manualshive.com logo in svg

bintec elmeg be.IP 4isdn, Manual

The bintec elmeg be.IP 4isdn is a cutting-edge communications solution for businesses, offering advanced features and reliable connectivity. For detailed instructions on how to set up and maximize its capabilities, download the free manual from manualshive.com. Stay ahead of the curve with this top-of-the-line product.

Share
Download
background image

Chapter 14 VPN

A connection that uses the Internet as a "transport medium" but is not publicly accessible is
referred to as a VPN (Virtual Private Network). Only authorised users have access to such
a VPN, which is seemingly also referred to as a VPN tunnel. Normally the data transported
over a VPN is encrypted.

A VPN allows field staff or staff working from home offices to access data on the company's
network. Subsidiaries can also connect to head office over VPN.

The connection partner is authenticated with a password, using preshared keys or certific-
ates.

With IPSec the data is encrypted using AES or 3DES, for example.

14.1 IPSec

IPSec enables secure connections to be set up between two locations (VPN). This enables
sensitive business data to be transferred via an unsecure medium such as the Internet.
The devices used function here as the endpoints of the VPN tunnel. IPSec involves a num-
ber of Internet Engineering Task Force (IETF) standards, which specify mechanisms for the
protection and authentication of IP packets. IPSec offers mechanisms for encrypting and
decrypting the data transferred in the IP packets. The IPSec implementation can also be
smoothly integrated in a Public Key Infrastructure (PKI, see

Certificates

on page 69). IPSec

implementation achieves this firstly by using the Authentication Header (AH) protocol and
Encapsulated Security Payload (ESP) protocol and secondly through the use of crypto-
graphic key administration mechanisms like the Internet Key Exchange (IKE) protocol.

Additional IPv4 Traffic Filter

bintec elmeg gateways support two different methods of setting up IPSec connections:

• a method based on policies and

• a method based on routing.

The policy-based method uses data traffic filters to negotiate the IPSec phase 2 SAs. This
allows for a very "fine-grained" filter to be applied to the IP packet, even at the level of the
protocol and the port.

The routing-based method offers various advantages over the policy-based method, e.g.,
NAT/PAT within a tunnel, IPSec in combination with routing protocols and the creation of
VPN backup scenarios. With the routing-based method, the configured or dynamically

bintec elmeg GmbH

14 VPN

be.IP 4isdn

235

Summary of Contents for be.IP 4isdn

Page 1: ...Manual be IP 4isdn Operation as a Media Gateway Copyright Version 10 1 27 RC 10 2017 bintec elmeg GmbH bintec elmeg GmbH Manual be IP 4isdn...

Page 2: ...open source software that has been developed by third party suppliers and which is licensed under an open source software li cense These open source software files are subject to copyright For a curr...

Page 3: ...ly 6 2 1 7 General Product Features 7 2 2 Reset 8 2 3 Presettings 9 2 4 Support Information 10 Chapter 3 Mounting 11 3 1 Connecting terminals 11 3 1 1 Internal ISDN connection 11 3 2 Reset button 11 3...

Page 4: ...ternal VDSL modem 20 4 3 2 Other internet connections 20 4 3 3 Testing the configuration 21 4 4 User access 21 4 5 Software updates for be IP 4isdn 22 Chapter 5 Access and configuration 24 5 1 Access...

Page 5: ...Access 65 7 6 1 Access Profiles 65 7 6 2 Users 68 7 7 Certificates 69 7 7 1 Certificate List 70 7 7 2 CRLs 77 7 7 3 Certificate Servers 78 Chapter 8 Physical Interfaces 79 8 1 Ethernet Ports 79 8 1 1...

Page 6: ...lave AP Autoprofile 115 10 3 Slave AP configuration 116 10 3 1 Slave Access Points 116 10 3 2 Radio Profiles 119 10 3 3 Wireless Networks VSS 125 10 4 Monitoring 133 10 4 1 WLAN Controller 133 10 4 2...

Page 7: ...Configuration 154 11 3 3 NAT Configuration example 160 11 4 Load Balancing 162 11 4 1 Load Balancing Groups 162 11 4 2 Special Session Handling 166 11 4 3 Load balancing Configuration example 169 11 5...

Page 8: ...2 1 Profiles 223 13 2 2 Service Categories 227 13 2 3 OAM Controlling 229 13 3 Real Time Jitter Control 233 13 3 1 Controlled Interfaces 233 Chapter 14 VPN 235 14 1 IPSec 235 14 1 1 IPSec Peers 236 1...

Page 9: ...oups 285 15 2 2 IPv6 Groups 286 15 3 Addresses 286 15 3 1 Address List 286 15 3 2 Groups 287 15 4 Services 288 15 4 1 Service List 288 15 4 2 Groups 290 15 5 Configuration 291 15 5 1 SIF Configuration...

Page 10: ...333 17 3 DynDNS Client 333 17 3 1 DynDNS Update 334 17 3 2 DynDNS Provider 335 17 4 DHCP Server 337 17 4 1 IP Pool Configuration 337 17 4 2 DHCP Configuration 338 17 4 3 IP MAC Binding 342 17 4 4 DHC...

Page 11: ...ces 381 17 9 2 General 381 17 10 HotSpot Gateway 382 17 10 1 HotSpot Gateway 384 17 10 2 Options 387 17 11 Wake On LAN 388 17 11 1 Wake On LAN Filter 388 17 11 2 WOL Rules 391 17 11 3 Interface Assign...

Page 12: ...P Accounting 405 19 2 1 Interfaces 405 19 2 2 Options 406 19 3 Alert Service 407 19 3 1 Alert Recipient 407 19 3 2 Alert Settings 409 19 4 SNMP 411 19 4 1 SNMP Trap Options 411 19 4 2 SNMP Trap Hosts...

Page 13: ...ry 418 20 4 Interfaces 418 20 4 1 Statistics 418 20 4 2 Network Status 420 20 5 Bridges 420 20 5 1 br x 420 20 6 HotSpot Gateway 420 20 6 1 HotSpot Gateway 420 20 7 QoS 421 20 7 1 QoS 421 Glossary 422...

Page 14: ...Table of Contents bintec elmeg GmbH xii be IP 4isdn...

Page 15: ...ly used voice channels to an ALL IP connection If you are in need of voice trans coding our Media Gateway be IP 4isdn is a perfect choice as well Due to the use of additional DSPs the number of simult...

Page 16: ...n parameters but no screen shots An HTML based version containing the screen shots is available as a ZIP file in the download section of your device Unpack the ZIP file into a folder of your choice an...

Page 17: ...s use the cable provided with the terminal 5 SIP telephones Connect your SIP telephones to the 10 100 1000 Base T Ethernet interfaces In a last step connect your PC and follow the instructions from th...

Page 18: ...ections on the side 1 Function key 2 Console 2 1 4 Mounting brackets Due to the position of the devices in a rack it is recommended to use remote antenna At tach the mounting brackets to the device us...

Page 19: ...onisation flickering Data transfer TEL on Telephony ready at IP connector Voice over IP off Telephony not configured ISDN1 to ISDN 4 on ISDN telephone system connected off On standby or not functionin...

Page 20: ...Link Act off No Ethernet connection LAN 5 Speed Green on 1000 Mbit s transfer rate LAN 5 Speed Orange on 100 Mbit s transfer rate LAN 5 Speed off 10 Mbit s transfer rate LEDs back view The LEDs are li...

Page 21: ...packaging approx 1 800 g Memory 128 MB SDRAM LEDs 20 9x Function 1 x Service 5x2 Ethernet Power consumption of the device max 30 W 12 V DC Voltage supply 12 V DC 2 5 A Environmental requirements Stora...

Page 22: ...5 pole mini USB socket Barrel connector socket for power sup ply 2 2 Reset The reset is performed by using the reset button at the terminal area The device is rebooted by quickly pressing the key ca o...

Page 23: ...onnections at this address IP Address Netmask In the ex works state you should use the following access data to configure your device using the configuration interface User Name Password Note After yo...

Page 24: ...ass words are reset Provider selection After the first login to the web interface you are given the option to choose your Internet provider If you want to configure a connection provided by Deutschen...

Page 25: ...ng a maximum of two unpowered ISDN terminals In its ex works state the internal ISDN connection is set up as a short passive bus S0 bus It is the simple bus cabling in an ISDN system with a length of...

Page 26: ...nstallation to that of the device The sockets are used for a permanent installation for example in a hallway When they are installed the connecting cables are connected to the connect ors on the devic...

Page 27: ...3 8 Pair 3 3 4 2 ISDN interface The connection is made via an RJ45 socket The pin assignment for the ISDN interface RJ45 socket is as follows RJ45 socket for ISDN connection Pin Function 1 Not used 2...

Page 28: ...or VDSL connection Pin Function 1 Not used 2 Not used 3 Not used 4 Line 1a 5 Line 1b 6 Not used 7 Not used 8 Not used 3 4 4 Serial interface Your device has a serial interface for connection to a cons...

Page 29: ...Pin Position 2 TxD 3 RxD 4 Not used 5 GND bintec elmeg GmbH 3 Mounting be IP 4isdn 15...

Page 30: ...ingle PC to your be IP 4isdn so that a separate network is created 4 1 1 Systemsoftware Your device contains the version of the system software available at the time of production More recent versions...

Page 31: ...r personal data in the Your values column so that you can refer to these values later when needed Basic configuration For a basic configuration of your device you need information that relates to your...

Page 32: ...your device via the network and to be able to do a configuration using the con figuration interface the PC used for the configuration has to satisfy some prerequisites Make sure that the TCP IP protoc...

Page 33: ...HCP client Assign an IP address to your PC as follows 1 Initially proceed as described to display the network properties 2 Select Internet Protocol TCP IP and click on Properties 3 Choose Determine IP...

Page 34: ...Internet connection with your device 4 3 1 Internet connection via the internal VDSL modem To make it easier to configure an VDSL internet connection the configuration interface has a wizard to guide...

Page 35: ...ce indicators for ISDN DSL and the Ethernet interfaces 4 4 User access Those who administer and set up the system can set up a personalised configuration ac cess for the users This will enable the use...

Page 36: ...h Go Alternatively you can carry out a software update in the User view On the Status page click Update under Firmware Update to start the process Do not interrupt the Internet connection or the power...

Page 37: ...nce you have clicked on Go the update cannot be cancelled interrupted If an error occurs during the update do not re start the device and contact support bintec elmeg GmbH 4 Basic configuration be IP...

Page 38: ...an use from any PC with an up to date Web browser via an HTTP or HTTPS connection With the configuration interface you can perform all the configuration tasks easily and con veniently It is integrated...

Page 39: ...r 4 Enter 455 in the address field of the web browser 5 You will prompted to change the administrator password Change the login password You are now in the status menu of your device s configuration i...

Page 40: ...uration and close the window Exit the configuration without saving Online Help Click this button if you want help with the menu now active The description of the sub menu where you are now is displaye...

Page 41: ...start again from here Save configuration button If you click the Save configuration button you will be asked Do you really want to save the current configuration as a boot configuration You can Save c...

Page 42: ...pen the configuration interface the status page of your device is displayed after you log in The most important data of your device can be seen on this at a glance Main configuration window The sub me...

Page 43: ...eter changes in a list Immediately starts the configured action Calls the sub menu to create a new entry Inserts an entry in an internal list Symbols Icon Function Deletes the list entry Displays the...

Page 44: ...options Menu Function Update Interval Here you can set the interval in which the view is to be updated To do this enter a period in seconds in the input field and con firm it with Filter You can have...

Page 45: ...elements You can therefore change the configuration of the correspond ing list entry directly in the list Configuration of the update interval Filter list On the status page you can open the option A...

Page 46: ...r the basic settings for the function concerned Sub menu The New button is available in each menu in which a list of all the configured entries is displayed Click the button to display the configurati...

Page 47: ...play of options that are not available Options that are not available because they depend on the selection of other options are generally hidden If the display of these options could be helpful for a...

Page 48: ...ote Please note that not all devices have the full range of functions Use your product spe cification to check which software your device has 5 Access and configuration bintec elmeg GmbH 34 be IP 4isd...

Page 49: ...ep by step instructions for the following basic configuration tasks Choose the corresponding task from the navigation bar and follow the instructions and ex planations on the separate pages of the Wiz...

Page 50: ...or the power supply After installation of the new system software the system must be restarted In the Full Access and Expert views of your device the status page displays the most important system inf...

Page 51: ...layed in brackets as a percentage ISDN Usage Internal Shows the number of active B channels and the maximum num ber of available B channels for incoming connections Active Sessions SIF RTP etc Display...

Page 52: ...here and their most important settings are shown The system also displays whether the inter face is active 7 2 Global Settings The basic system parameters are managed in the Global Settings menu 7 2...

Page 53: ...reated System messages are only recorded internally if they have a higher or identical priority to that indicated i e all messages generated are recorded at syslog level 73 Possible values 0 Only mess...

Page 54: ...ou want to run your own management system you need to enter the address of your server here Manual WLAN Control ler IP Address This function is only available on devices with a wireless LAN controller...

Page 55: ...ing the passwords is another basic system setting Note All bintec elmeg devices are delivered with the same username and password As long as the password remains unchanged they are not protected again...

Page 56: ...ss OK or call the menu again they are displayed as asterisks 7 2 3 Date and Time You need the system time for tasks such as correct timestamps for system messages ac counting or IPSec certificates You...

Page 57: ...r time and back must be carried out manually if the time is derived using this method by changing the value in the Time Zone field with an option UTC or UTC Note If a method for automatically deriving...

Page 58: ...deactivated for the period in which the time is determined by means of a time server The function is activated by selecting 7 The function is disabled by default First Timeserver Enter the primary tim...

Page 59: ...an IP address In addition select the protocol for the time server request Possible values 9 default value This server uses the simple network time protocol via UDP port 123 5 This server uses the Tim...

Page 60: ...electing 7 Time requests from a client will be answered with the current system time This is given as GMT without offset The function is disabled by default Time requests from a client are not answere...

Page 61: ...rd for licences at additional cost You will then receive an e mail containing the following data Licence Key and Licence Serial Number You enter this data in the System Management Global Settings Syst...

Page 62: ...er the licence key you received by e mail Note If 9 is displayed as the status Enter the licence data again Check your hardware serial number If 9 3 is displayed as the status you have entered a licen...

Page 63: ...es If your device has a radio port it receives the interface name WLAN If there are several ra dio modules the names of wireless ports in the user interface of your device are made up of the following...

Page 64: ...arts a Abbreviation for interface type b Number of the wireless module on which the client link is configured c Number of the client link Example first client link on the first wireless module The nam...

Page 65: ...after you click the OK button Configuration Interface Select the interface via which the configuration is to be carried out Possible values default value Ex works setting The right con figuration int...

Page 66: ...figuration settings You can use the MAC Bridge The System Management Interface Mode Bridge Groups Interfaces menu consists of the following fields Fields in the Layer 2 5 Options menu Field Value Inte...

Page 67: ...MAC address to establish the connection to the access point The function is enabled with 7 The function is disabled by default 7 4 Administrative Access In this menu you can configure the administrati...

Page 68: ...istrative Access Access Add menu consists of the following fields Fields in the menu Access Field Description Interface Select the interface for which administrative access is to be con figured 7 4 2...

Page 69: ...tivated by selecting 7 The function is enabled by default SSH Port Here you can enter the port via which the SSH connection is to be established The default value is Maximum number of concurrent conne...

Page 70: ...d again You can then repeat generation If the B 2 status is displayed generation of a key is not possible for example because there is not enough space in the FlashROM The status is 9 by default ED255...

Page 71: ...pace in the FlashROM The status is 9 by default The menu Advanced Settings consists of the following fields Fields in the menu Advanced Settings Field Value Login Grace Time Enter the time in seconds...

Page 72: ...ckets that can be transmit ted as well as the communication process The data objects queried via SNMP are structured in tables and variables and defined in the MIB Management Information Base This con...

Page 73: ...v3 you should if possible use this version as older versions transfer all data unencrypted 7 5 Remote Authentication This menu contains the settings for user authentication 7 5 1 RADIUS RADIUS Remote...

Page 74: ...etween the RADIUS server and your device client Packet types Field Value ACCESS_REQUEST Client Server If an access request is received by your device a request is sent to the RADIUS server if no corre...

Page 75: ...n Type Select what the RADIUS server is to be used for Possible values 3 default value only for PPP connec tions The RADIUS server is used for controlling access to a network 3 for PPP connections onl...

Page 76: ...r with the highest priority is used first If this server does not an swer the server with the next highest priority is used Possible values from highest priority to lowest priority The default value i...

Page 77: ...cation 1645 in older RFCs and 1813 for accounting 1646 in older RFCs You can obtain the port to be used from the documenta tion for your RADIUS server The default value is Server Timeout Enter the max...

Page 78: ...alout routes This enables temporary interfaces to be configured automatically and your device can initiate outgoing connections that are not configured permanently The function is activated by selecti...

Page 79: ...abled by default 3 7 is diabled by default 7 6 Configuration Access In the Configuration Access menu you can configure user profiles To do so you create access profiles and users and assign each user...

Page 80: ...the access profile Level No The system automatically assigns a sequential number to the access profile This cannot be edited Fields in the menu Buttons Field Description Save configuration If you act...

Page 81: ...You see all the menus from the GUI s navigation bar Menus that contain at least one sub menu are flagged by and The icon indicates pages When you create a new access profile no elements are as signed...

Page 82: ...the information is released for reading and writing The icon indicates blocked entries 7 6 2 1 Edit or New Choose the icon to edit existing entries Choose the New button to enter additional users The...

Page 83: ...key and a private key is used to encrypt and decrypt the data For encryption the sender requires the public key of the recipient The recipient decrypts the data using his private key To ensure that th...

Page 84: ...e content of the selected object key certificate or request The certificates and keys themselves cannot be changed but a few external attributes can be changed depending on the type of the selected en...

Page 85: ...disabled by default Caution It is extremely important for VPN security that the integrity of all certificates manually marked as trustworthy certification authority and user certificates is ensured T...

Page 86: ...fault value Your device generates a PKCS 10 for the key This file can then be uploaded directly in the browser or copied in the menu using the View details field This file must be provided to the CA a...

Page 87: ...th the enrolment process provided no more important para meters are missing In this case it returns to the Generate Certificate Request menu If the CA certificate does not contain a CRL distribution p...

Page 88: ...me individually as specified by the CA or want to enter a special subject name If 7 is selected a subject name can be given in Sum mary with attributes not offered in the list Example CN VPNServer DC...

Page 89: ...d Settings consists of the following fields Fields in the Subject Alternative Names menu Field Description 1 2 3 For each entry define the type of name and enter additional subject names Possible valu...

Page 90: ...tificates Certificate List Import consists of the following fields Fields in the Import menu Field Description External Filename Enter the file path and name of the certificate to be imported or use B...

Page 91: ...P supports the issue and revocation of certificates in networks 7 7 2 1 Import Choose the Import button to import CRLs The System Management Certificates CRLs Import menu consists of the following fie...

Page 92: ...he private key and provides certificate revocation lists CRL that are accessed by the device via LDAP or HTTP in order to verify certificates 7 7 3 1 New Choose the New button to set up a certificate...

Page 93: ...hed when splitting ports make sure that Ethernet interface with the preconfigured IP address and netmask is assigned to a port that can be reached via Ethernet If in doubt carry out the configuration...

Page 94: ...oup together several switch ports into one interface the full bandwidth of max 1000 mbps full duplex is available for all the ports to gether The menu Physical Interfaces Ethernet Ports Port Configura...

Page 95: ...interface Possible values 7 default value No flow control is performed 7 Flow will be controlled 3 Flow will be controlled automatically 8 2 ISDN Ports In this menu you configure the ISDN interfaces o...

Page 96: ...a list of all ISDN ports and their configuration are displayed 8 2 1 1 Edit Choose the icon to edit the configuration of the ISDN port The Physical Interfaces ISDN Ports ISDN Configuration menu consi...

Page 97: ...n the Advanced Settings menu Field Description X 31 X 25 in D Chan nel Select whether you want to use X 31 X 25 in the D channel e g for CAPI applications The function is enabled with 7 The function i...

Page 98: ...device s general routing service This enables ISDN remote terminals to establish data connections with your LAN among oth er things This enables partners outside your own local network to access host...

Page 99: ...nding service Note If no entry is specified ex works state every incoming ISDN call is accepted by the ISDN Login service To avoid this you should make the necessary entries here As soon as an entry e...

Page 100: ...N Recognition MSN Recognition Select the mode your device is to use for the number comparis on for MSN with the called party number of the incoming call Possible values 1 default value 1 Always select...

Page 101: ...TU G 992 2 G DMT Bis ITU G 992 3 ADSL2 Double Ended Line Test 3 ADSL2 Plus ITU G 992 5 3 ADSL2 Plus Double Ended Line Test Reach Extended ADSL2 Reach Extended ADSL2 Double Ended Line Test 6 6 6 F 6 F...

Page 102: ...ly for Annex J devices ADSL2 Plus G 992 5 Annex J is used The ADSL interface is not active Transmit Shaping Select whether the data rate in the send direction is to be re duced This is only needed in...

Page 103: ...sts of the following fields Fields in the Advanced Settings menu Field Description ADSL Line Profile Select the internet service provider you require and in doing so implicitly select the modem parame...

Page 104: ...s Ethernet interfaces in routing mode You can use the New button to create virtual interfaces However this is only needed in special applications e g BRRP Depending on the option selected different fi...

Page 105: ...you can manually specify a static value One host address can be created through 3 3 for additional host addresses you can specify static values If your device acts a router it commonly distributes the...

Page 106: ...face is not assigned for a specific purpose E 9 This option only applies for routing inter faces You use this option to assign the interface to a VLAN This is done using the VLAN ID which is displayed...

Page 107: ...onnection that has been initiated from a trus ted zone You can configure exceptions for the selected setting in the Firewall on page 277 menu Address Mode Select how an IP address is assigned to the i...

Page 108: ...tside of your LAN You can configure exceptions for the selected setting in the Firewall on page 277 menu IPv6 Mode Only for IPv6 7 Select whether the interface is to be operated in host or in router m...

Page 109: ...cept Router Advertisement 7 and DHCP Client 7 its IPv6 addresses are determined through SLAAC You need not configure an IPv6 address manually but you can enter addtional addresses if desired If your...

Page 110: ...lds in the Link Prefix menu Field Description Setup Mode Select in which way the Link Prefix is to be determined Possible values 1 6 default value The Link Prefix is derived from a General Prefix You...

Page 111: ...scribes the fourth of the four 16 bit fields of a Link Prefix Possible values are Upon subnet creation the decimal ID value is converted to a hexadecimal one Link Prefix Only for Setup Mode You can sp...

Page 112: ...hould be set This al lows the host to enter the prefix from the prefix list The function is activated by selecting 3 The function is enabled by default Autonomous Flag Select whether the Autonomous Ad...

Page 113: ...t name requested by the provider The maximum length of the entry is 45 characters DHCP Broadcast Flag Only for Address Mode Choose whether or not the BROADCAST bit is set in the DHCP requests for your...

Page 114: ...ertise ment 7 Enter a time period in seconds The router remains in the de fault router list throughout this interval The default value is seconds The maximum value is seconds A value of means that the...

Page 115: ...h SLAAC In this case the router sends only data via DHCP that are not address related By selecting hosts receive IPv6 addresses as well as not address related in formation through DHCP DNS Propagation...

Page 116: ...ral VLAN segmenting can be configured with all interfaces VLAN for Bridging and VLAN for Routing In the LAN VLAN menu VLANs virtual LANs are configured with interfaces that operate in Bridging mode Us...

Page 117: ...this port are to be transmitted i e with VLAN in formation or i e without VLAN information 9 2 2 Port Configuration In this menu you can define and view the rules for receiving frames at the VLAN port...

Page 118: ...ke general settings for a VLAN The options must be configured sep arately for each bridge group The LAN VLANs Administrationmenu consists of the following fields Fields in the Bridge Group br ID VLAN...

Page 119: ...configuration in succession i e they are managed via the WLAN controller and can no longer be amended externally With the WLAN controller you can automatically detect individual access points APs and...

Page 120: ...must be entered for each AP in the Sys tem Management Global Settings System menu in the Manual WLAN Controller IP Address field Please note Make sure that option 138 is active when using an external...

Page 121: ...yed in the list At least one wireless network VSS is set up This entry cannot be deleted Click on to edit an existing entry You can also delete entries using the icon With Add you can create new entri...

Page 122: ...tant Change the default Preshared Key If the key has not been changed your device will not be protected against unauthorised access Radius Server You can control access to a wireless network via a RAD...

Page 123: ...r all selected access points You can change these settings The following parameters are available in the Access Point Settings menu Location Displays the stated locality of the AP You can enter anothe...

Page 124: ...rtially occupies the adjacent chan nels In the case of manual channel selection please make sure first that the APs actually sup port these channels Transmit Power Displays the transmission power in d...

Page 125: ...VLAN function and assign a VLAN ID during the configuration of a VSS For the separation from other in terfaces to work properly you need to create a virtual interface with its own IP configura tion a...

Page 126: ...his option if you intend to use your device as DHCP server for this VLAN IP Address Range Only for DHCP Server Specify the first and the last IP address which your device is to distribute inside the V...

Page 127: ...to assign fixed IP addresses yourself Alternatively you can use your device as a DHCP server For this internal DHCP server CAPWAP option 138 is active in order to allow communication between the maste...

Page 128: ...anage are located in the LAN or the WAN Possible values 9 default value 8 9 The 8 9 setting is useful if for example there is a wireless LAN controller installed at head office and its APs are distrib...

Page 129: ...automatically when it is integrated into the network By default All is activated so that the entry matches every new access point IP Address Netmask Enter an IP address and a netmask You can enter hos...

Page 130: ...on column You can disconnect the Access Point from the WLAN Controller and therefore remove it from your WLAN infrastructure by click on the button The Access Point then receives the status but is no...

Page 131: ...le the data for wireless module 1 are displayed The menu consists of the following fields Fields in the Access Point Settings menu Field Description Device Displays the type of device for the AP Locat...

Page 132: ...ng the network name SSID in Access Point mode means that wireless networks can be logically separated from each other but they can still physically interfere with each other if they are operating on t...

Page 133: ...n troller Slave AP configuration Radio Profiles menu A profile with 2 4 GHz and a pro file with 5 GHz are created by default the 2 4 GHz profile cannot be deleted For each wireless module profile you...

Page 134: ...operated at 5 GHz outside buildings H 5 3 Your device is operated at 5 GHz inside or outside buildings H 3 Only for so called Broadband Fixed Wireless Access BFWA applications The frequencies in the...

Page 135: ...ort The data rates 5 5 and 11 mbps must be supported by all clients basic rates 75 5 Your device operates according to either 802 11b 802 11g or 802 11n 5 Your device operates according to either 802...

Page 136: ...lient cannot achieve only a poor flow level because a less powerful client e g a 802 11a client is treated in the same way when apportioning The function is enabled with 7 The function is disabled by...

Page 137: ...d channels your self User Defined Channel Plan Only for Channel Plan 1 The currently selected channels are displayed here With Add you can add channels If all available channels are displayed you cann...

Page 138: ...3 A According to setting for Operation Band Band width Number of Spatial Streams and Wireless Mode vari ous fixed values in mbps are available Short Retry Limit Enter the maximum number of attempts t...

Page 139: ...ign unassigned VSS to all radio modules click on the Start button to assign a newly created VSS to all wireless modules 10 3 3 1 Edit or New Choose the icon to edit existing entries Choose the New but...

Page 140: ...ce or video prioritisation via WMM Wireless Multimedia is to be activated for the wireless network so that optimum transmission quality is always achieved for time critical applications Data prioritis...

Page 141: ...urity Mode 8 or 8 Select one of the keys configured in WEP Key as a standard key The default value is 0 WEP Key 1 4 Only for Security Mode 8 8 Enter the WEP key Enter a character string with the right...

Page 142: ...ult value AES is used TKIP is used AES or TKIP is used Preshared Key Only for Security Mode 8 Enter the WPA password Enter an ASCII string with 8 63 characters Note Change the default Preshared Key If...

Page 143: ...oss all wireless networks configured for this radio module No more new wire less networks can be created and a warning message will ap pear if the maximum number of clients is reached Possible values...

Page 144: ...o cells with as little delay as possible e g with Voice over WLAN G H 7 1 Preference is given to accept ing clients in the 2 4 GHz band H 7 1 Preference is given to accepting clients in the 5 GHz band...

Page 145: ...time for a blacklist entry to be created Default values are failed attempts during seconds Blacklist blocktime Enter the time for which an entry in the dynamic blacklist re mains valid Default value i...

Page 146: ...connected from the access point Select the rate profile to be applied 5 All clients supporting a transfer rate of 1 MBit s are allowed to connect to the access point 5 7 see above for clients with a m...

Page 147: ...seconds during which the signal strength of a client may fall below the RSSI threshold without the client be ing disconnected The default value is seconds 10 4 Monitoring This menu is used to monitor...

Page 148: ...LAN MAC Address Channel Tx Bytes and Rx Bytes Moreover you can see if an access point is in or state Via the icon you can open an summary with additional details about the Slave Access Points 10 4 2 1...

Page 149: ...WLAN Authenticate The client is in the process of being authenticated Authenticated The client is authenticated Via the icon you can open a summary with additional details about the Active Clients Val...

Page 150: ...r could attempt to spy on data in your network using a rogue AP Although each AP is found more than once it is only displayed once with the strongest sig nal You see the following parameters for each...

Page 151: ...will receive a warn ing that the wireless modules of the access points must also be disabled for a certain peri od of time When you start the process with OK a progress bar is displayed The located A...

Page 152: ...additional blacklist entries The menu consists of the following fields Fields in the New Blacklist Entry menu Field Description Rogue Client MAC Ad dress Enter the MAC address of the client you intend...

Page 153: ...mware Maintenance menu consists of the following fields Fields in the Firmware Maintenance menu Field Description Action Select the action you wish to execute After each task a window is displayed sho...

Page 154: ...URL Only for Source Location or Enter the URL of the update server from which the system soft ware file is loaded or on which the configuration file is saved 10 Wireless LAN Controller bintec elmeg Gm...

Page 155: ...You can enter several default routes on your device but only one default route can be active at any one time If you enter several default routes you should thus note differing values for Metric 11 1 1...

Page 156: ...tes can still be configured for data traffic via that interface The set tings received from the DHCP server are then copied along with those configured here to the active routing table This en ables e...

Page 157: ...d with ex tended parameters If the function is active a route is created with extended routing parameters such as source interface and source IP address as well as protocol source and des tination por...

Page 158: ...ption Enter a description for the IP route Source Interface Select the interface over which the data packets are to reach the device The default value is 9 Source IP Address Netmask Enter the IP addre...

Page 159: ...all port numbers Enables the entry of a port number Enables the entry of a range of port numbers Entry of privileged port numbers 0 1023 Entry of server port numbers 5000 32767 Entry of client port nu...

Page 160: ...lues 3 2 default value The route can be used if the interface is up If the interface is dormant then dial and wait until the interface is up 3 The route can always be used 3 3 The route can be used wh...

Page 161: ...is enabled by default Route Type Select the type of route Possible values 1 3 3 1 Route via a specific in terface which is used if no other adequate route is available 1 3 3 2 0 Route via a specific g...

Page 162: ...ge from to The default value is 11 1 3 IPv4 Routing Table A list of all IPv4 routes is displayed in the Network Routes IPv4 Routing Table menu The routes do not all need to be active but can be activa...

Page 163: ...e symbol 11 1 4 IPv6 Routing Table A list of all configured IPv6 routes is displayed in the Network Routes IPv6 Routing Ta ble menu Fields in the IPv6 Routing Table menu Field Description Route Displa...

Page 164: ...ields Fields in the Back Route Verify menu Field Description Mode Select how the interfaces to be activated for Back Route Verify are to be specified Possible values 7 1 1 Back Route Verify is activ a...

Page 165: ...fix you need to introduce it into your system once All subnets and IPv6 addresses derived from the General Prefix change automatically after an update In order to IPv6 you need to configure how subnet...

Page 166: ...fullfil the following conditions IPv6 is 7 IPv6 Mode DHCP Client is 7 Used Prefix Length Only with Type Enter the prefix to be used Enter the corresponding length This prefix must end with The default...

Page 167: ...they were coming from the WAN You can use this to test the server ser vices The function is disabled by default Silent Deny Select whether IP packets are to be silently denied by NAT If this function...

Page 168: ...figured Possible values 0 default value NAT is configured for all interfaces 1 A Select one of the interfaces from the list Type of traffic Select the type of data traffic for which NAT is to be confi...

Page 169: ...ce port are administratively set Inbound only response packets within the existing connection are allowed In the NAT Configuration Specify original traffic menu you can configure for which data traffi...

Page 170: ...network mask destination IP address net mask etc are excluded by NAT Protocol Only for certain services Not for Type of traffic 3 3 9 and NAT method 13 or In this case UDP is automatically defined Se...

Page 171: ...e of traffic 9 Service 3 1 and Protocol 5 Enter the destination port or the destination port range of the original data packets The default setting means that the port is not specified Original Source...

Page 172: ...0 Service 3 1 and Pro tocol 5 or Type of traffic 6 3 8 3 9 Service 3 1 and Protocol 5 Enter the destination port or the destination port range of the original data packets The default setting means t...

Page 173: ...affic 3 3 9 NAT method 0 Service 3 1 Protocol 5 and Original Source Port Range or 10 Leave the source port as it appears or enter a new source port to which the original source port is to be translate...

Page 174: ...entered on Ethernet interface ETH Example scenario Configuration target You configure NAT enables for accessing your gateway over HTTP You also want to access your terminal server and the corporate we...

Page 175: ...n New New Destination IP Ad dress Netmask Network NAT NAT Configuration New New Destination Port Network NAT NAT Configuration New disabled Web server Field Menu Value Description Network NAT NAT Conf...

Page 176: ...d Balancing The increasing amount of data traffic over the Internet means it is necessary to send data over different interfaces to increase the total bandwidth available IP load balancing en ables th...

Page 177: ...New consists of the following fields Fields in the Basic Parameters menu Field Description Group Description Enter the desired description of the interface group Distribution Policy Select the way th...

Page 178: ...match the current group context and config ure these You can also delete interfaces Use Add to create more entries Fields in the Basic Parameters menu Field Description Group Description Shows the de...

Page 179: ...tiple load balancing groups configuration of the route selector is essential The route selector must be configured identically for all inter face entries within a load balancing group Select the Desti...

Page 180: ...source data transmission using Load Balancing might be terminated at times without Special Session Handling The Networking Load Balancing Special Session Handling menu displays a list of entries If y...

Page 181: ...nction is activated by selecting 7 The function is enabled by default Description Enter a name for the entry Service Select one of the preconfigured services if required The ex tensive range of servic...

Page 182: ...the source IP address and netmask of the data packets Possible values 0 default value Enter the IP address of the host 9 2 B Enter the network address and the related net mask Source Port Range Enter...

Page 183: ...by default If you leave the default setting 7 for one or both para meters the value of the parameter concerned must be the same as in the first data packet with data packets sent sub sequently You ca...

Page 184: ...cific The configuration of the DNS servers is automatically created when you create the ADSL connections and can be seen in the menu Local SevicesDNSDNS Server Overview of Configuration Steps Set up f...

Page 185: ...Menu Value Group Description Network Load Balancing Load Bal ancing Groups New e g Distribution Policy Network Load Balancing Load Bal ancing Groups New 3 7 Distribution Mode Network Load Balancing L...

Page 186: ...assifying data Prioritising data 11 5 1 IPv4 IPv6 Filter In the Networking IPv4 IPv6 Filter QoS Filter menu IP filters are configured The list also displays any configured entries from Networking Acce...

Page 187: ...new TCP connection on routing over the gateway match the filter 0 default value All TCP packets match the filter Destination IPv4 Ad dress Netmask Enter the destination IPv4 address of the data packe...

Page 188: ...the source IPv4 address of the data packets and the cor responding netmask Possible values 0 default value The source IP address netmask are not specified Enter the source IP address of the host 9 2 B...

Page 189: ...ode Point according to RFC 3260 is used to signal the priority of IP packets indicated in decimal format 6 E 3 Differentiated Services Code Point according to RFC 3260 is used to signal the priority o...

Page 190: ...ss map Choose the class plan you want to create or edit Possible values 9 2 default value You can create a new class plan with this setting 9 1 A Shows a class plan that has already been created which...

Page 191: ...a class Note The class ID is a label to assign data packets to specific classes The class ID does not define the priority Possible values are whole numbers between and Set DSCP Traffic Class Filter L...

Page 192: ...olicies menu you set prioritisation of data Note Data can only be prioritized in the outgoing direction Packets in the high priority class always take priority over data with class IDs 1 254 It is pos...

Page 193: ...ailable bandwidth is distributed according to the weighting weight of the queue Exception High priority pack ets are always handled with priority 8 D3 3 QoS is activated on the inter face The availabl...

Page 194: ...ossible values 1 Value in byte Possible values are to 1 11 M default value Can only be selected for Ethernet interfaces E 9 E 9 Can only be selected for IPSec interfaces E 9 E 9 Encryption Method Only...

Page 195: ...e values All RTP streams are optimised The function activates the RTP stream detection mechanism for the automatic detection of RTP streams In this mode the Real Time Jitter Control is activated as so...

Page 196: ...queue Select the queue priority type Possible values default value Queue for data classified as normal 0 Queue for data classified as high priority 1 3 Queue for data that has not been classified or...

Page 197: ...ng Activate or deactivate data rate Traffic Shaping limiting in the send direction The data rate limit applies to the selected queue This is not the limit that can be defined on the interface The func...

Page 198: ...ets in the QoS queue if the maximum size of the queue is exceeded Possible values default value The newest packet received is dropped The oldest packet in the queue is dropped A randomly selected pack...

Page 199: ...n IP address packet protocol source and or destination port port ranges are supported Access lists are an effective means if for example sites with LANs interconnected over a bintec elmeg gateway wish...

Page 200: ...er can also be used in dif ferent rule chains You can also assign a rule chain individually to each interface Caution Make sure you don t lock yourself out when configuring filters If possible access...

Page 201: ...sic Parameters menu Field Description Description Enter a description for the filter Service Select one of the preconfigured services The extensive range of services configured ex works includes the f...

Page 202: ...0 default value The destination IP address netmask are not specified Enter the destination IP address of the host 9 2 B Enter the destination network address and the cor responding netmask Destinatio...

Page 203: ...g netmask Source IPv6 Address Length Enter the source IPv6 address of the data packets and the pre fix length Possible values 0 default value The source IP address length are not specified Enter the s...

Page 204: ...is specified in decimal format e g 63 6 E 3 The TOS value is specified in hexadecimal format e g 3F COS Filter 802 1p Layer 2 Enter the service class of the IP packets Class of Service CoS Possible va...

Page 205: ...taken for a filtered data packet Possible values 2 1 1 default value Allow packet if it matches the filter 2 1 1 Allow packet if it does not match the filter 0 1 1 Deny packet if it matches the filter...

Page 206: ...ich a configured rule chain is to be as signed Rule Chain Select a rule chain Silent Deny Define whether the sender is to be informed if an IP packet is denied 7 default value The sender is not inform...

Page 207: ...to hold audio con ferences All subscribers are displayed in a window and the speaker s are indicated by a black box Other areas of use are of particular interest to companies Here multicasting makes...

Page 208: ...ddresses Several senders with different IP addresses can therefore transmit to the same multicast group leading to a 1 to n rela tionship between groups and source addresses This information is forwar...

Page 209: ...lients are taken into consideration At the moment there are three versions of IGMP V1 V3 most current sys tems use V3 and less often V2 Two packet types play a central role in IGMP queries and reports...

Page 210: ...ks with several hosts improving per formance Possible values are G to G The default value is G Robustness Select the multiplier for controlling the timer values A higher value can e g compensate for p...

Page 211: ...in the Advanced Settings menu Field Description IGMP Proxy Select whether your device is to forward the hosts IGMP mes sages in the subnet via its defined Proxy Interface Proxy Interface Only for IGMP...

Page 212: ...t is always off Mode Only for IGMP Status or 3 Select Multicast Mode Possible values 7 0 default value The router uses IG MP version 3 If it notices a lower version in the network it uses the lowest v...

Page 213: ...ddress range 224 0 0 0 4 are to be forwarded from the defined Source Interface to the defined Destination Interface To do this check 7 Disable the option if you only want to forward one defined mul ti...

Page 214: ...e If you want to set up Internet access you must set up a connection to your Internet Service Provider ISP For broadband Internet access your device provides the PPP over Ethernet PPPoE PPP over PPTP...

Page 215: ...partner The first character in this field must not be a number No special charac ters or umlauts must be used PPPoE Mode Select whether you want to use a standard Internet connection over PPPoE or you...

Page 216: ...r your Internet connec tion Click the Add button to create new entries User Name Enter the user name Password Enter the password VLAN Certain Internet service providers require a VLAN ID Activate this...

Page 217: ...ted to a connection that has been initi ated from a trusted zone You can configure exceptions for the selected setting in the Firewall on page 277 menu IP Address Mode Select whether your device is to...

Page 218: ...lues The default value is Fields in the IPv6 Settings menu Field Description IPv6 Select whether the selected PPPoE interface should use Inter net Protocol version 6 IPv6 for data transmission The fun...

Page 219: ...6 7 and IPv6 Mode Determine if your device is to act as DHCP client The function is activated by selecting 7 The function is enabled by default IPv6 Addresses Only for IPv6 7 You can assign IPv6 Addre...

Page 220: ...IPv6 General Prefixes General Prefix Configuration New Auto Subnet Configur ation Only if Setup Mode 1 6 and if a Gener al Prefix has been selected Select if the subnet is to be created automatically...

Page 221: ...ed by default EUI 64 triggers the following process The hexadecimal 48 bit MAC address is split into 2 x 24 bit is inserted into the created gap in order to obtain 64 bit The hexadecimal notation of t...

Page 222: ...n MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol 5 5 Primarily run CHAP on denial then the authentication protocol required by the connection partner MSCHAP version 1 or 2...

Page 223: ...default value 3 the value is specified by link control at connection setup If you disable 3 you can enter a value Possible values are to The default value is 13 1 2 PPTP A list of all PPTP interfaces...

Page 224: ...t whether the interface should always be activated The function is enabled with 7 The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Conn...

Page 225: ...ally assigned a temporarily valid IP address from the provider You enter a static IP address Default Route Select whether the route to this connection partner is to be defined as the default route The...

Page 226: ...ec tion before the interface is blocked Possible values are to The default value is Authentication Select the authentication protocol for this Internet connection Select the authentication specified b...

Page 227: ...disabled by default PPTP Address Mode Displays the address mode The value cannot be changed Possible values The Local PPTP IP Address will be assigned to the selected Ethernet port Local PPTP IP Addre...

Page 228: ...oA New consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a name for uniquely identifying the connection partner The first character in this field...

Page 229: ...IP packets are allowed through except for those which are explicitly prohibited 3 default value Only those packets are transmit ted that can be attributed to a connection that has been initi ated from...

Page 230: ...uses a default netmask The lower the value the higher the priority of the route range of values The default value is Fields in the IPv6 Settings menu Field Description IPv6 Select whether the selected...

Page 231: ...unction is activated by selecting 7 The function is enabled by default DHCP Client Only for IPv6 7 and IPv6 Mode Determine if your device is to act as DHCP client The function is activated by selectin...

Page 232: ...You can choose from the General Prefixes available under Net work IPv6 General Prefixes General Prefix Configuration New Auto Subnet Configur ation Only if Setup Mode 1 6 and if a Gener al Prefix has...

Page 233: ...I 64 The function is activated by selecting 7 The function is enabled by default EUI 64 triggers the following process The hexadecimal 48 bit MAC address is split into 2 x 24 bit is inserted into the...

Page 234: ...en crypted 5 Primarily run CHAP otherwise PAP Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol 5 5 Primarily run CHAP on denial then the authentication protocol re...

Page 235: ...pools This means that if an incoming call has been authenticated your device first checks whether a host route is entered in the routing table for this caller If not your device can al locate an IP ad...

Page 236: ...ermines the route that the data should take for example Multiple virtual connections can be set up over a single physical interface The data is transmitted in so called cells or slots of constant size...

Page 237: ...The menu WAN ATM Profiles New consists of the following fields Fields in the ATM Profiles Parameter menu Field Description Provider Select one of the preconfigured ATM profiles for your provider from...

Page 238: ...VCI Only for Provider 1 Enter the VCI value of the ATM connection The VCI is the iden tification number of the virtual channel A virtual channel is the logical connection for the transport of ATM cell...

Page 239: ...nterfaces Only for Type Select whether this Ethernet over ATM interface is to be used for all PPPoE connections The function is enabled with 7 The function is disabled by default Address Mode Only for...

Page 240: ...or Address Mode If necessary enter the host name registered with the provider to be used by your device for DHCP requests The maximum length of the entry is 45 characters Fields in menu Routed Protoco...

Page 241: ...only be used if your provider specifies a list of data traffic parameters traffic contract The configuration of ATM QoS requires extensive knowledge of ATM technology and the way the bintec elmegbint...

Page 242: ...ded by the volume configured in Maximum Burst Size MBS Any additional ATM traffic is discarded The Peak Cell Rate PCR constitutes the maxim um possible data rate This category is suitable for non crit...

Page 243: ...tual channel VC The VP is defined by the VPI value the VC by VPI and VCI Note Generally monitoring is not carried out by the terminal but is initiated by the ISP Your device then only needs to react c...

Page 244: ...th Virtual Channel Con nection VCC Only for OAM Flow Level Select the already configured ATM connection to be monitored displayed by the combination of VPI and VCI Virtual Path Connec tion VPC Only fo...

Page 245: ...tion is enabled with 7 The function is disabled by default Segment Send Interval Only if Loopback Segment is enabled Enter the time in seconds after which a loopback cell is sent Possible values are t...

Page 246: ...ceived 3 CC data is generated Continuity Check CC Segment Select whether you want to activate the OAM CC test for the segment connection segment connection of the local end point to the next connectio...

Page 247: ...during a telephone call 13 3 1 Controlled Interfaces In the WAN Real Time Jitter Control Controlled Interfaces a list of functions is dis played for which the Real Time Jitter Control function is conf...

Page 248: ...imised Voice data transmission is not optimised 2 0 Voice data transmission is always optimised Maximum Upload Speed Enter the maximum available upstream bandwidth in kbp s for the selected interface...

Page 249: ...ion and authentication of IP packets IPSec offers mechanisms for encrypting and decrypting the data transferred in the IP packets The IPSec implementation can also be smoothly integrated in a Public K...

Page 250: ...Filter IPSec phase 2 negotiation begins and data traffic is transferred over the tunnel Note The parameter Additional IPv4 Traffic Filter is exclusively relevant for the initiator of the IPSec connect...

Page 251: ...scription of the peer that identifies it The maximum length of the entry is 255 characters Peer Address Select the IP Version You can choose if IPv4 or IPv6 is to be preferred or if only one IP versio...

Page 252: ...ex Exchange Protocol Version 2 Authentication Method Only for Internet Key Exchange Select the authentication method Possible values 0 default value If you do not use certific ates for the authenticat...

Page 253: ...e sure your device selects the first al ternative subject name by default Make sure you and your peer both use the same name i e that your local ID and the peer ID your partner configures for you are...

Page 254: ...erver for connecting clients This is taken from the selected IP Assignment Pool Config Mode Only where IP Address Assignment 1 or 1 Possible values 3 default value The client requests the IP address a...

Page 255: ...ange from to The default value is Route Entries Only for IP Address Assignment or 1 Define routing entries for this connection partner IP address of the destination host or LAN 9 B Netmask for The low...

Page 256: ...the value entered for Priority the higher the prior ity of the route Additional data traffic filters bintec elmeg Gateways support two different methods for establishing IPSec connections a method bas...

Page 257: ...to the initiator of the IPSec connection it only applies to outgoing data traffic Note Please note that the phase 2 policies must be configured identically on both of the IPSec tunnel endpoints Add ne...

Page 258: ...arked as standard in VPN IPSec Phase 1 Profiles 3 Uses a special profile which contains the proposals for Phase 1 3DES MD5 AES MD5 and Blowfish MD5 regardless of the proposal selection in menu VPN IPS...

Page 259: ...ID specified in the client peer configuration since the ID is still used to differentiate the tunnels created via the dynamic peer The resulting gateway peer would match all incoming tunnel requests I...

Page 260: ...selected for Public Interface Specify how strictly the setting is handled Possible values Only the selected interface is used independently from the priorities in the current routing table 1 The prior...

Page 261: ...abled by default Note that MobIKE requires a current IPSec client e g the cur rent Windows 7 or Windows 8 client or the latest version of the bintec elmeg IPSec client IPv4 Proxy ARP Select whether yo...

Page 262: ...the field Service This entry ensures that incoming calls for this number are routed to the IPSec service If callback is active the peer is caused to initiate setting up an IPSec tunnel by an ISDN cal...

Page 263: ...he B channel but here the call must be accepted by the remote station and therefore incurs costs If a peer whose IP address has been assigned dynamically wants to arrange for another peer to set up an...

Page 264: ...ode using preshared keys Note In some countries e g Switzerland the call in the D channel can also incur costs An incorrect configuration at the called side can mean that the called side opens the B c...

Page 265: ...isabled by default Transfer Mode Only for Transfer own IP address over ISDN GSM enabled Select the mode in which your device is to attempt to transfer its IP address to the peer Possible values 3 7 Yo...

Page 266: ...iles is displayed in the VPN IPSec Phase 1 Profiles menu In the Default column you can mark the profile to be used as the default profile 14 1 2 1 New Choose the Create new IKEv1 Profile or Create new...

Page 267: ...ominated as AES due to its fast key setup low memory requirements high level of security against attacks and general speed The partner s AES key length is used here If this has also selected the param...

Page 268: ...512 bit hash length Depending on the hardware of your device some options may not be available Please note that the quality of the algorithms is subject to relat ive aspects and may change due to mat...

Page 269: ...reshared Keys These are configured during peer configuration in the VPN IPSec IPSec Peers The preshared key is the shared password 3 Phase 1 key calculations are authenticated using the DSA algorithm...

Page 270: ...propose another mode Local ID Type Only for Phase 1 IKE Parameters Select the local ID type Possible values 3 0 D3 1 9 D 9 E 9 9 3 9 0 Local ID Value Only for Phase 1 IKE Parameters Enter the ID of y...

Page 271: ...dvanced Settings menu Field Description Alive Check Only for Phase 1 IKE Parameters Select the method to be used to check the functionality of the IPSec connection In addition to the default method De...

Page 272: ...setup has failed This only affects locally initiated setup attempts Possible values are to seconds means the value in the default profile is used and means that the peer is never blocked The default v...

Page 273: ...ofile This option can only be configured if certificates are loaded 14 1 3 Phase 2 Profiles You can define profiles for phase 2 of the tunnel setup just as for phase 1 In the VPN IPSec Phase 2 Profile...

Page 274: ...minated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 128 bits Rijndael has been nominated as...

Page 275: ...2 with 512 bit hash length Note that RipeMD 160 and Tiger 192 are not available for mes sage hashing in phase 2 Depending on the hardware of your device some options may not be available Use PFS Group...

Page 276: ...at which the phase 2 keys are to be regenerated The percentage entered is applied to both the lifetime in seconds and the lifetime in kBytes The default value is The menu Advanced Settings consists of...

Page 277: ...0 Your device expects no heart beat from the peer but sends one itself 7 N 6 Your device expects a heartbeat from the peer and sends one itself Propagate PMTU Select whether the PMTU Path Maximum Tra...

Page 278: ...essfully and be fore IKE Phase 2 begins If XAuth is used together with IKE Config Mode the transactions for XAuth are carried out before the transactions for IKE Config Mode 14 1 4 1 New Choose the Ne...

Page 279: ...the user group of this XAUTH profile here by entering the authentication name of the client Name and the authentication password Password Add new members with Add 14 1 5 IP Pools In the IP Pools menu...

Page 280: ...Sec Select whether you want to activate IPSec The function is enabled with 7 The function is active as soon as an IPSec Peer is configured Delete complete IPSec configuration If you click the icon del...

Page 281: ...rates with older IPSec implementations The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description IPSec over TCP Determine whether IPSec over TC...

Page 282: ...ication Select whether RADIUS authentication is to be activated via IPSec The function is enabled with 7 The function is disabled by default Fields in the PKI Handling Options menu Field Description I...

Page 283: ...structuring of the internet A large number of reasons warrants the introduction of LIPS the main one being the quickly increasing number of mobile devices accessing the internet as well as local net w...

Page 284: ...device inside of the LIPS Site with a private address This private address has to be unique across all interconnected LIPS Sites but does not have to be globally unique If an IP packet has to be rout...

Page 285: ...ETR propagates EID RLOC entries for its LISP Sites and re ceives LISP data unwraps them and sends them to the devices specidied in the EID The menu VPN LISP Light Router ITR ETR Add Egress Tunnel Rout...

Page 286: ...Resolver An Ingress Tunnel Router wraps the data packets into the inner and outer header and sends them to the adequate LISP site using the address contained in the RLOC The menu VPN LISP Light Router...

Page 287: ...l network and can be reached without a tunnel Remote Sites are address spaces that can only be reached through a tunnel The menu VPN LISP Light Local Remote Sites displays a list of all established LI...

Page 288: ...rver The default value is minutes Exclude EID prefix from tree If you intend to use a continuous address range keep the de fault setting 3 You can remove a sub range from an already created address ra...

Page 289: ...stance consists of the following fields Fields in the menu LISP Instance Field Description Description Choose a name for the instance in order to distinguish it from other instances more easily Instan...

Page 290: ...minutes Normally the server provides a value for the TTL time to live Here you can specify a value for the case that the server does not provide one Default TTL Mode 7 B or the server provided value...

Page 291: ...c elmeg The configuration work for the SIF is comparatively straightforward with systems like Net work Address Translation NAT and IP Access Lists IPAL As SIF NAT and IPAL are active in the system sim...

Page 292: ...are processed as follows The SIF first checks if an incoming packet can be assigned to an existing connection If so it is forwarded If the packet cannot be assigned to an existing connection a check...

Page 293: ...ion They define the filter rules Trusted Interfaces and Untrusted Interfaces which are created by default and cannot be deleted If you use the Security Policy 3 all data packets are accepted You can c...

Page 294: ...address is checked Destination Select one of the preconfigured aliases for the destination of the packet In the list all WAN LAN interfaces interface groups see Fire wall Interfaces Groups addresses s...

Page 295: ...he first rule is executed This means that if the first rule denies a packet whereas a later rule allows it the packet is rejected A deny rule also has no effect if a relevant packet has previously bee...

Page 296: ...e list all WAN LAN interfaces interface groups see Fire wall Interfaces IPv6 Groups adresses see Firewall Ad dresses Address List and address groups see Firewall Addresses Groups are available for sel...

Page 297: ...n disable or enable the IPv4 firewall and can log its activities In addi tion you can define after how many seconds of inactivity a session shall be ended Note The IPv6 firewall is always active and c...

Page 298: ...llows the same kind data traffic in a complete session In order to allow the data traffic of incomplete sessions you have to disable IPv4 Full Filtering STUN Handler Enable this option if you intend t...

Page 299: ...is Fields in the Factory Reset Firewall Field Description Factory Reset Firewall Click Reset to reset the firewall to factory defaults 15 2 Interfaces 15 2 1 IPv4 Groups A list of all configured IPv4...

Page 300: ...to set up new IPv6 interface groups The menu Firewall Interfaces IPv6 Groups New consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the desired de...

Page 301: ...h subnet mask Enter an IP address range with a start and end address Address Subnet Only for IPv4 7 and Address Type 5 37 Enter the IP address of the host or a network address and the related netmask...

Page 302: ...Possible values is selected by default Selection Select the members of the group from the available Addresses To do this activate the Fields in the Selection column 15 4 Services 15 4 1 Service List I...

Page 303: ...displayed this means that the previously specified port number is verified If a port range is to be checked enter the upper limit here Possible values are to Source Port Range Only for Protocol 5 or...

Page 304: ...for Type 3 7 Possible values 0 default value 9 7 7 7 7 9 3 2 9 2 B 0 7 3 2 0 7 15 4 2 Groups A list of all configured service groups is displayed in the Firewall Services Groups menu You can group to...

Page 305: ...p Members Select the members of the group from the available service ali ases To do this activate the Fields in the Selection column 15 5 Configuration 15 5 1 SIF Configuration example Requirements In...

Page 306: ...g that is not explicitly allowed is prohibited This means accurate planning of the filter rules and filter rule chain is necessary to en sure correct operation Overview of Configuration Steps Aliases...

Page 307: ...oups Field Menu Value Description Gro Firewall Addresses ups New e g 7 IP Version Gro Firewall Addresses ups New Selection Gro Firewall Addresses ups New e g and Service Sets Field Menu Value Descript...

Page 308: ...s IPv4 Filter Rules New Action Firewall Policies IPv4 Filter Rules New Source Location Firewall Policie s IPv4 Filter Rules New 9 H2 B Destination Firewall Policies IPv4 Filter Rules New 7 Service Fi...

Page 309: ...all Policie s IPv4 Filter Rules New 0 Action Firewall Policies IPv4 Filter Rules New Filter rules 5 Allow access to the Internet Staff Field Menu Value Source Location Firewall Policie s IPv4 Filter R...

Page 310: ...ationssitzung 16 1 Settings 16 1 1 Extensions Here you can configure the numbers of the terminal devices Extensions connected to the media gateway i e the numbers of the SIP terminals and the numbers...

Page 311: ...nds on the device used Select analogue inter face Only for Interface Type 3 Select an analogue interface Possible values fxs5 1 fxs5 2 fxs5 3 default value fxs5 4 Registration Only for Interface Type...

Page 312: ...registration e g connection to a Mi crosoft Exchange Communication Server the connection can be set up as a static host This requires you to specify the static IP address of the terminal Authenticati...

Page 313: ...ec in the first position in the menu will be used if possible D3 0 The codecs are sorted by quality If possible the codec with the best quality is used 2 The codecs are sorted by required bandwidth If...

Page 314: ...utgoing calls any remaining codecs are dropped from the list that would require more than the available bandwidth Fields in the Voice Quality Settings menu Field Description Echo Cancellation Select w...

Page 315: ...at not only all SIP provider accounts are configured here but also direct dial in PBXs connected with the media gateway Note In no case should you use this menu to configure SIP extensions i e for SIP...

Page 316: ...The SIP ac count has only one number The media gateway is operated as DDI client It is assigned a DDI The media gateway is operated as a DDI server so that DDI clients can connect 2 0 The media gatewa...

Page 317: ...Possible values default value or Enter the Port via which the data is to be transported The default value is In SIP client mode The ports can be provider specific User Name In SIP client mode Enter th...

Page 318: ...and the Registration function is dis abled An example of this method is Microsoft Exchange SIP If a registration is required it can be carried out in either of two ways With this option a single MSN i...

Page 319: ...them the invite is ignored The option is not active per default TLS certificate check Only for DDI SIP trunk connections If a connection is encryp ted using TLS Transport Layer Security a validity ch...

Page 320: ...e actual phone number from which the calls is initiated e g for billing purposes is displayed SIP Header Field P Asserted Not for Trunk Mode 11 The so called p asserted identity field is added to the...

Page 321: ...st quality is used 2 2 The codecs are sorted by required band width If possible the codec with the lowest bandwidth re quirement is used 2 The codecs are sorted by required band width If possible the...

Page 322: ...n the Voice Quality Settings menu Field Description Echo Cancellation Select whether echo cancellation should be used Echo cancellation is a technique to suppress echo feedback in voice communication...

Page 323: ...e parameters Description 9 Parent Location 9 Type 1 Interfaces 9 9 is displayed Fields in the Registration behavior for VoIP subscribers without assigned loca tion menu Field Description Default Behav...

Page 324: ...sses Only for Type Enter the IP addresses of the devices at the SIP locations Click Add to configure new addresses Enter the IP address or DNS name that you want under IP Ad dress DNS Name Also enter...

Page 325: ...gnal the priority of IP packets indicated in binary format 6 bit The preconfigured value is E 3 Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets in...

Page 326: ...ault value Point to Point TE connection telecom party line 3 B Point to Point NT connection for connection of a PABX Members Select the desired ISDN interfaces to be included with this party line You...

Page 327: ...r Call Routing and the local extensions For calls that are to be routed via a particular provider SIP account you must configure a cor responding call routing entry Internal calls from internal ex ten...

Page 328: ...ension You can specify an extension to which incoming calls are for warded if they cannot be assigned to an extension or connected PABX Dial Latency Enter the maximum delay time before the system assu...

Page 329: ...le above if a user types in Q the device dials If the user wishes to call extension he types in Q The device dials A period at the end of the number indicates a complete number This is dialled immedia...

Page 330: ...ion instructions included with the module 16 2 1 Call Routing Here you can define the conditions for the routing of calls Define a list with rules or rule chains that are used to manipulate the indica...

Page 331: ...s the routing entry to the selected BRI interface 3 A restricts the routing entry to the selected SIP account 0 No restriction of the entry Calling Address You can restrict the application of the entr...

Page 332: ...ated The rule is enabled with 7 The rule is active by default Line Choose the ISDN line PRI BRI or SIP account used for the outgoing call Called Address Trans lation Enter how the subscriber number is...

Page 333: ...D Translation New menu consists of the follow ing fields Fields in the Basic Parameters menu Field Description Description Enter the name of the entry Calling Line Select the ISDN line or SIP account...

Page 334: ...dress is used then Called Line 0 can be set Calling Address Trans lation Enter the transformation rule applied to the call numbers Notation a b i e a is replaced by b Every rule must be ended with a s...

Page 335: ...2 3 1 Edit or New Choose the icon to edit existing entries Select the New button to create entries for call translation The VoIP Media Gateway Call Translation New menu consists of the following field...

Page 336: ...laceholder for an arbitrary digit See Local Address and External Address must contain the same number of wildcards External Address Enter the external number e g ISDN MSN or SIP account sub scriber nu...

Page 337: ...NS Each device in a TCP IP network is usually located by its IP address Because host names are often used in networks to reach different devices it is necessary for the associated IP address to be kno...

Page 338: ...the DNS servers can resolve the name the information is forwarded and a dynamic entry created in the cache 4 Otherwise if a suitable Internet or dialin connection is selected as the standard inter fac...

Page 339: ...mic cache is to be activated i e whether queried names for which a DNS server has sent a negative response are stored as negative entries in the cache The function is activated by selecting 7 The func...

Page 340: ...ment menu Field Description As DHCP Server Select which name server addresses are sent to the DHCP cli ent if your device is used as DHCP server Possible values 9 No name server address is sent 2 defa...

Page 341: ...c Parameters menu Field Description Admin Status Select whether the DNS server should be enabled The function is activated by selecting 7 The function is enabled by default Description Enter a descrip...

Page 342: ...e IP version used Possible values is selected by default Primary IPv4 DNS Server Only if Interface Mode Enter the IPv4 address of the first name server for Internet ad dress name resolution Secondary...

Page 343: ...assigned if a positive response is received to a DNS request If a negative response is received to a DNS re quest no address is specified The entry can also start with the wildcard e g bintec elmeg co...

Page 344: ...onsists of the following fields Fields in the Forwarding Parameters menu Field Description Forward Select whether requests for a host or domain are to be forwar ded Possible values default value Host...

Page 345: ...terface 9 Requests are forwarded to the specified DNS Server Interface Only for Forward to 1 Select the interface that has the DNS server assinged which is to receive the DNS requests Primary DNS Serv...

Page 346: ...lid DNS packets received and ad dressed direct to your device DNS Requests Shows the number of valid DNS requests received and ad dressed direct to your device Cache Hits Shows the number of requests...

Page 347: ...al Certificate Select a certificate that you want to use for the HTTPS connec tion Possible values default value Select this option if you want to use the certificate built into the device 1 A Under S...

Page 348: ...ions for updating is displayed 17 3 1 1 New Choose the New button to set up further DynDNS registrations to be updated The menu Local Services DynDNS Client DynDNS Update New consists of the fol lowin...

Page 349: ...tly configured is not to receive mail Ask your provider about this forwarding service and make sure e mails can be received from the host entered as MX Wildcard Select whether forwarding of all subdom...

Page 350: ...ur provider for the path to be used Port Enter the port at which your device is to reach your provider s server Ask your provider for the relevant port The default value is Protocol Select one of the...

Page 351: ...gns IP addresses to hosts in the LAN for a defined period of time A DHCP server also transfers the addresses of the domain name server entered statically or by PPP negotiation DNS NetBIOS name server...

Page 352: ...CP pool is preconfigured with the IP addresses 192 168 0 10 to 192 168 0 49 and is used if there is no other DHCP server available in the network 17 4 2 1 Edit or New Choose the New button to set up n...

Page 353: ...networks 5 0 The DHCP pool can be used for both kinds of requests Description Enter any description to uniquely identify the DHCP pool The menu Advanced Settings consists of the following fields Fiel...

Page 354: ...Enter the IP address of the CAPWAP controller to be sent to the client This option enables you to send a client any URL Use this option to send querying IP1x0 telephones the URL of the provisioning se...

Page 355: ...c values shall be transmitted for the DHCP server Possible values default value 7 APN Only f r Select vendor 7 Enter the Access Point Namen APN of the SIM card PIN Only f r Select vendor 7 Enter the P...

Page 356: ...elect vendor To identify the device enter the manufacturer ID Custom DHCP Options Only f r Select vendor Use Add to add more entries You can add custom DHCP options 17 4 3 IP MAC Binding The Local Ser...

Page 357: ...ess to be assigned to the MAC address spe cified in MAC Address is to be assigned MAC Address Enter the MAC address to which the IP address specified in IP Address is to be assigned 17 4 4 DHCP Relay...

Page 358: ...dary DHCP Serv er Enter the IP address of an alternative BootP or DHCP server The default value is 17 4 5 DHCP Configuration example Requirements An optional DHCP server Example scenaria Example scena...

Page 359: ...Example scenario as DHCP Client bintec elmeg GmbH 17 Local Services be IP 4isdn 345...

Page 360: ...IP Pool Name Local Services DHCP Server IP Pool Configuration New e g IP Address Range Local Services DHCP Server IP Pool Configuration New e g and Interface Local Services DHCP Server DH CP Configur...

Page 361: ...enu Value Primary DHCP Server Local Services DHCP Server DH CP Relay Settings e g Secondary DHCP Serv er optional Local Services DHCP Server DH CP Relay Settings if one exists 17 5 DHCPv6 Server You c...

Page 362: ...derived from a General IPv6 Prefix c The DHCP Server option has to be enabled for the interface Moreover the following settings are recommended The options Preferred Lifetime and Valid Lifetime shoul...

Page 363: ...Pv6 is disabled for all interfaces If the in tended interface is not offered for selection configure it accord ing to the requirements detailed in the introduction of this sec tion Configuration is do...

Page 364: ...ually specify DNS servers and have them propagated to the clients To do this disable the option Use RA or Global Fallback DNS Server and create the desired DNS server entries using Add SNTP Server Her...

Page 365: ...ower priority if the set of parameters in the ad vertisement provides more of the options requested by the cli ent A value of means not specified lowest priority de notes the highest priority Fields i...

Page 366: ...sists of the following fields Fields in the menu Basic Parameters Field Description DUID Clients use the DUID field DHCP Unique Identifier in order to identify themselves and request an IP address fro...

Page 367: ...device to receive and send faxes Note All incoming calls to the CAPI are offered to all registered and eavesdropping CAPI applications in the LAN In the ex works state a user with the user name 1 3 a...

Page 368: ...the following fields Fields in the Basic Parameters menu Field Description Enable server Select whether your device is to be enabled as a CAPI server The function is activated by selecting 7 The funct...

Page 369: ...initiator Activate the Schedule Interval option under Options to put the event scheduler into oper ation The system uses this time interval to check if at least one event has occurrred This triggers t...

Page 370: ...list 4Description Only for Event List 9 2 Enter your chosen designation for the Event List Event Type Select the type of initiator Possible values default value The operations configured and assigned...

Page 371: ...le whose defined value is to be configured as initiator First select the System in which the MIB variable is saved then the MIB Table and finally the MIB Variable itself Only the MIB tables and MIB va...

Page 372: ...s C default value Incoming data traffic is monitored C Outgoing data traffic is monitored Interface Traffic Condi tion Only for Event Type 1 11 Select whether the value for data traffic must be defaul...

Page 373: ...alue is Monitored Certificate Only for Event Type 1 1 Select the certificate whose validity should be checked Remaining Validity Only for Event Type 1 1 Indicate the remaining validity of the certific...

Page 374: ...0 default value 3 0 Possible values for Condition Settings in Condition Type 0 The initiator becomes active daily default value 0 0 The initiator becomes active daily from Monday to Friday 0 3 0 The...

Page 375: ...Basic Parameters Field Description Description Enter your chosen designation for the action Command Type Select the desired action Possible values 7 default value Your device is rebooted 5 9 The desi...

Page 376: ...alues default value The operation is initiated if all events oc cur The operation is initiated if a single event occurs 9 The operation is triggered if no event occurs The operation is triggered if on...

Page 377: ...ified if the initiator is active The value of the MIB variable is modified if the ini tiator is inactive The value of the MIB variable is differentially modified if the initiator status changes MIB Va...

Page 378: ...ose status shall be changed Set status Only if Command Type 8 3 or 8 4 E Select the status for the wireless network Possible values default value Source Location Only if Command Type 1 2 Select the so...

Page 379: ...iguration file is to be retrieved or on which the configuration file is to be backed up File Name For Command Type 1 2 Enter the file name of the software version Where Command Type 1 with Action 1 En...

Page 380: ...y be read and modified In addition you can view the corresponding file clearly using Microsoft Ex cel for example The function is enabled by default Remote File Name Only if Command Type 1 3 For Actio...

Page 381: ...ct the file to be copied Configuration contains certificates keys Only where Command Type 1 3 and Action 1 3 or 6 1 3 Select whether the certificates and keys contained in the config uration are to be...

Page 382: ...address to be used as sender address for the ping test Possible values 3 default value The IP address of the interface over which the ping is sent is automatically entered as sender address 1 Enter th...

Page 383: ...ommand Type 1 and Action 1 Select whether to overwrite a certificate already present on the your device with the new one The function is disabled by default Write certificate in con figuration Only wh...

Page 384: ...ti fication authority Enter the password you received from the cer tification authority here Key Size Only where Command Type 1 and Action Select the length of the key to be created Possible values ar...

Page 385: ...requency band scan WLC SSID Only where Command Type 8 4 E Select the wireless network administered over the WLAN con troller whose status should be changed Operation Mode Act ive Only where Command Ty...

Page 386: ...Description Schedule Interval Select whether the schedule interval is to be enabled Enter the interval in seconds after which the system checks whether events have occured Possible values are to The v...

Page 387: ...of Configuration Steps Daily reboot Field Menu Value Event List Local Services Scheduling Trigger New 9 2 Description Local Services Scheduling Trigger New e g 7 Event Type Local Services Scheduling...

Page 388: ...1 8 9 1 Event Type Local Services Scheduling Trigger New Time Condition Local Services Scheduling Trigger New Condition Type Condition Settings 3 0 3 0 Start Time Local Services Scheduling Trigger New...

Page 389: ...tions New Configuration backup Command Type Local Services Scheduling Actions New Configuration Manage ment Event List Local Services Scheduling Actions New Trigger configuration backup Event List Con...

Page 390: ...w Choose the icon to edit existing entries Choose the New button to create additional monitoring tasks The menu Local Services Surveillance Hosts New consists of the following fields Fields in the Hos...

Page 391: ...the packet sent to the host to be monitored Possible values 3 default value The IP address is determined automatically 1 Enter the IP address in the adjacent input field Interval Enter the time inter...

Page 392: ...bled 7 disabled 7 default value reset or the con nection restablished With Action you can monitor the IP address that is specified under Monitored IP Address This information can be used for other fun...

Page 393: ...the action defined in Interface is to be performed You can choose all physical and virtual interfaces as well as op tions 1 and 1 17 8 3 Ping Generator In the Local Services Surveillance Ping Generat...

Page 394: ...behind a NAT enabled gateway UPnP enables mostly Windows based operating systems to take control of other devices with UPnP functionality on the local network These include gateways access points and...

Page 395: ...equests from the local network and or whether the interface can be controlled via UPnP requests The menu Local Services UPnP Interfaces consists of the following fields Fields in the Interfaces menu F...

Page 396: ...nce IPv6 data traffic is not registered by the Hotspot Gateway and therefore cannot be controlled The HotSpot Solution allows provision of public Internet accesses using WLAN or wired Ethernet The sol...

Page 397: ...evice as hotspot gateway with active Internet access and configured hotspot server entries for login and accounting see menu System Manage ment Remote Authentication RADIUS New with Group Description...

Page 398: ...Gateway menu you can configure the bintec elmeg gateway installed onsite for the Hotspot Solution A list of all configured hotspot networks is displayed in the Local Services HotSpot Gateway HotSpot...

Page 399: ...the Hotspot server can distinguish between the different cli ents customers Walled Garden Enable this function if you want to define a limited and free area of websites intranet The function is not a...

Page 400: ...ot Solution Language for login window Here you can choose the language for the start login page The following languages are supported 3 T U 3 3V and 9 The language can be changed on the start login pa...

Page 401: ...is enabled by default Default Idle Timeout Enable or disable the Default Idle Timeout If a hotspot user does not trigger any data traffic for a configurable length of time they are logged out of the h...

Page 402: ...rule chains in the menu Access Rules 17 11 1 Wake On LAN Filter The menu Local Services Wake On LAN Wake On LAN Filter displays a list of all the WOL filters that have been configured 17 11 1 1 Edit o...

Page 403: ...filter Destination IPv4 Ad dress Netmask Enter the destination IPv4 address of the data packets and the corresponding netmask Possible values 0 default value The destination IP address netmask are not...

Page 404: ...ed Enter the source IP address of the host 9 2 B Enter the source network address and the corres ponding netmask Source IPv6 Address Length Enter the source IPv6 address of the data packets and the pr...

Page 405: ...signal the priority of IP packets indicated in hexadecimal format 0 E 3 The TOS value is specified in binary format e g 00111111 E 3 The TOS value is specified in decimal format e g 63 6 E 3 The TOS v...

Page 406: ...N Filter Select a WOL filter If the rule chain is new select the filter to be set at the first point of the rule chain If the rule chain already exists select the filter to be attached to the rule cha...

Page 407: ...his device here The device is only enabled if the MAC address and password are correct 17 11 3 Interface Assignment In this menu the configured rule chains are assigned to individual interfaces which...

Page 408: ...created file is displayed and you can either delete ot save it as a PCAP file 17 12 2 Trace VoIP SIP The menu Trace VoIP SIP allows you to capture VoIP SIP messages at various levels and save them to...

Page 409: ...menu you are presented with a list of all active configuration sessions Fields in the manu Log out Users Field Description Class Dislays the class the signed on user belongs to User Displays the user...

Page 410: ...t Ping Mode For link local addresses select the interface to be used for the ping test 1 3 can be used for global addresses Pressing the Go button starts the ping test The Output field displays the pi...

Page 411: ...t a software update Every new system software includes new features better performance and any necessary bugfixes from the previous version You can find the current system software at www bintec elmeg...

Page 412: ...mat of the configuration file allows encryption and ensures compatibility when restoring the configuration on the gateway in various system software versions This is a CSV format which can be read and...

Page 413: ...displayed in which you can select the storage location on your PC and enter the de sired file name 1 3 Under Filename select a config uration file you want to import Please note Click Go to first load...

Page 414: ...on from the RAM is transferred to your local host If you click the Go button a dialog box is dis played in which you can select the storage location on your PC and enter the desired file name 5 Occasi...

Page 415: ...ile Name Only for Action 0 1 3 Enter the name of the copy Select file Only for Action 1 3 1 3 or 1 2 51 2 Select the file or configuration to be renamed or deleted New File Name Only for Action 1 3 En...

Page 416: ...og in Pay attention to the LEDs on your device For information on the meaning of the LEDs see the Technical Data chapter of the manual Note Before a reboot make sure you confirm your configuration cha...

Page 417: ...ternal PCs for storage and processing e g to the system ad ministrator s PC The syslog messages saved internally on your device are lost when you reboot Warning Make sure you only pass syslog messages...

Page 418: ...to which syslog messages are passed Level Select the priority of the syslog messages that are to be sent to the host Possible values 0 highest priority 8 9 1 default value 73 lowest priority Syslog me...

Page 419: ...k connections is often collected for commercial reasons This inform ation is extremely important for Internet Service Providers that bill their customers by data volume However there are also non comm...

Page 420: ...ting messages The messages can contain character strings in any order sequences separated by a slash e g W or W or defined tags Possible format tags Format tags for IP Accounting messages Field Descri...

Page 421: ...ds Fields in the Add Edit Alert Recipient menu Field Description Alert Service Displays the alert service You can select an alert service for devices with UMTS Possible values E mail SMS Recipient Ent...

Page 422: ...cters Bear in mind that without the use of wildcards e g only those strings that correspond exactly to the entry fulfil the condition The Matching String entered therefore usually contains wildcards T...

Page 423: ...the inter face The function is enabled with 7 The function is enabled by default Maximum E mails per Minute Limit the number of outgoing mails per minute Possible values are to the default value is Fi...

Page 424: ...Authentication 1 Enter the address of the server from which the e mails are to be retrieved POP3 Timeout Only if SMTP Authentication 1 Enter how long the router must wait after the POP3 call before it...

Page 425: ...3410 3418 19 4 1 SNMP Trap Options In the event of errors a message known as a trap packet is sent unrequested to monitor the system In the External Reporting SNMP SNMP Trap Options menu you can confi...

Page 426: ...SNMP Trap Hosts In this menu you specify the IP addresses to which your device is to send the SNMP traps In the External Reporting SNMP SNMP Trap Hosts menu a list of all configured SN MP trap hosts i...

Page 427: ...g SIA SIA you can create and download a file that provides extensive support information about the status of your device like e g the current configuration available memory uptime etc bintec elmeg Gmb...

Page 428: ...hanged in the System Management Global Settings System menu Values in the System Messages list Field Description No Displays the serial number of the system message Date Displays the date of the recor...

Page 429: ...eer Local IP Address Shows the WAN IP address of your device Remote IP Address Shows the WAN IP address of the connection partner Local ID Shows the ID of your device for this IPSec tunnel Remote ID S...

Page 430: ...and the maximum number of licenses usable Maximum Fields in the Peers menu Field Description Status Displays the number of IPSec tunnels by their current status Up Currently active IPSec tunnels Goin...

Page 431: ...the existing ISDN con nections incoming and outgoing is displayed Values in the Current Calls list Field Description Service Displays the service to or from which the call is connected C Remote Numbe...

Page 432: ...Start Time Displays the time at which the call was made or received Duration Displays the duration of the connection 20 4 Interfaces 20 4 1 Statistics In the Monitoring Interfaces Statistics menu cur...

Page 433: ...s the name of the interface MAC Address Displays the interface text IP Address Netmask Shows the IP address and the netmask NAT Indicates if NAT is activated for this interface Tx Packets Shows the to...

Page 434: ...bridges are shown Values in the br x list Field Description MAC Address Shows the MAC addresses of the associated bridge Port Shows the port on which the bridge is active 20 6 HotSpot Gateway 20 6 1 H...

Page 435: ...face Shows the interface for which QoS has been configured QoS Queue Shows the QoS queue which has been configured for this inter face Send Shows the number of sent packets with the corresponding pack...

Page 436: ...ich the latter behaves like a wireless adapter vis a vis the higher level AP With an AP run in client mode individual computers or en tire sub networks can be connected to higher level networks Access...

Page 437: ...ue signals are used to transmit data They are more suscept ible to errors than digital signals Analogue terminals Terminals that transmit voice and other information analogously e g telephones fax mac...

Page 438: ...d party depending on the provider service QoS ATM Asynchronous Transfer Mode ATM is a data transmission techno logy in which the data traffic is coded in small packets called cells or slots with a fix...

Page 439: ...of connection is often abbreviated to BRI A basic rate interface includes two basic channels B channels each with 64 kbps and one control and signalling channel D channel with 16 kbps There are two o...

Page 440: ...the other conversa tion BRRP BRRP is an implementation of the Virtual Router Redundancy Pro tocol VRRP The aim of the method is to compensate for the fail ure of the default gateway Multiple routers a...

Page 441: ...protec tion When call waiting protection is enabled other callers are not sig nalled on the terminal The caller hears the engaged tone Callback on Busy See Automatic callback on busy CCBS Callback on...

Page 442: ...ined to increase data throughput CHAP The Challenge Handshake Authentication Protocol CHAP is an au thentication protocol for PPP connections As well as the standard CHAP Microsoft also has the varian...

Page 443: ...onfiguration refers to all of a device s settings It is stored in ternally in MIB tables This data can be backed up loaded and de leted externally The configuration is edited using the HTTP S user int...

Page 444: ...andard route Default route The default route is used when no other suitable route is available Default router See Default gateway Deffie Hellman Diffie Hellman is a public key algorithm for negotiatin...

Page 445: ...int to point It is used to connect a PBX A main phone number and a number block are issued Each of the numbers in the number block is called a direct dial exception Example Main number 1234 num ber bl...

Page 446: ...ssing is slower DSCP Data packets can be marked with a Differentiated Services Code point DSCP DSCP values classify data packets in such a way that important packets can be routed through the network...

Page 447: ...ISDN Exchange access right The telephone system distinguishes between the following ex change access rights Unlimited Any international national or in ternal connection is permitted National long dis...

Page 448: ...briefly to start certain functions such as inquiries Follow me Follow me is a performance feature This function can be used to route incoming calls from a different extension to one s own termin al F...

Page 449: ...kbit s There are two different coding methods I 366 and X 420 G 729 G 729 is an audio codec Audio signals from the frequency range between 300 Hz and 2400 Hz are passed with a sampling rate of 16 kHz...

Page 450: ...ream 200 Mbit s upstream G DMT See F 992 1 G Lite See F 992 2 G SHDSL See G 991 2 Gateway The gateway is a network component for connecting different types of network GPRS General Packet Radio Service...

Page 451: ...hold without breaking the connection inquiry brokering A distinction is drawn between holding the con nection in the PBX holding in the system and holding in the switch board or by the SIP provider Ho...

Page 452: ...ns The IKE process runs in two phases During phase 1 the IKE subscribers authenticate them selves to one another and establish a secure channel In phase 2 the two IPSec subscribers negotiate the SAs T...

Page 453: ...et Protocol IP in the form of a tunnel VPN The protocol number for IPSec depends on the protocol used The Authentification Header AH uses protocol number 51 while the Encapsulating Security Payload ES...

Page 454: ...d the L2TP network server LNS The LAC establishes the connections to the LNS and man ages them The authorisation is regulated using a network access server NAS which can be implemented in the LAC or L...

Page 455: ...ansmission rate of 300 Mbit s MAC address The Media Access Control address MAC address is the hardware address of the network adapter and is used to identify the device at the hardware level Main Mode...

Page 456: ...electronic device that converts digital signals to fre quency signals in order to distribute data in a wired or wireless net work MOH See Music on hold MPDU The MAC Protocol Data Unit MPDU refers to...

Page 457: ...F is a signalling method for automatic telephone routing Key inputs are represented by overlaid sinusoid al signals See also Pulse dialling Multilink With multilink multiple interfaces PPP PPPoE are c...

Page 458: ...nector is called a TAE with an analogue connection an NTBA with the basic ISDN connection and NTPMGF with the ISDN Primary Rate Interface In the NT operation the gateway is connected to the PABX s ext...

Page 459: ...procedures on an in ternal terminal that is not part of active call allocation PIM The Protocol Independent Multicast PIM enables the dynamic rout ing of multicast packets on the Internet PIN A person...

Page 460: ...ption Example Point to point connection number 1234 number block 1 99 numbers of the individual extensions 1234 1 1234 2 1234 3 See also Point to multipoint connection Pool An address pool is a collec...

Page 461: ...o called a PRI or S2Minterface A Primary Rate Interface offers 30 user channels B channels each with 64 kbits s in Europe and 23 in the USA one control channel D channel with 64 kbits s and one synchr...

Page 462: ...Control is used where necessary to reduce the size of data packets during a telephone conversation so that voice packets are not blocked Registrar The SIP server registrar needs to be used in case th...

Page 463: ...ertisements are messages that the router sends to the network They announce the presence of the router in the network Router announcements are also used to issue prefixes organise the autoconfiguratio...

Page 464: ...of databases These are the Security Policy Database SPD and the Security Association Database SAD The SAD receives information about every security connection That is which encryption algorithms keys...

Page 465: ...as a point to multipoint connection It is used to connect VoIP terminals Multiple subscriber numbers MSNs are provided See also Direct dial in VoIP SIP The Session Initiation Protocol is a network pro...

Page 466: ...data and telephone lines SRTP The Secure Real Time Transport Protocol SRTP is the variant of the Real Time Transport Protocol RTP that is encrypted using AES SSH Secure Shell SSH is a network protocol...

Page 467: ...ograms on a PC Subnet A sub network in an IP network is known as a subnet A subnet is defined like a normal network via an IP address and sub netmask IPv4 and prefix length IPv6 Example 192 168 1 250...

Page 468: ...CP The Transmission Control Protocol TCP is a connection oriented protocol It works on the transport layer of the OSI model With a connection oriented protocol a logical connection is established be f...

Page 469: ...e service The Time protocol is used to synchronise the date and time The protocol uses port 37 via TCP and UDP Time slot A time slot is a period of time which is permanently assigned within a transmis...

Page 470: ...esses that are not routed They can be used in private networks e g a LAN ULAs begin with the prefix fd UMTS The Universal Mobile Telecommunications System UMTS also known as 3G is a mobile communicati...

Page 471: ...ransmitting of voice via an IP network The telephone is connected and disconnected using signalling protocols e g SIP VPN A virtual private network VPN is used to transport private data packets throug...

Page 472: ...ccess WPA is an encryption protocol for WLANs WPA 2 uses AES WPA Enterprise With WPA 1 2 WPA Enterprise enables subscribers to be authen ticated using the Extensible Authentication Protocol EAP After...

Page 473: ...sms to IKE After a successful phase 1 authentication the user can be separately identified again The identifying is done using the username and password PAP CHAP or hardware based systems Zone A zone...

Page 474: ...s 199 Allowed Addresses 130 Allowed HotSpot Client 386 Always on 201 209 214 APN 341 ARP Processing 125 Assigned Wireless Network VSS 117 Associated Line 321 ATM Interface 223 ATM PVC 214 ATM Service...

Page 475: ...54 167 172 176 182 187 190 201 209 214 223 237 243 252 259 264 285 286 287 288 289 291 296 301 309 312 316 319 321 327 338 343 356 361 388 392 Destination 280 282 Destination Address Length 147 Destin...

Page 476: ...active 151 Generate Private Key 72 Generation Mode 97 207 219 Grace time 133 Group Description 61 163 164 Group ID 376 High Priority Class 176 Host 330 Host Name 334 IGMP Proxy 197 IGMP Snooping 125 I...

Page 477: ...Burst Size MBS 227 Maximum Downstream Bandwidth 309 Maximum Number of Dialup Retries 207 212 219 Maximum Response Time 196 Maximum Upload Speed 179 182 233 Maximum Upstream Bandwidth 309 Members 285 2...

Page 478: ...S Server 327 Prioritisation Algorithm 179 Prioritize TCP ACK Packets 207 212 219 226 Priority 61 182 318 327 Priority Queueing 182 Propagate PMTU 262 Proposals 252 259 Protocol 155 167 172 187 243 289...

Page 479: ...y 407 Short Guard Interval 123 Short Retry Limit 123 Silent Deny 192 SIP Endpoint IP Address 296 301 SIP Header Field FROM Display 305 SIP Header Field FROM User 305 SIP Header Field P Asserted 305 SI...

Page 480: ...iption 341 341 Vendor ID 341 341 Vendor Mode 61 Vendor Option String 341 Vendor Specific Information DHCP Op tion 43 339 Version Check 361 Virtual Channel Connection VCC 227 230 Virtual Channel Identi...

Page 481: ...on 417 418 DNS domains search list 350 DNS Requests 332 DNS Server 351 Domain Name 325 Done 139 Drop non members 103 Drop untagged frames 103 Dropped 416 421 DSA Key Status 56 Duration 417 418 Dynamic...

Page 482: ...ions 55 Maximum Number of Syslog Entries 38 Maximum Sources 198 Maximum TTL for Negative Cache Entries 325 Maximum TTL for Positive Cache Entries 325 Media Gateway Status 312 Media Stream Termination...

Page 483: ...112 SMS Device 410 SMTP Authentication 409 SMTP Port 409 SMTP Server 409 SNMP Listen UDP Port 58 SNMP multicast discovery 58 SNMP Read Community 42 SNMP Trap Broadcasting 411 SNMP Trap Community 411...

Page 484: ...l Translation 320 Certificate List 70 Certificate Servers 78 CLID Translation 319 Client Management 136 Controlled Interfaces 233 CRLs 77 Current Calls 417 Date and Time 42 DHCP Configuration 338 DHCP...

Page 485: ...s 329 Statistics 332 418 Syslog Servers 403 System 38 System Licences 46 System Messages 414 System Reboot 402 Telnet 53 Traceroute Test 396 Trigger 355 User 353 Users 68 VLANs 102 Wake On LAN Filter...

Page 486: ...2 3 75 A Access via LAN 24 ADSL Line Profile 89 Assistants 35 Authentication key 271 Autoconfiguration on Bootup 82 B Basic configuration 16 Basic settings in ex works state 9 Bearer Service 85 C Con...

Page 487: ...balancing Configuration example 169 Local Services 323 M Map Resolver IP Address 272 Map Server IP Address 271 Map Register time period in sec 271 272 Map Resolver IP Address 274 Maximum number of cac...

Page 488: ...Switch Port 80 System Management 36 System requirements 16 Systemsoftware 16 T Time controlled Tasks Configuration example 372 Transmit Shaping 88 U Upstream 87 User access 21 V VPN 235 W Wall mounti...

Reviews:

No comments

Related manuals for be.IP 4isdn

Moxa Technologies MGate MB3180 Quick Installation Manual preview
MGate MB3180
Brand: Moxa Technologies Pages: 6
RAKwireless RAK7243 Pilot Gateway Pro User Manual preview
RAK7243 Pilot Gateway Pro
Brand: RAKwireless Pages: 18
Rath 2100-GSM4 Data Sheet / Manual preview
2100-GSM4
Brand: Rath Pages: 2
MSA fieldserver EZ Series Operating Manual preview
fieldserver EZ Series
Brand: MSA Pages: 61
Patton electronics SmartNode 4170 User Manual preview
SmartNode 4170
Brand: Patton electronics Pages: 52
Casa Systems NetComm CloudMesh NL19MESH Backup And Restore Configuration Manual preview
NetComm CloudMesh NL19MESH
Brand: Casa Systems Pages: 3
Telecom FM OneStream BRI Programming Manual preview
OneStream BRI
Brand: Telecom FM Pages: 79
Arrive AirPoint 2011-BYMG Installation Manuals preview
AirPoint 2011-BYMG
Brand: Arrive Pages: 2
Discovery Telecom GoIP User Manual preview
GoIP
Brand: Discovery Telecom Pages: 46
TVILIGHT Gateway 3.1 Installation Manual preview
Gateway 3.1
Brand: TVILIGHT Pages: 15
ZyXEL Communications AMG1202-T series User Manual preview
AMG1202-T series
Brand: ZyXEL Communications Pages: 320
sauter SMS EAGLE Manual preview
SMS EAGLE
Brand: sauter Pages: 26
Lucent Technologies AnyMedia Line Access Gateway Brochure & Specs preview
AnyMedia Line Access Gateway
Brand: Lucent Technologies Pages: 4
E-Senza SenzaGate SG151lite Manual preview
SenzaGate SG151lite
Brand: E-Senza Pages: 28
2N ISDN BRI GSM User Manual preview
ISDN BRI GSM
Brand: 2N Pages: 109
2N VoiceBlue Lite User Manual preview
VoiceBlue Lite
Brand: 2N Pages: 135
2N VoiceBlue MAX User Manual preview
VoiceBlue MAX
Brand: 2N Pages: 143
Banner SureCross DX70 Series Manual preview
SureCross DX70 Series
Brand: Banner Pages: 29

Brands by name

Popular brands

Load more brands