manualshive.com logo in svg

BinTec RS353j, User Manual

The BinTec RS353j is a top-of-the-line networking device designed to optimize your connectivity. Ensure smooth operation with the comprehensive User Manual available for free download from manualshive.com. This manual provides detailed instructions on setup and troubleshooting, making it easy to maximize the potential of your RS353j.

Share
Download
background image

Chapter 16 VPN

A connection that uses the Internet as a "transport medium" but is not publicly accessible is
referred to as a VPN (Virtual Private Network). Only authorised users have access to such
a VPN, which is seemingly also referred to as a VPN tunnel. Normally the data transported
over a VPN is encrypted.

A VPN allows field staff or staff working from home offices to access data on the company's
network. Subsidiaries can also connect to head office over VPN.

Various protocols are available for creating a VPN tunnel, e.g. IPSec or PPTP.

The connection partner is authenticated with a password, using preshared keys or certific-
ates.

With IPSec the data is encrypted using AES or 3DES, for example; with PPTP, you can
use MPPE.

16.1 IPSec

IPSec enables secure connections to be set up between two locations (VPN). This enables
sensitive business data to be transferred via an unsecure medium such as the Internet.
The devices used function here as the endpoints of the VPN tunnel. IPSec involves a num-
ber of Internet Engineering Task Force (IETF) standards, which specify mechanisms for the
protection and authentication of IP packets. IPSec offers mechanisms for encrypting and
decrypting the data transferred in the IP packets. The IPSec implementation can also be
smoothly integrated in a Public Key Infrastructure (PKI, see

Certificates

on page 97). IPSec

implementation achieves this firstly by using the Authentication Header (AH) protocol and
Encapsulated Security Payload (ESP) protocol and secondly through the use of crypto-
graphic key administration mechanisms like the Internet Key Exchange (IKE) protocol.

Additional Traffic Filter

bintec elmeg gateways support two different methods of setting up IPSec connections:

• a method based on policies and

• a method based on routing.

The policy-based method uses data traffic filters to negotiate the IPSec phase 2 SAs. This
allows for a very "fine-grained" filter to be applied to the IP packet, even at the level of the
protocol and the port.

bintec elmeg GmbH

16 VPN

bintec RS Series

323

Summary of Contents for RS353j

Page 1: ...Manual bintec RS Series New Generation Copyright Version 2 1 2014 bintec elmeg GmbH bintec elmeg GmbH Manual bintec RS Series 1...

Page 2: ...u must monitor the product in order to avoid unwanted charges bintec elmeg GmbH accepts no re sponsibility for data loss unwanted connection costs and damage caused by unintended operation of the prod...

Page 3: ...General Product Features 13 3 1 6 Reset 14 3 2 Cleaning 15 3 3 Pin Assignments 15 3 3 1 USB console interface 15 3 3 2 Ethernet interface 16 3 3 3 xDSL interface 16 3 3 4 ISDN S0 port 17 3 3 5 USB in...

Page 4: ...n 28 4 5 Setting up wireless LAN 28 4 6 Software Update 29 Chapter 5 Access and configuration 31 5 1 Access Options 31 5 1 1 Access via LAN 31 5 1 2 Access via the Console Interface 34 5 1 3 Access ov...

Page 5: ...3 SNMP 77 7 5 Remote Authentication 79 7 5 1 RADIUS 79 7 5 2 TACACS 85 7 5 3 Options 88 7 6 Configuration Access 89 7 6 1 Access Profiles 89 7 6 2 Users 93 7 7 Certificates 97 7 7 1 Certificate List 9...

Page 6: ...nistration 140 Chapter 10 Wireless LAN 141 10 1 WLAN 142 10 1 1 Radio Settings 142 10 1 2 Wireless Networks VSS 152 10 1 3 Client Link 161 10 1 4 Bridge Links 164 10 2 Administration 165 10 2 1 Basic...

Page 7: ...Client Management 201 11 5 Neighbor Monitoring 202 11 5 1 Neighbor APs 202 11 5 2 Rogue APs 203 11 5 3 Rogue Clients 204 11 6 Maintenance 205 11 6 1 Firmware Maintenance 206 Chapter 12 Networking 208...

Page 8: ...256 12 6 1 Drop In Groups 256 Chapter 13 Routing Protocols 260 13 1 RIP 260 13 1 1 RIP Interfaces 260 13 1 2 RIP Filter 262 13 1 3 RIP Options 265 Chapter 14 Multicast 268 14 1 General 269 14 1 1 Gene...

Page 9: ...rfaces 321 Chapter 16 VPN 323 16 1 IPSec 323 16 1 1 IPSec Peers 324 16 1 2 Phase 1 Profiles 340 16 1 3 Phase 2 Profiles 349 16 1 4 XAUTH Profiles 354 16 1 5 IP Pools 356 16 1 6 Options 357 16 2 L2TP 3...

Page 10: ...393 17 4 Services 394 17 4 1 Service List 394 17 4 2 Groups 396 Chapter 18 VoIP 398 18 1 SIP 398 18 1 1 Options 398 18 2 RTSP 399 18 2 1 RTSP Proxy 399 Chapter 19 Local Services 401 19 1 DNS 401 19 1...

Page 11: ...Filter 424 19 5 1 General 425 19 5 2 Filter List 427 19 5 3 Black White List 429 19 5 4 History 430 19 6 CAPI Server 430 19 6 1 User 430 19 6 2 Options 432 19 7 Scheduling 433 19 7 1 Trigger 433 19 7...

Page 12: ...3 2 VR Synchronisation 481 19 13 3 Options 483 Chapter 20 Maintenance 484 20 1 Diagnostics 484 20 1 1 Ping Test 484 20 1 2 DNS Test 485 20 1 3 Traceroute Test 485 20 2 Software Configuration 486 20 2...

Page 13: ...507 22 1 1 System Messages 507 22 2 IPSec 508 22 2 1 IPSec Tunnels 508 22 2 2 IPSec Statistics 510 22 3 ISDN Modem 511 22 3 1 Current Calls 511 22 3 2 Call History 512 22 4 Interfaces 513 22 4 1 Stat...

Page 14: ...22 8 1 QoS 524 Glossary 526 Index 554 Table of Contents bintec elmeg GmbH xii bintec RS Series...

Page 15: ...utes from a Windows PC with the help of a Configuration Wizard and how to install other useful online assistants At the end of the chapter you will be in a position to surf the Internet send or receiv...

Page 16: ...ers easy to use func tions and a comprehensive overview of devices their parameters and files By using SNMP multicast all of the devices in your local network can be located irrespect ive of their cur...

Page 17: ...the basic func tions on your device Reset This chapter explains how to reset your device to the ex works state Technical data This section contains a description of all the device s technical propert...

Page 18: ...following visual aids List of visual aids Symbol Use Indicates practical information Indicates general and important points Indicates a warning of risk level Attention points out possible dangers tha...

Page 19: ...s written bold e g Windows Start menu Indicates keys key combinations and Windows terms bold e g Licence Key Indicates fields italic e g Indicates values that you enter or that can be configured Onlin...

Page 20: ...please contact our bintec elmeg service Incorrect cabling of the ISDN and ETH interfaces may also damage your device Con nect only the ETH interface of the device to the LAN interface of the computer...

Page 21: ...Connect the first switch port ETH1 yellow connector your device through the sup plied Ethernet cable to your LAN to configure the device The device automatically detects whether It is connected to a...

Page 22: ...vices are optionally equipped with straps in the housing on the wall as a table top unit or for installation in 19 inch cabinet Use as a table top device Attach the four self adhesive feet on the bott...

Page 23: ...10 100 1000 Base T Ethernet interfaces 4 BRI black SFP Slot for 10 100 1000 Mbit s Ethernet SFP module optional 5 USB USB connection type A 6 USB CONSOLE USB console type B 7 FUNCTION Function button...

Page 24: ...ion about specific activities and states of the device The LEDs are arranged as follows Fig 5 Arrangement of the LEDs LED status display LED Farbe Status Information POWER green on Power supply is con...

Page 25: ...ic via LTE send receive off No LTE connection BRI green on D channel is active green flashing At least one B channel is active off No ISDN connection LAN 1 bis 4 LINK ACT green on Ethernet connection...

Page 26: ...er cable 19 Mounting frame Screws Ethernet cable yellow xDSL cable Type 2 gray ISDN cable black Power cable 19 Mounting frame Screws 2 exteral WLAN an tenna Ethernet cable yellow xDSL cable Type 2 gra...

Page 27: ...of the device 4 7 Watt Voltage supply AC 100 bis 240 V 50 bis 60 Hz Environmental requirements Storage temperature 25 C to 70 C Operating temperature 0 C to 40 C Relative atmospheric humidity 10 to 95...

Page 28: ...J45 socket white RJ45 socket white RJ45 socket white VDSL ADSL RJ45 socket gray RJ45 socket gray RJ45 socket gray ISDN BRI interface RJ45 socket black RJ45 socket black RJ45 socket black USB USB Ansch...

Page 29: ...antistatic cloth Do not use solvents Never use a dry cloth the electrostatic charge could cause electronic faults Make sure that no moisture can enter the device and cause damage 3 3 Pin Assignments 3...

Page 30: ...ellow The devices also have a fifth Eth ernet interface white Fig 7 10 100 1000 Base T Ethernet interface RJ45 connector The pin assignment for the 10 100 1000 Base T Ethernet interface RJ45 connector...

Page 31: ...d 8 Not used 3 3 4 ISDN S0 port Some devices have an ISDN BRI S0 interface which can be used for backup functions for example The connection is made via an RJ45 connector black Fig 9 ISDN S0 BRI inter...

Page 32: ...ket Pin Position 1 Vbus 2 D 3 D 4 GND Shell Shield 3 4 Inserting the SIM card Proceed as follows to insert the SIM card Access the card slot at the bottom of the device by removing the screw form the...

Page 33: ...r new product or are looking for additional information the bintec elmeg GmbH Support Centre can be reached Monday to Friday between the hours of 9 am and 5 pm They can be contacted as follows Interna...

Page 34: ...3 6 WEEE information 3 Installation bintec elmeg GmbH 20 bintec RS Series...

Page 35: ...Presettings 4 1 1 IP Configuration Your device is shipped with a pre defined IP configuration IP Address Netmask Use the following access data to configure your device in an ex works state User Name...

Page 36: ...ware Configuration menu For a description of the update procedure see Software Update on page 29 4 2 System requirements For configuration of the device your PC must meet the following system requirem...

Page 37: ...ice is in the ex works state Internet access optional Wireless LAN optional The following tables show examples of possible values for the necessary data You can enter your personal data in the Your va...

Page 38: ...T Online number usually 12 digits Joint user account Note To configure T Online Internet access enter the following succession of numbers without intervening spaces in the User Name field User accoun...

Page 39: ...articular attention must therefore be paid to protecting the wireless connection Note the following Follow the safety precautions when configuring your WLAN Please also read Sicherheit im Funk LAN Sec...

Page 40: ...address of your device 192 168 0 254 in a supported browser Internet Explorer 6 or 7 Mozilla Firefox ver sion 1 2 or later and entering the pre configured login information User Password 4 3 3 Modify...

Page 41: ...select the Assistants Internet Access menu 2 With New make a new entry and take over the Connection Type 1 35 0 3 Follow the steps shown by the wizard The wizard has its own online help which of fers...

Page 42: ...wed by a space and then the IP ad dress of your device e g A window appears with the response 2 Test the internet access by entering www bintec elmeg com in the internet browser bintec elmeg GmbH s In...

Page 43: ...ured preshared key 5 Exit each menu with OK Note Windows XP allows several menus to be modified Depending on the configuration the path to the wireless network connection you want to configure may be...

Page 44: ...so your device will be updated automatically When installation of the new software is complete you will be invited to re start the device Caution After confirming with Go the update cannot be aborted...

Page 45: ...et or SSH Caution If you carry out the initial configuration with the GUI this can result in inconsistencies or malfunctions as soon as you carry out additional settings using other configuration opti...

Page 46: ...ly viewable Telnet session you can also con nect to your device via an SSH connection This is encrypted so all the remote mainten ance options can be carried out securely The following preconditions m...

Page 47: ...e available you ll see in both fields RSA Key Status and DSA Key Status the value 5 If one or both of these fields contains the value you must generate the relevant key To have the device generate the...

Page 48: ...settings 5 1 2 Access via the Console Interface Each bintec elmeg gateway has a console interface with which a PC can be connected dir ectly Access via the console interface is ideal if you are settin...

Page 49: ...ith an ISDN card in the remote LAN The device to be configured in your own LAN is reached via a number of the ISDN connection e g 1234 This enables the administrator in the Remote LAN to configure you...

Page 50: ...isations Read and change system variables save configurations use GUI 8 2 Read and write system variables except passwords changes are lost when you switch off your device 2 Read system variables exce...

Page 51: ...Interface Log in via the HTML surface as follows 1 Enter your user name in the User field of the input window 2 Enter your password in the Password field of the input window and confirm with Re turn...

Page 52: ...password you cannot make any configuration settings This applies to all types of configuration 5 3 1 GUI Graphical User Interface GUI is a web based graphic user surface that you can use from any PC...

Page 53: ...d switched on and that all the necessary cables are correctly connected see on page 2 Check the settings of the PC from which you want to configure your device see Con figuring a PC on page 25 3 Open...

Page 54: ...ndow Fig 14 Areas of the GUI Header Fig 15 GUI header GUI header Menu Position Language In the dropdown menu choose the language in which you want to display the GUI Here you can choose the language i...

Page 55: ...ub menu where you are now is displayed Logout If you want to end the configuration click this button to log out of your device A window is opened offering you the fol lowing options Save configuration...

Page 56: ...You have the following two options i e save the current configuration as the boot configuration 7 9 i e save current configuration as boot configuration while also archiving previous boot configurati...

Page 57: ...ngs tab which displays the addi tional options Configuration elements The various actions that you can perform when configuring your device in the GUI are triggered by means of the following buttons G...

Page 58: ...he list entry that selected entry is to be placed in front of after Creates another list entry first and opens the configuration menu Sets the status of the entry to Sets the status of the entry to 3...

Page 59: ...er rule you want under Fil ter in x Option y and entering the search word in the input field launches filter operation Configuration elements Some lists contain configuration elements You can therefor...

Page 60: ...e existing list entry You go to the configuration menu Menu Click this tab to display extended configuration options The following options are available for the configuration GUI configuration element...

Page 61: ...rovide information on any incorrect configurations Warning symbols Symbol Meaning This symbol appears in messages referring you to settings that were made with the Setup Tool This symbol appears in me...

Page 62: ...depth system knowledge of bintec devices 5 3 2 SNMP shell SNMP Simple Network Management Protocol is a protocol that defines how you can ac cess the configuration settings All configuration settings a...

Page 63: ...serial number MAC address and software versions The BOOTmonitor is started as follows The devices passes through various functional states when starting Start mode BOOTmonitor mode Normal mode After...

Page 64: ...t value is 115200 baud make sure the terminal program used also uses this baudrate If this is not the case you will not be able to es tablish a console connection to the device 5 Access and configurat...

Page 65: ...ollowing basic configuration tasks First steps Internet Access VPN Wireless LAN VoIP PBX in LAN Choose the corresponding task from the navigation bar and follow the instructions and ex planations on t...

Page 66: ...overview of the following data System status Your device s activities Resource utilisation active sessions and tunnels Status and basic configuration of the LAN WAN ISDN and ADSL interfaces Informatio...

Page 67: ...vice serial number BOSS Version Displays the currently loaded version of the system software Last configuration stored Displays day date and time of the last saved configuration boot configuration in...

Page 68: ...nterfaces are listed here and their most important settings are shown The system also displays whether the inter face is connected or active Connection Information for Ethernet interfaces IP address N...

Page 69: ...tion Information Link All the WAN interfaces are listed here and their most important settings are shown The system also displays whether the inter face is active 7 2 Global Settings The basic system...

Page 70: ...um of 255 characters is pos sible Maximum Number of Syslog Entries Enter the maximum number of syslog messages that are stored internally in the device Possible values are to The default value is You...

Page 71: ...in process entries that are stored internally in the device Possible values are to The default value is Manual WLAN Control ler IP Address This function is only available on devices with a wireless LA...

Page 72: ...and password As long as the password remains unchanged they are not protected against unauthorised use Make sure you change the passwords to prevent unauthorised access to the device If the password...

Page 73: ...eys in clear text Define whether the passwords are to be displayed in clear text plain text The function is enabled with 7 The function is disabled by default If you activate the function all password...

Page 74: ...s independent of the exchange time or the ntp server time Summer time starts on the last Sunday in March by switching from 2 a m to 3 a m The calendar related or schedule related switches that are sch...

Page 75: ...rity A manually entered system time is therefore overwritten The menu System Management Global Settings Date and Time consists of the fol lowing fields Fields in the menu Basic Settings Field Descript...

Page 76: ...omain name or an IP address In addition select the protocol for the time server request Possible values default value This server uses the simple network time protocol via UDP port 123 5 This server u...

Page 77: ...omatic ally updated The default value is Time Update Policy Enter the time period after which the system attempts to contact the time server again following a failed time update Possible values 1 defa...

Page 78: ...that the system time is up dated every time the GPS is fixed The function is activated by selecting 1 The function is disabled by default 7 2 4 System Licences This chapter describes how to activate t...

Page 79: ...ayed Description Licence Type Licence Serial Number Status Possible values for Status Licence Meaning OK Subsystem is activated Not OK Subsystem is not activated Not supported You have entered a licen...

Page 80: ...hardware serial number If is displayed as the status you have entered a license for a sub system that your device does not support This means you cannot use the functions of this licence Deactivating...

Page 81: ...de up of the following parts a WLAN b Number of the physical port 1 or 2 Example 203 The name of the Ethernet port is made up of the following parts a ETH b Number of the port Example The name of the...

Page 82: ...he name of the virtual interface connected to an Ethernet port is made up of the following parts a Abbreviation for interface type b Number of the Ethernet port c Number of the interface connected to...

Page 83: ...bridge group is automatically created after you click the OK button Configuration Interface Select the interface via which the configuration is to be carried out Possible values 1 default value Ex wo...

Page 84: ...s clients with the MAC Bridge function In wildcard mode you cannot define how Unicast non IP frames or non ARP frames are pro cessed To use the MAC bridge function you must carry out configuration ste...

Page 85: ...erfaces is used as the wildcard MAC address This wildcard MAC address can only be reset by rebooting the device or by selecting another wildcard mode 1 If you choose this setting the internal WLAN MAC...

Page 86: ...s parameters 1 and for the ISDN interfaces 5 0 For PABX systems only You can also authorise your device for maintenance work from bintec elmeg s Customer Service department To do this you enable eithe...

Page 87: ...ative Access Access Add The System Management Administrative Access Access Add menu consists of the following fields Fields in the menu Access Field Description Interface Select the interface for whic...

Page 88: ...bintec elmeg com To be able to reach the shell of your device via an SSH client make sure the settings for the SSH Daemon and SSH client are the same Note If configuration of an SSH connection is not...

Page 89: ...The default value is Fields in the menu Authentication and Encryption Parameters Field Value Encryption Algorithms Select the algorithms that are to be used to encrypt the SSH connection Possible opt...

Page 90: ...s dis played in red and a link is provided If you select the link the generation process is triggered and the view is up dated The status is displayed in green When generation has been completed succe...

Page 91: ...rk Management Protocol is a network protocol used to monitor and control network elements e g routers servers switches printers computers etc from a central station SNMP controls communication between...

Page 92: ...ess Possible values SNMP Version 1 Community Based SNMP Version 2 SNMP Version 3 By default and are enabled If no option is selected the function is deactivated SNMP Listen UDP Port Shows the UDP port...

Page 93: ...onnection your device sends a request with user name and password to the RADIUS server which then searches its database If the user is found and can be au thenticated the RADIUS server sends correspon...

Page 94: ...mation in the user database of the RADIUS server it sends an ACCESS_REJECT to reject the connection ACCOUNTING_START Client Server If a RADIUS server is used for accounting your device sends an accoun...

Page 95: ...be used for Possible values 3 default value only for PPP connec tions The RADIUS server is used for controlling access to a network 3 for PPP connections only The RADIUS server is used for recording s...

Page 96: ...re a user password for each RADI US request Enter the password that your device sends as the default user password in the prompt for the dialout routes on the RADIUS server Priority If a number of RAD...

Page 97: ...ed A negative response to a request is not accepted A request is sent to the next RADIUS server un til your device receives a response from a server configured as authoritative UDP Port Enter the UDP...

Page 98: ...e attempts the Status is set to 7 In Alive Check 1 your device attempts to reach the server every 20 seconds If the server responds Status is set back to 1 Possible values are whole numbers between an...

Page 99: ...by bintec elmeg devices The following TACACS functions are available on your device Authentication for login shell Command authorisation on the shell e g telnet show TACACS uses TCP port 49 and estab...

Page 100: ...r is to be used for login authentication to your device Server IP Address Enter the IP address of the TACACS server that is to be re quested for login authentication TACACS Secret Enter the password t...

Page 101: ...ity see Priority until a positive response is received or a negative response has been received from an authoritative server 3 A negative response to a request is accep ted i e a request is not sent t...

Page 102: ...all related inform ation are transferred unencrypted Unencrypted transfer is not recommended as a default setting and should only be used for debugging 7 5 3 Options This setting possible here causes...

Page 103: ...ion Access In the Configuration Access menu you can configure user profiles To do so you create access profiles and users and assign each user at least one access profile An access profile makes avail...

Page 104: ...entries Choose the New button to create additional ac cess profiles To create an access profile you can use all the entries in the navigation bar of the GUI plus Save configuration and Switch to SNMP...

Page 105: ...s Profiles New con sists of the following fields Fields in the menu Basic Settings Field Description Description Enter a unique name for the access profile Level No The system automatically assigns a...

Page 106: ...ser view access the parameters and modify all the settings displayed there Caution Note that the permission for Switch to SNMP Browser means that the user can access the entire MIB because no individu...

Page 107: ...blocked 311 7 The menu is released Lower level menus may need to be specifically released 311 7 11 The menu and all its lower level menus are re leased You can select 311 7 and 311 7 11 in the corres...

Page 108: ...ment Configuration Access Users You can click the button to display the details of the configured user You can see which fields and menus are assigned to the user 7 System Management bintec elmeg GmbH...

Page 109: ...ted If a row is flagged with the icon the information is released for reading and writing The icon indicates blocked entries 7 6 2 1 Edit or New Choose the icon to edit existing entries Choose the New...

Page 110: ...is not enabled a warning message displays Enable or disable User must change password The function is enabled with 1 The function is disabled by default Access Level Use Add to assign at least one acc...

Page 111: ...a passport and as such certificates can be issued by several different issuers and in varying qualities the trustworthiness of the is suer is extremely important The quality of a certificate is regula...

Page 112: ...tificate List The certificates and keys themselves cannot be changed but a few external attributes can be changed depending on the type of the selected entry The System Management Certificates Certifi...

Page 113: ...the own er of this certificate Possible settings 5 1 No CRLs check 317 CRLs are always checked 1 6 0 5 default value A check is only carried out if a CRL Distribution Point entry is included in the c...

Page 114: ...your device also supports separ ate registration authority certificates Registration authority certificates are used by some Certificate Authorities CAs to handle certain tasks signature and encrypti...

Page 115: ...equest menu Field Description Certificate Request De scription Enter a unique description for the certificate Mode Select the way in which you want to request the certificate Possible settings 1 defau...

Page 116: ...SCEP URL Only for Mode 6 Enter the URL of the SCEP server e g ht tp scep bintec elmeg com 8080 scep scep dll Your CA administrator can provide you with the necessary data CA Certificate Only for Mode...

Page 117: ...tion with the RA you can select another one here to encrypt com munication The default value is 3 6 i e the same certificate is used as for signing Password Only for Mode 6 You may need a password fro...

Page 118: ...Only for Custom disabled Enter the e mail address according to CA Organizational Unit Only for Custom disabled Enter the organisational unit according to CA Organization Only for Custom disabled Enter...

Page 119: ...tion Autosave Mode Select whether your device automatically stores the various steps of the enrolment internally This is an advantage if enrol ment cannot be concluded immediately If the status has no...

Page 120: ...Enter a unique description for the certificate File Encoding Select the type of coding so that your device can decode the certificate Possible values 3 default value Activates automatic code recogniti...

Page 121: ...in networks 7 7 2 1 Import Choose the Import button to import CRLs Fig 44 System Management Certificates CRLs Import The System Management Certificates CRLs Importmenu consists of the following fields...

Page 122: ...issues the private key and provides certificate revocation lists CRL that are accessed by the device via LDAP or HTTP in order to verify certificates 7 7 3 1 New Choose the New button to set up a cer...

Page 123: ...ernet If in doubt carry out the configuration using a console connection via the Console interface ETH1 ETH4 The interfaces can be used separately They are logically separated from each other each sep...

Page 124: ...when managed switches are used with the QoS function 8 1 1 Port Configuration Port Separation Your device makes it possible to run the switch ports as one interface or to logically separ ate these fr...

Page 125: ...net ports on the back of the device Switch Port 5 Port ETH5 is configured here Ethernet Interface Se lection Assign a logical Ethernet interface to the switch port You can select from five interfaces...

Page 126: ...ontrol is performed 1 Flow control is performed 3 Automatic flow control is performed 8 2 ISDN Ports In this menu you configure the ISDN interface of your device Here you enter data such as the type o...

Page 127: ...connections being set up In the Physical Interfaces ISDN Ports ISDN Configuration menu a list of all ISDN ports and their configuration are displayed 8 2 1 1 Edit Choose the button to edit the config...

Page 128: ...DN Configuration Type is dis played Possible values All possible values for the Port Usage and the ISDN Config uration Type Detection is still running Port Usage Only if Autoconfiguration on Bootup is...

Page 129: ...31 TEI Possible values 63 63 5 1 9 7 default value 63 and 63 5 1 are only for the use of X 31 TEI for CAPI applications For 63 the TEI value set in the CAPI ap plication is used For 63 5 1 the value o...

Page 130: ...rrently has no connection to the Internet the ISDN call causes a connection to be set up The identification of the caller from his or her ISDN number is enough information to initiate setting up a tun...

Page 131: ...a call is to be assigned on the MSN below Possible values 5 0 default value Enables login with 5 0 Default setting for PPP routing Contains automatic detection of the PPP connections stated below ex...

Page 132: ...oming call Possible values 0 default value 0 55 Always select if your device is con nected to a point to point connection Bearer Service Select the type of incoming call service detection Possible val...

Page 133: ...ws the current ADSL operation mode The value cannot be changed Possible values 9 7 The ADSL link is not active 3 ANSI T1 413 35 0 ADSL classic G DMT ITU G 992 1 1 Splitterless ADSL ITU G 992 2 35 0 G...

Page 134: ...eld Description DSL Mode Select the xDSL synchronization type Possible values The xDSL interface is not active ADSL with ETSI T1 413 standard is used 35 0 ADSL1 G DMT is used 35 0 3 The ADSL mode is a...

Page 135: ...ollowing fields Fields in the Advanced Settings menu Field Description ADSL Line Profile Select the internet service provider you require and in doing so implicitly select the modem parameter set used...

Page 136: ...icon to edit the respective entry for the integrated modem or a plugged UMTS LTE USB stick Select the following entry for the corresponding UMTS LTE modem 1 The integrated modem is to be configured 1...

Page 137: ...the Basic Settings menu Field Description UMTS LTE Status Select whether the chosen UMTS LTE modem should be en abled or disabled The function is enabled with 1 The function is enabled by default Mode...

Page 138: ...he current quality of the UMTS LTE connection The value cannot be changed Preferred Network Type Only for UMTS LTE Status 1 Select which network type should preferably be used Possible values 3 defaul...

Page 139: ...re insufficient with GPRS then UMTS is used 0 UMTS is used If the strength and quality of the signal are insufficient with UMTS then LTE is used UMTS is used If the strength and quality of the signal...

Page 140: ...values 5 1 Call is not accepted default value for LTE con nections 5 0 The call is assigned to the ISDN Login subsys tem default value for UMTS connections 5 1 The call is assigned to the PPP subsyste...

Page 141: ...til the entry is corrected Note If the device has made three failed attempts to establish a connection e g because the PIN has been entered incor rectly three times you will need to enter the PUK in o...

Page 142: ...Possible values 5 1 Roaming is disabled The Home PLMN Public Land Mobile Network is used i e the provider the SIM card is registered at 3 1 Default setting Use this mode if neither Roaming Mode 5 1 no...

Page 143: ...he PLMN Fields in the menu Closed User Group Field Description Authentication APN Enter the Authentication Access Point Name for the Closed User Group that you have received from your provider Authent...

Page 144: ...evice Displays the description of the internal modem port Modem Model Displays the modem model description IMEI The IMEI International Mobile Station Equipment Identity dis plays the 15 digit serial n...

Page 145: ...ys the radio cell code of the cell the modem is currently connected to Cell ID Displays the Cell ID of the cell the modem is currently registered in Last Command Displays the last command sent to the...

Page 146: ...e groups Ethernet interfaces in routing mode You can use the New button to create virtual interfaces However this is only needed in special applications e g BRRP Depending on the option selected diffe...

Page 147: ...ice uses the IP address 192 168 42 3 for example and 192 168 46 3 for the second subnet The netmasks for both subnets must also be indicated 9 1 1 1 Edit or New Choose the icon to edit existing entrie...

Page 148: ...es default value The interface is not assigned for a specific purpose E03 This option only applies for routing inter faces You use this option to assign the interface to a VLAN This is done using the...

Page 149: ...n MAC address for the virtual interface e g 8 8 8 8 8 Some providers use hardware independent MAC addresses to allocate their clients IP addresses dynamically If your provider has assigned you a MAC a...

Page 150: ...y selecting 1 The function is disabled by default Once enabled the default value is entered in the input field 9 2 VLAN By implementing VLAN segmentation in accordance with 802 1Q you can configure VL...

Page 151: ...ing mode Using the VLAN menu you can make all the settings needed for this and query their status Caution For interfaces that operate in Routing mode you only assign a VLAN ID to the inter face You de...

Page 152: ...g fields Fields in the Configure VLAN menu Field Description VLAN Identifier Enter the number that identifies the VLAN In the menu you can no longer change this value Possible values are default value...

Page 153: ...t for which you define the PVID and processing rules PVID Assign the selected port the required PVID Port VLAN Identifi er If a packet without a VLAN tag reaches this port it is assigned this PVID Dro...

Page 154: ...ministrationmenu consists of the following fields Fields in the Bridge Group br ID VLAN Options menu Field Description Enable VLAN Enable or disable the specified bridge group for VLAN The function is...

Page 155: ...vely as possible with a low transmission power that poses no health risks A 802 11g compatible standard is 802 11b which operates in the 2 4 GHz range 2400 MHz 2485 MHz and offers a maximum data trans...

Page 156: ...AN menu you can configure all WLAN modules of your device Depending on the model one or two WLAN modules WLAN 1 and where applicable WLAN 2 are available 10 1 1 Radio Settings In the Wireless LAN WLAN...

Page 157: ...o Settings for Operation Mode 3 0 9 Fig 59 Wireless LAN WLAN Radio Settings for Operation Mode 3 61 The Wireless LAN WLAN Radio Settings menu consists of the following fields bintec elmeg GmbH 10 Wire...

Page 158: ...3n W2003n W2003n ext und W2004n series Operation Band Select the operation band and where applicable the usage area of the wireless module For Operation Mode 3 0 9 or 0 9 61 Possible values H default...

Page 159: ...to different channels Each of these should be spaced at least four channels apart as a network also partially occupies the adja cent channels In the case of manual channel selection please make sure f...

Page 160: ...umber of Spatial Streams Not for Wireless Mode Select how many traffic flows are to be used in parallel Possible values Two traffic flows are used One traffic flow is used Transmit Power Select the ma...

Page 161: ...nly a data rate of 1 and 2 mbps needs to be sup ported by all clients basic rates This mode is also needed for Centrino clients if connection problems occur Your device adapts to the client technology...

Page 162: ...sists of the following fields Fields in the Advanced Settings menu for operating mode Access Point Bridge Link Master Field Description Channel Plan Only for Operation Mode 3 0 9 and Channel 3 Select...

Page 163: ...s point The mechanism can also be switched on off independently of the data packet length by selecting the value 317 or 317 default value Short Guard Interval Enable this function to reduce the guard...

Page 164: ...d User Defined Channel Plan Only for Scan channels Define the channels which the WLAN client automatically scans for available wireless networks Roaming Profile Select the roaming profile The options...

Page 165: ...Scan Displays the minimum active scanning time for a frequency in milliseconds The value can only be modified for Roaming Profile 6 The default value is Max Period Active Scan Displays the maximum ac...

Page 166: ...e any cables for set ting up a permanent connection between the server and clients Access violations or faults may therefore occur with directly adjacent radio networks To prevent this every radio net...

Page 167: ...ndard AES to encrypt data WPA WPA Wi Fi Protected Access offers additional privacy by means of dynamic keys based on the Temporal Key Integrity Protocol TKIP and offers PSK preshared keys or Extens ib...

Page 168: ...clients The WEP key should be changed regularly To do this change the Transmit Key Select the longer 104 Bit WEP key For transmission of information with very high security relevance configure Securit...

Page 169: ...tion Network Name SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Also select whether the Network Name SSID is to be trans mitted The network nam...

Page 170: ...authentication for the wireless network Possible values default value Neither encryption nor authentica tion 2 WEP 40 bits 2 WEP 104 bits 2 3 4 WPA Preshared Key 2 3 802 11i TKIP Transmit Key Only fo...

Page 171: ...PA Mode 2 3 and 2 3 2 3 Select the type of encryption with which to apply WPA Possible values 3 AES is used 4 TKIP is used 3 4 default value AES or TKIP is used WPA2 Cipher Only for Security Mode 2 3...

Page 172: ...um number of clients that can be connected to this wireless network SSID The maximum number of clients that can register with a wire less module depends on the specifications of the respective WLAN mo...

Page 173: ...ed from the frequency band originally selected to a less busy one providing the client supports this To achieve a changeover the connection attempt of a client is initially refused so that the cli ent...

Page 174: ...rection Possible values are 1 default value up to in single Mbit s steps and Fields in the menu Advanced Settings Field Description Beacon Period Enter the time in milliseconds between the sending of...

Page 175: ...ents communicate with each other via access points only There is no direct communication between the individual clients In ad hoc mode an access client can be used as central interface between a numbe...

Page 176: ...the keys configured in WEP Key 1 4 as a de fault key The default value is 4 WEP Key 1 4 Only for Security Mode 2 2 Enter the WEP key Enter a character string with the right number of characters for t...

Page 177: ...ormance WPA2 Cipher Only for Security Mode 2 3 4 and WPA Mode 2 3 Select which encryption method is to be used Possible values 3 default value Advanced Encryption Standard 4 Temporal Key Integrity Pro...

Page 178: ...tallation Then carry out the Scan The partner should then be found AP MAC Address Shows the MAC address of the remote client Network Name SSID Displays the name of the remote client Channel Shows the...

Page 179: ...int mode the bridge link is in master mode Enter a name for the bridge link This name also serves as the ID other devices use to connect to this bridge link If the radio module is in Bridge Link Clien...

Page 180: ...n menu Field Description Region Select the country in which the access point is to be run Possible values are all the countries configured on the device s wireless module The range of channels availab...

Page 181: ...w passport and configuration in succession i e they are managed via the WLAN controller and can no longer be amended externally With the WLAN controller you can automatically detect individual access...

Page 182: ...anually The IP addresses of the wireless LAN controller must be entered for each AP in the Sys tem Management Global Settings System menu in the Manual WLAN Controller IP Address field Please note Mak...

Page 183: ...in the list At least one wireless network VSS is set up This entry cannot be deleted Click on to edit an existing entry You can also delete entries using the icon With Add you can create new entries...

Page 184: ...s to a wireless network via a RADIUS server With Add you can create new entries Enter the IP address and the password of the desired RADIUS server EAP Preauthentification For Security Mode 2 3 select...

Page 185: ...lays the wireless networks that are currently assigned The following parameters are available in the wireless module 1 menu The parts wireless module 1 and wireless module 2 are displayed if the AP ha...

Page 186: ...ur WLAN controller shall manage In the Manage column click on the desired entries or click on Select all in order to select all entries Click the Deselect all button to disable all entries and to then...

Page 187: ...hen you start the process with OK a progress bar is displayed The located AP display is updated every ten seconds 11 2 Controller Configuration In this menu you make the basic settings for the wireles...

Page 188: ...er DHCP Pool New Advanced Settings in the DHCP Options field on the Add button Select as Option 63 23 6 11 and in the Value field enter the IP address of the WLAN controller If you use static IP addre...

Page 189: ...rminated If this happens the relevant AP with the setting 23 maintains its con figuration until the connection is reestablished It then boots up and the controller and the AP then resynchronize Slave...

Page 190: ...he button The Access Point then receives the 5 status but is no longer Click on the START button under Channel reallocation in order to reassign any assigned channels e g when a new access point has b...

Page 191: ...onfiguration Slave Access Points The data for wireless module 1 and wireless module 2 are displayed in the Wireless LAN Controller Slave AP configuration Slave Access Points menu if the correspond ing...

Page 192: ...e wireless module is to be oper ated You can change the mode Possible values default value The wireless module is used as an access point in your network The wireless module is not active Active Radio...

Page 193: ...ally support these channels Possible values according to the selected wireless module pro file For Active Radio Profile H 1 Possible values are to and 3 default value For Active Radio Profile H 1 Poss...

Page 194: ...ith 2 4 GHz and a pro file with 5 GHz are created by default the 2 4 GHz profile cannot be deleted For each wireless module profile you will see an entry with a parameter set Radio Profiles Configured...

Page 195: ...he menu Radio Profile Definition Field Description Description Enter the desired description of the wireless module profile Operation Mode Define the mode in which the wireless module profile is to be...

Page 196: ...BFWA applications The frequencies in the frequency range from 5755 MHz to 5875 MHz may only be used in conjunction with commercial offers for public network accesses and requires registration with th...

Page 197: ...ds to be sup ported by all clients basic rates This mode is also needed for Centrino clients if connection problems occur Your device adapts to the client technology and operates according to either 8...

Page 198: ...is function should not be active Airtime fairness This function is not available for all devices The Airtime fairness function ensures that the access point s send resources are distributed intelligen...

Page 199: ...e With Add you can add channels If all available channels are displayed you cannot add any more entries You can also delete entries using the icon Beacon Period Enter the time in milliseconds between...

Page 200: ...pts to send a data packet of length greater than the value defined in RTS Threshold After this many failed attempts the packet is discarded Possible values are to The default value is Fragmentation Th...

Page 201: ...menu A wireless network is cre ated by default For every wireless network VSS you see an entry with a parameter set VSS Descrip tion Network Name SSID Number of associated radio modules Security Statu...

Page 202: ...arameters Field Description Network Name SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Also select whether the Network Name SSID is to be trans...

Page 203: ...t be applied together with the MAC bridge function WMM Select whether voice or video prioritisation via WMM Wireless Multimedia is to be activated for the wireless network so that optimum transmission...

Page 204: ...de Only for Security Mode 2 3 4 and 2 3 Select whether you want to use WPA with TKIP encryption or WPA 2 with AES encryption or both Possible values 2 3 2 3 default value WPA and WPA 2 can be used 2 3...

Page 205: ...Preauthentifica tion Only for Security Mode 2 3 Select whether the EAP preauthentification function is to be ac tivated This function tells your device that WLAN clients which are already connected t...

Page 206: ...finit ively rejected when the Max number of clients hard limit is reached The value of the Max number of clients soft limit must be the same as or less than that of the Max number of clients hard limi...

Page 207: ...to gain possibly unauthorised access to the net work and block them for a certain length of time A client is blocked if the number of unsuccessful login attempts with a spe cified time exceeds a certa...

Page 208: ...VLAN ID Enter the number that identifies the VLAN Possible values are to VLAN ID 1 is not possible as it is already in use Fields in the menu Bandwidth limitation for each WLAN client Field Descriptio...

Page 209: ...WLAN infrastructure Note In order to ensure adequate timing between the WLAN Controller and the connected Slave APs the internal time server of the WLAN Controller should be enabled bintec elmeg GmbH...

Page 210: ...t relevant Wireless LAN Controller parameters is displayed The display is re freshed every 30 seconds Values in the Overview list Status Meaning AP discovered Displays the number of discovered access...

Page 211: ...nected clients VSS Displays the number of connected clients per wireless network VSS over time 11 4 2 Slave Access Points Fig 74 Wireless LAN Controller Monitoring Slave Access Points LAN MAC Address...

Page 212: ...dio mod ule over time Connected clients Displays the number of connected clients per radio module over time 11 4 2 2 Radio 1 In the Radio Module menu the received and transmitted data traffic per clie...

Page 213: ...ireless LAN Controller Monitoring Active Clients In the Wireless LAN Controller Monitoring Active Clients menu current values of all active clients are displayed For each client you will see an entry...

Page 214: ...ient is authenticated Via the icon you can open a summary with additional details about the Active Clients Fig 78 Wireless LAN Controller Monitoring Active Clients Value in the list WLAN Client list S...

Page 215: ...Slave AP Name VSS MAC Address VSS Channel Status 11 4 5 Client Management Fig 80 Wireless LAN Controller Monitoring Client Management The Wireless LAN Controller Monitoring Client Management menu disp...

Page 216: ...g nal You see the following parameters for each AP SSID MAC Address Signal dBm Channel Security Last seen Strongest signal received by Total detections The entries are displayed in alphabetical order...

Page 217: ...AP Accepted Note Check the rogue APs shown carefully as an attacker could attempt to spy on data in your network using a rogue AP You can class a rogue AP as trustworthy by enabling the Accepted check...

Page 218: ...s of the client on the blacklist SSID Displays the SSID involved Attacked Access Point Displays the AP concerned Signal dBm Displays the signal strength of the client during the attempted access Type...

Page 219: ...elds in the New Blacklist Entry menu Field Description Rogue Client MAC Ad dress Enter the MAC address of the client you intend to include in the static blacklist Network Name SSID Pick the wireless n...

Page 220: ...re update Click the Deselect all button to disable all entries and to then select individual entries if required e g if there is a large number of entries and only individual APs are to be given softw...

Page 221: ...tion Select the source for the action Possible values default value The file is stored respectively on a remote server specified in the URL 6 7 The file is on the official update server Only for Actio...

Page 222: ...a corporate network connection enter a default route to the ISP and a network route to the head office You can enter several default routes on your device but only one default route can be active at...

Page 223: ...f the option is selected for the Route Class an extra configuration section opens Fig 87 Network Routes IPv4 Route Configuration New with Extended 1 The Network Routes IPv4 Route Configuration New men...

Page 224: ...traffic via that interface The set tings received from the DHCP server are then copied along with those configured here to the active routing table This en ables e g in the case of dynamically changin...

Page 225: ...es a route with the default parameters Select whether the route is to be defined with ex tended parameters If the function is active a route is created with extended routing parameters such as source...

Page 226: ...te Parameters Field Description Description Enter a description for the IP route Source Interface Select the interface over which the data packets are to reach the device The default value is Source I...

Page 227: ...efault value The route is valid for all port numbers 1 Enables the entry of a port number Enables the entry of a range of port numbers 1 Entry of privileged port numbers 0 1023 Entry of server port nu...

Page 228: ...E 1 Mode Select when the interface defined in Route Parameters Inter face is to be used Possible values 5 1 7 default value The route can be used if the interface is up If the interface is dormant th...

Page 229: ...tes IPv4 Routing Table Fields in the menu IPv4 Routing Table Field Description Destination IP Address Displays the IP address of the destination host or destination network Netmask Displays the netmas...

Page 230: ...ncoming data packets are only accepted over this interface if out going response packets are routed over the same interface You can therefore prevent the acceptance of packets with false IP addresses...

Page 231: ...ether 9 E is to be activated for the interface The function is enabled with 1 By default the function is deactivated for all interfaces 12 2 NAT Network Address Translation NAT is a function on your d...

Page 232: ...often used in order to interpret queries from the LAN as if they were coming from the WAN You can use this to test the server ser vices The function is disabled by default Silent Deny Select whether I...

Page 233: ...tly as well as translate addresses and ports For outgoing data traffic you can configure various NAT methods i e you can determine how an external host es tablishes a connection to an internal host 12...

Page 234: ...an ex ternal destination host over the NAT interface and in which an internally valid source address and internally valid source port are translated to an externally valid source address and an ex te...

Page 235: ...lues 1 default value All the data packets that match the following parameters that are to be configured protocol source IP address network mask destination IP address net mask etc are excluded by NAT...

Page 236: ...fault value 3 6 6 C 4 1 0 5 E 4 6 0 5 E C 5 Source IP Address Netmask Only for Type of traffic 5 3 or 1 2 3 Enter the source IP address and corresponding netmask of the 12 Networking bintec elmeg GmbH...

Page 237: ...iginal Source Port Range Only for Type of traffic 3 NAT method Service and Pro tocol 6 5 6 5 Enter the source port of the original data packets The default setting 311 means that the port remains unsp...

Page 238: ...Ad dress Netmask Only for Type of traffic 5 3 Enter the destination IP address and corresponding netmask to which the original destination IP address is to be translated New Destination Port Only for...

Page 239: ...essary to send data over different interfaces to increase the total bandwidth available IP load balancing en ables the distribution of data traffic within a certain group of interfaces to be controlle...

Page 240: ...g fields Fields in the Basic Parameters menu Field Description Group Description Enter the desired description of the interface group Distribution Policy Select the way the data traffic is to be distr...

Page 241: ...ed 1 Only the data rate in the send direction is con sidered By default the 5 7 1 and 1 options are disabled Distribution Mode Select the state the interfaces in the group may have if they are to be i...

Page 242: ...e Interface Selection for Distribution menu Field Description Interface Select the interfaces that are to belong to the group from the available interfaces Distribution Ratio Enter the percentage of t...

Page 243: ...e Destination IP Address of the desired route You can choose between all routes and all extended routes Tracking IP Address You can use the Tracking IP Address parameter to have a particular route mon...

Page 244: ...If you have not configured any entries the list is empty Every entry contains parameters which describe the properties of a data packet in more or less detail The first data packet which the propertie...

Page 245: ...ld Description Admin Status Select whether the Special Session Handling should be activ ated The function is activated by selecting 1 The function is enabled by default Description Enter a name for th...

Page 246: ...the related net mask Destination Port Range Enter if required a destination port number or a range of des tination port numbers Possible values 311 default value The destination port is not specified...

Page 247: ...hether when data packets are subsequently sent the two parameters Destination Address and Destination Port must have the same value as the first data packet i e whether the subsequent data packets mus...

Page 248: ...ts of three parts Creating IP filters Classifying data Prioritising data 12 4 1 QoS Filter In the Networking QoS QoS Filtermenu IP filters are configured The list also displays any configured entries...

Page 249: ...tocol 6 Select the type Possible values 3 1 5 1 1 See RFC 792 The default value is 3 Connection State With Protocol 6 you can define a filter that takes the status of the TCP connections into account...

Page 250: ...destination port is not specified Enter a destination port Enter a destination port range DSCP TOS Filter Layer 3 Select the Type of Service TOS Possible values default value The type of service is ig...

Page 251: ...the Networking QoS QoS Classification menu i e the data traffic is associated using class IDs of various classes To do this create class plans for classifying IP packets based on pre defined IP filter...

Page 252: ...class plan To select a filter at least one filter must be configured in the Networking QoS QoS Filter menu Direction Select the direction of the data packets to be classified Possible values Incoming...

Page 253: ...s used to signal the priority of IP packets indicated in binary format 5 6 5 1 E 1 Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in de...

Page 254: ...h queue and thus each data class a certain part of the total bandwidth of the interface In addition you can optimise the transmission of voice data real time data Depending on the respective interface...

Page 255: ...able bandwidth is distributed strictly according to the queue priority 2 QoS is activated on the interface The available bandwidth is distributed according to the weighting weight of the queue Excepti...

Page 256: ...s are set the queue can oc cupy the maximum bandwidth Protocol Header Size below Layer 3 Only for Traffic shaping enabled Choose the interface type to include the size of the respective overheads of a...

Page 257: ...ter Control is useful for small upload bandwidths 800 kbps Activate or deactivate Real Time Jitter Control The function is enabled with 1 The function is disabled by default Control Mode Only for Real...

Page 258: ...consists of the following fields Fields in the Edit Queue Policy menu Field Description Description Enter the name of the queue policy Outbound Interface Shows the interface for which the QoS queues a...

Page 259: ...r warding real time datagrams It is possible to configure multiple queues when RTT mode is enabled Queues with enabled RTT mode must always have a higher priority than queues with disabled RTT mode Tr...

Page 260: ...queue has been reached Possible values are to The default value is The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Dropping Algorith...

Page 261: ...lock access from or to the various hosts in connected networks This enables you to prevent undesired connections being set up via the gateway Access lists define the type of IP traffic the gateway is...

Page 262: ...re not explicitly denied i e Deny all packets that match Filter 1 Deny all packets that match Filter 2 Allow the rest or Allow all packets that are explicitly allowed i e Allow all packets that match...

Page 263: ...rs is displayed in the Networking Access Rules Access Filter menu Fig 98 Networking Access Rules Access Filter 12 5 1 1 Edit or New Choose the icon to edit existing entries To configure access fitters...

Page 264: ...e of services configured ex works includes the following 1 1 D The default value is Protocol Select a protocol The 3 option default value matches any protocol Type Only if Protocol 6 Possible values 3...

Page 265: ...ask Destination Port Range Only if Protocol 6 5 Enter a destination port number or a range of destination port numbers that matches the filter Possible values 311 default value The filter is valid for...

Page 266: ...s used to signal the priority of IP packets indicated in hexadecimal format E 1 The TOS value is specified in binary format e g 00111111 5 1 E 1 The TOS value is specified in decimal format e g 63 1 E...

Page 267: ...hains New menu consists of the following fields Fields in the Basic Parameters menu Field Description Rule Chain Select whether to create a new rule chain or to edit an existing one Possible values 7...

Page 268: ...1 Deny packet if it does not match the filter Use next rule To set the rules of a rule chain in a different order select the button in the list menu for the entry to be shifted A dialog box opens in...

Page 269: ...ts of the fol lowing fields Fields in the Basic Parameters menu Field Description Interface Select the interface for which a configured rule chain is to be as signed Rule Chain Select a rule chain Sil...

Page 270: ...a network to do this All of the interfaces are then configured with the same IP ad dress Within a segment network components which are connected to a connection can then be grouped and for example be...

Page 271: ...network components Possible values default value ARP packets and IP packets belonging to the drop in network are routed transparently unchanged ARP packets and IP packets related to the drop in netwo...

Page 272: ...t on Inter face Only for Network Configuration 5 6 Here you can select an Ethernet interface on your router which is to act as the DHCP client You need this setting for example if your provider s rout...

Page 273: ...ield Description 7 3 Interface Selection Select all the ports which are to be included in the Drop In group in the network Add new entries with Add bintec elmeg GmbH 12 Networking bintec RS Series 259...

Page 274: ...changed In this case only the changed information is sent Observing the information sent by other devices enables new routes and shorter paths for existing routes to be saved in the routing table As r...

Page 275: ...version 1 RIP packets E Enables sending and receiving of version 2 RIP packets E E Enables sending and receiving RIP packets of both version 1 and 2 E 1 For sending RIP V2 messages over multicast add...

Page 276: ...terfaces for leased lines Routes are propagated if the interface status is up or ready 1 default value Routes are only propagated if the interface status is up 317 Routes are always propagated indepen...

Page 277: ...utton to insert another filter above the list entry The configuration menu for creating a new window opens You can use the button to move the list entry A dialog box opens in which you can se lect the...

Page 278: ...to the export or import of routes Possible values default value Metric Offset for Active Interfaces Select the value to be added to the route metric if the status of the interface is up During export...

Page 279: ...that no other devices use The default value should be retained Default Route Distribu tion Select whether the default route of your device is to be propag ated via RIP updates The function is enabled...

Page 280: ...lues that you can configure in the Timer for Triggered RIP RFC 2091 menu should be used The function is enabled with 1 The function is disabled by default If the function is not activated the times de...

Page 281: ...2091 menu Field Description Hold Down Timer Only for RFC 2091 Variable Timer 1 The hold down timer is activated as soon as your device re ceives an unreachable route metric 16 The route may deleted on...

Page 282: ...o hold audio con ferences All subscribers are displayed in a window and the speaker s are indicated by a black box Other areas of use are of particular interest to companies Here multicasting makes it...

Page 283: ...resses Several senders with different IP addresses can therefore transmit to the same multicast group leading to a 1 to n rela tionship between groups and source addresses This information is forwarde...

Page 284: ...ckets explicitly wanted by a host enter the subnet Special mechanisms ensure that the requirements of the individual clients are taken into consideration At the moment there are three versions of IGMP...

Page 285: ...P New menu consists of the following fields Fields in the IGMP Settings menu Field Description Interface Select the interface on which IGMP is to be enabled i e queries are sent and responses are acce...

Page 286: ...sible values are to The default value is Last Member Query In terval Define the time after a query for which the router waits for an answer If you shorten the interval it will be more quickly detected...

Page 287: ...e Advanced Settings menu Field Description IGMP Proxy Select whether your device is to forward the hosts IGMP mes sages in the subnet via its defined Proxy Interface Proxy Interface Only for IGMP Prox...

Page 288: ...ays off Mode Only for IGMP Status or 3 Select Multicast Mode Possible values 6 1 default value The router uses IG MP version 3 If it notices a lower version in the network it uses the lowest version i...

Page 289: ...interfaces of your device 14 3 1 1 New Choose the Newbutton to create forwarding rules for new multicast groups Fig 114 Multicast Forwarding Forwarding New The Multicast Forwarding Forwarding New menu...

Page 290: ...roups not active Enter here the address of the multicast group you want to for ward from a defined Source Interface to a defined Destination Interface Source Interface Select the interface on your dev...

Page 291: ...to your Internet Service Provider ISP For broadband Internet access your device provides the PPP over Ethernet PPPoE PPP over PPTP and PPP over ATM PPPoA protocols You can also configure Internet acce...

Page 292: ...to your Internet Service Provider ISP as a default route If for example you configure a cor porate network connection only enter the route to the head office or branch office as a de fault route if y...

Page 293: ...connection is set up Dynamic Dynamic channel bundling means that your device connects other ISDN B channels to in crease the throughput for connections if this is required e g for large data rates If...

Page 294: ...ialup PPPoE New The menu WAN Internet Dialup PPPoE New consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a name to uniquely identify the PPPoE pa...

Page 295: ...run your device s Ethernet switch in Split Port mode PPPoE Ethernet Inter face Only for PPPoE Mode Select the Ethernet interface specified for a standard PPPoE connection If you want to use an extern...

Page 296: ...FTP transmission for LAN to LAN transmis sion for Internet connections Fields in the IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP...

Page 297: ...ngs menu Field Description Block after connection failure for Enter the wait time in seconds before the device should try again after an attempt to set up a connection has failed The de fault value is...

Page 298: ...ed by default Prioritize TCP ACK Packets Select whether the TCP download is to be optimised in the event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL...

Page 299: ...layed in the WAN Internet Dialup PPTP menu In this menu you configure an Internet connection that uses the Point Tunnelling Protocol PPTP to set up a connection This is required in Austria for example...

Page 300: ...identifying the internet connection The first character in this field must not be a number No special characters or umlauts must be used PPTP Ethernet Inter face Select the IP interface over which pa...

Page 301: ...many seconds should pass between sending the last traffic data pack et and clearing the connection Possible values are to seconds deactivates the timeout The default value is Example for FTP transmis...

Page 302: ...s with Add 3 IP address of the destination host or network 9 Netmask for Remote IP Address If no entry is made your device uses a default netmask The lower the value the higher the priority of the rou...

Page 303: ...ection partner MSCHAP version 1 or 2 possible 6 3 Run MS CHAP version 2 only Some providers use no authentication In this case se lect this option DNS Negotiation Select whether your device receives I...

Page 304: ...e function is enabled with 1 The function is enabled by default 15 1 3 PPPoA A list of all PPPoA interfaces is displayed in the WAN Internet Dialup PPPoA menu In this menu you configure a xDSL connect...

Page 305: ...identifying the connection partner The first character in this field must not be a number No special characters or umlauts must be used ATM PVC Select an ATM profile created in the ATM Profiles menu i...

Page 306: ...onds deactivates the short hold The default value is Example for FTP transmission for LAN to LAN transmis sion for Internet connections Fields in the IP Mode and Routes menu Field Description IP Addre...

Page 307: ...ced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Block after connection failure for Enter the wait time in seconds before the device should try agai...

Page 308: ...ection partner or sends these to the connection partner The function is enabled with 1 The function is enabled by default Prioritize TCP ACK Packets Select whether the TCP download is to be optimised...

Page 309: ...cess over ISDN LAN to LAN connection over ISDN Remote Mobile dial in Use of the ISDN Callback function 15 1 4 1 New Choose the Newbutton to set up new ISDN interfaces bintec elmeg GmbH 15 WAN bintec R...

Page 310: ...Fig 118 WAN Internet Dialup ISDN New The menu WAN Internet Dialup ISDN New consists of the following fields Fields in the Basic Parameters menu 15 WAN bintec elmeg GmbH 296 bintec RS Series...

Page 311: ...ons User Name Enter your device code local PPP user name Remote User for Dial in only Enter the code of the remote terminal remote PPP user name Password Enter the password Always on Select whether th...

Page 312: ...licy Only for IP Address Mode and 3 When you configure an ISDN Internet connection specify whether Network Address Translation NAT is to be activated The function is enabled with 1 The function is dis...

Page 313: ...onnec tion before the interface is blocked Possible values are to The default value is Usage Type If necessary select a special interface use Possible values default value No special type is selected...

Page 314: ...ion If Encryption is set the remote terminal must also sup port it otherwise a connection cannot be set up Possible values default value MPP encryption is not used 1 MPP encryption V2 with 128 bit is...

Page 315: ...without call back This only applies if no fixed outgoing number has been configured for the connection partner This is done by closing the dialog box that appears with Cancel Fields in the Bandwith o...

Page 316: ...your device For outgoing calls where you dial your connec tion partner The calling party number of the incoming call is compared with the number entered under Call Number Call Number Enter the connect...

Page 317: ...to an ARP request only if the status of the connection to the connection partner is i e a connection already exists to the connection partner DNS Negotiation Select whether your device receives IP ad...

Page 318: ...ield Description Description Enter a name for uniquely identifying the internet connection The first character in this field must not be a number No special characters or umlauts must be used UMTS LTE...

Page 319: ...pass between sending the last traffic data packet and clearing the connection Possible values are to seconds deactivates the short hold The default value is Fields in the IP Mode and Routes menu Field...

Page 320: ...alue the higher the priority of the route range of values The default value is The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Block...

Page 321: ...receives IP addresses for DNS Serverprimary domain name serverPrimary and DNS Serversecondary domain name serverSecondary from the con nection partner or sends these to the connection partner The fun...

Page 322: ...IP address from an address pool if available If address pools have more than one IP address you cannot specify which connection partner receives which address The addresses are initially assigned in o...

Page 323: ...mines the route that the data should take for example Multiple virtual connections can be set up over a single physical interface The data is transmitted in so called cells or slots of constant size E...

Page 324: ...ult an ATM profile with the description 3 6 3 5 is preconfigured Its values VPI 1 and VCI 32 are suitable for a Telekom ATM connection for example Note The ATM encapsulations are described in RFCs 148...

Page 325: ...the ATM connection Possible values 3 default value Ethernet over ATM EthoA is used for the ATM connection Permanent Virtual Circuit PVC 1 3 Routed Protocols over ATM RPoA is used for the ATM connectio...

Page 326: ...ms 006 6 only displayed for Type 3 Bridged Ethernet with LLC SNAP encapsulation with Frame Check Sequence checksums default value for Routed Protocols over ATM Is only displayed for Type 1 3 Encapsula...

Page 327: ...terface of ATM connection e g 8 8 8 8 8 An entry is only re quired in special cases For Internet connections it is sufficient to select the option Use built in default setting An address is used which...

Page 328: ...n is enabled with 1 The function is disabled by default Field in menu PPP over ATM Settings appears only for Type PPP over ATM Field Description Client Type Select whether the PPPoA connection is to b...

Page 329: ...s Fig 122 WAN ATM Service Categories New The menu WAN ATM Service Categories New consists of the following fields Fields in the Basic Parameters menu Field Description Virtual Channel Con nection VCC...

Page 330: ...n critical applications with burst data traffic E 1 E E A guaranteed data rate is assigned to the connection Sustained Cell Rate SCR This may be exceeded by the volume configured in Maximum Burst Size...

Page 331: ...ated by the ISP Your device then only needs to react correctly to the signals received This is ensured without a specific OAM configuration for both flow level 4 and flow level 5 Two mechanisms are av...

Page 332: ...ngs are used on the vir tual path Virtual Channel Con nection VCC Only for OAM Flow Level Select the already configured ATM connection to be monitored displayed by the combination of VPI and VCI Virtu...

Page 333: ...is Loopback Segment Select whether you want to activate the loopback test for the segment connection segment connection of the local end point to the next connection point of the VCC or VPC The functi...

Page 334: ...t whether the test cells of the OAM CC are to be sent or received Possible values default value CC data is both received and generated 9 CC data is received CC data is generated Continuity Check CC Se...

Page 335: ...occur when other packets are routed at the same time The real time jitter control function solves this problem So that the line is not blocked for too long for the voice data packets the size of the o...

Page 336: ...or the optimisation Possible values 6 11 1 default value By means of the data routed via the media gateway the system detects voice data traffic and optimises the voice transmis sion 311 All RTP strea...

Page 337: ...devices used function here as the endpoints of the VPN tunnel IPSec involves a num ber of Internet Engineering Task Force IETF standards which specify mechanisms for the protection and authentication...

Page 338: ...the IPSec phase 2 SAs the route now only determines which data traffic is to be routed If an IP packet does not match the defined Additional Traffic Filter it is rejected If an IP packet meets the re...

Page 339: ...menu for monitoring a peer is called by selecting the button for the peer in the peer list See Values in the IPSec Tunnels list on page 509 16 1 1 1 New Choose the New button to set up more IPSec pee...

Page 340: ...Fig 126 VPN IPSec IPSec Peers New The menu VPN IPSec IPSec Peers New consists of the following fields Fields in the menu Peer Parameters 16 VPN bintec elmeg GmbH 326 bintec RS Series...

Page 341: ...s resolvable host name The entry can be omitted in certain configurations whereby your device then cannot initiate an IPSec connection Peer ID Select the ID type and enter the peer ID This entry is no...

Page 342: ...ange 4 Select the local ID type Possible ID types 11 I 1 5 I5 1 3 E 3 3 5 5 4 5 Any string Local ID Only for Internet Key Exchange 4 Enter the ID of your device For Authentication Method 5 3 or 3 the...

Page 343: ...eceives an IP ad dress from the server as IPSec client 4 6 Select this option if your gate way assigns an IP address as server for connecting clients This is taken from the selected IP Assignment Pool...

Page 344: ...ute 1 Select the priority of the route The lower the value the higher the priority of the route Value range from to The default value is Route Entries Only for IP Address Assignment or 4 6 61 Define r...

Page 345: ...due to compet ing routes or the coarser filtering of the data traffic The Additional Traffic Filter parameter fixes this problem You can filter more finely i e you can e g specify the source IP addre...

Page 346: ...alue matches all protocols Source IP Address Netmask Enter if required the source IP address and netmask of the data packets Possible values 3 Enter the IP address of the host 7 9 default value Enter...

Page 347: ...rked as standard in VPN IPSec Phase 1 Profiles 1 1 Uses a special profile which contains the proposals for Phase 1 3DES MD5 AES MD5 and Blowfish MD5 regardless of the proposal selection in menu VPN IP...

Page 348: ...ave a peer ID specified in the client peer configuration since the ID is still used to differentiate the tunnels created via the dynamic peer The resulting gateway peer would match all incoming tunnel...

Page 349: ...bled with 1 In the input field enter the public IP address that is to be used as the sender address The function is disabled by default Back Route Verify Select whether a check on the back route shoul...

Page 350: ...set up an IPSec tunnel over the Internet If the called peer currently has no connection to the Internet the ISDN call causes a connec tion to be set up This ISDN call costs nothing depending on count...

Page 351: ...rted tunnel setup if the current IP address of the initiator could be determined by indirect means e g via DynDNS However DynDNS has serious disadvantages such as the latency until the IP address is a...

Page 352: ...cts the IP address of peer A and the token from the ISDN call and as signs them to peer A based on the calling party number configured the ISDN number used by peer A to send the initial call to peer B...

Page 353: ...etting up of an IPSec tunnel is executed after an incoming ISDN call and initiated by an outgoing ISDN call Incoming Phone Num ber Only for Mode or Enter the ISDN number from which the remote device c...

Page 354: ...IP address is transferred in the B channel This incurs costs 1 6 1 Your device transfers the IP address in the B channel This incurs costs D Channel Mode Only for Transfer Mode 5 6 1 or 5 6 1 F 11 9...

Page 355: ...Default column you can mark the profile to be used as the default profile 16 1 2 1 New Choose the New at Create new IKEv1 Profile or Create new IKEv2 Profile button to create additional profiles bint...

Page 356: ...for IKE phase 1 on your device The combination of six encryption algorithms and four message hash algorithms gives 24 possible values in this field At least one proposal must exist Therefore the firs...

Page 357: ...sed with a key length of 128 bits 3 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with...

Page 358: ...ular exponentiation at 1024 bits is used to create the en cryption material During the Diffie Hellman key calculation modular exponentiation at 1536 bits is used to create the en cryption material Lif...

Page 359: ...e name under which it is saved This field is only shown for authentication settings based on certificates and indicates that a certificate is essential Mode Only for Phase 1 IKE Parameters Select the...

Page 360: ...sure your device selects the first al ternative subject name by default Make sure you and your peer both use the same name i e that your local ID and the peer ID your partner configures for you are i...

Page 361: ...e peer but does not send one itself 1 Your device expects no heart beat from the peer but sends one itself K Your device expects a heartbeat from the peer and sends one itself 5 5 Use DPD dead peer de...

Page 362: ...vent the setup of an IPSec tunnel from a host within a LANs and behind a NAT device to another host or device NAT T enables these kinds of tunnels without conflicts with NAT device activated NAT is au...

Page 363: ...setup just as for phase 1 In the VPN IPSec Phase 2 Profiles menu a list of all configured IPSec phase 2 profiles is displayed Fig 130 VPN IPSec Phase 2 Profiles In the Default column you can mark the...

Page 364: ...The combination of six encryption algorithms and two message hash algorithms gives 12 possible values in this field Encryption algorithms Encryption 5 default value 3DES is an extension of the DES al...

Page 365: ...the successor to Blowfish 63 CAST is also a very secure algorithm marginally slower than Blowfish but faster than 3DES 5 DES is an older encryption algorithm which is rated as weak due to its small ef...

Page 366: ...rtly before expiry of the current SAs As for RFC 2407 the default value is eight hours which means the key must be renewed once eight hours have elapsed The following options are available for definin...

Page 367: ...ives signals every 5 seconds depend ing on the configuration If these signals are not received after 20 seconds the SA is discarded as invalid Possible values 3 default value Automatic detection of wh...

Page 368: ...n server e g SecOVID from Kobil which is installed behind the Radius Server If a company s headquarters is connected to several branches via IPSec several peers can be configured A specific user can t...

Page 369: ...ver It is configured in the System Management Re mote Authentication RADIUSmenu and selected in the RADIUS Server Group ID field 0 1 Authentication is carried out via a local list Name Only for Role 6...

Page 370: ...or New Choose the New button to set up new IP address pools Choose the icon to edit exist ing entries Fig 133 VPN IPSec IP Pools New Fields in the menu Basic Parameters Field Description IP Pool Name...

Page 371: ...Global Options menu Field Description Enable IPSec Select whether you want to activate IPSec The function is enabled with 1 The function is active as soon as an IPSec Peer is configured Delete complet...

Page 372: ...tain functions and features to the special requirements of your environment i e mostly interoperability flags are set The default val ues are globally valid and enable your system to work correctly to...

Page 373: ...Cookies are to be sent These are equivalent to the SPI Security Parameter Index in IKE proposals as they are redundant they are normally set to the value of the negotiation currently in progress Alter...

Page 374: ...wish to send the peer the certificates of all levels from your level to the CA level Send CRLs Select whether CRLs are to be sent during IKE phase 1 The function is enabled with 1 The function is disa...

Page 375: ...el profile is used on the initiator side LAC to set up the connection The L2TP tunnel profile is needed on the responder side LNS to accept the connection 16 2 1 Tunnel Profiles A list of all configur...

Page 376: ...in the SCCRQs received from the LNS and the SCCRPs received from the LAC A Local Hostname con figured in the LAC must match Remote Hostname configured for the intended profile in the LNS and vice ver...

Page 377: ...Destination Port Enter the destination port number to be used for all calls based on this profile The remote LNS that receives the call must mon itor this port on L2TP connections Possible values are...

Page 378: ...ich it received no re sponse The available values are to the default value is Maximum Retries Enter the maximum number of times your device is to try to re send the L2TP control packet for which is re...

Page 379: ...Description Enter a name for uniquely identifying the L2TP partner The first character in this field must not be a number No special characters or umlauts must be used The maximum length of the entry...

Page 380: ...ame Enter the code of your device Password Enter the password Always on Select whether the interface should always be activated The function is enabled with 1 The function is disabled by default Conne...

Page 381: ...icy Only for IP Address Mode 3 and Specify whether Network Address Translation NAT is to be ac tivated for this connection The function is enabled with 1 The function is disabled by default IP Assignm...

Page 382: ...crypted 3 6 3 Primarily run CHAP otherwise PAP 6 3 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol 6 3 Run MS CHAP version 2 only Some providers use no authenticat...

Page 383: ...ivated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter face are however included when calculating the routing in f...

Page 384: ...function is enabled with 1 The function is enabled by default 16 2 3 Options Fig 137 VPN L2TP Options The menu VPN L2TP Options consists of the following fields Fields in the Global Options menu Field...

Page 385: ...tunnel is set up to the PPTP partner over the Internet using PPTP The PPTP subsystem sets up a control connection between the endpoints of the tunnel This is used to send control data to set up keep a...

Page 386: ...w to set up further PPTP partners Fig 138 VPN PPTP PPTP Tunnels New The VPN PPTP PPTP Tunnels New menu consists of the following fields Fields in the PPTP Partner Parameters menu 16 VPN bintec elmeg G...

Page 387: ...lways be activated The function is enabled with 1 The function is disabled by default Connection Idle Timeout Only if Always on is disabled Enter the idle interval in seconds This determines how many...

Page 388: ...partner is to be defined as the default route The function is enabled with 1 The function is disabled by default Create NAT Policy Only if IP Address Mode When you configure an PPTP connection specif...

Page 389: ...ord Authentication Protocol the password is transferred unencrypted 6 3 Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 password is transferred en crypted 3 6 3 Primaril...

Page 390: ...ility of the remote terminal is to be checked by sending LCP echo requests or replies This is re commended for leased lines PPTP and L2TP connections The function is enabled with 1 The function is ena...

Page 391: ...connection to the PPTP partner has already been estab lished DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the PPTP part ner or...

Page 392: ...y if callback activated Field Description Selected Ports Enter the ISDN port over which callback is carried out Possible values 311 The callback is routed over an available ISDN port In Specific Ports...

Page 393: ...s The IP Pools menu displays a list of all IP pools for PPTP connections Your device can operate as a dynamic IP address server for PPTP connections You can use this function by providing one or more...

Page 394: ...sed preferably by clients who draw an address from this pool Secondary Optionally enter the IP address of an alternative DNS server 16 4 GRE Generic Routing Encapsulation GRE is a network protocol tha...

Page 395: ...lds Fields in the Basic Parameters menu Field Description Description Enter a description for the GRE tunnel Local GRE IP Address Enter the source IP address of the GRE packets to the GRE partner If n...

Page 396: ...device uses a default netmask The lower the value the higher the priority of the route range of values The default value is MTU Enter the maximum packet size Maximum Transfer Unit MTU in bytes that i...

Page 397: ...lmeg The configuration work for the SIF is comparatively straightforward with systems like Net work Address Translation NAT and IP Access Lists IPAL As SIF NAT and IPAL are active in the system simult...

Page 398: ...warded If the packet cannot be assigned to an existing connection a check is made to see if a suitable connection is expected e g as affiliated connection of an exist ing connection If so the packet i...

Page 399: ...all Policies Filter Rules menu Fig 142 Firewall Policies Filter Rules You can use the button to insert another policy above the list entry The configuration menu for creating a new policy opens You ca...

Page 400: ...t In the list all WAN LAN interfaces interface groups see Fire wall Interfaces Groups addresses see Firewall Ad dresses Address List and address groups see Firewall Addresses Groups The value 3 means...

Page 401: ...by default If QoS is not activated for this policy bear in mind that the data cannot be prioritised on the sender side either A policy for which QoS has been enabled is also set for the fire wall Mak...

Page 402: ...set up new QoS rules Fig 144 Firewall Policies QoS New The Firewall Policies QoS New menu consists of the following fields Fields in the Configure QoS Interface menu Field Description Interface Select...

Page 403: ...whether the bandwidth defined in Band width can be exceeded in the longer term By activating this field you specify that it cannot be exceeded If the option is deactivated the bandwidth can be exceede...

Page 404: ...re you define whether packets are only to be filtered if they are sent to an interface other than the interface that created the connection With 1 all the packets are filtered default value Fields in...

Page 405: ...list of all configured interface routes is displayed in the Firewall Interfaces Groups menu You can group together the interfaces of your device This makes it easier to configure fire wall rules 17 2...

Page 406: ...Addresses Address List menu 17 3 1 1 New Choose the New button to create additional addresses Fig 147 Firewall Addresses Address List New The menu Firewall Addresses Address List New consists of the f...

Page 407: ...st of all configured address groups is displayed in the Firewall Addresses Groups menu You can group together addresses This makes it easier to configure firewall rules 17 3 2 1 New Choose the New but...

Page 408: ...following fields Fields in the Basic Parameters menu Field Description Description Enter an alias for the service you want to configure Protocol Select the protocol on which the service is to be based...

Page 409: ...eld enter the last port of the port range By default the field does not contain an entry If a value is displayed this means that the previously specified port number is verified If a port range is to...

Page 410: ...1 6 7 5 7 9 3 1 6 7 5 3 1 17 4 2 Groups A list of all configured service groups is displayed in the Firewall Services Groups menu You can group together services This makes it easier to configure fire...

Page 411: ...elds Fields in the Basic Parameters menu Field Description Description Enter the desired description of the service group Members Select the members of the group from the available service ali ases To...

Page 412: ...hares this with other communication services 18 1 SIP SIP serves as a translation instance between different telecommunications networks e g between the plain old phone network and the next generation...

Page 413: ...he use of the RealTime Streaming protocol RTSP RTSP is a network protocol for controlling multimedia traffic flows in IP based networks Payload data is not transferred using RTSP Rather it is used to...

Page 414: ...ion RTSP Proxy Select whether you want to permit RTSP sessions The function is activated by selecting 1 The function is disabled by default RTSP Port Select the port over which the RTSP messages are t...

Page 415: ...redundant gateway BRRP 19 1 DNS Each device in a TCP IP network is usually located by its IP address Because host names are often used in networks to reach different devices it is necessary for the as...

Page 416: ...queried and then the secondary DNS server If one of the DNS servers can resolve the name the information is forwarded and a dynamic entry created in the cache 4 Otherwise if a suitable Internet or dia...

Page 417: ...in name of your device WINS Server Primary Secondary Enter the IP address of the first and if necessary alternative global Windows Internet Name Server WINS or NetBIOS Name Server NBNS The menu Advanc...

Page 418: ...essary Statistical entries are not deleted Cache Size cannot be set to lower than the current number of static entries Possible values The default value is Maximum TTL for Pos itive Cache Entries Ente...

Page 419: ...ions Possible values No name server address is sent 7 3 The address of your device is transferred as the name server address 5 default value The addresses of the global name servers entered on your de...

Page 420: ...assign more than one pair of DNS servers Primary DNS Server and Secondary DNS Server to an interface i e for example to an Ethernet port or a PPPoE WAN partner The pair with the highest priority is us...

Page 421: ...y if Interface Mode Enter the IP address of the first name server for Internet ad dress name resolution Secondary DNS Server Only if Interface Mode Optionally enter the IP address of an alternative na...

Page 422: ...t allowed Response In this entry select the type of response to DNS requests Possible values A DNS request for DNS Hostname gets a negat ive response default value A DNS request for DNS Host name is a...

Page 423: ...host or domain are to be forwar ded Possible values default value 5 Host Only for Forward Enter the name of the host for which requests are to be forwar ded If you enter a name without a the entry is...

Page 424: ...e forwarded to the DNS server assigned to either an automatically selected or to a user selected interface 5 Requests are forwarded to the specified DNS Server Interface Only for Forward to Select the...

Page 425: ...n the DNS Statistics menu Field Description Received DNS Packets Shows the number of received DNS packets addressed direct to your device including the response packets for forwarded re quests Invalid...

Page 426: ...dure used to establish an en crypted and authenticated connection by SSL between the browser used for configuration and the device 19 2 1 HTTPS Server In the Local Services HTTPS HTTPS Server menu con...

Page 427: ...a DynDNS provider Configuration of your device Registration The registration of a host name means that you define an individual user name for the DynDNS service e g D 1 The service providers offer var...

Page 428: ...me as registered with the DynDNS provider Interface Select the WAN interface whose IP address is to be propagated over the DynDNS service e g the interface of the Internet Ser vice Provider User Name...

Page 429: ...mail server to which e mails are to be forwarded if the host currently configured is not to receive mail Ask your provider about this forwarding service and make sure e mails can be received from the...

Page 430: ...erver on which the provider s DynDNS service runs Update Path Enter the path on the provider s server that contains the script for managing the IP address of your device Ask your provider for the path...

Page 431: ...r the first time it sends a DHCP request with its MAC address to the available DHCP server as a network broadcast The client then receives its IP address from bintec elmeg as part of a brief exchange...

Page 432: ...ddress of the DNS server that is to be used preferably by clients who draw an address from this pool Secondary Optionally enter the IP address of an alternative DNS server 19 4 2 DHCP Configuration To...

Page 433: ...on New The Local Services DHCP Server DHCP Configuration New menu consists of the following fields Fields in the menu Basic Parameters Field Description Interface Select the interface over which the a...

Page 434: ...f the following fields Fields in the menu Advanced Settings Field Description Gateway Select which IP address is to be transferred to the DHCP client as gateway Possible values 7 default value Here th...

Page 435: ...automatically The URL then needs to take the form 8 A B D E Vendor Specific Information This enables you to send the client any manufacturer specific information in any text string Several entries are...

Page 436: ...MAC Binding The Local Services DHCP Server IP MAC Binding menu displays a list of all clients that received an IP address from your device via DHCP You can allocate an IP address from a defined IP ad...

Page 437: ...Address Enter the IP address to be assigned to the MAC address spe cified in MAC Address is to be assigned MAC Address Enter the MAC address to which the IP address specified in IP Address is to be as...

Page 438: ...ndary DHCP Serv er Enter the IP address of an alternative BootP or DHCP server The default value is 19 5 Web Filter In theLocal Services Web Filter menu you can configure a URL based Web Filter ser vi...

Page 439: ...nsists of the following fields Fields in the Web Filter Options menu Field Description Web Filter Status Activate or deactivate the filter The function is activated by selecting 1 The function is disa...

Page 440: ...allup is permitted 1 9 11 Callup of the requested page is blocked 0 11 Callup is permitted but logged Action if license not re gistered Select what is to be done with URL requests if the licence key s...

Page 441: ...configuring the filters First a filter list can be created that only contains entries for those addresses that are to be blocked In this case it is necessary to make an entry at the end of the filter...

Page 442: ...ery day of the week A2 9 B The filter is used on a certain day of the week Only one day can be selected per filter several filters must be configured if several individual days are to be covered The f...

Page 443: ...figuration neither of the two lists contains entries Use the Add button to add further URLs or IP addresses to the list Fig 168 Local Services Web Filter Black White List Add The Local Services Web Fi...

Page 444: ...rvice allows connection of incoming and outgoing data and voice calls to com munications applications on hosts in the LAN that access the Remote CAPI interface of your device This enables for example...

Page 445: ...User Name Enter the user name for which access to the CAPI service is to be allowed or denied Password Enter the password which the user User Name shall use for identification to gain access to the C...

Page 446: ...on is activated by selecting 1 The function is enabled by default Faxheader Only for devices the RTxxx2 series Select whether the fax header should be printed at the top of outgoing faxes The function...

Page 447: ...s possible to set up every MIB variable as initiator with any value To take the event scheduler live enable the Schedule Interval under Options This inter val species the time gap in which the system...

Page 448: ...h Description You use the remaining parameters to create the first event in the list If you want to add to an existing event list select the event list you want and add at least one more event to it Y...

Page 449: ...essible or not accessible 6 0 Operations configured and as signed in Actions are initiated when the defined period of validity is reached N Operations configured and assigned in Actions are initiated...

Page 450: ...r table entry is derived from the com bination of Index Variable usually an index variable which is flagged with and Index Value Use Index Variables to create more entries with Add Monitored Interface...

Page 451: ...he IP address whose accessibility is to be checked Source IP Address Only for Event Type Enter an IP address to be used as sender address for the ping test Possible values 3 default value The IP addre...

Page 452: ...Type only First select the type of time entry in Condition Type Possible values 2 9 Select a weekday in Condition Settings default value In Condition Settings select a par ticular period 5 Select a s...

Page 453: ...f you do not enter a Stop Time or set a Stop Time Start Time the initiat or is activated and deactivated after 10 seconds 19 7 2 Actions In the Local Services Scheduling Actions menu is displayed a li...

Page 454: ...5 GHz frequency band is performed H 203 Only for devices with a wireless LAN A scan of the 5 8 GHz frequency range is performed 2068 7 Only for devices with a WLAN controller A Neighbor Scan is initi...

Page 455: ...sent in the respective area are displayed Command Mode Only if Command Type Select how the MIB entry is to be manipulated Possible settings 6 default value An existing entry shall be modified 6 7 A ne...

Page 456: ...ive Value If the initiator is inactive Trigger Status the MIB variable is described with the value entered in Inactive Value If the MIB variable is to be modified depending on whether the initiator is...

Page 457: ...ownloaded from an HTTP server that you define in 0 The latest software will be downloaded from an HTTPS server that you define in 0 The latest software will be downloaded from an TFTP server that you...

Page 458: ...med on a configuration file Possible values default value 5 1 6 For Command Type 6 Select which operation you wish to perform on a certificate file Possible values default value 5 1 6 Protocol Only fo...

Page 459: ...which it is to be retrieved For Action Enter the file name under which it should be saved on the serv er Local File Name Only where Command Type 6 and Action or 6 At import renaming or copying enter...

Page 460: ...Command Type 6 Select whether your device should restart after the intended Ac tion The function is disabled by default Version Check Only where Command Type 6 and Action Select whether when importin...

Page 461: ...nreachable The default value is Server Address Only where Command Type 6 and Action Enter the URL of the server from which a certificate file is to be retrieved Local Certificate De scription Where Co...

Page 462: ...and Type 6 and Action 6 Enter a description under which the SCEP certificate on your device is to be saved URL SCEP Server URL Only where Command Type 6 and Action 6 Enter the URL of the SCEP server e...

Page 463: ...not been saved the incomplete registration cannot be completed As soon as the enrolment is completed and the certificate has been downloaded from the CA server it is automatically saved in the device...

Page 464: ...to device Operation Mode Inact ive Only where Command Type 203 8 Select the required operating mode for the selected radio mod ule if it currently has the status 5 7 You may select from any of the ope...

Page 465: ...check for hosts or interfaces and automatic ping tests You can monitor temperature with devices from the bintec WI series Note This function cannot be configured on your device for connections that ar...

Page 466: ...ly created from to If an entry has not yet been created a new group is created using the 7 5 option If entries have been created you can select one from the list of created groups Each host to be moni...

Page 467: ...fault value is Within a group the smallest Interval of the group members is used Successful Trials Specify how many pings need to be answered for the host to be regarded as accessible You can use this...

Page 468: ...n be used for other functions such as the Tracking IP Address 19 8 2 Interfaces A list of all monitored hosts is displayed in the Local Services Surveillance Interfaces menu 19 8 2 1 Edit or New Choos...

Page 469: ...t value Activation of interface s 5 1 Deactivation of interface s Interface Select the interface s for which the action defined in Interface is to be performed You can choose all physical and virtual...

Page 470: ...outgoing ICMP echo request packets Possible values 3 The IP address is determined automatically default value Enter the IP address in the adja cent input field e g to test a particular extended route...

Page 471: ...s enabled are administratively set to down when the gateway boots The gateway then calls itself by ISDN and checks its location If the configured ISDN call numbers differ from the numbers dialled the...

Page 472: ...efault Dialling Number Only if ISDN Theft Protection Service is enabled Enter the subscriber number that the gateway dials to call itself Incoming Number Only if ISDN Theft Protection Service is enabl...

Page 473: ...behind a NAT enabled gateway UPnP enables mostly Windows based operating systems to take control of other devices with UPnP functionality on the local network These include gateways access points and...

Page 474: ...gate way You can determine whether UPnP requests from clients are accepted by each interface for requests from the local network and or whether the interface can be controlled via UPnP requests Fig 17...

Page 475: ...Description UPnP Status Decide how the gateway processes UPnP requests from the LAN The function is enabled with 1 The gateway proceeds with UPnP releases in accordance with the parameters con tained...

Page 476: ...as he attempts to access any Internet site with a browser the user is redirected to the home login page After the user has entered the registration data user password these are sent to the central RAD...

Page 477: ...mers by customer dealer Walled Garden Server URL Individually set for customers by customer dealer Terms Conditions URL Individually set for customers by customer dealer Access data for configuration...

Page 478: ...configure the hotspot networks in the Local Services HotSpot Gateway HotSpot Gateway menu Choose the New button to set up additional Hotspot networks Fig 182 Local Services HotSpot Gateway HotSpot Gat...

Page 479: ...hen setting up the Hot Spot server for this customer The domain name is required so that the Hotspot server can distinguish between the different cli ents customers Walled Garden Enable this function...

Page 480: ...RL a user is redirected to after log ging in to the Hotspot Solution Language for login window Here you can choose the language for the start login page The following languages are supported 1 5 1 P Q...

Page 481: ...ble websites is dis played The function is enabled by default Pop Up window for status indication Specify whether the device uses pop up windows to display the status The function is enabled by defaul...

Page 482: ...ork card The network card also needs a power supply even when the com puter is switched off You can use filters and rule chains to define the conditions that need to be met to send the so called magic...

Page 483: ...rameters Field Description Description Enter the name of the filter Service Select one of the preconfigured services The extensive range of services configured ex works includes the following 1 1 D Th...

Page 484: ...d the corresponding netmask Destination Port Range Only for Protocol 6 or 5 Enter a destination port number or a range of destination port numbers Possible values 311 default value The destination por...

Page 485: ...e priority of IP packets indicated in hexadecimal format E 1 The TOS value is specified in binary format e g 00111111 5 1 E 1 The TOS value is specified in decimal format e g 63 1 E 1 The TOS value is...

Page 486: ...rule chain with this setting A 1 B Shows a rule chain that has already been created which you can select and edit Description Only where Wake On LAN Rule Chain 7 Enter the name of the rule chain Wake...

Page 487: ...et over Interface Select the interface which is to be used to send the Wake on LAN magic packet Target MAC Address Only where Action 9 2 0 1 and 9 1 Enter the MAC address of the network device that is...

Page 488: ...chain is to be as signed Rule Chain Select a rule chain 19 13 BRRP In the BRRPmenu you can configure the redundancy of your gateway Note You require a licence for devices in the R23x series and RS se...

Page 489: ...lgorithm option is the selection of the first address VRRP advertisements are always sent with the primary IP address as source of the IP packet VRRP Advertisement A keepalive that sends the master to...

Page 490: ...tisement data packets and possibly to transmit keepalive monitoring data packets Another interface must be configured in the next step to transmit the usage data Configuration of the advertisement int...

Page 491: ...he virtual router Controlling the operating status of a virtual router implicitly also controls the operating status of the interface to which the virtual router is linked If an error occurs all inter...

Page 492: ...Ethernet interface is displayed and cannot be changed Please note The Ethernet interface for sending the advertise ments is always up and running and cannot therefore be used as the Virtual Router In...

Page 493: ...ent by the current master Possible values are whole numbers between and Virtual Interface Prior ity Define the transmitted BRRP priority of the interface for the vir tual router Higher priorities dete...

Page 494: ...master down interval is the time calculated from the number of expected but omitted BRRP advertisements the advertisement interval and the skew time which adds a minim um period depending on the prio...

Page 495: ...function is disabled by default 19 13 2 VR Synchronisation The watchdog daemon is configured in the Local Services BRRP VR Synchronisation menu i e you define how state changes are handled After open...

Page 496: ...tual Routers New Advanced Set tings menu Virtual Router ID Select a virtual router using the Virtual Router ID and define which interface is to be checked You can choose previously defined IDs see Vir...

Page 497: ...ons In the Local Services BRRP Options menu you can enable or disable the BRRP func tion Fig 189 Local Services BRRP Options The Local Services BRRP Optionsmenu consists of the following fields Fields...

Page 498: ...can also trigger a system reboot in this menu 20 1 Diagnostics In the Maintenance Diagnostics menu you can test the availability of individual hosts the resolution of domain names and certain routes 2...

Page 499: ...rticular host is correctly re solved The Outputfield displays the DSN test messages The ping test is launched by en tering the domain name to be tested in DNS Address and clicking the Go button 20 1 3...

Page 500: ...current system software at www bintec elmeg com The current documentation is also available here Important If you want to update your software make sure you consider the corresponding re lease notes...

Page 501: ...software versions This is a CSV format which can be read and modified easily In addition you can view the corres ponding file clearly using Microsoft Excel for example The administrator can store enc...

Page 502: ...tion file Current File Name in Flash is transferred to your local host If you click the Go button a dialog box is displayed in which you can select the storage location on your PC and enter the de sir...

Page 503: ...d is inserted In file name select the D7 1 H file that you wish to import 7 The active configuration from the RAM is transferred to your local host If you click the Go button a dialog box is dis playe...

Page 504: ...For Action Select the configuration file to be exported Include certificates and keys For Action 7 Define whether the selected Action should also be applied for certificates and keys The function is...

Page 505: ...to the LEDs on your device For information on the meaning of the LEDs see the Technical Data chapter of the manual Note Before a reboot make sure you confirm your configuration changes by clicking th...

Page 506: ...d be transmitted to one or more external PCs for storage and processing e g to the system ad ministrator s PC The syslog messages saved internally on your device are lost when you reboot Warning Make...

Page 507: ...s New The menu External Reporting Syslog Syslog Servers New consists of the following fields Fields in the Basic Parameters menu Field Description IP Address Enter the IP address of the host to which...

Page 508: ...mputer Possible values 1 1 The default value is 1 1 Timestamp Select the format of the time stamp in the syslog Possible values default value No system time indicated System time without date 5 K Syst...

Page 509: ...les you to collect a lot of useful information about the IP network traffic each individual IP session 21 2 1 Interfaces In this menu you can configure the IP Accounting function individually for each...

Page 510: ...of the session start in the format DD MM YY t Time of the session start in the format HH MM SS a Duration of the session in seconds c Protocol i Source IP Address r Source Port f Source interface inde...

Page 511: ...isplayed in the Alert Recipient menu 21 3 1 1 New Select the New to create additional alert recipients Fig 198 External Reporting Alert Service Alert Recipient New The menu External Reporting Alert Se...

Page 512: ...ication Possible values 1 default value A Syslog mes sage includes a specific string 7 3 A new adjacent AP has been found 7 3 A new Rough AP has been found i e an AP using an SSID of its own network y...

Page 513: ...d Add new subsystems with Add Message Timeout Enter how long the router must wait after a relevant event be fore it is forced to send the alert mail Possible values are to The value disables the timeo...

Page 514: ...abled by default Maximum E mails per Minute Limit the number of outgoing mails per minute Possible values are to the default value is Fields in the E mail Parameters menu Field Description Sender E ma...

Page 515: ...entication Enter the address of the server from which the e mails are to be retrieved POP3 Timeout Only if SMTP Authentication Enter how long the router must wait after the POP3 call before it is forc...

Page 516: ...tion on the SNMP versions see the relevant RFCs and drafts SNMP V 1 RFC 1157 SNMP V 2c RFC 1901 1908 SNMP V 3 RFC 3410 3418 21 4 1 SNMP Trap Options In the event of errors a message known as a trap pa...

Page 517: ...P Trap Broadcasting is enabled Enter a new SNMP code This must be sent by the SNMP Man ager with every SNMP request so that this is accepted by your device A character string of between and characters...

Page 518: ...th a single tool A permanent overview of the utilisation of your device is possible Method of operation A Status Daemon collects information about your device and transfers it as UDP packets to the br...

Page 519: ...Description Monitored Interfaces Select the type of information to be sent in the UDP packets to the Windows application Possible values default value Deactivates the sending of information to the Act...

Page 520: ...val in seconds Possible values are to The default value is UDP Destination Port Enter the port number for the Windows application Activity Monitor The default value is registered by IANA Internet As s...

Page 521: ...will find the configured vales for the Maximum Number of Syslog Entries and Maximum Message Level of Syslog Entries fields These values can be changed in the System Management Global Settings System...

Page 522: ...Displays the IP address of the remote IPSec Peers Remote Networks Displays the currently negotiated subnets of the remote termin al Security Algorithm Displays the encryption algorithm of the IPSec tu...

Page 523: ...ange type Authentication Method Shows the authentication method MTU Shows the current MTU Maximum Transfer Unit Alive Check Shows the method for checking that the peer is reachable NAT Detection Displ...

Page 524: ...In the Monitoring IPSec IPSec Statistics menu statistical values for all IPSec connec tions are displayed Fig 206 Monitoring IPSec IPSec Statistics The Monitoring IPSec IPSec Statistics menu consists...

Page 525: ...umber of phase 2 SAs Total Fields in the Packet Statistics menu Field Description Total Shows the number of all processed incoming In or outgoing Out packets Passed Shows the number of incoming In or...

Page 526: ...ation for PPP connections Direction Displays the send direction Charge Displays the costs of the current connection Duration Displays the duration of the current connection Stack Displays the related...

Page 527: ...ions Direction Displays the send direction Charge Displays the costs of the connection Start Time Displays the time at which the call was made or received Duration Displays the duration of the connect...

Page 528: ...ets sent Tx Errors Shows the total number of errors sent Rx Packets Shows the total number of packets received Rx Bytes Displays the total number of bytes received Rx Errors Shows the total number of...

Page 529: ...ackets Shows the total number of packets received Rx Bytes Displays the total number of bytes received Fields in the TCP Connections menu Field Description Status Displays the status of an active TCP...

Page 530: ...e values for wireless mode 802 11n are listed separately Fig 211 Monitoring WLAN WLAN Values in the WLAN list Field Description mbps Displays the possible data rates on this wireless module Tx Packets...

Page 531: ...cessfully Displays the number of MSDUs successfully sent to unicast ad dresses since the last reset An acknowledgement was received for each of these packets Multicast MSDUs transmitted success fully...

Page 532: ...ecrypted Displays the number of received MSDUs that could not be en crypted One reason for this could be that a suitable key was not entered RTS frames with no CTS received Displays the number of RTS...

Page 533: ...suppressed for IEEE 802 11b Rx Discards Displays the number of received data packets that have been discarded if the bandwidth for receive traffic has been limited in the Wireless LAN WLAN Wireless Ne...

Page 534: ...ess Shows the IP address of the client Uptime Shows the time in hours minutes and seconds for which the cli ent is logged in Signal dBm RSSI1 RSSI2 RSSI3 Shows the received signal strength in dBm Nois...

Page 535: ...es on the wireless module Tx Packets Shows the number of sent packets for the data rate Rx Packets Shows the number of received packets for the data rate 22 5 3 Client Links In the Monitoring WLAN Cli...

Page 536: ...received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate mbps Shows the current clock rate of data received on this client link in Mbps Client Link Details You can...

Page 537: ...nt clock rate of data received on this client link in Mbps Rate For each of the specified data rates displays the values for Tx Packets and Rx Packets Tx Packets Shows the total number of packets sent...

Page 538: ...ys the user s name IP Address Shows the IP address of the user Physical Address Shows the physical address of the user Logon Displays the time of the notification Interface Shows the interface used 22...

Page 539: ...been configured for this inter face Send Shows the number of sent packets with the corresponding pack et class Dropped Shows the number of rejected packets with the corresponding packet class in case...

Page 540: ...computers The AP thus serves to create a wireless network WLAN and connect that WLAN to a wired Ethernet network bridging Accounting Accounting refers to the recording of connection data e g date time...

Page 541: ...onnections require no splitter and have a greater range and faster transmission speed Annex L Annex L is an extension of Annex A The range is increased at the expense of the data transmission rate Ann...

Page 542: ...oint sends beacons to create a wireless LAN in infrastructure mode These messages contain the network name SSID a list of the supported transmission rates and the type of en cryption Bit A binary digi...

Page 543: ...tion Programming Interface CAPI is a programming interface for ISDN It enables application programs to access ISDN hardware from a PC See also TAPI CAPWAP Control And Provisioning of Wireless Access P...

Page 544: ...ternally The configuration is edited using the HTTP S user interface an SNMP client or connected telephones CoS The term Class of Service CoS means different things depending on the area in which it i...

Page 545: ...ck DoS a network component is flooded with queries so that it becomes totally overloaded As a res ult the system or a particular service can no longer function DES The Data Encryption Standard DES is...

Page 546: ...tion is quicker with DSA than with RSA but key processing is slower DSCP Data packets can be marked with a Differentiated Services Code point DSCP DSCP values classify data packets in such a way that...

Page 547: ...ransmitted by the gateway Firmware The firmware system software is programming code that is per manently embedded in the device It provides the device s functions Fragmentation If the overall length o...

Page 548: ...ssion rates 12 Mbit s downstream 1 0 Mbit s upstream G 992 5 Data transmission recommendation for xDSL2 There are three variants G 992 5 Annex A B ADSL2 with data transmission rates of 25 Mbit s in th...

Page 549: ...rn checks the signature before opening the packet If the signature and thus the content of the data packet has changed the packet is discarded The hash al gorithms used most frequently are Message Dig...

Page 550: ...phase 1 the IKE subscribers authenticate them selves to one another and establish a secure channel In phase 2 the two IPSec subscribers negotiate the SAs There are two ver sions of the IKE mechanism I...

Page 551: ...cludes telephony fax and data transmission There are two ISDN connection variants Basic Rate Interface and Primary Rate Interface ISDN address The ISDN address of an ISDN device comprises an ISDN numb...

Page 552: ...a company head office Layer A layer refers to a layer in the OSI model LCP The Link Control Protocol LCP is used in PPP connections to auto matically negotiate encapsulation process limits for varyin...

Page 553: ...ateway converts the network type of digital voice audio or image information For example the signals from an ISDN network can be converted to an IP network Metric The metric is a measure for the prope...

Page 554: ...tworks with different Maximum Transmission Units MTU MTU The Maximum Transmission Unit MTU is the largest possible data unit that can be transmitted over a physical line Multicast With a multicast dat...

Page 555: ...analogue connection an NTBA with the basic ISDN connection and NTPMGF with the ISDN Primary Rate Interface In the NT operation the gateway is connected to the PABX s external S0 and is an ex ternal e...

Page 556: ...procedure PMTU The Path MTU PMTU describes the maximum packet size that can be transmitted along the entire connection route without needing to be fragmented Point to multipoint Point to multipoint co...

Page 557: ...e is divided into two lo gical systems The PPTP Access Concentrator PAC and the PPTP Network Server PNS The PAC is usually integrated into the Win dows client It establishes the connection to the PNS...

Page 558: ...m ing as quickly as possible QoS is used to sort all the data packets into groups and forward them on in the network either more quickly or slowly depending on their priority Queue The data packets ac...

Page 559: ...ep the routing tables up to date the routers exchange information via routing pro tocols e g OSPF RIP Router advertise ment Router advertisements are messages that the router sends to the network They...

Page 560: ...he form of databases These are the Security Policy Database SPD and the Security Association Database SAD The SAD receives information about every security connection That is which encryption algorith...

Page 561: ...ed for IP telephony VoIP SIP provider A SIP provider does the switching between a SIP connection and other analogue ISDN and VoIP connections SNMP The Simple Network Management Protocol SNMP is used t...

Page 562: ...wser STAC STAC is used to reduce the data volume transmitted data compres sion Static IP Address In contrast to a dynamic IP address the static IP address is as signed permanently by the user Network...

Page 563: ...authenticates the client by checking e g the username and password In contrast to the UDP based RADIUS protocol TACACS uses TCP on port 49 and transmits the entire communication encrypted TAPI The Tel...

Page 564: ...eried destination host Trigger This refers to a trigger impulse Triple DES See DES TTL The Time to live TTL is the configured period of validity of a data packet With the Internet Protocol IP TTL spec...

Page 565: ...website V 110 V 110 describes a method of aligning bitsteams with 0 6 1 2 2 4 2 8 7 2 9 6 12 14 4 19 2 and 38 4 kbit s with the ISDN bitstream of 64 kbit s VDSL Very High Speed Digital Subscriber Lin...

Page 566: ...ranslation of the NetBIOS over TCP IP network protocol by Microsoft Like DNS WINS is used for centralised name resolution See also DNS WLAN Wireless Local Area Network Wireless LAN WLAN refers to a lo...

Page 567: ...ing card terminals X 500 The X 500 standard describes the setting up of a directory ser vice See also LDAP X 509 The X 509 standard describes the generating of certificates for a public key insfrastru...

Page 568: ...Traffic Filter 323 Address Mode 133 312 Address Range 392 Address Type 392 Address List 392 Address Subnet 392 Addresses 392 Admin Status 231 Administration 140 165 Administrative Status 326 406 Admi...

Page 569: ...11 Cache Hits 411 Cache Size 403 Call Number 302 Call History 512 Callback 377 Callback Mode 299 CAPI Server 430 CAPI Server TCP Port 432 CAPWAP Encryption 177 Category 427 Cell ID 130 Certificate Req...

Page 570: ...hannel Mode 338 Data Packets Sequence Numbers 363 Data Rate mbps 518 520 521 523 Date 507 Date and Time 59 Day 427 Default Route 282 287 292 297 305 329 366 374 381 Default Ethernet for PPPoE Interfac...

Page 571: ...Modem 118 DTIM Period 160 184 Duplicate received MSDUs 517 Duration 512 513 Dynamic blacklisting 193 Dynamic RADIUS Authentication 358 DynDNS Provider 415 DynDNS Update 413 DynDNS Client 413 E E mail...

Page 572: ...al Settings 55 GRE 380 GRE Tunnels 381 GRE Window Adaption 378 GRE Window Size 378 Group Description 81 226 228 257 Group ID 452 Groups 391 393 396 H Hashing Algorithms 75 Hello Intervall 363 High Pri...

Page 573: ...Address Netmask 515 IP Address Owner 475 IP Assignment Pool 297 329 IP Assignment Pool IPCP 366 374 IP Pool Name 308 356 380 418 419 IP Pool Configuration 417 IP Pools 308 356 379 IP MAC Binding 422 I...

Page 574: ...xchanger MX 415 Maintenance 205 484 Management VID 140 Manual WLAN Controller IP Address 56 Master down trials 479 Matching String 497 Max incoming control connections per remote IP Address 378 Max nu...

Page 575: ...iguration 115 MTU 283 381 509 Multicast 268 Multicast Routing 270 Multicast Group Address 275 Multicast MSDUs received successfully 517 Multicast MSDUs transmitted success fully 517 N Name 131 177 355...

Page 576: ...Phase 1 Profiles 340 Phase 2 Profile 333 Phase 2 Profiles 349 Physical Address 524 Physical Connection 119 Physical Interfaces 109 Ping 72 Ping Generator 455 Ping Test 484 PLMN 131 Poisoned Reverse 26...

Page 577: ...241 Real Time Jitter Control 321 Reboot 491 Reboot after execution 439 Reboot device after 439 Receive Version 261 Received DNS Packets 411 Received MPDUs that couldn t be de crypted 517 Recipient 497...

Page 578: ...Algorithm 508 Segment Pending Requests 318 Segment Send Interval 318 Select radio 439 Select vendor 421 Select file 488 Selected Channel 144 Selected Channels 148 Selected PLMN 130 Selected Ports 378...

Page 579: ...File Name 488 Source IP Address 434 439 452 456 Source IP Address Netmask 212 221 231 234 249 332 469 Source Port Range 394 Special Handling Timer 231 Special Session Handling 230 Specific Ports 378...

Page 580: ...8 Tunnel Profile 365 Tunnel Profiles 361 Tx Shaping 160 194 Tx Bytes 514 515 Tx Errors 514 Tx Packets 514 515 516 518 520 521 523 Type 234 249 311 394 469 472 514 Type of Messages 493 Type of traffic...

Page 581: ...me 138 VLANs 138 VoIP 398 VPN 323 VR Synchronisation 481 VRRP Advertisement 475 VRRP router 475 VSS 518 W Wake On LAN 468 Wake On LAN Filter 472 Wake On LAN Filter 468 Wake On LAN Rule Chain 472 Walle...

Page 582: ...Zero Cookie Size 358 Index bintec elmeg GmbH 568 bintec RS Series...

Reviews:

No comments

Related manuals for RS353j

ICP DAS USA I-7242D Quick Start User Manual preview
I-7242D
Brand: ICP DAS USA Pages: 8
Grandstream Networks GXW 410 Series Applications preview
GXW 410 Series
Brand: Grandstream Networks Pages: 4
HMS Intesis Modbus Server User Manual preview
Intesis Modbus Server
Brand: HMS Pages: 30
WaveWare STG Manual preview
STG
Brand: WaveWare Pages: 18
ICC 100316044 Installation Manual preview
100316044
Brand: ICC Pages: 54
Kenwood NEXEDGE NX-700 series Specifications preview
NEXEDGE NX-700 series
Brand: Kenwood Pages: 3
SMC Networks EZ Connect SMC8014WG-SI Specification Sheet preview
EZ Connect SMC8014WG-SI
Brand: SMC Networks Pages: 2
SMC Networks EX500-GPN2 Series Instruction Manual preview
EX500-GPN2 Series
Brand: SMC Networks Pages: 2
SMC Networks DOCSIS 3.0 Commercial Cable Modem Gateway SMCD3G-BIZ Specifications preview
DOCSIS 3.0 Commercial Cable Modem Gateway SMCD3G-BIZ
Brand: SMC Networks Pages: 2
SMC Networks EZ Networking SMC8013WG Install Manual preview
EZ Networking SMC8013WG
Brand: SMC Networks Pages: 42
SMC Networks LEC-GPR1 Series Operation Manual preview
LEC-GPR1 Series
Brand: SMC Networks Pages: 59
Wisen Vision Unit User Manual preview
Vision Unit
Brand: Wisen Pages: 12
National Instruments NI 9795 Getting Started Manual preview
NI 9795
Brand: National Instruments Pages: 16
PR Elecronics 4801 Installation And Connection Manual preview
4801
Brand: PR Elecronics Pages: 24
Exegin Q53 Installation And Configuration Manual preview
Q53
Brand: Exegin Pages: 84
3Com OfficeConnect 3C855 Installation Manual preview
OfficeConnect 3C855
Brand: 3Com Pages: 2
Magnum Energy MagWeb GT Owner'S Manual preview
MagWeb GT
Brand: Magnum Energy Pages: 34
Insta KNX Gateway DMX-Web K.DMXGW.01 Operating Instructions Manual preview
KNX Gateway DMX-Web K.DMXGW.01
Brand: Insta Pages: 7

Brands by name

Popular brands

Load more brands