transmission rat e of data receiv ed by this cli- ent in mbps. The f ollowing clock rat es are possible: IEEE 802.
Field Description MA C Address Displays the MA C address being used f or this VSS. Activ e Clients Displays the number of activ e clients. 2,4/5 GHz changeov er Display s the number of clients who hav e been moved t o a dif- f erent fr equency band b y the 2,4/5 GHz changeover function.
Field Description Mbps. Rx Data Rate mbps Shows the current cloc k rate of data r eceived on this bridge link in Mbps. Uptime Shows the time in hour s, minut es and seconds for which the bridge link in question is active. Bridge link details Y ou can use the icon to open an ov er view of fur ther details of the bridge links.
Field Description Bridge Link Descrip- tion Shows the name of the bridge link. Remot e MA C Sho ws the MA C address of the bridge link par tner . Fir st seen Displays the time of the f irst r egistered at tempt ed contact of the bridge link par tner.
Field Description Uptime Shows the time in hour s, minut es and seconds for which the cli- ent link in question is active . Tx P ack ets Shows the tot al number of pac kets sent. Rx P ack ets Shows the t otal number of pac kets receiv ed. Signal dBm (RSSI1, RSSI2, RSSI3) Shows the r eceived signal str ength in dBm.
F ig. 200: Monitoring -> WLAN -> Client Links -> V alues in the Client Links list Field Description AP MA C Address Shows the MAC addr ess of the client link par tner . Uptime Shows the time in hour s, minut es and seconds for which the cli- ent link in question is active .
Field Description P ack ets and Rx Pac kets . Tx P ack ets Shows the tot al number of pac kets sent. Rx P ack ets Shows the t otal number of pac kets receiv ed. 1 9.5 Bridges 1 9.5.1 br<x> In the Monitor ing -> Bridges -> br<x> menu, the curr ent values of the conf igured bridges are sho wn.
F ig. 202: Monitoring -> HotSpot Gatew ay -> HotSpot Gateway V alues in the HotSpot Gatew ay list Field Description User Name Display s the user's name. IP Ad dress Shows the IP address of the user . Phy sical Address Shows the ph ysical address of the user .
Field Description QoS Queue Shows the QoS queue, which has been conf igured f or this inter - f ace. Send Shows the number of sent pac kets with the corresponding pac k- et class. Dropped Shows the number of r ejected pack ets with the corresponding pack et class in case of overloading.
Field Description ; *$ - : ;( V alues in the PIM Interfaces list Field Description Interface Displays the name of the PIM int erface. IP Ad dress Displays the primary IP address of the PIM interf ace.
F ig. 205: Monitoring -> PIM -> Not Interface-Specific Stat us V alues in the Not Interface-Specif ic Status list Field Description Vie w Select the desired vie w from the dropdo wn menu.
Field Description Upstream J oin Timer Join/P rune Timer is used to periodicall y send Join(*,*,RP) mes- sages, and t o correct P r une(*,*,RP) messages from peer s on an Upstream LAN int erface. V alues in the (*,G) States list Field Description Multicast Group A d- dress Displays the m ulticast group addr ess.
Field Description entr y . This corresponds t o the status of the Upstream (S,G) Stat e Machine in the PIM-SM specification. Uptime Indicates the timespan since the entry was generat ed by the local rout er. Upstream J oin Timer Indicates the r emaining time until the local router sends out the ne xt periodic (S,G) Join message on pimSGRPFIfInde x.
F ig. 206: Monitoring -> PIM -> Interface-Specific Stat es V alues in the Interface-Specif ic States list Field Description Vie w Select the desired vie w from the dropdo wn menu.
Field Description Assert State Display s the (*,G) Asser t State f or this interf ace. This corr es- ponds to the st atus of the P er -Interf ace (*,G) Asser t State Ma- chinen in the PIM-SM specification. If pimStarGPimMode is 'bid- ir', this object must 'noInf o' be.
Field Description Multicast Group A d- dress Displays the m ulticast IP address . InetAddr essT ype is defined through the object pimSG AddressT ype. Source IP A ddress Displays the sour ce IP address . InetAddr essT ype is defined through the object pimSt arGA ddressT ype.
Glossary 2G See GSM. 3DES See DES. 3G See UMTS. 4G See L TE. 802.1 1 The 802.1 1 nor m describes wireless LAN (WLAN). Ther e are a v ar i- ety of amendments: 802.1 1a: Gross data tr ansf er rat es: 54 Mbit/s, frequenc y band: 5 GHz, 802.1 1b/g: Gr oss data transf er rates: 1 1 Mbit/s, fr equency band: 2.
ke y length is 128, 1 92 or 256 bits. AES is a very fast and secur e al- gorithm. Ag gressiv e mode When an IPSec connection is being established, agg ressiv e mode is used to implement a phase 1 e xchange .
A UX A UX is a signal input f or e xternal devices , e. g. analogue or GSM modems. B channel See Basic Rate Int erf ace and P r imary Rate Interf ace. Back R oute V erify If a Bac k Rout e V erify is .
and reduces the load. Broadcast In a broadcast, data pac kets ar e sent from one point to all the sub- scribers in a net work, e. g. if the r ecipient is not yet known. Ex - amples of this are the ARP and DHCP pr otocols. The communica- tion is via broadcast addr esses: MAC net works: FF:FF:FF:FF:FF:FF , IPv4 net works: 255.
Channel bundling When channels ar e bundled, the B channels in an ISDN connection are combined t o increase data throughput. CHAP The Challenge Handshake A uthentication P rotocol (CHAP) is an au- thentication prot ocol for PPP connections. As w ell as the standard CHAP , Microsof t also has the variants MS-CHAPv1 and MS- CHAPv2.
Datagram A datagram is a self-contained dat a entity with user and control data. It generall y stands for the t erms data frame, data pac ket and data segment. DCN DCN stands for data comm unication net work. Dead P eer Detection In IPSec, Dead P eer Detection is used t o identify IKE peers that can no longer be accessed.
to-point. It is used t o connect a PBX. A main phone number and a number b lock ar e issued. Each of the number s in the number b lock is called a direct dial e xception.
Encryption Refer s to the encr yption of data, e.g . using MPPE. ESP Encapsulating Securit y P ayload (ESP) is a protocol f or IPSec. It uses prot ocol number 50 and suppor ts data encr yption and authen- tication. Ethernet Ether net is a specification f or cable dat a net works.
G.992.1 Data transmission r ecommendation for ADSL. There ar e t wo coun- tr y -specific ver sions: G.992.1 Anne x A and G.992.1 Anne x B. D ata transf er rates: 1 2 Mbit/s (downstream), 1 .3 Mbit/s (upstream) G.992.2 Data transmission r ecommendation for ADSL (G.
capsulating other prot ocols so that they can be transpor ted via the Internet P rotocol (IP) in the f or m of a tunnel (VPN). GRE uses pro- tocol n umber 47 . GSM The Global Sy stem f or Mobile Communications (GSM), also kno wn as 2G, is a mobile communications standar d.
it uses por t 80. HTTPS The HyperT e xt T ransf er P rot ocol Secure (HTTPS) is a pr otocol which prot ects against eavesdr opping when transmit ting HTML pages (web pages) bet ween server and client. HTTPS is schematic- ally identical t o HTTP . SSL / TLS is used for additional dat a encryp- tion.
IPCP The Int er net P rotocol C ontrol P rot ocol (IPCP) is used, in a similar way t o DHCP , to configur e a host with an IP address , gat eway and DNS ser ver , when a PPP net work connection is being used. With the e xtension R obust Header C ompression ov er PPP , the header can be compressed f or fast er data transmission.
L2TP The Layer 2 T unneling P rotocol (L2TP) is a networ k prot ocol for en- capsulating other prot ocols so that they can be transpor ted via the Internet P rotocol (IP) in the f or m of a tunnel (VPN).
Loopback In a loopback s witch the sender and recipient are identical. L TE Long T erm Evolution (L TE), also known as 4G, is a mobile comm u- nications standar d with a standardised maxim um data transmission rat e of 300 Mbit/s.
MPPE Microsof t Point-T o-Point Encryption (MPPE) is used to encrypt data transmit ted via PPP . It was dev eloped by Microsof t and Cisco and specified as RFC 3078. MS-CHAP The Microsof t Challenge Handshake A uthentication P rot ocol (MS-CHAP) is a method of authentication.
NBNS Like DNS, NetBIOS Name Service (NBSN) is used in centralised name resolution. See also WINS and DNS . Netmask With IPv4 in connection with the IP addr ess, the netmask, also net- work mask and subnet mask, defines the net work by dividing the IP address int o net work and device parts and thus determining which addresses need t o be routed.
P eer A peer is the endpoint of a communication in the networ k. Phase 1/2 See IKE. PIM The P rotocol Independent Multicast (PIM) enab les the dynamic rout- ing of multicast pac kets on the Int ernet. Ping Ping is a diagnostic tool that can be used to chec k whether a par tic- ular host in an IP net work can be contacted.
POP3 The Post Of fice P rot ocol V ersion 3 (POP3) is a transmission pr o- tocol which contr ols how a client accesses emails from an email ser ver . P or t The por t number is used t o decide the ser vice (telnet, FTP , ...) to which an incoming data pac ket should be sent.
Pr oposal W hen an IPSec connection is being estab lished, the initiator of the connection makes pr oposals with relation to the authentication and encr yption methods to be used. Pr otocol P rot ocols regulat e the flow of a data communication on dif f erent le vels of the OSI model.
Reset This returns the device t o its unconfigured stat e. RFC A Request F or Comments (RFC) is a document that describes the standar ds and guidelines for the Int er net. Rijndael See AES. RIP The Routing Inf ormation P rot ocol (RIP) is a routing prot ocol.
RTSP The Real-Time Str eaming P rot ocol (RTSP) controls the tr ansmis- sion of audio and video data (str eams) via IP -based net wor ks. W hile the Real-T ime T ranspor t P rotocol (R TP) is used to transmit user data, the main function of R TSP lies in controlling the data streams .
SHA1 Secure Hash Algorithm version 1 (SHA1) is a hash function that generat es a 1 60 bit hash v alue (checksum). See also Hash. SHDSL Symmetrical High-bit-rat e Digital Subscriber Line. See DSL. Shell The shell is an input interface (e . g. command line or graphic user interf ace) bet ween computer and user .
the Real-T ime T ranspor t P rotocol (R TP) that is encr ypted using AES. SSH Secure Shell (SSH) is a network protocol that can be used t o estab- lish an encr ypted connection t o a device's shell. SSID The Service Set Identifier (SSID) defines a wir eless net work that is based on IEEE 802.
sible IP addr esses). Switc h A s witch is a net work component that connects individual net work segments to one another . On the one hand, a s witch can be oper - ated as a bridge to the dat a link layer in the OSI model. Unlik e the bridge, howe ver , a switch has mor e than one input and output.
an ISDN terminal. See also NT . T elnet T elecommunication Net wor k (T elnet) is a net work prot ocol. It en- ables comm unication with another , remote de vice in the net wor k, e. g. PCs , rout ers, etc. TFTP The T rivial File T ransfer P rotocol (TFTP) regulat es the transmission of files .
control m ust take place in the application lay er . Con ver sely , UDP is f aster than connection-oriented pr otocols. ULA Unique Local Addr esses (ULA) are IPv6 addresses that ar e not rout ed. They can be used in private networks (e. g. a LAN). ULAs begin with the pref ix fd.
also ref ers to a tunnel that is est ablished between the private net- works of the t wo connected parties. VPN prot ocols are IPSec , PPTP , L2TP and GRE.
WP A-PSK With WP A 1 / 2, WP A -PSK enables subscribers to be authenticat ed using pre-shar ed key s. The access point and the client use the same string for the k ey calculation in the WLAN.
Index 1 87 V endor Descr iption 375 ISDN Timeserver 63 P ower Of f Timeout 58 Sy stem Admin P assw ord 59 # #1 #2, #3 1 05 2 2,4/5 GHz changeov er 449 A Access C ontrol 1 39 , 1 7 4 Access F ilter 234.
B Back R oute V er ify 290 Back R oute V er ify 1 97 Bandwidth 124 , 1 62 Based on Ethernet Interface 1 1 3 Beacon P er iod 1 40 , 165 Blacklist b locktime 1 7 4 Block af ter connection f ailure for 2.
Creat e NA T P olicy 268 , 273 , 322 , 330 CRLs 1 07 CS V File F ormat 385 CTS frames r eceived in r esponse to an R TS 445 Current F ile Name in Flash 420 Current Local T ime 62 Current Speed / Mode .
Drop In Gr oups 237 Drop unt agged frames 1 1 9 Dropped 441 , 456 Dropping Algorithm 227 DSA K ey St atus 7 6 DSCP / T OS V alue 193 DSCP/T OS Filter (Lay er 3) 215 , 230 , 409 DTIM P er iod 1 40 , 16.
238 Group ID 397 Groups 347 , 349 , 352 H Hashing Algorithms 76 Hello Interval 259 Hello Intervall 31 9 Hello Hold Time 259 High P rior it y Class 219 Hold Down T imer 248 Host 362 Host f or multiple .
IPSec Statistics 440 IPSec T unnels 438 IPSec (Phase-2) SAs 439 IPSec Debug Le vel 313 IPSec ov er TCP 314 IPSec P eers 280 IPv4 Rout e Configuration 189 IPv4 Routing T able 1 96 ISDN Login 73 J Join/.
Max. Scan Duration 1 30 Max. T ransmission Rate 1 64 Maximum Number of Dialup R etries 269 , 27 4 Maximum R etries 319 Maximum Gr oups 255 Maximum Message Le vel of Sy slog Entries 56 Maximum Number o.
Net working 189 New Destination P or t 205 New Destination IP A ddress/Netmask 205 New F ile Name 420 New Sour ce Port 205 New Sour ce IP Address/Netmask 205 No .
PPTP Addr ess Mode 27 4 PPTP Ethernet Interface 272 PPTP Mode 328 P recedence 262 P reshar ed K ey 1 36 , 1 42 , 145 , 1 70 , 282 P rimar y DHCP Ser ver 378 P rimar y DNS Ser ver 359 P rior itisation .
Retr ansmission Timer 248 Retries 84 Re ver se-P ath-F orwar ding (RPF) 460 , 461 RFC 2091 V ariable T imer 246 RFC 2453 V ariable T imer 246 RIP 241 RIP Filt er 243 RIP Interf aces 241 RIP Options 24.
An important point after buying a device Funkwerk WO1003n (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Funkwerk WO1003n yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Funkwerk WO1003n - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Funkwerk WO1003n you will learn all the available features of the product, as well as information on its operation. The information that you get Funkwerk WO1003n will certainly help you make a decision on the purchase.
If you already are a holder of Funkwerk WO1003n, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Funkwerk WO1003n.
However, one of the most important roles played by the user manual is to help in solving problems with Funkwerk WO1003n. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Funkwerk WO1003n along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center