manualshive.com logo in svg

Funkwerk R1202, Reference Manual

The Funkwerk R1202 Reference Manual is a comprehensive guide designed to help users maximize the functionality of their R1202 device. This invaluable manual covers all aspects of operation and troubleshooting, ensuring seamless usage. Download the free manual from our website manualshive.com to harness the full potential of the Funkwerk R1202.

Share
Download
background image

Field

Description

a renewed phase 2 SA, even if the keys of the phase 1 SA have
become known.

The field has the following options:

 . >"

: During the Diffie-Hellman key calculation, mod-

ular exponentiation at 768bits is used to create the encryption
material.

  >"

(default value): During the Diffie-Hellman key

calculation, modular exponentiation at 1024 bits is used to
create the encryption material.

 ' >"

: During the Diffie-Hellman key calculation,

modular exponentiation at 1536 bits is used to create the en-
cryption material.

Lifetime

Define how the lifetime is defined that will expire before phase 2
SAs need to be renewed.

The new SAs are negotiated shortly before expiry of the current
SAs. As for RFC 2407, the default value is eight hours, which
means the key must be renewed once eight hours have
elapsed.

The following options are available for defining the lifetime:

Input in

-%&

: Enter the lifetime for phase 2 key in seconds.

The value can be a whole number from

to

.'.

. The

default value is

.

.

Input in

>)&

: Enter the lifetime for phase 2 keys as amount

of data processed in Kbytes. The value can be a whole number
from

to

.'.

. The default value is

.

The menu Advanced Settings consists of the following fields:

Fields in the Advanced Settings menu

Field

Description

IP Compression

Select whether compression is to be activated before data en-
cryption. If data is compressed effectively, this can result in
higher performance and a lower volume of data to be trans-
ferred. In the case of fast lines or data that cannot be com-
pressed, you are advised against using this option as the per-
formance can be significantly affected by the increased effort

Funkwerk Enterprise Communications GmbH

18 VPN

bintec Rxxx2/RTxxx2

335

Summary of Contents for R1202

Page 1: ...Manual bintec Rxxx2 RTxxx2 Reference Copyright Version 4 0 2012 Funkwerk Enterprise Communications GmbH Funkwerk Enterprise Communications GmbH Manual bintec Rxxx2 RTxxx2 1 ...

Page 2: ...GmbH accepts no responsibility for data loss unwanted connection costs and damage caused by un intended operation of the product Trademarks funkwerk trademarks and the funkwerk logo bintec trademarks and the bintec logo artem trademarks and the artem logo elmeg trademarks and the elmeg logo are registered trademarks of Funkwerk En terprise Communications GmbH Company and product names mentioned ar...

Page 3: ...ta 10 4 1 2 Software update 10 4 2 System requirements 11 4 3 Preparations 11 4 3 1 Gathering data 11 4 3 2 Configuring a PC 13 4 4 Modify system password 14 4 5 Setting up an internet connection 15 4 5 1 Internet connection over internal ADSL modem 15 4 5 2 Other internet connections 16 4 5 3 Testing the configuration 16 4 6 Software Update 16 Chapter 5 Reset 18 Funkwerk Enterprise Communications...

Page 4: ...interface 41 6 5 8 FXS interface 42 6 6 WEEE information 44 Chapter 7 Variable switching of S0 interfaces 45 7 1 Switching the S0 interfaces from external to internal 45 Chapter 8 Access and configuration 49 8 1 Access Options 49 8 1 1 Access via LAN 49 8 1 2 Access via the Serial Interface 52 8 1 3 Access over ISDN 54 8 2 Logging in 54 8 2 1 User names and passwords in ex works state 55 8 2 2 Log...

Page 5: ...0 2 3 Date and Time 83 10 2 4 System Licences 88 10 3 Interface Mode Bridge Groups 90 10 3 1 Interfaces 91 10 4 Administrative Access 93 10 4 1 Access 93 10 4 2 SSH 94 10 4 3 SNMP 97 10 5 Remote Authentication 98 10 5 1 RADIUS 99 10 5 2 TACACS 105 10 5 3 Options 108 10 6 Certificates 109 10 6 1 Certificate List 109 10 6 2 CRLs 118 10 6 3 Certificate Servers 120 Funkwerk Enterprise Communications G...

Page 6: ...L 142 11 5 1 SHDSL Configuration 142 11 6 VDSL Modem 145 11 6 1 VDSL Configuration 145 Chapter 12 LAN 148 12 1 IP Configuration 148 12 1 1 Interfaces 148 12 2 VLAN 152 12 2 1 VLANs 153 12 2 2 Port Configuration 154 12 2 3 Administration 155 Chapter 13 Wireless LAN Controller 156 13 1 Wizard 156 13 1 1 Basic Settings 157 13 1 2 Radio Profile 157 13 1 3 Wireless Networks 157 Table of Contents Funkwe...

Page 7: ...orks 181 13 5 Maintenance 181 13 5 1 Firmware Maintenance 181 Chapter 14 Networking 184 14 1 Routes 184 14 1 1 IP Routes 184 14 1 2 Options 189 14 2 NAT 191 14 2 1 NAT Interfaces 191 14 2 2 NAT Configuration 193 14 3 Load Balancing 197 14 3 1 Load Balancing Groups 197 14 3 2 Special Session Handling 201 14 4 QoS 205 14 4 1 QoS Filter 205 14 4 2 QoS Classification 208 14 4 3 QoS Interfaces Policies...

Page 8: ... RIP Options 235 15 2 OSPF 237 15 2 1 Areas 239 15 2 2 Interfaces 241 15 2 3 Global Settings 243 Chapter 16 Multicast 245 16 1 General 246 16 1 1 General 247 16 2 IGMP 247 16 2 1 IGMP 248 16 2 2 Options 250 16 3 Forwarding 252 16 3 1 Forwarding 252 16 4 PIM 253 16 4 1 PIM Interfaces 253 16 4 2 PIM Rendezvous Points 257 16 4 3 PIM Options 258 Table of Contents Funkwerk Enterprise Communications Gmb...

Page 9: ...Leased Line 305 17 3 1 Interfaces 305 17 4 Real Time Jitter Control 311 17 4 1 Controlled Interfaces 311 Chapter 18 VPN 313 18 1 IPSec 313 18 1 1 IPSec Peers 313 18 1 2 Phase 1 Profiles 325 18 1 3 Phase 2 Profiles 332 18 1 4 XAUTH Profiles 336 18 1 5 IP Pools 339 18 1 6 Options 340 18 2 L2TP 343 18 2 1 Tunnel Profiles 344 18 2 2 Users 347 18 2 3 Options 353 Funkwerk Enterprise Communications GmbH ...

Page 10: ...aces 374 19 2 1 Groups 374 19 3 Addresses 375 19 3 1 Address List 375 19 3 2 Groups 376 19 4 Services 377 19 4 1 Service List 377 19 4 2 Groups 380 Chapter 20 VoIP 382 20 1 Application Level Gateway 382 20 1 1 SIP Proxies 382 20 1 2 SIP Endpoints 384 20 2 Media Gateway 386 20 2 1 Extensions 386 20 2 2 SIP Accounts 392 20 2 3 Call Routing 398 Table of Contents Funkwerk Enterprise Communications Gmb...

Page 11: ...rding 419 21 1 5 Cache 421 21 1 6 Statistics 422 21 2 HTTPS 423 21 2 1 HTTPS Server 423 21 3 DynDNS Client 424 21 3 1 DynDNS Update 424 21 3 2 DynDNS Provider 426 21 4 DHCP Server 428 21 4 1 DHCP Pool 428 21 4 2 IP MAC Binding 431 21 4 3 DHCP Relay Settings 432 21 5 Web Filter 433 21 5 1 General 434 21 5 2 Filter List 436 21 5 3 Black White List 438 21 5 4 History 439 21 6 CAPI Server 439 Funkwerk...

Page 12: ...1 10 UPnP 466 21 10 1 Interfaces 467 21 10 2 General 468 21 11 HotSpot Gateway 469 21 11 1 HotSpot Gateway 470 21 12 BRRP 474 21 12 1 Virtual Routers 475 21 12 2 VR Synchronisation 481 21 12 3 Options 483 Chapter 22 Maintenance 484 22 1 Diagnostics 484 22 1 1 Ping Test 484 22 1 2 DNS Test 485 22 1 3 Traceroute Test 485 22 2 Software Configuration 486 22 2 1 Options 486 Table of Contents Funkwerk E...

Page 13: ...pient 498 23 4 SNMP 501 23 4 1 SNMP Trap Options 501 23 4 2 SNMP Trap Hosts 502 23 5 Activity Monitor 503 23 5 1 Options 504 Chapter 24 Monitoring 506 24 1 Internal Log 506 24 1 1 System Messages 506 24 2 IPSec 507 24 2 1 IPSec Tunnels 507 24 2 2 IPSec Statistics 509 24 3 ISDN Modem 510 24 3 1 Current Calls 510 24 3 2 Call History 511 24 4 Interfaces 512 24 4 1 Statistics 512 Funkwerk Enterprise C...

Page 14: ... 515 24 7 1 QoS 515 24 8 OSPF 516 24 8 1 Status 516 24 8 2 Statistics 518 24 9 PIM 520 24 9 1 Global Status 520 24 9 2 Not Interface Specific Status 521 24 9 3 Interface Specific States 524 Glossary 528 Index 569 Table of Contents Funkwerk Enterprise Communications GmbH xii bintec Rxxx2 RTxxx2 ...

Page 15: ... your device from a Windows PC and how to install other useful online assistants At the end of the chapter you will be in a position to surf the Internet send or receive e mails and set up a connection to a partner network to access data at your company head office for example Password If you are already familiar with configuring bintec devices and want to get started right away all you really nee...

Page 16: ... a comprehensive overview of devices their parameters and files All devices in the local network including remote devices that can be reached over SNMP are located using SNMP Multicast irrespective of their current IP address A new IP ad dress and password and other parameters can also be assigned A configuration can then be initiated over HTTP or TELNET If using HTTP the Dime Manager automaticall...

Page 17: ...reset your device to the ex works state Technical data This section contains a description of all the device s technical properties Variable switching of S0 interfaces This section describes how to switch the S0 interfaces from ex ternal to internal Access and configura tion This includes explanations about the different access and con figuration methods Assistants System Management Physical Inter...

Page 18: ...er s guide uses the following visual aids List of visual aids Icon Use Indicates practical information Indicates general and important points Indicates a warning of risk level Attention points out possible dangers that may cause damage to property if not observed Indicates a warning of risk level Warning points out possible dangers that may cause physical injury or even death if not ob served The ...

Page 19: ...s that you must enter as written bold e g Windows Start menu Indicates keys key combinations and Windows terms bold e g Licence Key Indicates fields in the Funkwerk Configuration Interface italic e g Indicates values that you enter or that can be configured Online blue and italic e g www funkwerk ec com Indicates hyperlinks Funkwerk Enterprise Communications GmbH 2 About this guide bintec Rxxx2 RT...

Page 20: ...faces may also damage your device Con nect only the ETH interface of the device to the LAN interface of the computer hub or an ISDN interface of the device if any only to the ISDN connection Note If you connect an unconfigured device to an ISDN connection in parallel to a PBX the PBX cannot take any calls until an ISDN number is configured on the device If no entry is specified every incoming ISDN...

Page 21: ...thernet cable supplied The device automatically detects whether it is connected to a switch or directly to a PC 4 ADSL only bintec R3002 and bintec RT3002 Connect the DSL interface DSL of your device to the DSL output of the splitter us ing the DSL cable supplied 5 SHDSL only bintec R3802 Connect the SHDSL interface SHDSL of your device to the SHDSL connection us ing the DSL cable supplied 6 VDSL ...

Page 22: ...C COM1 or COM2 to the serial interface of the gateway console However configuration via the serial interface is not provided by default Analog telephone analog fax only bintec RT4202 Connect your analog telephone or your analog fax to the FXS connections The device is now prepared for configuration using the Funkwerk Configuration Interface Chapter Basic configuration on page 10 provides a detaile...

Page 23: ...een the hours of 8 00 am and 5 pm They can be contacted as follows Email hotline funkwerk ec com International Support Coordina tion Telephone 49 911 9673 1550 Fax 49 911 9673 1599 End customer Hotline 0900 1 38 65 93 1 10 min on land lines in Germany For detailed information on our support services contact www funkwerk ec com Funkwerk Enterprise Communications GmbH 3 Installation bintec Rxxx2 RTx...

Page 24: ...re your device in an ex works state User Name Password Note All bintec devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthor ised use Make sure you change the passwords to prevent unauthorised access to your device How to change the passwords is described in Modify system password on page 14 4 1 2 Softw...

Page 25: ...her the data required for the basic configuration and the Internet connection Check whether the PC from which you want to perform the configuration meets the ne cessary requirements You can also install the Dime Managersoftware which provides more tools for working with your device This installation is optional and not essential for the configuration or operation of the device 4 3 1 Gathering data...

Page 26: ...r ADSL If you want to set up Internet access you need an Internet Service Provider ISP You also receive your personal access data from your ISP The terms used for the required access data may vary from provider to provider However the type of information you need for dial in is basically the same The following table lists the access data that your device also needs for a DSL connection to the Inte...

Page 27: ...0001 t online de 4 3 2 Configuring a PC In order to reach your device via the Funkwerk Configuration Interface and to be able to carry out configuration the PC used for the configuration has to satisfy some prerequisites Make sure that the TCP IP protocol is installed on the PC Assign fixed IP address to your PC Checking the TCP IP protocol Proceed as follows to check whether you have installed th...

Page 28: ...t Protocol TCP IP Properties under Default gateway enter the IP ad dress of your gateway 2 Enter the IP address of your device under Use next DNS server address 3 Click OK 4 Close the status window withOK The computer now has an IPSec configuration Note You can now launch Funkwerk Configuration Interface for configuration by entering the IP address of your device 192 168 0 254 in a supported brows...

Page 29: ...iguration Interface internet wizard can be used to help configure alternative configuration types 4 5 1 Internet connection over internal ADSL modem The devices R3002 and RT3002 have an integrated ADSL2 modem for establishing a fast internet connection To make it easier to configure an ADSL internet connection the Funk werk Configuration Interface has a wizard to guide you through the connection s...

Page 30: ... entering www funkwerk ec com in the Internet browser Funk werk Enterprise Communications GmbH s Internet site offers you the latest news up dates and documentation Note Incorrect configuration of the devices in your LAN may result in unwanted connections and increased charges Monitor your device and make sure it only sets up connections at the times you want it to Watch the LEDs on your device LE...

Page 31: ...f so your device will be updated automatically When installation of the new software is com plete you will be invited to restart the device Caution Once you have clicked on GO the update cannot be cancelled interrupted If an error occurs during the update do not re start the device and contact support Funkwerk Enterprise Communications GmbH 4 Basic configuration bintec Rxxx2 RTxxx2 17 ...

Page 32: ...to the ex works state with the RESET button Depending on how long it is pressed for the RESET button performs two different functions After pressing briefly once the device reboots Hold the RESET button until the STATUS LED starts to flash The device performs a factory reset This means the device is returned to its ex works state The boot configura tion is deleted and all passwords are reset 5 Res...

Page 33: ...ime Manager User s Guide on DVD Release Notes if required Installation poster printed R3002 Ethernet cable ISDN BRI cable Serial cable Network cable 2 ADSL cables for Annex A and for Annex B 19 inch installation kit 4x rubber feet self adhesive Companion DVD Quick Install Guide and safety notices printed User s Guide on DVD bintec Dime Manager User s Guide on DVD Release Notes if required Installa...

Page 34: ...RI cable Serial cable Network cable 19 inch installation kit 4x rubber feet self adhesive Companion DVD Quick Install Guide and safety notices printed User s Guide on DVD bintec Dime Manager User s Guide on DVD Release Notes if required Installation poster printed RT1202 Ethernet cable ISDN BRI cable Serial cable Network cable 19 inch installation kit 4x rubber feet self adhesive Companion DVD Qui...

Page 35: ...er s Guide on DVD bintec Dime Manager User s Guide on DVD Release Notes if required Installation poster printed RT4202 Ethernet cable ISDN BRI cable Serial cable Network cable 19 inch installation kit 4x rubber feet self adhesive Companion DVD Quick Install Guide and safety notices printed User s Guide on DVD bintec Dime Manager User s Guide on DVD Release Notes if required Installation poster pri...

Page 36: ... Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Environmental require ments Storage temperature 25 to 70 C 25 to 70 C Operating temperature 0 to 40 C 0 to 40 C Relative atmospheric hu midity 10 to 90 non condensing in operation 5 to 95 non condensing when stored 10 to 90 non condensing in operation 5 to 95 non conde...

Page 37: ...s SAFERNET TM Security Technology Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP En cryption VPN with PPTP or IPSec Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP En cryption VPN with PPTP or IPSec Software supplied Dime Manager on DV...

Page 38: ... 13 Watt max 15 Watt nor mally 13 Watt max 15 Watt nor mally 13 Watt Voltage supply Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Environmental requirements Storage temperature 25 to 70 C 25 to 70 C 25 to 70 C Operating temperature 0 to 40...

Page 39: ...ently installed twisted pair only 10 100 1000 mbps autosensing MDIX ETH5 Permanently installed twisted pair only 10 100 1000 mbps autosensing MDIX Permanently installed twisted pair only 10 100 1000 mbps autosensing MDIX Permanently installed twisted pair only 10 100 1000 mbps autosensing MDIX ISDN BRI S0 Euro ISDN point to multipoint poi nt to point connection Only TE mode Euro ISDN point to mult...

Page 40: ...s Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Community pass words PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Callback Ac cess Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Software supplied Dime Manager on DVD Dime Manager on DVD Dime Manager on DVD Documentation included Quick Install Guide and safety notices funkwerk D...

Page 41: ...he device max 24 Watt typically 15 Watt max 24 Watt typically 15 Watt Voltage supply Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Environmental require ments Storage temperature 25 to 70 C 25 to 70 C Operating temperature 0 to 40 C 0 to 40 C Relative atmospheric hu midity 10 to 90 non condensing in operati...

Page 42: ...nterface V 24 5 pole mini USB socket 5 pole mini USB socket Ethernet interfaces RJ45 socket RJ45 socket ISDN BRI interface RJ45 socket RJ45 socket ADSL interface RJ45 socket VDSL2 interface RJ45 socket Standards Guidelines R TTE Directive 1999 5 EC CE symbol for all EU states R TTE Directive 1999 5 EC CE symbol for all EU states SAFERNET TM Security Technology Community passwords PAP CHAP MS CHAP ...

Page 43: ...eight approx 2 0 kg approx 2 0 kg Transport weight incl doc umentation cables pack aging approx 2 6 kg approx 2 6 kg Memory 64 MB RAM 16 MB flash ROM 64 MB RAM 16 MB flash ROM LEDs 16 1x Power 1x Status 5x2 Eth ernet 4x Function 20 1x Power 1x Status 5x2 Eth ernet 8x Function Power consumption of the device max 24 Watt typically 15 Watt max 24 Watt typically 15 Watt Voltage supply Voltage Range 85...

Page 44: ...ly 10 100 1000 mbps auto sensing MDIX ISDN BRI S0 Euro ISDN point to multipoint point to point connection TE or NT mode Euro ISDN point to multipoint point to point connection TE or NT mode ISDN PRI 2 ISDN Primary Rate Interface TE or NT mode Console RS232 Baudrates 1200 115200 Baud Baudrates 1200 115200 Baud FXS internal 4x for connection of analog tele phones or FAX Available sockets Serial inte...

Page 45: ...s Guide on DVD Installation poster Quick Install Guide and safety no tices funkwerk Dime Manager User s Guide on DVD Installation poster Online documentation User s Guide Workshops Release Notes if required User s Guide Workshops Release Notes if required 6 3 LEDs The device LEDs provide information on certain activities and statuses of the device The LEDs are arranged as follows Fig 3 Arrangement...

Page 46: ... Data traffic with 10 mbps BRI 1 to 4 orange on D channel is active flashing At least one B channel is active PRI 1 to 2 orange on D channel is active flashing At least one B channel is active FXS 1 to 4 orange on Incoming call to terminal off The device is terminated or the connected could not be established DSL orange on DSL synchronisation successful The DSL con nection is active ADSL SHDSL VDS...

Page 47: ...terface 2 POWER STATUS LED display for power and status 3 RESET Reset button 4 ETH5 Ethernet interface 5 ETH1 ETH4 10 100 1000 Base T Ethernet interface 6 BRI1 ISDN BRI interface 9 LED LED display bintec RT1202 has a 4 port Ethernet switch a serial interface an ETH5 interface and two ISDN BRI interfaces The connections are arranged as follows Fig 6 Front of bintec RT1202 Front of bintec RT1202 Fun...

Page 48: ...Front of bintec R3002 bintec R3502 bintec R3802 1 CONSOLE Serial interface 2 POWER STATUS LED display for power and status 3 RESET Reset button 4 ETH5 Ethernet interface 5 ETH1 ETH4 10 100 1000 Base T Ethernet interface 6 BRI1 ISDN BRI interface 8 DSL DSL interface ADSL2 interface for bintec R3002 VDSL2 interface for bintec R3502 SHDSL interface for bintec R3802 9 LED LED display bintec RT3002 and...

Page 49: ... DSL interface ADSL2 interface for bintec RT3002 VDSL2 interface for bintec RT3502 9 LED LED display bintec R4402 has a 4 port Ethernet switch a serial interface an ETH5 interface two ISDN BRI interfaces and two ISDN PRI interfaces The connections are arranged as follows Fig 9 Front of bintec R4402 Front of bintec R4402 1 CONSOLE Serial interface 2 POWER STATUS LED display for power and status Fun...

Page 50: ...llows Fig 10 Front of bintec RT4202 Front of bintec RT4202 1 CONSOLE Serial interface 2 POWER STATUS LED display for power and status 3 RESET Reset button 4 ETH5 Ethernet interface 5 ETH1 ETH4 10 100 1000 Base T Ethernet interface 6 BRI1 BRI4 ISDN BRI interface 9 LED LED display 10 FXS1 FXS4 FXS interfaces 6 5 Pin Assignments 6 5 1 Serial interface Your device has a serial interface for connection...

Page 51: ... and a separate Ethernet interface ETH5 The 4 port switch is used to connect individual PCs or other switches The ETH5 interface can be used to connect an optional DSL modem or a DMZ The connection is made via an RJ45 socket Fig 12 Ethernet 10 100 1000 Base T interface RJ45 connector The pin assignment for the Ethernet 10 100 1000 Base T interface RJ45 connector is as follows RJ45 socket for Ether...

Page 52: ...evice to an RJ11 plug provided for Annex A The second cable supplied connected the RJ45 plug with an RJ45 plug for Annex B The following pins are used for the ADSL connection Fig 13 ADSL interface RJ45 socket The pin assignment for the ADSL interface RJ45 socket is as follows RJ45 socket for ADSL connection bintec R3002 and RT3002 Pin Function 1 Not used 2 Not used 3 Not used 4 Line 1a 5 Line 1b 6...

Page 53: ...L interface RJ45 connector bintec R3802 The pin assignment for the SHDSL interface RJ45 connector is as follows RJ45 socket for SHDSL connection bintec R3802 Pin Function 1 Line a4 2 Line b4 3 Line a3 4 Line a1 5 Line b1 6 Line b3 7 Line a2 8 Line b2 6 5 5 VDSL2 interface The VDSL2 interface on bintec R3502 and RT3502 is connected via an RJ45 plug The following pins are used for the VDSL connectio...

Page 54: ... 6 5 6 ISDN PRI interface Both of the ISDN PRI interfaces on bintec R4402 are connected via an RJ45 plug The cable supplied connects the RJ45 plug needed for the device to an RJ45 plug needed for the PRI connection The following pins are used for the connection Fig 16 ISDN PRI interface RJ45 socket The pin assignment for the ISDN PRI interface RJ45 socket is as follows RJ45 socket for ISDN PRI con...

Page 55: ...402 and RT1202 have two ISDN BRI interfaces The devices bintec RT3002 RT3502 and RT4202 have four ISDN BRI interfaces The devices bintec R1202 R3002 R3502 and R3802 can only be operated in TE mode The devices bintec R4402 and bintec RTxxxx can be operated in TE mode or in NT mode The connection is made via an RJ45 socket Fig 17 ISDN BRI interface RJ45 socket The pin assignment for the ISDN BRI int...

Page 56: ...ode Pin Function 1 Not used 2 Not used 3 Receive 4 Transmit 5 Transmit 6 Receive 7 Not used 8 Not used 6 5 8 FXS interface bintec RT4202 has four FXS interfaces The connection is made via an RJ45 socket Fig 18 FXS interface RJ45 connector The pin assignment for the FXS interface RJ45 connector is as follows RJ45 connector for FXS connection 6 Technical data Funkwerk Enterprise Communications GmbH ...

Page 57: ...Pin Function 1 Not used 2 Not used 3 Not used 4 a 5 b 6 Not used 7 Not used 8 Not used Funkwerk Enterprise Communications GmbH 6 Technical data bintec Rxxx2 RTxxx2 43 ...

Page 58: ...6 6 WEEE information 6 Technical data Funkwerk Enterprise Communications GmbH 44 bintec Rxxx2 RTxxx2 ...

Page 59: ...ot have its own power supply The respective link plugs must be moved to do this In addition you can switch the 100 Ohm terminators on off for each interface via additional link plugs You require terminators if you connect an external connection directly with the external NTBA for a point to point connection if the bus starts directly with the connection of your device You can also connect the inte...

Page 60: ...and BRI 2 as shown in the following figure Use Interface Link plug area Position Position Internal external switching BRI 1 J1M Internal external Internal external switching BRI 2 J2M Internal external Power supply for internal con nection BRI 1 J1P Off On Power supply for internal con nection BRI 2 J2P Off On 100 Ohm terminator BRI 1 J1T Off On 100 Ohm terminator BRI 2 J2T Off On 7 Variable switc...

Page 61: ...N L module Insert the link plugs for interfaces BRI 3 and BRI 4 as shown in the following figure on is only permitted if J3M BRI 3 is set to internal mode and J4M BRI 4 is set to extern al mode Funkwerk Enterprise Communications GmbH 7 Variable switching of S0 interfaces bintec Rxxx2 RTxxx2 47 ...

Page 62: ...Internal external Power supply for internal con nection BRI 3 J3P Off On Power supply for internal con nection BRI 4 J4P Off On 100 Ohm terminator BRI 3 J3T Off On 100 Ohm terminator BRI 4 J4T Off On Connection of BRI 3 and BRI 4 J3 4 Off On 7 Variable switching of S0 interfaces Funkwerk Enterprise Communications GmbH 48 bintec Rxxx2 RTxxx2 ...

Page 63: ...nd to access your device via Telnet or SSH Caution If you carry out the initial configuration with the Funkwerk Configuration Interface this can result in inconsistencies or malfunctions as soon as you carry out additional settings using other configuration options Therefore it is recommended that the con figuration is continued with the Funkwerk Configuration Interface If you use SNMP shell comma...

Page 64: ... the login prompt appears You are now in the SNMP shell of your device 2 Continue with Logging in for Configuration on page 55 8 1 1 3 SSH In addition to the unencrypted and potentially viewable Telnet session you can also con nect to your device via an SSH connection This is encrypted so all the remote mainten ance options can be carried out securely The following preconditions must be met in ord...

Page 65: ...lows 1 Leave the Flash Management shell with 2 Call the Funkwerk Configuration Interface and log on to your device see Calling the Funkwerk Configuration Interface on page 58 3 Make sure that 1 is selected as the language 4 Check the key status in the System Management Administrative Access SSH menu If both keys are available you ll see in both fields RSA Key Status and DSA Key Status the value 5 ...

Page 66: ...the SNMP shell of your gateway 2 Continue with Logging in on page 54 Note PuTTY requires certain settings for a connection to a bintec device The support pages of http www funkwerk ec com include FAQs which list the required settings 8 1 2 Access via the Serial Interface Each bintec gateway has a serial interface with which a PC can be connected directly The following chapter describes what you ha...

Page 67: ...as not been set up successfully Therefore check the COM1 or COM2 settings on your PC 1 Click on File Properties 2 Click Configure in the Connect to tab The following settings are necessary Bits per second Data bits Parity Stopbits Flow control 3 Enter the values and click OK 4 Make the following settings in the Settings tab Emulation 8 5 Click OK The changes to the terminal program settings do not...

Page 68: ... an ISDN connection in parallel to a PBX the PBX cannot take any calls until an ISDN number is configured on the device Access over ISDN costs money If your device and your computer are in the LAN it is cheaper to access your device via the LAN or via the serial interface Your device in your LAN merely needs to be connected to the ISDN connection and switched on To reach your device over ISDN Logi...

Page 69: ... not in plain text but only as asterisks The user names on the other hand are displayed as plain text The security concept of your device enables you to read all the other configuration settings with the user name but not the access information It is therefore impossible to log in with read the password of the user and subsequently log in with and make changes to the configuration Caution All bint...

Page 70: ... after completing the configuration enter and press Return 8 3 Configuration options This chapter first offers an overview of the various tools you can use for configuration of your device You can configure your device in the following ways Funkwerk Configuration Interface Assistant SNMP shell commands Note The detailed help system of the Wizard will help you to clarify any questions you may have ...

Page 71: ...figuration tasks easily It is integrated in your device and is available in English If required other languages can be downloaded from the download areaSoftware Configuration on page 486 of www funkwerk ec com and installed on your device To do this proceed as described in Options on page 486 The settings you make with the Funkwerk Configuration Interface are applied with the OK or Apply button of...

Page 72: ... the PC from which you want to configure your device see Con figuring a PC on page 13 3 Open a web browser 4 Enter 677 in the address field of the web browser 5 Enter in the User field and in the Password field and click LOGIN You are not in the status menu of your device s Funkwerk Configuration Interface see Status on page 77 8 3 1 2 Operating elements Funkwerk Configuration Interface window 8 A...

Page 73: ...Menu Function Language In the dropdown menu choose the language in which you want to display theFunkwerk Configuration Inter face Here you can choose the language in which you perform the configuration German and English are available View Select the desired view from the dropdown menu Stand ard and SNMP browsers can be selected Online Help Click this button if you want help with the menu Funkwerk...

Page 74: ...his button to log out of your device A window is opened offering you the fol lowing options Save configuration save previous boot configuration then exit Save configuration then exit Exit without saving Navigation bar Fig 23 Save Configuration button 8 Access and configuration Funkwerk Enterprise Communications GmbH 60 bintec Rxxx2 RTxxx2 ...

Page 75: ... the following two options i e save the current configuration as the boot configuration i e save current configuration as boot configuration while also archiving previous boot configuration as backup If you want to load the archived boot configuration into your device go to the Maintenance Software Configurationmenu select Action and click on Go The archived backup is used as the current boot conf...

Page 76: ...plays the addi tional options Configuration elements The various actions that you can perform when configuring your device in the Funkwerk Configuration are triggered by means of the following buttons Funkwerk Configuration Interface buttons Button Function Updates the view If you do not want to save a newly configured list entry cancel this and any settings made by pressing Cancel Confirms the se...

Page 77: ...ry Displays the menu for changing the settings of an entry Displays the details for an entry Moves an entry A combo box opens in which you can choose the list entry that selected entry is to be placed in front of after Creates another list entry first and opens the configuration menu Sets the status of the entry to Sets the status of the entry to 0 Indicates Dormant status for an interface or conn...

Page 78: ...uttons to scroll one page forward and one page back You can filter according to certain keywords within the configur ation parameters by selecting the filter rule you want under Fil ter inx Option y and entering the search word in the input field launches filter operation Configuration elements Some lists contain configuration elements You can therefore change the configuration of the correspond i...

Page 79: ...es is displayed Click the button to display the configuration menu for creating a new list entry Sub menu Click this button to process the existing list entry You go to the configuration menu Menu Click this tab to display extended configuration options The following options are available for the configuration Funkwerk Configuration Interface configuration elements Menu Function Input fields e g e...

Page 80: ...not be selected Important Please look at the messages displayed in the sub menus These provide information on any incorrect configurations Warning symbols Icon Meaning This symbol appears in messages referring you to settings that were made with the Setup Tool This symbol appears in messages referring you to the fact that values were entered or selected incorrectly Pay particular attention to the ...

Page 81: ... through all of the settings that are required to set up your LAN LAN connection as a virtual private network SWYX In this menu you can configure the settings required to connect your device to the SWYX SIP server In this case your device acts as a SIP client VoIP PBX in LAN The assistant is required e g for specific PBX in the LAN such as Hybird in order to guarantee SIP compatibility To do this ...

Page 82: ...enu Function AUX You can define various settings for communication between the gateway and modem in this menu Ethernet Ports In this menu you configure the Ethernet interfaces of your device To do this you select the speed and type of interface for example ISDN Ports In this menu you configure the ISDN interface of your device Here you enter data such as the type of ISDN connection to which your d...

Page 83: ...ave access points Monitoring In this menu you can monitor active and neighbouring clients Maintenance In this menu you can update access point software and save any configurations Networking Menu Function Routes In this menu you enter additional routes NAT In this menu you configure the NAT firewall NAT Network Ad dress Translation Load Balancing In this menu you configure application controlled b...

Page 84: ...n the interfaces of your device OSPF In this menu you can switch PIM functions on and off WAN Menu Function Internet Dialup In this menu you define the Internet connections for the various connection protocols or dialup connections Leased Line In this menu the permanent connections of two communication partners are displayed Real Time Jitter Con trol In this menu you can set the upstream speed VPN...

Page 85: ...firewall releases for connec tion to the VoIP provider Media Gateway Only R4402 In this menu you configure a network transition between vari ous telecommunication networks RTSP In this menu you configure the use of the RealTime Streaming protocol Local Services Menu Function DNS In this menu you configure the name resolution HTTPS In this menu you configure the port and certificate for a config ur...

Page 86: ...nfigure a redundant network environ ment Maintenance Menu Function Diagnostics In this menu you can test the accessibility of hosts DNS servers or routing Software Configuration In this menu you can manage your device s configuration files You can save them either locally on your device or on your computer for example You can also start an update of the system software Reboot In this menu you can ...

Page 87: ...ges In this menu you can view the current values of the configured bridges HotSpot Gateway This menu shows a list of all bintec Hotspot users QoS In this menu statistics are displayed for all interfaces for which QoS has been configured OSPF In this menu status and statistics are displayed for all interfaces for which OSPF has been configured PIM In this menu statistics are displayed for all inter...

Page 88: ...state All configuration files are deleted and the BOOTmonitor settings are set to the default values 5 Default BOOTmonitor Parameters You can change the default settings of the BOOTmonitor of the device e g the baud rate for serial connections 6 Show System Information Shows useful information about your device e g serial number MAC address and software versions The BOOTmonitor is started as follo...

Page 89: ...seconds the device changes back to normal operating mode Note If you change the baud rate the preset value is 9600 baud make sure the terminal program used also uses this baud rate If this is not the case you will not be able to establish a serial connection to the device Funkwerk Enterprise Communications GmbH 8 Access and configuration bintec Rxxx2 RTxxx2 75 ...

Page 90: ...on tasks First steps Internet Access VPN SWYX only with active optional DSP module VoIP PBX in LAN Choose the corresponding task from the navigation bar and follow the instructions and ex planations on the separate pages of the Wizard 9 Assistants Funkwerk Enterprise Communications GmbH 76 bintec Rxxx2 RTxxx2 ...

Page 91: ...e following data System status Your device s activities Resource utilisation active sessions and tunnels Status and basic configuration of the LAN WAN ISDN and ADSL interfaces Information on plugged add on modules if any The last 10 system messages You can individually customise the update interval of the status page by entering the de sired period in seconds for Automatic Refresh Interval and cli...

Page 92: ...er Displays the device serial number BOSS Version Displays the currently loaded version of the system software Last configuration stored Displays day date and time of the last saved configuration boot configuration in flash Fields in the Resource Information menu Field Value CPU Usage Displays the CPU usage as a percentage Memory Usage Displays the usage of the working memory in MByte in relation ...

Page 93: ...lds in the Modules menu Field Value DSP Module Shows the type of plugged DSP module if any An acquired fax licence if any can be displayed Fields in the Physical Interfaces menu Field Value Interface Connection Information Link The physical interfaces are listed here and their most important settings are shown The system also displays whether the inter face is connected or active Interface specifi...

Page 94: ...em menu Fig 29 System Management Global Settings System The System Management Global Settings Systemmenu consists of the following fields Fields in the Basic Settings menu Field Value System Name Enter the system name of your device This is also used as the PPP host name A character string of up to 255 characters is possible The device type is entered as the default value Location Enter the locati...

Page 95: ...d internally if they have a higher or identical priority to that indicated i e all messages generated are recorded at syslog level 1 Possible values Only messages with emergency priority are re corded 0 Messages with emergency and alert priority are recor ded 4 Messages with emergency alert and critical prior ity are recorded Messages with emergency alert critical and error pri ority are recorded ...

Page 96: ...intec devices are delivered with the same username and password As long as the password remains unchanged they are not protected against unauthorised use Make sure you change the passwords to prevent unauthorised access to the device If the password is not changed under System Management Status there appears the warning System password not changed The System Management Global Settings Passwordsmen...

Page 97: ...nu Field Value Show passwords and keys in clear text Define whether the passwords are to be displayed in clear text plain text The function is enabled with The function is disabled by default If you activate the function all passwords and keys in all menus are displayed and can be edited in plain text One exception is IPSec keys They can only be entered in plain text If you press OK or call the me...

Page 98: ...e last Sunday in March by switching from 2 a m to 3 a m The calendar related or schedule related switches that are scheduled for the missing hour are then carried out Winter time starts on the last Sunday in October by switching from 3 a m to 2 a m The calendar related or schedule related switches that are scheduled for the additional hour are then carried out If a value other than Universal Time ...

Page 99: ...itten The menu System Management Global Settings Date and Time consists of the fol lowing fields Fields in the Basic Settings menu Field Description Time Zone Select the time zone in which your device is installed You can select Universal Time Coordinated UTC plus or minus the deviation in hours or a predefined location e g 7 Current Local Time The current date and current system time are shown he...

Page 100: ...ect the protocol for the time server request Possible values default value This server uses the simple network time protocol with UDP port 123 7 31 This server uses the time service with UDP port 37 7 4 This server uses the time service with TCP port 37 This time server is not currently used for the time re quest Second Timeserver Enter the secondary time server using either a domain name or an IP...

Page 101: ...the time period after which the system attempts to contact the time server again following a failed time update Possible values default value The system attempts to contact the time server after 1 2 4 8 and 16 minutes 0 For ten minutes the system attempts to con tact the time server after 1 2 4 8 seconds then every 10 seconds For an unlimited period the system attempts to contact the time server a...

Page 102: ...r at additional cost You can access this data sheet at www funkwerk ec com Entering licence data You can obtain the licence data for extra licences via the online licensing pages in the sup port section at www funkwerk ec com Please follow the online licensing instructions Please also note the information on the licence card for licences at additional cost You will then receive an e mail containin...

Page 103: ...add licences Fig 32 System Management Global Settings System Licences New Activating extra licences You activate extra licences by adding the received licence information in the System Man agement Global Settings System Licences New menu The menu System Management Global Settings System Licences New consists of the following fields Fields in the Basic Settings menu Field Value Licence Serial Numbe...

Page 104: ...erface Mode Bridge Groups In this menu you define the operation mode for your device s interfaces Routing versus bridging Bridging connects networks of the same type In contrast to routing bridges operate at lay er 2 of the OSI model data link layer are independent of higher level protocols and trans mit data packets using MAC addresses Data transmission is transparent which means the information ...

Page 105: ...nterface type b Number of the Ethernet port c Number of the interface connected to the Ethernet port d Number of the virtual interface Example first virtual interface based on the first interface on the first Ethernet port 10 3 1 Interfaces You define separately whether each interface is to operate in routing or bridging mode If you want to set bridging mode you can either use existing bridge grou...

Page 106: ...ck the OK button a new bridge group is automatically created Configuration Interface Select the interface via which the configuration is to be carried out Possible values default value Ex works setting The right con figuration interface must be selected from the other options No interface is defined as configuration interface A B Select the interface to be used for con figuration If this interface...

Page 107: ...nged 10 4 Administrative Access In this menu you can configure the administrative access to the device 10 4 1 Access In the Administrative Access Access menu a list of all IP configurable interfaces is dis played Fig 35 System Management Administrative Access Access For each Ethernet interface you can select the access parameters and for the ISDN interfaces 1 2 options can be selected Funkwerk Ent...

Page 108: ...d Description Interface Select the interface for which administrative access is to be con figured 10 4 2 SSH Your devices offers encrypted access to the shell You can enable or disable this access in the System Management Administrative Access SSH menu Enabled standard value and have access to the options for configuration of the SSH login Fig 37 System Management Administrative Access SSH 10 Syst...

Page 109: ...nistrative Access SSHmenu consists of the following fields Fields in the SSH Secure Shell Parameters menu Field Value SSH service active Select whether the SSH Daemon is to be enabled for the inter face The function is activated by selecting The function is enabled by default Compression Select whether data compression should be used The function is activated by selecting The function is disabled ...

Page 110: ...bled Hashing Algorithms Select the algorithms that are to be available for message au thentication of the SSH connection Possible options 1 0 1 By default 1 0 and 1 are enabled Fields in the Key Status menu Field Value RSA Key Status Shows the status of the RSA key If an RSA key has not been generated yet is displayed in red and a link displayed If you select the link the generation process is tri...

Page 111: ... there is not enough space in the FlashROM 10 4 3 SNMP SNMP Simple Network Management Protocol is a network protocol used to monitor and control network elements e g routers servers switches printers computers etc from a central station SNMP controls communication between the monitored devices and monit oring station The protocol describes the structure of the data packets that can be transmit ted...

Page 112: ...y Based SNMP Version 2 SNMP Version 3 By default and are enabled If no option is selected the function is deactivated SNMP Listen UDP Port Shows the UDP port at which the device receives SNMP requests The value cannot be changed Tip If your SNMP Manager supports SNMPv3 you should if possible use this version as older versions transfer all data unencrypted 10 5 Remote Authentication This menu conta...

Page 113: ...h your device uses as WAN connection parameters If the RADIUS server is used for accounting your device sends an accounting message at the start of the connection and a message at the end of the connection These start and end messages also contain statistical information about the connection IP address user name throughput costs RADIUS packets The following types of packets are sent between the RA...

Page 114: ...ng message to the RADIUS server at the start of each connection ACCOUNTING_STOP Client Server If a RADIUS server is used for accounting your device sends an accounting message to the RADIUS server at the end of each connection A list of all entered RADIUS servers is displayed in the System Management Remote Authentication RADIUS menu 10 5 1 1 Edit or New Choose the icon to edit existing entries Ch...

Page 115: ...ossible values 0 standard value only for PPP con nections The RADIUS server is used for controlling access to a network 0 for PPP connections only The RADIUS server is used for recording statistical call data 2 0 The RADIUS server is used for controlling access to the SNMP shell of your device 0 The RADIUS server is used for sending configuration data for IPSec peers to your device Funkwerk Enterp...

Page 116: ...sends as the default user password in the prompt for the dialout routes on the RADIUS server Priority If a number of RADIUS server entries were created the server with the highest priority is used first If this server does not an swer the server with the next highest priority is used Possible values from highest priority to lowest priority The default value is See also Policy in the Advanced Setti...

Page 117: ...ent to the next RADIUS server un til your device receives a response from a server configured as authoritative UDP Port Enter the UDP port to be used for RADIUS data RFC 2138 defines the default ports 1812 for authentication 1645 in older RFCs and 1813 for accounting 4 180 84 cm older RFCs You can obtain the port to be used from the docu mentation for your RADIUS server The default value is Server...

Page 118: ... In Alive Check your device attempts to reach the server every 20 seconds If the server responds Status is set back to Possible values are whole numbers between and The default value is To prevent Status being set to set this value to RADIUS Dialout Only for Authentication Type 0 and 0 Select whether your device receives requests from RADIUS server dialout routes This enables temporary interfaces ...

Page 119: ... are available on your device Authentication for login shell Command authorisation on the shell e g telnet show TACACS uses TCP port 49 and establishes a secure and encrypted connection A list of all entered TACACS servers is displayed in the System Management Remote Authentication TACACS menu 10 5 2 1 Edit or New Choose the icon to edit existing entries Choose the New button to add TACACS serv er...

Page 120: ...ss server your device The maximum length of the entry is 32 characters Priority Assign a priority to the current TACACS server The server with the lowest value is the one used first for TACACS login authentication If there is no response or access is denied only if Policy the entry with the next highest priority is used The available values are to the default value is Entry active Select whether t...

Page 121: ...licy and the current server is set to status The possible values are to the default value is Block Time Enter the time in seconds for which the current server is to re main in blocked status At the end of the block time the server is set to the status spe cified in the Entry active field The possible values are to the default value is The value means that the server is never set to status and thus...

Page 122: ...s The menu System Management Remote Authentication Options consists of the fol lowing fields Fields in the Global RADIUS Options menu Field Description Authentication for PPP Dialin By default the following authentication sequence is used for in coming calls with RADIUS First CLID then PPP and then PPP with RADIUS Options Only inband RADIUS requests PAP CHAP MS CHAP V1 V2 i e PPP requests without ...

Page 123: ...y important The quality of a certificate is regulated by the German Signa ture Act or respective EU Directives Certification authorities that issue so called qualified certificates are organised in a hier archy with the Federal Network Agency as the higher certifying authority The structure and content of a certificate are stipulated by the standard used X 509 is the most important and the most co...

Page 124: ...entry The System Management Certificates Certificate List menu consists of the fol lowing fields Fields in the menu Field Description Description Shows the name of the certificate key or request Certificate is CA Certi ficate Mark the certificate as a certificate from a trustworthy certifica tion authority CA 10 System Management Funkwerk Enterprise Communications GmbH 110 bintec Rxxx2 RTxxx2 ...

Page 125: ...her level certificate are used if one exists It is does not the same procedure is used as that described under Only if a CRL Distribution Point is present Force certificate to be trusted Define that this certificate is to be accepted as the user certific ate without further checks during authentication The function is enabled with The function is disabled by default Caution It is extremely importa...

Page 126: ...CEP communication with separate keys and to delegate the operation to separate registration authorities if applicable When a certificate is downloaded automatically i e if CA Certificate 1 is selected all the certificates needed for the operation are loaded automatically If all the necessary certificates are already available in the system these can also be selec ted manually Select the Certificat...

Page 127: ... Field Description Certificate Request De scription Enter a unique description for the certificate Mode Select the way in which you want to request the certificate Possible settings default value Your device generates a PKCS 10 for the key This file can then be uploaded directly in the browser or copied in the menu using the View details Funkwerk Enterprise Communications GmbH 10 System Management...

Page 128: ...URL Only for Mode 4 Enter the URL of the SCEP server e g ht tp scep funkwerk de 8080 scep scep dll Your CA administrator can provide you with the necessary data CA Certificate Only for Mode 4 Select the CA certificate In 1 In CA Name enter the name of the CA certificate of the certification authority CA from which you wish to request your certificate e g Your CA ad ministrator can provide you with...

Page 129: ...e RA you can select another one here to encrypt com munication The default value is 3 0 4 i e the same certificate is used as for signing Password Only for Mode 4 You may need a password from the certification authority to ob tain certificates for your keys Enter the password you received from the certification authority here Fields in the Subject Name menu Field Description Custom Select whether ...

Page 130: ...tom disabled Enter the e mail address according to CA Organizational Unit Only for Custom disabled Enter the organisational unit according to CA Organization Only for Custom disabled Enter the organisation according to CA Locality Only for Custom disabled Enter the location according to CA State Province Only for Custom disabled Enter the state province according to CA Country Only for Custom disa...

Page 131: ...e Mode Select whether your device automatically stores the various steps of the enrolment internally This is an advantage if enrol ment cannot be concluded immediately If the status has not been saved the incomplete registration cannot be completed As soon as the enrolment is completed and the certificate has been downloaded from the CA server it is automatically saved in the device configuration ...

Page 132: ...ue description for the certificate File Encoding Select the type of coding so that your device can decode the certificate Possible values 0 default value Activates automatic code recognition If downloading the certificate in auto mode fails try with a cer tain type of encoding Password You may need a password to obtain certificates for your keys Enter the password here 10 6 2 CRLs In the System Ma...

Page 133: ...0 6 2 1 Import Choose the Import button to import CRLs Fig 45 System Management Certificates CRLs Import The System Management Certificates CRLs Importmenu consists of the following fields Fields in the CRL Import menu Field Description External Filename Enter the file path and name of the CRL to be imported or use Browse to select it from the file browser Local Certificate De scription Enter a un...

Page 134: ...s either via LDAP or HTTP 10 6 3 1 New Choose the New button to set up a certificate server Fig 46 System Management Certificates Certificate Servers New The System Management Certificates Certificate Servers Newmenu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a unique description for the certificate server LDAP URL Path Enter the LDAP U...

Page 135: ... for the console port of your gateway e g AUX Backup cable to connect an external analogue modem to the AUX port on a bintec gateway 11 1 1 AUX With an analogue GSM interface the gateway also supports connections for analogue and GSM modems e g as backup In principle you can use any Hayes or GSM07 07 compatible modem with a serial interface for this purpose The following mo dems have been tested s...

Page 136: ... Line Speed Only for AUX Port Status enabled Here you select the speed at which the gateway addresses the modem in bps Possible values 1 The Baud rate of the serial terminal connection is retained 9600 in ex works state All other values mean that the modem is addressed at the cor responding speed in bps default value Recommended for communica tion with a GSM modem Recommended for communication wit...

Page 137: ...d is set by default to It should only be changed if the escape character of the modem is different Modem Init Sequence Only for AUX Port Status enabled Here you can enter an initialization string for your modem The command ATX3 K3 V1 is the default setting the modem does not wait for a free signal before dialling You can add other AT commands by separating them with semicolons The entry is limited...

Page 138: ... sure that Ethernet interface is assigned with the preconfigured IP address and netmask to a port that can be reached via Ethernet If in doubt carry out the configuration using a serial connection via the Console interface ETH1 ETH4 The interfaces can be used separately They are logically separated from each other each port being assigned the desired logical Ethernet interface in the Ethernet Inte...

Page 139: ...ly separates these from each other The available total bandwidth of max 1000 mbps full duplex for all resulting interfaces remains the same For example if you split all the switch ports from each other each of the resulting interfaces only uses a part of the total bandwidth If you group together several switch ports into one interface the full bandwidth of max 1000 mbps full duplex is available fo...

Page 140: ...e and switch port 5 is assigned to interface Configured Speed Mode Select the mode in which the interface is to run Possible values 5 0 default value 0 0 0 0 7 5 1 0 7 1 0 7 5 1 0 7 1 5 7 5 1 5 7 5 1 5 7 1 5 7 5 1 5 7 1 The interface is created but remains inactive Current Speed Mode Shows the actual mode and actual speed of the interface Possible values 7 5 1 7 5 1 7 1 7 5 1 7 1 1 11 Physical Int...

Page 141: ...ngs for your ISDN connection Here you set the most important parameters of your ISDN connection MSN Configuration Here you tell your device how to react to incoming calls from the WAN 11 3 1 ISDN Configuration Note If the ISDN protocol is not detected it must be selected manually under Port Usage und ISDN Configuration Type The automatic D channel detection is then switched off An incorrectly set ...

Page 142: ...hannel detection for switched line is to be automatically identified The function is enabled with The function is enabled by default Result of Autoconfig uration Shows the status of the ISDN Auto Config Automatic D channel detection runs until a setting is found or until the ISDN protocol is selected manually under Port Usage This field cannot be edited The result of automatic configuration for th...

Page 143: ...ues default value Point to multipoint connection Point to point ISDN access ISDN Switch Type Only for Port Usage 2 2 Select the ISDN protocol supplied by your provider Possible values 2 2 Leased line over B channel 1 64 kbps 2 2 Leased line over both B chan nels 128 kbps 2 2 1 Leased line over D channel and both B channels 144 kbps 2 2 1 Leased line to two different endpoints 2 2 1 Leased line ove...

Page 144: ...ings menu Field Description X 31 X 25 in D Chan nel Select whether you want to use X 31 X 25 in the D channel e g for CAPI applications The function is enabled with The function is disabled by default X 31 TEI Value Only if X 31 X 25 in D Channel is enabled With the ISDN autoconfiguration the X 31 TEI is detected auto matically If the autoconfiguration has not detected TEI you can manually enter t...

Page 145: ...I ap plication is ignored and the default value set here is always used is set if you want to use X 31 TEI for the X 25 device ISDN PRI interface For a Primary Rate Interface PRI or S2M the channels are transmitted in series in so called time slots Choose the button to edit the configuration of the ISDN port Funkwerk Enterprise Communications GmbH 11 Physical Interfaces bintec Rxxx2 RTxxx2 131 ...

Page 146: ...on Port Name Shows the name of the ISDN port Port Usage Select whether the ISDN switch type D channel detection for switched line is to be automatically identified Possible values default value ISDN connection is not used 3 1 EURO ISDN S2M User Profile 3 1 EURO ISDN S2M Network Profile Two S2M connections are dir 11 Physical Interfaces Funkwerk Enterprise Communications GmbH 132 bintec Rxxx2 RTxxx...

Page 147: ...nter the main number of the connection With incoming calls this basis call number is cut off by the called party number With outgoing calls this main number is attached to the number to be called calling party number Channel Selection Only if Port Usage 3 1 3 1 D or D An additional option is provided in order to guarantee the com patibility with special providers If you set the switch type appro p...

Page 148: ...if Port Usage Defines which connection partner sends the clock signal for synchronization between the sender and the recipient If the clock signal is not sent by the exchange itself one of the con nection partners must sent the signal Possible values The device receives the clock signal The device sends the clock signal ISDN Switch Type Only if Port Usage 2 2 Select the ISDN connection type Possib...

Page 149: ...igure additional bundles Note This function is only available for leased lines Fields in the New Bundle menu Field Description Description Enter the name of the channel bundle Bundle Type Displays the type of channel bundle Possible values The channels are bundled as PPP Multilink channels The channels are bundled as physical hyperchannels Timeslot Selection Select between and Timeslot Range Only ...

Page 150: ... service is your device s general routing service This enables ISDN remote terminals to establish data connections with your LAN among oth er things This enables partners outside your own local network to access hosts within your LAN It is also possible to establish outgoing data connections to ISDN remote ter minals ISDN Login The ISDN login service enables both incoming data connections with acc...

Page 151: ...from the local exchange or if available the PBX The call is then assigned to the corresponding service Note If no entry is specified ex works state every incoming ISDN call is accepted by the ISDN Login service To avoid this you should make the necessary entries here As soon as an entry exists the incoming calls not assigned to any entry are forwarded to the CAPI service A list of all MSNs is disp...

Page 152: ... bps 19 200 bps 38 400 bps 8 Allows PPP connections with V 120 MSN Enter the number used to check the called party number For the call to be accepted it is sufficient for the individual numbers in the entry to agree taking account of MSN Recognition MSN Recognition Select the mode your device is to use for the number comparis on for MSN with the called party number of the incoming call Possible va...

Page 153: ... make the basic settings for your ADSL connection Fig 53 Physical Interfaces ADSL Modem ADSL Configuration The menu Physical Interfaces ADSL Modem ADSL Configuration consists of the fol lowing fields Fields in the DSL Port Status menu Field Description DSL Chipset Shows the key of the installed chipset Physical Connection Shows the current ADSL operation mode The value cannot be changed Possible v...

Page 154: ... direction from CO DSLAM to CPE router in bits per second The value cannot be changed Upstream Displays the data rate in the send direction direction from CPE router to CO DSLAM in bits per second The value cannot be changed Fields in the DSL Parameter menu Field Description DSL Mode Define which Annex of ITU T Recommendation G 991 2 is used for the connection Possible values 0 0 For applications ...

Page 155: ...Transmit Shaping Select whether the data rate in the send direction is to be re duced This is only needed in a few cases for special DSLAMs Possible values 1 2 The data rate in the send direc tion is not reduced E to E E The data rate in the send direction is reduced to a maximum of 128 000 bps to 2 048 000 bps in defined steps 3 The data rate is reduced to the value entered in Maximum Upstream Ba...

Page 156: ...airs of wires at up to 22784 kbps 11 5 1 SHDSL Configuration In the SHDSL menu you configure the SHDSL interface of your device Note Ask your provider about any special features of your SHDSL connection Note Agree the connection conditions for back to back connections campus connect with your remote terminal The SHDSL interfaces can be configured separately or as a bundle Choose the button to edit...

Page 157: ...f the SHDSL connection Note CPE on the one hand and CO on the other hand must al ways be set for each SHDSL connection All the pairs of wires should also be set to the same mode no mixed mode is pos sible SHDSL Type Define which Annex of ITU T Recommendation G 991 2 is used for the connection Possible values 0 0 For applications in North America provider dependent 0 default value For applications ...

Page 158: ...ion supports 4 wire mode under G991 2 and Globespan Enhanced Mode Four wires are used for m pair bonding with a clock rate of 384 kbps to 11392 kbps This option sup ports 4 wire mode under G991 2 but not Globespan En hanced Mode 0 4 wires are used with IMA for a clock rate of 384 kbps to 11392 kbps 6 wires are used with m pair bonding for a clock rate of 576 kbps to 17088 kbps 0 6 wires are used w...

Page 159: ...ed should be used Line Speed Interval Only for Clock Rate 0 Under Minimum select the minimum clock rate and under Max imum the maximum clock rate for the connection 11 6 VDSL Modem bintec R3502 features an integrated VDSL2 modem which supports automatic switching to ADSL2 If required VDSL connection is available at any time In addition to the VDSL2 modem the bintec R3502has five gigabit Ethernet p...

Page 160: ...e changed Fields in the Current Line Speed menu Field Description Downstream Displays the data rate in the receive direction direction from CO DSLAM to CPE router in bits per second The value cannot be changed Upstream Displays the data rate in the send direction direction from CPE router to CO DSLAM in bits per second The value cannot be changed Fields in the DSL Parameter menu Field Description ...

Page 161: ...his is only needed in a few cases for special DSLAMs Possible values 1 2 Line Speed The data rate in the send direction is not reduced to The data rate in the send dir ection is reduced to a maximum of 128 000 bps to 2 048 000 bps in defined steps 3 The data rate is reduced to the value entered in Maximum Upstream Bandwidth The default value is Default Line Speed Maximum Upstream Bandwidth Only fo...

Page 162: ...utton to create virtual interfaces However this is only needed in special applications e g BRRP Depending on the option selected different fields and options are available All the config uration options are listed below The default setting for all existing interfaces of your device is routing mode The interface en1 0 is pre configured with IP address and netmask Example of subnets If your device i...

Page 163: ...Based on Ethernet In terface This field is only displayed if you are editing a virtual routing in terface Select the Ethernet interface for which the virtual interface is to be configured Address Mode Select how an IP address is assigned to the interface Possible values default value The interface is assigned a static IP address in IP Address Netmask 1 4 An IP address is assigned to the interface ...

Page 164: ... virtual interfaces and only for Interface Mode 3 Enter the MAC address associated with the interface For virtual interfaces you can use the MAC address of the physical inter face under which the virtual interface was created but this is not necessary You can also allocate a virtual MAC address The first 6 characters of the MAC are preset but can be changed VLAN ID Only for Interface Mode 820 This...

Page 165: ...rs that assign IP addresses by UNICAST do not respond to DHCP requests with the set BROADCAST bit In this case it is necessary to send DHCP requests in which this bit is not set In this case disable this option The function is activated by selecting The function is enabled by default Proxy ARP Select whether your device is to respond to ARP requests from its own LAN on behalf of defined remote ter...

Page 166: ...es an access point nothing less than a VLAN aware switch with the enhancement of grouping clients into VLAN groups In general VLAN segmenting can be configured with all interfaces Fig 57 VLAN segmenting VLAN for Bridging and VLAN for Routing In the LAN VLAN menu VLANs virtual LANs are configured with interfaces that operate in Bridging mode Using the VLAN menu you can make all the settings needed ...

Page 167: ...rfaces are assigned 12 2 1 1 Edit or New Fig 58 LAN VLAN VLANs New The LAN VLAN VLANs New menu consists of the following fields Fields in the Configure VLAN menu Field Description VLAN Identifier Enter the number that identifies the VLAN In the menu you can no longer change this value Possible values are to VLAN Name Enter a unique name for the VLAN A character string of up to 32 characters is pos...

Page 168: ...n menu Field Description Interface Shows the port for which you define the PVID and processing rules PVID Assign the selected port the required PVID Port VLAN Identifi er If a packet without a VLAN tag reaches this port it is assigned this PVID Drop untagged frames If this option is enabled untagged frames are discarded If the option is disabled untagged frames are tagged with the PVID defined in ...

Page 169: ...onmenu consists of the following fields Fields in the Bridge Group br ID VLAN Options menu Field Description Enable VLAN Enable or disable the specified bridge group for VLAN The function is enabled with The function is not activated by default Management VID Select the VLAN ID of the VLAN in which your device is to oper ate Funkwerk Enterprise Communications GmbH 12 LAN bintec Rxxx2 RTxxx2 155 ...

Page 170: ...configuration in succession i e they are managed via the WLAN controller and can no longer be amended externally With the bintec WLAN controller you can automatically detect individual access points APs and connect to a WLAN network Load the system software into the APs Load the configuration into the APs Monitor and manage APs Please refer to your gateway s data sheet to find out the number of AP...

Page 171: ...r If you wish to use a bintec Gateway for example as a DHCP server click on the FCI menu of this device under Local Services DHCP Server DHCP Pool New Advanced Set tings in the DHCP Optionsfield on the Add button Select as Option 40 0 4 and in the Value field enter the IP address of the WLAN controller IP Address Range If the IP addresses are to be assigned internally you must enter the start and ...

Page 172: ...3 1 3 1 Change or add wireless networks Click on to edit an existing entry With Add you can create new entries The following parameters are available Network Name SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Also select whether the Network Name SSID 8 is to be transmitted Security Mode Select the security mode encryption and authentication ...

Page 173: ... device will not be protected against unauthorised access Radius Server You can control access to a wireless network via a RADIUS server With Add you can create new entries Enter the IP address and the password of the desired RADIUS server EAP Preauthentification For Security Mode 0 select whether the EAP preauthentification func tion is to be This function tells your device that WLAN clients whic...

Page 174: ...eless networks that are currently assigned Operation Mode Select whether the device is to be operated in 0 mode or in 1 mode The 1 setting uses the value that you have selected in the corresponding Radio Profile Channel Displays the channel that is assigned You can select an alternative channel The number of channels you can selected depends on the country setting Please consult the data sheet for...

Page 175: ...of slave access points that can be supported has been exceeded Please check your li cences If this message is displayed then you should obtain additional licences if appropri ate During the installation of the WLAN and the allocation of frequencies on the messages dis played you will see how far the installation has progressed The display is continuously up dated Provided that non overlapping wire...

Page 176: ...e range of channels that can be used varies depending on the country setting The default value is Interface Select the interface to be used for the wireless controller DHCP Server Select whether an external DHCP server shall assign IP ad dresses to the APs or if your device should be used as the DH CP server For an internal DHCP server CAPWAP option 138 is active in order to allow communication be...

Page 177: ...ed in the LAN or the WAN Possible values 2 20 default value 0 The 0 setting is useful if for example there is a wireless LAN controller installed at head office and its APs are distributed to different branches If the APs are linked via VPN it may be that a connection is terminated If this happens the relevant AP with the setting 0 maintains its con figuration until the connection is reestablished...

Page 178: ... this to the controller via option 138 The controller has prompted the required parameters from the AP Initialising The WLAN controller and the APs communicate via CAPWAP The configuration is transferred and enabled to the APs Managed The AP is set to Managed status The controller has sent a configuration to the AP and has enabled this The AP is man aged centrally from the controller and cannot be...

Page 179: ...ists of the following fields Fields in the Access Point Settings menu Field Description Administration Status Select whether the selected AP is to be managed from the WLAN controller The function is activated by selecting The function is enabled by default You can disconnect the AP from the WLAN controller and there fore remove it from your WLAN infrastructure by disabling the function The AP then...

Page 180: ...e profile that is currently selected You can select another wireless module profile from the list if more than one wireless module profile are being set up Channel Displays the channel that is assigned You can select another channel The number of channels you can selected depends on the country setting Please consult the data sheet for your device Access Point mode Configuring the network name SSI...

Page 181: ...r Operation Band G Possible values are and 0 standard value For Operation Band G 7 and G Only the 0 option is possible here Used Channel Only for managed APs Displays the channel that is currently in use Transmit Power Displays the transmission power You can select another trans mission power Possible values default value The maximum antenna power is used Assigned Wireless Network VSS Displays the...

Page 182: ...and a pro file with 5 GHz are created by default the 2 4 GHz profile cannot be deleted For each wireless module profile you will see an entry with a parameter set Radio Profile Configured Radio Modules Operation Band Wireless Mode 13 3 2 1 Edit or New Choose the icon to edit existing entries Select the New button in order to create new wireless module profiles 13 Wireless LAN Controller Funkwerk E...

Page 183: ...sts of the following fields Fields in the Radio Profile Definition menu Field Description Description Enter the desired description of the wireless module profile Vendor Mode Define the mode in which the wireless module profile is to be operated Possible values Funkwerk Enterprise Communications GmbH 13 Wireless LAN Controller bintec Rxxx2 RTxxx2 169 ...

Page 184: ...y for so called Broadband Fixed Wireless Access BFWA applications The frequencies in the frequency range from 5755 MHz to 5875 MHz may only be used in conjunction with commercial offers for public network accesses and requires registration with the Federal Network Agency Bandwidth Not for Operation Band G 7 Select how many channels are to be used Possible values G default value One channel with 20...

Page 185: ...ted by all clients basic rates This mode is also needed for Centrino clients if connection problems occur 7 Your device adapts to the client technology and operates according to either 802 11b or 802 11g The following applies for mixed short The data rates 5 5 and 11 mbps must be supported by all clients basic rates 7 7 Your device operates according to either 802 11b 802 11g or 802 11n 7 Your dev...

Page 186: ...occur with older WLAN hardware this function should not be active The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Channel Plan Select the desired channel plan The channel plan makes a preselection when a channel is se lected This ensures that no channels overlap i e a distance of four channels is maintained between the channels use...

Page 187: ...roadcast or multic ast transmission If clients operate in power save mode they come alive at the right time and receive the data Possible values are to The default value is RTS Threshold Here you can specify the data packet length threshold in bytes 1 2346 as of which the RTS CTS mechanism is to be used This makes sense if several clients that are not in each other s wireless range are run in one ...

Page 188: ...nterference Possible values are to The default value is 13 3 3 Wireless Networks VSS Fig 66 Wireless LAN Controller Slave AP configuration Wireless Networks VSS An overview of all created wireless networks is displayed in the Wireless LAN Controller Slave AP configuration Wireless Networks VSS menu A wireless network is cre ated by default For every wireless network VSS you see an entry with a par...

Page 189: ...he following fields Fields in the Service Set Parameters menu Field Description Network Name SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Also select whether the Network Name SSID is to be trans mitted The network name is displayed by selecting 8 It is visible by default Intra cell Repeating Select whether communication between the WLAN cli...

Page 190: ... wireless network so that optimum transmission quality is always achieved for time critical applications Data prioritisation is supported in accordance with DSCP Differentiated Services Code Point or IEEE802 1d The function is activated by selecting The function is enabled by default Max Clients Enter the maximum number of clients that can be connected to this wireless network SSID The maximum num...

Page 191: ...mber of characters for the selected WEP mode For you need a character string with 5 characters for with 13 characters e g for for WPA Mode Only for Security Mode 0 9 and 0 Select whether you want to use WPA with TKIP encryption or WPA 2 with AES encryption or both Possible values 0 0 default value WPA and WPA 2 can be used 0 Only WPA is used 0 Only WPA2 is used WPA Cipher Only for Security Mode 0 ...

Page 192: ...gainst unau thorised access Radius Server You can control access to a wireless network via a RADIUS server With Add you can create new entries Enter the IP address and the password of the RADIUS server EAP Preauthentifica tion Only for Security Mode 0 Select whether the EAP preauthentification function is to be ac tivated This function tells your device that WLAN clients which are already connecte...

Page 193: ...resses MAC Address of the clients to be permitted Fields in the VLAN menu Field Description VLAN Select whether the VLAN segmentation is to be used for this wireless network The function is activated by selecting The function is disabled by default VLAN ID Enter the number that identifies the VLAN Possible values are to VLAN ID 1 is not possible as it is already in use 13 4 Monitoring This menu is...

Page 194: ...ne The client is no longer in a valid status Logon The client has just logged on with the WLAN controller Associated The client has logged on with the WLAN controller Authenticate The client is in the process of being authenticated Authenticated The client is authenticated 13 4 2 Neighbor APs Fig 69 Wireless LAN Controller Monitoring Neighbor APs In the Wireless LAN Controller Monitoring Neighbor ...

Page 195: ...display is updated every ten seconds 13 4 3 Wireless Networks Fig 70 Wireless LAN Controller Monitoring Wireless Networks In menu Wireless LAN Controller Monitoring Wireless Networks an overview of the currently used AP is displayed You see which wireless module is assigned to which wire less network For each wireless a parameter set is displayed Location VSS MAC Ad dress VSS Channel Clients 13 5 ...

Page 196: ...nu consists of the following fields Fields in the Firmware Maintenance menu Field Description Action Select the action you wish to execute After each task a window is displayed showing the other steps that are required Possible values 3 You can also start an update of the system software You can save a configuration which contains the AP status inform ation Source Location Select the source for th...

Page 197: ...urce Location or 5 Enter the URL of the update server from which the system soft ware file is loaded or on which the configuration file is saved Funkwerk Enterprise Communications GmbH 13 Wireless LAN Controller bintec Rxxx2 RTxxx2 183 ...

Page 198: ...ess over your device If for example you configure both Internet access and a corporate network connection enter a default route to the ISP and a network route to the head office You can enter several default routes on your device but only one default route can be active at any one time If you enter several default routes you should thus note differing values for Metric 14 1 1 IP Routes A list of a...

Page 199: ...h Extended Route not enabled If the option is selected for Route Class an extra configuration section opens Fig 73 Networking Routes IP Routes New with Extended Route Funkwerk Enterprise Communications GmbH 14 Networking bintec Rxxx2 RTxxx2 185 ...

Page 200: ...u Field Description Route Type Select the type of route Possible values default value Route to a network 1 Is used if no other suitable route is avail able Route to a single host Destination IP Ad dress NetmaskDestina tion IP Address Net mask Only for Route Type or Enter the IP address of the destination host In Route Type you additionally enter the corresponding netmask in the second field If no ...

Page 201: ...iority of the route The lower the value the higher the priority of the route Value range from to The default value is Fields in the Extended Route Parameters menu Field Description Source Interface Select the interface over which the data packets are to reach the device The default value is New Source IP Ad dress Netmask Enter the IP address and netmask of the source host or source network Layer 4...

Page 202: ... to Port Destination Port Only for Layer 4 Protocol 4 or 31 Enter the destination port First select the port number range Possible values 0 default value The route is valid for all port numbers Enables the entry of a port number Enables the entry of a range of port numbers Entry of privileged port numbers 0 1023 Entry of server port numbers 5000 32767 4 Entry of client port numbers 1024 4999 4 Ent...

Page 203: ... Route Parameters Inter face is to be used Possible values 1 default value The route can be used if the interface is up If the interface is dormant then dial and wait until the interface is up 0 The route can always be used 1 The route can be used when the interface is up If the interface is dormant then select and use the alternative route rerouting until the interface is up The route can be used...

Page 204: ...utes Optionsmenu consists of the following fields Fields in the Back Route Verify menu Field Description Mode Select how the interfaces to be activated for Back Route Verify are to be specified Possible values Back Route Verify is activ ated for all interfaces default value A list of all interfaces is displayed in which Back Route Verify is only enabled for specific interfaces 1 Back route verify ...

Page 205: ...Routes menu The function is enabled with By default the function is deactivated for all interfaces 14 2 NAT Network Address Translation NAT is a function on your device for defined conversion of source and destination addresses of IP packets If NAT is activated IP connections are still only allowed by default in one direction outgoing forward protective function Excep tions to the rule can be conf...

Page 206: ...function is deactivated the sender of the denied IP packet is informed by means of an ICMP or TCP RST message The function is disabled by default PPTP Passthrough Select whether the setup and operation of several simultan eous outgoing PPTP connections from hosts in the network are also to be permitted if NAT is activated The function is disabled by default If PPTP Passthrough is enabled the devic...

Page 207: ...w Choose the New button to set up NAT Fig 76 Networking NAT NAT Configuration New The menu Networking NAT NAT Configuration New consists of the following fields Field in the Basic Parameters menu Field Description Description Enter a description for the NAT configuration Interface Select the interface for which NAT is to be configured Possible values 0 default value NAT is configured for all inter...

Page 208: ...lly valid source port Possible values UDP only Any given external host may send IP packets via the external address and the external port to the initiating source address and the initial source port UDP only Like full cone NAT as ex ternal host however only the initial external destination host is allowed UDP only Like restricted cone NAT however exclusively data from the initial destination port ...

Page 209: ... value A B Protocol Only for certain services Not for Type of traffic 0 and NAT method or In this case UDP is automatically defined Select a protocol According to the selected Service different protocols are available Possible values 0 default value 0 4 4 C 9 Funkwerk Enterprise Communications GmbH 14 Networking bintec Rxxx2 RTxxx2 195 ...

Page 210: ... IP Ad dress Netmask Only for Type of traffic 0 Enter the destination IP address and corresponding netmask of the original data packets as the case arises In the NAT Configuration Replacement Values menu you can define depending on whether you re dealing with inbound or outbound data traffic new addresses and ports to which specific addresses and ports from the NAT Configuration Specify original t...

Page 211: ...rinciples In contrast to Multilink PPP based solutions load balancing also functions with accounts with different providers Session based load balancing is achieved Related dependent sessions are always routed over the same interface A decision on distribution is only made for outgoing sessions A list of all configured load balancing groups is displayed in the Networking Load Balan cing Load Balan...

Page 212: ...s sion is assigned to one of the group interfaces according to the percentage assignment of sessions to the interfaces The number of sessions is decisive 2 A newly added session is assigned to one of the group interfaces according to the share of the total data rate handled by the interfaces The current data rate based on the data traffic is decisive in both the send and receive direction Consider...

Page 213: ...ng Possible values 0 default value Also includes idle interfaces Only interfaces in the up state are included In the Interface area you add interfaces that match the current group context and config ure these You can also delete interfaces Use Add to create more entries Fig 78 Networking Load Balancing Load Balancing Groups Add Fields in the Basic Parameters menu Funkwerk Enterprise Communications...

Page 214: ...n Route Selector The Route Selector parameter is an additional criterion used for a more precise definition of load balancing groups The inter face entry within a load balancing group is extended by a rout ing information The Route Selector is required in certain applic ations in order to unambiguously assign the router managed IP sessions to the load balacing groups The following rules apply to t...

Page 215: ...e been entered under Monitored IP Address in the Local Services Surveil lance Hosts New menu and which are monitered with the aid of Action to be performed Action 14 3 2 Special Session Handling Special Session Handling enables you to route part of the data traffic to your device via a particular interface This data traffic is excluded from the Load Balancing function You can use the Special Sessi...

Page 216: ...rs Destination Address and Destina tion Port you leave the default setting the HTTPS packets with the same source IP address as the first HTTPS packet are routed via port 443 to the same Destination Ad dress via the same interface as the first HTTPS packet 14 3 2 1 Edit or New Choose the icon to edit existing entries Select the New button create new entries Fig 79 Networking Load Balancing Special...

Page 217: ...l lowing F H The default value is 3 Protocol Select a protocol if required The 0 option default value matches any protocol Destination IP Ad dress Netmask Enter if required the destination IP address and netmask of the data packets Possible values 0 default value Enter the IP address of the host Enter the network address and the related net mask Destination Port Range Enter if required a destinati...

Page 218: ...ation port Enter a destination port range Special Handling Timer Enter the time period during which the specified data packets are to be routed via the route that has been defined The default value is seconds The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Frozen Parameters Specify whether when data packets are subsequently sent th...

Page 219: ...isabled 14 4 QoS QoS Quality of Service makes it possible to distribute the available bandwidths effectively and intelligently Certain applications can be given preference and bandwidth reserved for them This is an advantage especially for time critical applications such as VoIP The QoS configuration consists of three parts Creating IP filters Classifying data Prioritising data 14 4 1 QoS Filter I...

Page 220: ...scription Enter the name of the filter Service Select one of the preconfigured services The extensive range of services configured ex works includes the following F H The default value is 3 Protocol Select a protocol The 0 option default value matches any protocol Type Only for Protocol 4 14 Networking Funkwerk Enterprise Communications GmbH 206 bintec Rxxx2 RTxxx2 ...

Page 221: ...ponding netmask Destination Port Range Only for Protocol 4 or 31 Enter a destination port number or a range of destination port numbers Possible values 0 default value The destination port is not specified Enter a destination port Enter a destination port range Source IP Address Netmask Enter the source IP address of the data packets and the corres ponding netmask Source Port Range Only for Protoc...

Page 222: ...ckets indicated in decimal format Additional information on DSCP and TOS in RFC s 3260 and 1349 COS Filter 802 1p Layer 2 Enter the service class of the IP packets Class of Service CoS Possible values are whole numbers between and Value range to The default value is 14 4 2 QoS Classification The data traffic is classified in the Networking QoS QoS Classification menu i e the data traffic is associ...

Page 223: ...a new class plan with this setting A B Shows a class plan that has already been created which you can select and edit You can add new filters Description Only for Class map Enter the name of the class plan Filter Select an IP filter If the class plan is new select the filter to be set at the first point of the class plan If the class plan already exists select the filter to be attached to the clas...

Page 224: ...ally The function is enabled with The function is disabled by default Class ID Only for High Priority Class not active Choose a number which assigns the data packets to a class Note The class ID is a label to assign data packets to specific classes The class ID defines the priority Possible values are whole numbers between and Set DSCP TOS value Layer 3 Here you can set change the DSCP TOS value o...

Page 225: ...et prioritisation of data Note Data can only be prioritized in the outgoing direction Packets in the high priority class always take priority over data with class IDs 1 254 It is possible to assign or guarantee each queue and thus each data class a certain part of the total bandwidth of the interface In addition you can optimise the transmission of voice data real time data Depending on the respec...

Page 226: ...s QoS on the selected interface Possible values D QoS is activated on the interface The available bandwidth is distributed strictly according to the queue priority QoS is activated on the interface The available bandwidth is distributed according to the weighting weight of the queue Exception High priority pack ets are always handled with priority 5 D QoS is activated on the inter face The availab...

Page 227: ...ossible values are to The default value is i e no limits are set the queue can oc cupy the maximum bandwidth Protocol Header Size below Layer 3 Choose the interface type to include the size of the respective overheads of a datagram when calculating the bandwidth Possible values 3 value in bytes possible values are to Undefined Protocol Header Offset 0 default value Can only be selected for Etherne...

Page 228: ... enabled Select the mode for optimising voice transmission Possible values 0 All RTP streams are optimised The function activates the RTP stream detection mechanism for the automatic detection of RTP streams In this mode the Real Time Jitter Control is activated as soon as an RTP stream has been detected Voice data transmission is not optimised 4 This mode is used if either the VoIP Application La...

Page 229: ...elect the queue priority type Possible values 4 default value Queue for data classified as normal Queue for data classified as high priority 1 Queue for data that has not been classified or data of a class for which no queue has been configured Class ID Only for Priorisation queue 4 Select the QoS packet class to which this queue is to apply To do this at least one class ID must be given in the Ne...

Page 230: ...direction The data rate limit applies to the selected queue This is not the limit that can be defined on the interface The function is enabled with The function is disabled by default Maximum Upload Speed Only for Traffic Shaping enabled Enter a maximum data rate for the queue in kbits Possible values are to The default value is Overbooking allowed Only for Traffic Shaping enabled Enable or disabl...

Page 231: ...efault value The newest packet received is dropped 1 The oldest packet in the queue is dropped 1 A randomly selected packet is dropped from the queue Congestion Avoidance RED Select the process according to which packets are preventively dropped between Min queue size and Max queue size to pre vent queue overflow RED Random Early Detection Possible values default value No packets are dropped Packe...

Page 232: ...supported Access lists are an effective means if for example sites with LANs interconnected over a bintec gateway wish to deny all incoming FTP requests or only allow Telnet sessions between certain hosts Access filters in the gateway are based on the combination of filters and actions for filter rules rules and the linking of these rules to form rule chains They act on the incoming data packets t...

Page 233: ...ule chains You can also assign a rule chain individually to each interface Caution Make sure you don t lock yourself out when configuring filters If possible access your gateway for filter configuration over the serial console interface or ISDN Login 14 5 1 Access Filter This menu is for configuration of access filter Each filter describes a certain part of the IP traffic and defines for example t...

Page 234: ...Filter New The Networking Access Rules Access Filter Newmenu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a description for the filter Service Select one of the preconfigured services The extensive range of services configured ex works includes the following F 14 Networking Funkwerk Enterprise Communications GmbH 220 bintec Rxxx2 RTxxx2 ...

Page 235: ... is 0 See RFC 792 Connection State Only if Protocol 4 You can define a filter that takes the status of the TCP connec tions into account Possible values 0 default value All TCP packets match the filter All TCP packets that would not open any new TCP connection on routing over the gateway match the filter Funkwerk Enterprise Communications GmbH 14 Networking bintec Rxxx2 RTxxx2 221 ...

Page 236: ...f a range of port numbers Source IP Address Netmask Enter the source IP address and netmask of the data packets Source Port Range Only if Protocol 4 31 Enter the source port number or range of source port numbers Possible values 0 default value The filter is valid for all port numbers Enables the entry of a port number Enables the entry of a range of port numbers DSCP TOS Filter Layer 3 Select the...

Page 237: ...in hexadecimal format e g 3F COS Filter 802 1p Layer 2 Enter the service class of the IP packets Class of Service CoS Possible values are whole numbers between and The default value is 14 5 2 Rule Chains Rules for IP filters are configured in the access list menu These can be created separately or incorporated in rule chains In the Networking Access Rules Rule Chains menu all created filter rules ...

Page 238: ...y existing rule chain and thus add another rule to it Description Enter the name of the rule chain Access Filter Select an IP filter If the rule chain is new select the filter to be set at the first point of the rule chain If the rule chain already exists select the filter to be attached to the rule chain Action Define the action to be taken for a filtered data packet Possible values 0 default val...

Page 239: ...is to be shifted 14 5 3 Interface Assignment In this menu the configured rule chains are assigned to the individual interfaces and the gateway s behavior is defined for denying IP packets A list of all configured interface assignments is displayed in the Networking Access Rules Interface Assignment menu Fig 87 Networking Access Rules Interface Assignment 14 5 3 1 Edit or New Choose the icon to edi...

Page 240: ...ne whether the sender is to be informed if an IP packet is denied The function is enabled with The function is activated by default Reporting Method Define whether a syslog message is to be generated if a packet is denied Possible values No syslog message default value A syslog message is generated with the protocol number source IP address and source port number 1 A syslog message is generated wi...

Page 241: ...e firewall configuration Data traffic between network components of segments connected to different ports are controlled according to the configured firewall rules 14 6 1 Drop In Groups The Networking Drop In Drop In Groups menu displays a list of all the Drop In Groups Each Drop In group represents a network 14 6 1 1 New Select the New button to set up other Drop In Groups Fig 89 Networking Drop ...

Page 242: ... default value 1 4 Network Address Only for Network Configuration Enter the network address of the Drop In network Netmask Only for Network Configuration Enter the corresponding netmask Local IP Address Only for Network Configuration Enter the local IP address This IP address must be identical for all the Ethernet ports in a network DHCP Client on Inter face Only for Network Configuration 1 4 Here...

Page 243: ...ossible values Unchanged default value Own IP Address Exclude from NAT DMZ Here you can take data traffic from NAT Use this function to for example ensure that certain web serv ers in a DMZ can be accessed The function is enabled with The function is disabled by default Interface Selection Select all the ports which are to be included in the Drop In group in the network Add new entries with Add Fu...

Page 244: ...n this case only the changed information is sent Observing the information sent by other devices enables new routes and shorter paths for existing routes to be saved in the routing table As routes between networks can become unreachable RIP removes routes that are older than 5 minutes i e routes not verified in the last 300 seconds Garbage Collection Timer Route Timeout Routes learnt with triggere...

Page 245: ...IP packets 8 Enables sending and receiving of version 2 RIP packets 8 78 Enables sending and receiving RIP packets of both version 1 and 2 8 For sending RIP V2 messages over multicast address 224 0 0 9 8 RIP V1 messages are sent received and processed as per RFC 2091 triggered RIP 8 RIP V2 messages are sent received and processed as per RFC 2091 triggered RIP Receive Version Decide whether routes ...

Page 246: ...for leased lines Routes are propagated if the interface status is up or ready 3 default value Routes are only propagated if the interface status is up 0 Routes are always propagated independently of op erational status 15 1 2 RIP Filter In this menu you can specify exactly which routes are to be exported or imported You can use the following strategies for this You explicitly deactivate the import...

Page 247: ...ert another filter above the list entry The configuration menu for creating a new window opens You can use the button to move the list entry A dialog box opens in which you can se lect the position to which the filter is to be moved 15 1 2 1 New Choose the New button to set up more RIP filters Fig 93 Routing Protocols RIP RIP Filter New The menu Routing Protocols RIP RIP Filter New consists of the...

Page 248: ...rt or import of routes Possible values default value Metric Offset for Active Interfaces Select the value to be added to the route metric if the status of the interface is up During export the value is added to the ex ported metric if the interface status is up Possible values are to The default value is Metric Offset for Inact ive Interfaces Select the value to be added to the route metric if the...

Page 249: ...er devices use The default value should be retained Default Route Distribu tion Select whether the default route of your device is to be propag ated via RIP updates The function is enabled with The function is enabled by default Poisoned Reverse Select the procedure for preventing routing loops With standard RIP the routes learnt are propagated over all in terfaces with RIP SEND activated With Poi...

Page 250: ...ou can configure in the Timer for Triggered RIP RFC 2091 menu should be used The function is enabled with The function is disabled by default If the function is not activated the times defined in RFC are re tained for the timeouts Fields in the Timer for RIP V2 RFC 2453 menu Field Description Update Timer Only for RFC 2453 Variable Timer An RIP update is sent on expiry of this period of time The d...

Page 251: ... update response packets are sent again until an update flush or update acknowledge packet arrives The default value is 5 seconds 15 2 OSPF OSPF Open Shortest Path First is a dynamic routing protocol that is frequently used in larger networks as an alternative to RIP It was originally developed to avoid a number of limitations of RIP when used in larger networks The problems with RIP avoided by OS...

Page 252: ...on on reachability in the network is exchanged between areas Usually all information is sent to the backbone area which then passes the information to the other areas Network links are sent by Designated Routers DS within a segment and propagate all gateways that are connected to a certain multi access segment like Ethernet Token Ring and FDDI also NBMA External links point to networks outside the...

Page 253: ...incorporated in the area 15 2 1 Areas OSPF areas must be defined before the gateway interface can be assigned to an area A list of all configured OSPF areas is displayed in the Routing Protocols OSPF Areas menu Fig 95 Routing Protocols OSPF Areas 15 2 1 1 Edit or New Choose the icon to edit existing entries Choose the New button to create additional areas Fig 96 Routing Protocols OSPF Areas New Th...

Page 254: ...Import external routes 1 Select whether the Area Border Gateway shall send no LSA s in the stub area but rather only propagate a default route The function is enabled with The function is not activated by default Fields in the Route Aggregation menu Field Description IP Address Define the OSPF area IP Address Here you enter the IP address of the area to be combined Netmask Enter the netmask here A...

Page 255: ... OSPF settings fot the interfaces Fig 98 Routing Protocols OSPF Interfaces The Routing Protocols OSPF Interfaces menu consists of the following fields Fields in the OSPF Interface Configuration menu Field Description Admin Status The status of an OSPF interface defines whether routes are propagated and or OSPF protocol packets are sent over the in terface If OSPF is not yet activated only the Admi...

Page 256: ... set on the basis of the interface speed 5 Enter a specific value in Metric direct routes Metric direct routes Enter the base metric value The basis of the metric actually used for a route is a base metric value which is obtained from the bandwidth of the interface BMV 100 000 000 bandwidth in bps For Metric Determination 0 the automatically calculated value is displayed here and cannot be modifie...

Page 257: ...nd setting of DoNotAge flags on the propagated LSA shall be performed J default value or not This option should be enabled particularly in the case of connections for which the costs are calculated based on time e g ISDN dialup connections Internet connections with no flat rate 15 2 3 Global Settings The Routing Protocols OSPF Global Settings menu contains global OSPF paramet ers OSPF is activated...

Page 258: ...means if a route exists on this that packets from this interface are discarded and an ICMP Unreachable Reply is gen erated IGNORE means if a route exists on this that packets from this interface are discarded without comment If the option is activated routes connected to the two discard re fuse interfaces are saved by OSPF in its database If the option is deactivated these routes are ignored The f...

Page 259: ... con ferences All subscribers are displayed in a window and the speaker s are indicated by a black box Other areas of use are of particular interest to companies Here multicasting makes it possible to synchronise the databases of several servers which is valuable for multinationals or even companies with just a few locations Address range for multicast For IPv4 the IP addresses 224 0 0 0 to 239 25...

Page 260: ...al senders with different IP addresses can therefore transmit to the same multicast group leading to a 1 to n rela tionship between groups and source addresses This information is forwarded to the router by means of reports In the case of incoming multicast data traffic a router can use this in formation to decide whether a host in its subnet wants to receive it Your device supports the current ve...

Page 261: ...plicitly wanted by a host enter the subnet Special mechanisms ensure that the requirements of the individual clients are taken into consideration At the moment there are three versions of IGMP V1 V3 most current sys tems use V3 and less often V2 Two packet types play a central role in IGMP queries and reports Queries are only transmitted from a router If several IGMP routers exist in a network the...

Page 262: ...onsists of the following fields Fields in the IGMP Settings menu Field Description Interface Select the interface on which IGMP is to be enabled i e queries are sent and responses are accepted Query Interval Enter the interval in seconds in which IGMP queries are to be sent Possible values are to The default value is Maximum Response For the sending of queries enter the time interval in seconds 16...

Page 263: ...s are to The default value is Last Member Query In terval Define the time after a query for which the router waits for an answer If you shorten the interval it will be more quickly detected that the last member has left a group so that no more packets for this group should be forwarded to this interface Possible values are to The default value is IGMP State Limit Limit the number of reports querie...

Page 264: ...ettings menu Field Description IGMP Proxy Select whether your device is to forward the hosts IGMP mes sages in the subnet via its defined Proxy Interface Proxy Interface Only for IGMP Proxy enabled Select the interface on your device via which queries are to be received and collected 16 2 2 Options In this menu you can enable and disable IGMP on your system You can also define whether IGMP is to b...

Page 265: ...ode Only for IGMP Status 3 or 0 Select Multicast Mode Possible values 4 default value The router uses IG MP version 3 If it notices a lower version in the network it uses the lowest version it could detect 8 Only IGMP version 3 is used Maximum Groups Enter the maximum number of groups to be permitted both in ternally and in reports Maximum Sources Enter the maximum number of sources that are speci...

Page 266: ...icast groups Fig 104 Multicast Forwarding Forwarding New The Multicast Forwarding Forwarding New menu consists of the following fields Fields in the Basic Parameters menu Field Description All Multicast Groups Select whether all multicast groups i e the complete multicast address range 224 0 0 0 4 are to be forwarded from the defined Source Interface to the defined Destination Interface To do this...

Page 267: ...namic routing from multicast packets With PIM the distribution of information is regu lated via a central point which is known as the rendezvous point Data packets are initially routed here before being made available to other recipient routers Multicast routing protocols differentiates between sparse mode and dense mode In dense mode all packets are forwarded and only packets to groups that have ...

Page 268: ...g is operated PIM Mode Indicates the mode to be used for PIM Your device uses PIM in sparse mode The entry cannot be changed Use as Stub interface Determine whether or not the interface is used for PIM data packets This parameter allows you to use an interface for IG MP for example whilst preventing fake PIM messages If this function is deactivated default value the PIM data pack ets for this inte...

Page 269: ...M Hello messages are sent on this interface Possible values to seconds The default value is Triggered Hello Inter val Define the maximum waiting time until a PIM Hello message is sent after a system boot or after a reboot of a neighbour The value means that PIM Hello messages are always sent straight away Possible values to seconds The default value is Hello Hold Time Define the value of the holdt...

Page 270: ...ay option in the PIM Hello messages which are sent on this interface Propagation Delay and Override Interval represent the so called LAN Prune Delay settings These result in a delay in processing prune messages for upstream routers If the Propagation Delay is too short the transfer of multicast packets may be cancelled before a downstream router has sent a prune override message Possible values to...

Page 271: ...ous Points select the New button Fig 108 Multicast PIM PIM Rendezvous Points New The Multicast PIM PIM Rendezvous Points New menu consists of the following fields Fields in the PIM Rendezvous Point Settings menu Field Description Multicast Group Range Select the Multicast group for the PIM Rendezvouz point You can enter 0 default value or specify a multicast network segment by selecting Multicast ...

Page 272: ...tions This allows precise control over which configuration is to be replaced by this static configuration When the function is activated pimStaticRPOverrideDynamic is ignored The absolute values of this object are only significant on the local router and need not be synchronised with other routers The function is deactivated with the default value If the func tion is not activated by setting a val...

Page 273: ...be sent Possible values to The default value is Register Suppression Timer Enter the time in seconds after which a PIM Designated Router DR should no longer send any register encapsulated data to the Rendezvouz Point RP once the Register Stop Message has been received This object is used to employ timers at the DR as well as at the RP This timespan is named Re gister_Suppression_Time in the PIM SM...

Page 274: ...Internet access you must set up a connection to your Internet Service Provider ISP For broadband Internet access your device provides the PPP over Ethernet PPPoE PPP over PPTP and PPP over ATM PPPoA protocols You can also configure Internet access over ISDN Note Note your provider s instructions Dialin connections over ISDN are used to establish a connection to networks or hosts out side your LANs...

Page 275: ...y defined and admitted Connection Idle Timeout The connection idle timeout is determined in order to clear the connection automatically if it is not being used i e if data is no longer being sent to help you save costs Block after Connection Failure You use this function to set up a waiting time for outgoing connection attempts after which your device s connection attempt is regarded as having fai...

Page 276: ...bundling for dialup connections Channel bundling can only be used for ISDN connections for a bandwidth increase or as a backup Only one B channel is initially opened when a connection is set up Dynamic Dynamic channel bundling means that your device connects other ISDN B channels to in crease the throughput for connections if this is required e g for large data rates If the amount of data traffic ...

Page 277: ...ic Parameters menu Field Description Description Enter a name to uniquely identify the PPPoE partner The first character in this field must not be a number No special charac ters or umlauts must be used PPPoE Mode Select whether you want to use a standard Internet connection over PPPoE or your Internet access is to be set Funkwerk Enterprise Communications GmbH 17 WAN bintec Rxxx2 RTxxx2 263 ...

Page 278: ...em select the Ethernet port to which the modem is connected When using the internal DSL modem select here the EthoA in terface configured in Physical Interfaces ATM Profiles New PPPoE Interfaces for Multilink Only for PPPoE Mode Select the interfaces you want to use for your Internet connec tion Click the Add button to create new entries User Name Enter the user name Password Enter the password VL...

Page 279: ...d Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values 0 default value Your device is dynamically assigned an IP address You enter a static IP address Default Route Select whether the route to this connection partner is to be defined as the default route The function is enabled with The functi...

Page 280: ...re the device should try again after an attempt to set up a connection has failed The de fault value is Maximum Number of Dialup Retries Enter the number of unsuccessful attempts to setup a connec tion before the interface is blocked Possible values are to The default value is Authentication Select the authentication protocol for this connection partner Select the authentication specified by your ...

Page 281: ... be optimised in the event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is enabled with The function is disabled by default LCP Alive Check Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of ...

Page 282: ...tion that uses the Point Tunnelling Protocol PPTP to set up a connection e g required in Austria 17 1 2 1 New Choose the Newbutton to set up new PPTP interfaces Fig 111 WAN Internet Dialup PPTP New The menu WAN Internet Dialup PPTP New consists of the following fields 17 WAN Funkwerk Enterprise Communications GmbH 268 bintec Rxxx2 RTxxx2 ...

Page 283: ...New e g User Name Enter the user name Password Enter the password Always on Select whether the interface should always be activated The function is enabled with The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Only if Always on is disabled Enter the idle interval in seconds This determines how many seconds sho...

Page 284: ... ac tivated The function is enabled with The function is enabled by default Local IP Address Only for IP Address Mode Assign an IP address from your LAN to the PPT interface which is to be used as your device s internal source address Route Entries Only if IP Address Mode Define other routing entries for this PPTP partner Add new entries with Add 0 IP address of the destination host or network Net...

Page 285: ...assword is transferred en crypted 0 74 0 Primarily run CHAP otherwise PAP 4 0 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol 0 74 0 7 4 0 Primarily run CHAP on denial then the authentication protocol required by the connection partner MSCHAP version 1 or 2 possible 4 0 Run MS CHAP version 2 only Some providers use no authentication In this case se lect this op...

Page 286: ...es it possible to switch to a backup connection more quickly in the event of line faults The function is enabled with The function is disabled by default 17 1 3 PPPoA A list of all PPPoA interfaces is displayed in the WAN Internet Dialup PPPoA menu In this menu you configure a xDSL connection used to set up PPPoA connections With PPPoA the connection is configured so that the PPP data flow is tran...

Page 287: ...the connection partner The first character in this field must not be a number No special characters or umlauts must be used ATM PVC Select an ATM profile created in the ATM Profiles menu in dicated by the global identifiers VPI and VCI specified by the provider User Name Enter the user name Password Enter the password for the PPPoA connection Funkwerk Enterprise Communications GmbH 17 WAN bintec R...

Page 288: ...vates the short hold The default value is Example for FTP transmission for LAN to LAN transmis sion for Internet connections Fields in the IP Mode and Routes menu Field Description IP Address Mode Choose whether your device has a static IP address or is as signed one dynamically Possible values 0 default value Your device is dynamically assigned an IP address You enter a static IP address Default ...

Page 289: ...onsists of the following fields Fields in the Advanced Settings menu Field Description Block after connection failure for Enter the wait time in seconds before the device should try again after an attempt to set up a connection has failed The de fault value is Maximum Number of Dialup Retries Enter the number of unsuccessful attempts to setup a connec tion before the interface is blocked Possible ...

Page 290: ... partner or sends them to the connection partner The function is enabled with The function is enabled by default Prioritize TCP ACK Packets Select whether the TCP download is to be optimised in the event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is enabled with The function is disabled by default LCP Alive Check Check whether the r...

Page 291: ...DN LAN to LAN connection over ISDN Remote Mobile Dialin Use of the ISDN Callback function 17 1 4 1 New Choose the New button to set up new ISDN interfaces Funkwerk Enterprise Communications GmbH 17 WAN bintec Rxxx2 RTxxx2 277 ...

Page 292: ...3 WAN Internet Dialup ISDN New The menu WAN Internet Dialup ISDN New consists of the following fields Fields in the Basic Parameters menu 17 WAN Funkwerk Enterprise Communications GmbH 278 bintec Rxxx2 RTxxx2 ...

Page 293: ... User for Dial in only Enter the code of the remote terminal remote PPP user name Password Enter the password Always on Select whether the interface should always be activated The function is enabled with The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Enter the idle time in seconds for static short hold The ...

Page 294: ...ed with The function is disabled by default Create NAT Policy Only if IP Address Mode and 0 When you configure an ISDN Internet connection specify whether Network Address Translation NAT is to be activated The function is enabled with The function is disabled by default Local IP Address Only if IP Address Mode Assign the IP address from your LAN to the ISDN interface which is to be used as your de...

Page 295: ...has failed The default value is Maximum Number of Dialup Retries Enter the number of unsuccessful attempts to setup a connec tion before the interface is blocked Possible values are to The default value is Usage Type If necessary select a special interface use Possible values default value No special type is selected 1 The interface is used for incoming dialup con nections and callbacks initiated ...

Page 296: ...nection partner This is only possible if STAC or MS STAC compression is not activated for the con nection If Encryption is set the remote terminal must also sup port it otherwise a connection cannot be set up Possible values default value MPP encryption is not used MPP encryption V2 with 128 bit is used to RFC 3078 MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco Callb...

Page 297: ...ng callback and maintaining the initial connection to your device without call back This only applies if no fixed outgoing number has been configured for the connection partner This is done by closing the dialog box that appears with Cancel Fields in the Bandwith on Demand Options menu Field Description Channel Bundling Select whether channel bundling is to be used for ISDN connec tions with the c...

Page 298: ...s where your connection partner dials in to your device For outgoing calls where you dial your connec tion partner The calling party number of the incoming call is compared with the number entered under Call Number Call Number Enter the connection partner s numbers Fields in the IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF p...

Page 299: ...responds to an ARP request only if the status of the connection to the connection partner is 3 i e a connection already exists to the connection partner DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server and WINS Server Primary and Secondary from the connection partner or sends them to the connection partner The function is enabled with...

Page 300: ... menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a name for uniquely identifying the WAN partner The first character in this field must not be a number No special charac ters or umlauts must be used 17 WAN Funkwerk Enterprise Communications GmbH 286 bintec Rxxx2 RTxxx2 ...

Page 301: ...ction Possible values are to seconds deactivates the short hold The default value is Fields in the IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically or whether it should be assigned this dynamically at the remote terminal Possible values 0 default value Your device is dynamica...

Page 302: ...he value the higher the priority of the route range of values The default value is IP Assignment Pool Only if IP Address Mode 0 Select IP pools configured in the WAN Internet Dialup IP Poolsmenu If an IP pool has not been configured here yet the message appears in this field The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Block aft...

Page 303: ...rsion 1 or 2 possible 0 default value Only run PAP PPP Password Authentic ation Protocol the password is transferred unencrypted 4 0 Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 password is transferred en crypted 0 74 0 Primarily run CHAP otherwise PAP 4 0 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol 4 0 Run MS CHAP version ...

Page 304: ...wing options Your device calls the connection partner to request a callback 4 Your device calls the connection partner to request a callback via CBCP Callback Control Protocol Needed for Windows clients Select one of the following options 42 1 Your device calls back im mediately when requested to do so by the connection part ner Your device calls back after a period of time suggested by the Micros...

Page 305: ...ber Configuration entry 1 only appears for Entries Add Field Description Mode Only if Entries 0 Defines whether Number should be used for incoming or outgo ing calls or for both Possible values default value For incoming and outgoing calls For incoming calls where your connection partner dials in to your device For outgoing calls where you dial your connec tion partner The calling party number of ...

Page 306: ...on partners for the duration of the connection Any host routes entered always have priority over IP addresses from the address pools This means if an incoming call has been authenticated your device first checks whether a host route is entered in the routing table for this caller If not your device can allocate an IP address from an address pool if available If address pools have more than one IP ...

Page 307: ...ta should take for example Multiple virtual connections can be set up over a single physical interface The data is transmitted in so called cells or slots of constant size Each cell consists of 48 bytes of usage data and 5 bytes of control information The control information contains amongst other things the ATM address which is similar to the Internet address The ATM address is made up of the Vir...

Page 308: ...rofile with the description 03 4 0 1 is preconfigured Its values VPI 1 and VCI 32 are suitable for a Telekom ATM connection for example Note The ATM encapsulations are described in RFCs 1483 and 2684 You will find the RFCs on the relevant pages of the IETF www ietf org rfc html 17 2 1 1 New Choose the New button to set up new ATM profiles Fig 116 WAN ATM Profiles New The menu WAN ATM Profiles New ...

Page 309: ...onnection Possible values 0 default value Ethernet over ATM EthoA is used for the ATM connection Permanent Virtual Circuit PVC 0 Routed Protocols over ATM RPoA is used for the ATM connection Permanent Vir tual Circuit PVC 0 PPP over ATM PPPoA is used for the ATM connection Permanent Virtual Circuit PVC Virtual Path Identifier VPI Only for Provider 3 Enter the VPI value of the ATM connection The VP...

Page 310: ...4 only displayed for Type 0 Bridged Ethernet with LLC SNAP encapsulation with Frame Check Sequence checksums default value for Routed Protocols over ATM Is only displayed for Type 0 Encapsulation with LLC SNAP header suitable for IP routing 224 only displayed for Type 0 Encapsulation with LLC header 84 standard value for PPP over ATM Bridged Ethernet without additional encapsulation Null En capsul...

Page 311: ...M connection e g 6 6 6 6 6 An entry is only re quired in special cases For Internet connections it is sufficient to select the option Use built in standard setting An address is used which is derived from the MAC address of the DHCP MAC Address Only for Address Mode 1 4 Enter the MAC address of the internal router interface of ATM connection e g 6 6 6 6 6 If your provider has assigned you an MAC a...

Page 312: ...d with The function is disabled by default Field in menu PPP over ATM Settings appears only for Type PPP over ATM Field Description Client Type Select whether the PPPoA connection is to be set up perman ently or on demand Possible values 1 default value The PPPoA is only set up on de mand e g for Internet access You ll find additional information on PPP over ATM under PPPoA on page 272 17 2 2 Serv...

Page 313: ... 117 WAN ATM Service Categories New The menu WAN ATM Service Categories New consists of the following fields Fields in the Basic Parameters menu Field Description Virtual Channel Con nection VCC Select the already configured ATM connection displayed by the combination of VPI and VCI for which the service category is to be defined ATM Service Category Select how the data traffic of the ATM connecti...

Page 314: ...ssible data rate This category is suit able for non critical applications with burst data traffic 8 8 8 Variable Bit Rate The connection is assigned a guaranteed data rate Sus tained Cell Rate SCR This may be exceeded by the volume configured in Maximum Burst Size MBS Additional ATM traffic is marked and handled with low priority based on the utilisation of the destination network i e is discarded...

Page 315: ... the terminal but is initiated by the ISP Your device then only needs to react correctly to the signals received This is ensured without a specific OAM configuration for both flow level 4 and flow level 5 Two mechanisms are available for monitoring the ATM connection Loopback Tests and OAM Continuity Check OAM CC These can be configured independently of each other Caution The configuration of OAM ...

Page 316: ...ual channel default value 5 virtual path level The OAM settings are used on the vir tual path Virtual Channel Con nection VCC Only for OAM Flow Level 5 Select the already configured ATM connection to be monitored displayed by the combination of VPI and VCI Virtual Path Connec tion VPC Only for OAM Flow Level 5 Select the already configured virtual path connection to be mon itored displayed by the ...

Page 317: ...s regarded as in terrupted down Possible values are to The default value is Loopback Segment Select whether you want to activate the loopback test for the segment connection segment connection of the local end point to the next connection point of the VCC or VPC The function is enabled with The function is disabled by default Segment Send Interval Only if Loopback Segment is enabled Enter the time...

Page 318: ...ection field OAM CC requests are either sent and or responded to There is no CC negotiation The function is disabled Also select whether the test cells of the OAM CC are to be sent or received Possible values default value CC data is both received and generated CC data is received CC data is generated Continuity Check CC Segment Select whether you want to activate the OAM CC test for the segment c...

Page 319: ...enerated 17 3 Leased Line A leased line is a permanent fixed connection between two communication partners via a telecommunications network Unlike a switched line the entire transmission channels is al ways available The leased line cannot be set up by the subscriber by dialling and therefore has no call number The connection must be set up by the network operator 17 3 1 Interfaces In the WAN Leas...

Page 320: ... consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the desired description for the connection Fields in the IP Mode and Routes menu Field Description Default Route Select whether the route to this connection partner is to be defined as the default route The function is enabled with The function is disabled by default 17 WAN Funkwerk Enterprise...

Page 321: ...s Select whether the TCP download is to be optimised in the event of intensive TCP upload The function is enabled with The function is disabled by default Compression If necessary select the type of encryption that should be used for data traffic to the connection partner If encryption is set the remote terminal must also support it otherwise a connection cannot be set up Possible values default v...

Page 322: ...d connection partner Possible values default value Deactivates Proxy ARP for this connection partner 3 1 Your device only responds to an ARP re quest if the status of the connection to the connection partner is 3 or 1 In the case of your device only re sponds to the ARP request the connection is not set up until someone actually wants to use the route 3 Your device responds to an ARP request only ...

Page 323: ...nnection Fields in the IP Mode and Routes menu Field Description Default Route Select whether the route to this connection partner is to be defined as the default route The function is enabled with The function is disabled by default Local IP Address Enter the IP address you received from your network operator Route Entries Define other routing entries for this connection class Add new entries wit...

Page 324: ...c to the connection partner If encryption is set the remote terminal must also support it otherwise a connection cannot be set up Possible values default value Encryption is not used 04 04 4 Microsoft Point to Point Compression Fields in the IP Options menu Field Description OSPF Mode Specify whether OSPF protocol packets are sent over the inter face Possible values default value OSPF is not activ...

Page 325: ...ection already exists to the connection partner 17 4 Real Time Jitter Control When telephoning over the Internet voice data packets normally have the highest priority Nevertheless if the upstream bandwidth is low noticeable delays in voice transmission can occur when other packets are routed at the same time The real time jitter control function solves this problem So that the line is not blocked ...

Page 326: ...ol Mode Select the mode for the optimisation Possible values 4 default value By means of the data routed via the media gateway the system detects voice data traffic and optimises the voice transmis sion 0 All RTP streams are optimised Voice data transmission is not optimised 0 Voice data transmission is always optimised Maximum Upload Speed Enter the maximum available upstream bandwidth in kbps fo...

Page 327: ...via an unsecure medium such as the Internet The devices used function here as the endpoints of the VPN tunnel IPSec involves a num ber of Internet Engineering Task Force IETF standards which specify mechanisms for the protection and authentication of IP packets IPSec offers mechanisms for encrypting and decrypting the data transferred in the IP packets The IPSec implementation can also be smoothly...

Page 328: ...onitoring a peer is called by selecting the button for the peer in the peer list See Values in the IPSec Tunnels list on page 508 18 1 1 1 New Choose the New button to set up more IPSec peers 18 VPN Funkwerk Enterprise Communications GmbH 314 bintec Rxxx2 RTxxx2 ...

Page 329: ...ts of the following fields Fields in the Peer Parameters menu Field Description Administrative Status Select the status to which you wish to set the peer after saving the peer configuration Possible values Funkwerk Enterprise Communications GmbH 18 VPN bintec Rxxx2 RTxxx2 315 ...

Page 330: ...lect the ID type and enter the peer ID This entry is not necessary in certain configurations The maximum length of the entry is 255 characters Possible ID types 5 D 1 5D1 0 8 0 0 1 1 On the peer device this ID corresponds to the Local ID Value Internet Key Exchange Select the version of the Internet Exchange Protocol to be used Possible values 9 default value Internet Kex Exchange Protocol Ver sio...

Page 331: ...1 5D1 0 8 0 0 1 1 Local ID Only for Internet Key Exchange 9 Enter the ID of your device For Authentication Method 1 0 or 0 the Use Subject Name from certificate option is dis played When you enable the Use Subject Name from certificate op tion the first alternative subject name indicated in the certificate is used or if none is specified the subject name of the certific ate is used Note If you use...

Page 332: ...ect an IP pool configured in the VPN IP Poolsmenu If an IP pool has not been configured here yet the message appears in this field Default Route Only for IP Address Assignment and 9 4 4 Select whether the route to this IPSec peer is to be defined as the default route The function is enabled with The function is disabled by default Local IP Address Only for IP Address Assignment and 9 4 Enter the W...

Page 333: ... B Uses a profile configured in menu Phase 1 Profiles for Phase 1 Phase 2 Profile Select a profile for Phase 2 Besides user defined profiles pre defined profiles are available Possible values Uses the profile marked as standard in Phase 2 Profiles Uses a special profile which contains the proposals for Phase 2 3DES MD5 AES 128 MD5 and Blow fish MD5 regardless of the proposal selection in menu Phas...

Page 334: ...r a check on the back route should be activated for the interface to the connection partner The function is enabled with The function is disabled by default Proxy ARP Select whether your device is to respond to ARP requests from its own LAN on behalf of the specific connection partner Possible values default value Deactivates Proxy ARP for this IPSec peer 3 1 Your device only responds to an ARP re...

Page 335: ...d This entry ensures that incoming calls for this number are routed to the IPSec service If callback is active the peer is caused to initiate setting up an IPSec tunnel by an ISDN call as soon as this tunnel is required If callback is set to passive setting up a tunnel to the peer is always initiated if an ISDN call is received on the relevant number MSN in menu Physical Interfaces ISDN Ports MSN ...

Page 336: ...channel but here the call must be accepted by the remote station and therefore incurs costs If a peer whose IP address has been assigned dynamically wants to arrange for another peer to set up an IPSec tunnel it can transfer its own IP address as per the settings described in Fields in the IPSec Callback menu on page 323 Not all transfer modes are supported by all telephone companies If you are no...

Page 337: ...sing preshared keys Note In some countries e g Switzerland the call in the D channel can also incur costs An incorrect configuration at the called side can mean that the called side opens the B channel the calling side incurs costs Fields in the IPSec Callback menu Field Description Mode Select the Callback Mode Possible values default value IPSec callback is deactivated The local device neither r...

Page 338: ...ver ISDN GSM enabled Select the mode in which your device is to attempt to transfer its IP address to the peer Possible values 0 Your device automatically de termines the most favourable mode It first tries all D channel modes before switching to the B channel Costs are incurred for using the B channel 0 1 4 Your device auto matically determines the most favourable D channel mode The use of the B ...

Page 339: ...address in formation elements of the D channel 224 3 011 The IP address is transferred in both the LLC and subaddress information elements 18 1 2 Phase 1 Profiles In the VPN IPSec Phase 1 Profilesmenu a list of all configured IPSec phase 2 profiles is displayed Fig 125 VPN IPSec Phase 1 Profiles In the Default column you can mark the profile to be used as the default profile 18 1 2 1 New Choose th...

Page 340: ... algorithms for IKE phase 1 on your device The combination of six encryption algorithms and four message hash algorithms gives 24 possible values in this field At least one proposal must exist Therefore the first line of the table can not be deactivated Encryption algorithms Encryption 1 default value 3DES is an extension of the DES al gorithm with an effective key length of 112 bits which is rate...

Page 341: ...st key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 192 bits 0 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 256 bits Hash algorithms Authentication 1 default value MD 5 Message Digest 5...

Page 342: ...fie Hellman key calculation modular exponentiation at 1536 bits is used to create the en cryption material Lifetime Create a lifetime for phase 1 keys As for RFC 2407 the default value is eight hours which means the key must be renewed once eight hours have elapsed The following options are available for defining the lifetime Input in Seconds Enter the lifetime for phase 1 key in seconds The value...

Page 343: ... is only shown for authentication settings based on certificates and indicates that a certificate is essential Mode Only for Phase 1 IKE Parameters Select the phase 1 mode Possible values 0 default value The Aggressive Mode is neces sary if one of the peers does not have a static IP address and preshared keys are used for authentication it requires only three messages for configuring a secure chan...

Page 344: ...ct name by default Make sure you and your peer both use the same name i e that your local ID and the peer ID your partner configures for you are identical Alive Check During communication between two IPSec peers one of the peers may become unavail able e g due to routing problems or a reboot However this can only be detected when the end of the lifetime of the security connection is reached Up unt...

Page 345: ... the peer and sends one itself 1 1 Use DPD dead peer detection in accordance with RFC 3706 DPD uses a request reply pro tocol to check the availability of the remote terminal and can be configured independently on both sides This option only checks the availability of the peer if data is to be sent to it 1 1 Use DPD dead peer de tection in accordance with RFC 3706 DPD uses a request reply protocol...

Page 346: ...e function is enabled with The function is enabled by default CA Certificates Only for Phase 1 IKE Parameters Only for Authentication Method 1 0 0 or 0 If you enable the Trust the following CA certificates option you can select up to three CA certificates that are accepted for this profile This option can only be configured if certificates are loaded 18 1 3 Phase 2 Profiles You can define profiles...

Page 347: ... is 255 characters Proposals In this field you can select any combination of encryption and message hash algorithms for IKE phase 2 on your default The combination of six encryption algorithms and two message hash algorithms gives 12 possible values in this field Encryption algorithms Encryption 1 default value 3DES is an extension of the DES al gorithm with an effective key length of 112 bits whi...

Page 348: ... 40 CAST is also a very secure algorithm marginally slower than Blowfish but faster than 3DES 1 DES is an older encryption algorithm which is rated as weak due to its small effective length of 56 bits Hash algorithms Authentication 1 default value MD 5 Message Digest 5 is an older hash algorithm It is used with a 96 bit digest length for IPSec 022 All options can be used 0 SHA1 Secure Hash Algorit...

Page 349: ...ey must be renewed once eight hours have elapsed The following options are available for defining the lifetime Input in Enter the lifetime for phase 2 key in seconds The value can be a whole number from to The default value is Input in Enter the lifetime for phase 2 keys as amount of data processed in Kbytes The value can be a whole number from to The default value is The menu Advanced Settings co...

Page 350: ...t from the peer but does not send one itself Your device expects no heartbeat from the peer but sends one itself L Your device expects a heartbeat from the peer and sends one itself 0 Automatic detection of whether the remote ter minal is a bintec device If it is Heartbeat Both for a remote terminal with bintec or None for a remote terminal without bintec is set Propagate PMTU Select whether the P...

Page 351: ... then use the IPSec tunnel over various peers depending on the assign ment of various profiles This is useful for example if an employee works alternately in dif ferent branches if each peer represents a branch and if the employee wishes to have on site access to the tunnel XAuth is carried out once IPSec IKE Phase 1 has been completed successfully and be fore IKE Phase 2 begins If XAuth is used t...

Page 352: ... carried out via a local list Name Only for Role 4 Enter the authentication name of the client Password Only for Role 4 Enter the authentication password RADIUS Server Group ID Only for Role Select the desired list in System Management Remote Au thentication RADIUS configured RADIUS group Users Only for Role and Mode 2 If your gateway is configured as an XAuth server the clients can be authenticat...

Page 353: ...ssigned Choose the Add button to set up new IP pools Fig 130 VPN IPSec IP Pools Add The VPN IPSec IP Pools Add menu consists of the following fields Fields in the IP Pools menu Field Description IP Pool Name Enter the name of the IP pool IP Pool Range In the first field enter the first IP address of the range In the second field enter the last IP address of the range Funkwerk Enterprise Communicat...

Page 354: ...ion is enabled with The function is active as soon as an IPSec Peer is configured Delete complete IPSec configuration If you click the icon delete the complete IPSec configuration of your device This cancels all settings made during the IPSec configuration Once the configuration is deleted you can start with a com pletely new IPSec configuration 18 VPN Funkwerk Enterprise Communications GmbH 340 b...

Page 355: ...default val ues are globally valid and enable your system to work correctly to other bintec devices so that you only need to change these values if the remote terminal is a third party product or you know special settings are necessary These may be needed for example if the remote end operates with older IPSec implementations The menu Advanced Settings consists of the following fields Fields in th...

Page 356: ...posals as they are redundant they are normally set to the value of the negotiation currently in progress Alternatively your device can use zeroes for all values of the cookie In this case select Zero Cookie Size Only for Use Zero Cookies enabled Enter the length in bytes of the zeroed SPI used in IKE propos als The default value is Dynamic RADIUS Au thentication Select whether RADIUS authenticatio...

Page 357: ...s enabled with The function is disabled by default Send Key Hash Pay loads Select whether key hash payloads are to be sent during IKE phase 1 In the default setting the public key hash of the remote end is sent together with the other authentication data Only applies for RSA encryption activate this function with to sup press this behaviour 18 2 L2TP The layer 2 tunnel protocol L2TP enables PPP co...

Page 358: ...he connection 18 2 1 Tunnel Profiles A list of all configured tunnel profiles is displayed in the VPN L2TP Tunnel Profiles menu 18 2 1 1 New Choose the New button to create additional tunnel profiles Fig 132 VPN L2TP Tunnel Profiles New The menu VPN L2TP Tunnel Profiles New consists of the following fields Fields in the Basic Parameters menu 18 VPN Funkwerk Enterprise Communications GmbH 344 binte...

Page 359: ...emote Hostname configured in the LAC must match Local Hostnamecon figured for the intended profile in the LNS and vice versa LNS Defines the Local Hostname of the LAC If the Remote Hostname field remains empty on the LNS the related profile qualifies as the standard entry and is used for all incoming calls for which a profile with a matching Remote Hostname cannot be found Password Enter the passw...

Page 360: ...te LNS that receives the call must mon itor this port on L2TP connections Possible values are The default value is RFC 2661 The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Local IP Address Enter the IP address to be used as the source address for all L2TP connections based on this profile If this field is left empty your device use...

Page 361: ...ries Enter the maximum number of times your device is to try to re send the L2TP control packet for which is received no response The available values are to the default value is Data Packets Se quence Numbers Select whether your device is to use sequence numbers for data packets sent through a tunnel on the basis of this profile The function is not currently used The function is enabled with The ...

Page 362: ...ters menu Field Description Description Enter a name for uniquely identifying the L2TP partner The first character in this field must not be a number No special characters or umlauts must be used The maximum length of the entry is 25 characters 18 VPN Funkwerk Enterprise Communications GmbH 348 bintec Rxxx2 RTxxx2 ...

Page 363: ... nection to this L2TP partner User Name Enter the code of your device Password Enter the password Always on Select whether the interface should always be activated The function is enabled with The function is disabled by default Connection Idle Timeout Only if Always on is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should...

Page 364: ...ed by default Create NAT Policy Only for IP Address Mode 0 and Specify whether Network Address Translation NAT is to be ac tivated for this connection The function is enabled with The function is disabled by default IP Assignment Pool IPCP Only for IP Address Mode 0 Select IP pools configured in the WAN Internet Dialup IP Poolsmenu Local IP Address Only for IP Address Mode Enter the WAN IP address...

Page 365: ...entic ation Protocol as per RFC 1994 password is transferred en crypted 0 74 0 Primarily run CHAP otherwise PAP 4 0 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol 4 0 Run MS CHAP version 2 only Some providers use no authentication In this case se lect this option Encryption If necessary select the type of encryption that should be used for data traffic to the ...

Page 366: ...download is to be optimised in the event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is enabled with The function is disabled by default Fields in the IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are to be sent Possible values default value OSP...

Page 367: ...ne actually wants to use the route 3 Your device responds to an ARP request only if the status of the connection to the L2TP partner is 3 active i e a connection already exists to the L2TP partner DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server and WINS Server Primary and Secondary from the L2TP partner or is sending them to the L2TP...

Page 368: ...de security for data traffic over an existing IP connection First a connection to an ISP Internet Service Provider is set up at both sites Once these connections are available a tunnel is set up to the PPTP partner over the Internet using PPTP The PPTP subsystem sets up a control connection between the endpoints of the tunnel This is used to send control data to set up keep alive and terminate the...

Page 369: ...further PPTP partners Fig 135 VPN PPTP PPTP Tunnels New The VPN PPTP PPTP Tunnels New menu consists of the following fields Fields in the PPTP Partner Parameters menu Funkwerk Enterprise Communications GmbH 18 VPN bintec Rxxx2 RTxxx2 355 ...

Page 370: ...n is enabled with The function is disabled by default Connection Idle Timeout Only if Always on is disabled Enter the idle interval in seconds This determines how many seconds should pass between sending the last traffic data pack et and clearing the connection Possible values are to seconds deactivates the timeout The default value is Example for FTP transmission for LAN to LAN transmis sion for ...

Page 371: ...he function is disabled by default Create NAT Policy Only if IP Address Mode When you configure an ISDN connection specify whether Net work Address Translation NAT is to be enabled The function is enabled with The function is disabled by default Local IP Address Only for IP Address Mode Assign the IP address from your LAN to the ISDN interface which is to be used as your device s internal source a...

Page 372: ...the password is transferred unencrypted 4 0 Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 password is transferred en crypted 0 74 0 Primarily run CHAP otherwise PAP 4 0 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol 0 74 0 7 4 0 Give priority to CHAP if refused use the authentication protocol requested by the PPTP partner MSCHA...

Page 373: ...ts or replies This is re commended for leased lines PPTP and L2TP connections The function is enabled with The function is enabled by default Fields in the IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are to be sent Possible values default value OSPF is not activated for this inter face i e no routes are pro...

Page 374: ...our device receives IP addresses for Primary DNS Server and Secondary DNS Server from the PPTP part ner or is sending them to the PPTP partner The function is enabled with The function is enabled by default Fields in the PPTP Callback menu Field Description Callback Enables a PPTP tunnel through the Internet to be set up with a PPTP partner even if the partner is currently inaccessible As a rule t...

Page 375: ...back is carried out Possible values 0 The callback is routed over an available ISDN port In Specific PortsYou can select the re quired ISDN port Specific Ports Only for Selected Ports you can select ad ditional ports with Add 18 3 2 Options In this menu you can make general settings of the global PPTP profile Fig 136 VPN PPTP Options The VPN PPTP Optionsmenu consists of the following fields Fields...

Page 376: ...ll IP pools for PPTP connections is displayed Your device can operate as a dynamic IP address server for PPTP connections You can use this function by providing one or more pools of IP addresses These IP addresses can be assigned to dialling in connection partners for the duration of the connection Any host routes entered always have priority over IP addresses from the address pools This means if ...

Page 377: ...d transports them in the form of IP tunnels to the specified recipients The specification of the GRE protocol is available in two versions GRE V 1 for use in PPTP connections RFC 2637 configuration in the PPTPmenu GRE V 0 RFC 2784 for general encapsulation using GRE In this menu you can configure a virtual interface for using GRE V 0 The data traffic routed over this interface is then encapsulated...

Page 378: ...kets to the GRE partner If no IP address is given this corresponds to IP address 0 0 0 0 the source IP address of the GRE packets is selected automatically from one of the addresses of the interface via which the GRE partner is reached Remote GRE IP Ad dress Enter the target IP address of the GRE packets to the GRE partner Default Route If you enable the Default Route all data is automatically rou...

Page 379: ...the route range of values The default value is MTU Enter the maximum packet size Maximum Transfer Unit MTU in bytes that is allowed for the GRE connection between the partners Possible values are to The default value is Use key Enable the key input for the GRE connection which makes it possible to distinguish between several parallel GRE connec tions between two GRE partners see RFC 1701 The ident...

Page 380: ...e configuration The configuration work for the SIF is com paratively straightforward with systems like Network Address Translation NAT and IP Ac cess Lists IPAL As SIF NAT and IPAL are active in the system simultaneously attention must be given to possible interaction If any packet is rejected by one of the security instances this is done immediately This is irrelevant whether another instance wou...

Page 381: ...is informed of the packet rejection The incoming packets are processed as follows The SIF first checks if an incoming packet can be assigned to an existing connection If so it is forwarded If the packet cannot be assigned to an existing connection a check is made to see if a suitable connection is expected e g as affiliated connection of an exist ing connection If so the packet is also accepted If...

Page 382: ...hat if the first rule denies a packet whereas a later rule allows it the packet is rejected A deny rule also has no effect if a relevant packet has previously been allowed by another filter rule A list of all configured filter rules is displayed in the Firewall Policies Filter Rules menu Fig 139 Firewall Policies Filter Rules You can use the button to insert another policy above the list entry The...

Page 383: ... source interface nor the source address is checked Destination Select one of the preconfigured aliases for the destination of the packet In the list all WAN LAN interfaces interface groups see Fire wall Interfaces Groups addresses see Firewall Ad dresses Address List and address groups see Firewall Addresses Groups are available The value 0 means that neither the destination interface nor the des...

Page 384: ...he sender of the packet Apply QoS Only for Action 0 Select whether you want to enable QoS for this policy with the priority selected in Priority The function is enabled with The option is deactivated by default If QoS is not activated for this policy bear in mind that the data cannot be prioritised on the sender side either A policy for which QoS has been enabled is also set for the fire wall Make...

Page 385: ...t always available Quality of Service QoS makes it possible to distribute the available bandwidths effectively and intelligently Certain applications can be given preference and bandwidth re served for them A list of all QoS rules is displayed in the Firewall Policies QoS menu 19 1 2 1 New Choose the New button to set up new QoS rules Fig 141 Firewall Policies QoS New The Firewall Policies QoS New...

Page 386: ...signed to the QoS interface The option is deactivated by default Bandwidth Enter the maximum available bandwidth in Bit s for the service specified under Service is entered by de fault Bounded Select whether the bandwidth defined in Band width can be exceeded in the longer term By activating this field you specify that it cannot be exceeded If the option is deactivated the bandwidth can be exceede...

Page 387: ...utput together with messages from other subsystems Possible values 0 default value All firewall activities are displayed 1 Only reject and deny events are shown see Action 0 Only accept events are shown Syslog messages are not generated Full Filtering Here you define whether packets are only to be filtered if they are sent to an interface other than the interface that created the connection With a...

Page 388: ...arded as expired in seconds Possible values are to The default value is Other Inactivity Enter the inactivity time after which a session of another type is to be regarded as expired in seconds Possible values are to The default value is 19 2 Interfaces 19 2 1 Groups A list of all configured interface routes is displayed in the Firewall Interfaces Groups menu You can group together the interfaces o...

Page 389: ... the interface group Members Select the members of the group from the available interfaces To do this activate the field in the Members column 19 3 Addresses 19 3 1 Address List A list of all configured addresses is displayed in the Firewall Addresses Address List menu 19 3 1 1 New Choose the New button to create additional addresses Funkwerk Enterprise Communications GmbH 19 Firewall bintec Rxxx2...

Page 390: ...bnet mask 0 Enter an IP address range with a start and end address Address Subnet Only for Address Type 0 7 Enter the IP address of the host or a network address and the related netmask The default value is Address Range Only for Address Type 0 Enter the start and end IP address of the range 19 3 2 Groups A list of all configured address groups is displayed in the Firewall Addresses Groups menu Yo...

Page 391: ...tion Enter the desired description of the address group Selection Select the members of the group from the available Addresses To do this activate the field in the Selection column 19 4 Services 19 4 1 Service List In the Firewall Services Service List menu a list of all available services is displayed 19 4 1 1 New Choose the New button to set up additional services Funkwerk Enterprise Communicati...

Page 392: ...he last port of the port range By default the field does not contain an entry If a value is displayed this means that the previously specified port number is verified If a port range is to be checked enter the upper limit here Possible values are to Source Port Range Only for Protocol 4 31 7 4 or 31 In the first field enter the source port to be checked if applic able If a port number range is spe...

Page 393: ...ield specifies the type of message in greater detail Possible values 0 default value 1 3 F F 0 F 0 Code Selection options for the ICMP codes are only available for Type 1 3 Possible values 0 default value 3 3 3 3 5 4 1 0 4 1 0 Funkwerk Enterprise Communications GmbH 19 Firewall bintec Rxxx2 RTxxx2 379 ...

Page 394: ...his makes it easier to configure firewall rules 19 4 2 1 New Choose the New button to set up additional service groups Fig 147 Firewall Services Groups New The menu Firewall Services Groups New consists of the following fields Fields in the Basic Parameters menu 19 Firewall Funkwerk Enterprise Communications GmbH 380 bintec Rxxx2 RTxxx2 ...

Page 395: ...esired description of the service group Members Select the members of the group from the available service ali ases To do this activate the field in the Members column Funkwerk Enterprise Communications GmbH 19 Firewall bintec Rxxx2 RTxxx2 381 ...

Page 396: ...ession 20 1 Application Level Gateway To enable IP telephones to connect by SIP to a VoIP Provider your device has an Applica tion Level Gateway ALG i e an appropriate proxy that implements the necessary NAPT and firewall releases Note The Application Level Gateway must always be used if NAT is enabled on the inter face that makes the connection to the Internet 20 1 1 SIP Proxies Here you can view...

Page 397: ...way Administrative Status Select whether the SIP proxy should be enabled or disabled The function is activated by selecting The function is enabled by default Protocol Select the protocol to be used Possible values 31 default value or 4 Enter the port to be supervised by the proxy as Destination Port or each destination port to which VoIP clients from the LAN can connect you must configure a proxy...

Page 398: ...eing managed by ALG This includes static entries to make internal SIP servers proxies e g internal Asterisk serv er accessible from the WAN Internet by NAPT In addition internal SIP clients without re gistration can be made accessible using a static entry All active SIP sessions that have been initiated from internal SIP terminals are recognised dynamically and listed here These are only displayed...

Page 399: ...tion Type of Endpoint Select the role for the SIP endpoint in the LAN Possible values 4 default value The internal SIP endpoint is a SIP cli ent e g telephone The internal SIP endpoint is a SIP server into which the SIP endpoint can login externally Protocol Select the protocol to be used for data transmission Possible values 31 default value or 4 If a protocol has been automatically recognised it...

Page 400: ... a wired telephone network can be connected to a SIP Trunking Service Provider on the Inter net in order to use IP telephony The Funkwerk Media Gateway supports the binding of several SIP Provider Accounts With this gateway you can set up extensions create an extension number plan and configure exchange functions and optimise voice data transmission for low bandwidth of the upload connection Note ...

Page 401: ... entries Select the New button to create new exten sions Fig 150 VoIP Media Gateway Extensions New The VoIP Media Gateway Extensions New menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the name of the extension Funkwerk Enterprise Communications GmbH 20 VoIP bintec Rxxx2 RTxxx2 387 ...

Page 402: ... selected if analogue interfaces are available Select ISDN interface Only for Interface Type 1 Select an ISDN interface The ISDN interfaces you can select depends on the device used Select analogue inter face Only for Interface Type 0 Select an analogue interface Possible values fxs5 1 fxs5 2 fxs5 3 default value fxs5 4 Registration Only for Interface Type Specify whether the registration mechanis...

Page 403: ...tically and should not be changed Possible values are to The default value is SIP Endpoint IP Ad dress Only if Registration is disabled For configurations with no registration e g connection to a Mi crosoft Exchange Communication Server the connection can be set up as a static host This requires you to specify the static IP address of the terminal Authentication ID Only for Interface Type Enter a ...

Page 404: ...ia gateway If the first codec cannot be used the second is tried and so on Possible values 1 default value the codec in the first position in the menu will be used if possible D The codecs are sorted by quality If possible the codec with the best quality is used 2 The codecs are sorted by required bandwidth If possible the codec with the lowest bandwidth requirement is used The codecs are sorted b...

Page 405: ...calls any remaining codecs are dropped from the list that would require more than the available bandwidth Fields in the Voice Quality Settings menu Field Description Echo Cancellation Select whether echo cancellation should be used Echo cancellation is a technique to suppress echo feedback in voice communication on full duplex lines The function is enabled with The function is enabled by default C...

Page 406: ...isk to the media gateway This means that not only all SIP provider accounts are configured here but also direct dial in PBXs connected with the media gateway Note In no case should you use this menu to configure SIP extensions i e for SIP clients or PSTN clients such as SIP telephones terminal adapters or ISDN telephones SIP extensions can be configured in the VoIP Extensionsmenu The VoIP Media Ga...

Page 407: ...ds Fields in the Basic Parameters menu Field Description Description Enter the name of the SIP account Administrative Status Select whether the SIP account should be enabled or disabled The function is enabled with The function is enabled by default Funkwerk Enterprise Communications GmbH 20 VoIP bintec Rxxx2 RTxxx2 393 ...

Page 408: ...runk This setting is used to connect a software based IP PBX from Swyx Registrar Only for Trunk Mode 4 and Enter the IP address or domain name FQDN of the SIP registrar The maximum number of characters is 40 Entries with spaces are not allowed SIP Endpoint IP Ad dress Only for Trunk Mode Registration and deactivated Enter the IP address or domain name FQDN of the SIP proxy server Outbound Proxy On...

Page 409: ...n SIP server mode You must define the user name A maximum of 40 characters can be entered Authentication ID Enter a name that is to be used for authentication with the out bound proxy If you do not enter a name the name in the User Name field is used In SIP client mode Enter a name only if this is explicitly spe cified by the provider Password In SIP client mode The VoIP provider gives you a PIN o...

Page 410: ...invalid and a new registration request is therefore sent Possible values are to The default value is In answer to a REGISTER request a server can set another Ex pire Time which overwrites the setting here Fields in the Trunk Settings menu Field Description SIP Header Field s for Caller Address Only for Trunk Mode 4 or Select the position of the sender ID e g subscriber number in the SIP header for...

Page 411: ...ond is tried and so on Possible values 1 default value the codec in the first position in the menu will be used if possible D The codecs are sorted by quality If possible the codec with the best quality is used 2 The codecs are sorted by required band width If possible the codec with the lowest bandwidth re quirement is used The codecs are sorted by required band width If possible the codec with t...

Page 412: ...ttings menu Field Description Echo Cancellation Select whether echo cancellation should be used Echo cancellation is a technique to suppress echo feedback in voice communication on full duplex lines The function is enabled with The function is enabled by default Comfort Noise Genera tion CNG Specify whether Comfort Noise Generation should be used For digital voice transmission this function introd...

Page 413: ...e VoIP Media Gateway Call Routing menu 20 2 3 1 Edit or New Choose the icon to edit existing entries Select the New button to create new entries Fig 152 VoIP Media Gateway Call Routing New The VoIP Media Gateway Call Routing New menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the name of the entry Funkwerk Enterprise Communications GmbH...

Page 414: ... The selection depends on the interfaces available and on the SIP accounts that have been created Possible values A B restricts the routing entry to the selected PRI interface A B restricts the routing entry to the selected BRI interface A 0 B restricts the routing entry to the selected SIP account 0 No restriction of the entry Calling Address You can restrict the application of the entry to a par...

Page 415: ...worked through in the order given in the list If a line or SIP account is not available the next rule is automat ically used Administrative Status Select whether the rule should be activated The rule is enabled with The rule is active by default Line Choose the ISDN line PRI BRI or SIP account used for the outgoing call Called Address Trans lation Enter how the subscriber number is manipulated bef...

Page 416: ...rresponding outgoing calls via a particular SIP account In the VoIP Media Gateway CLID Translation menu a list of all existing entries is shown on which the received number is edited 20 2 4 1 Edit or New Choose the icon to edit existing entries Select the New button to create entries for CLID translation Fig 153 VoIP Media Gateway CLID Translation New The VoIP Media Gateway CLID Translation New me...

Page 417: ...es A B Restricts the entry to the selec ted PRI interface A B Restricts the entry to the selec ted BRI interface A 0 B restricts the entry to the selected SIP ac count 0 No restriction of the entry Enter either Called Line or Called Address If a value other than 0 is selected Called Address should not be used If Called Line 0 and Called Address is not used all calls for Called Line are processed C...

Page 418: ...ernal and external numbers Note Which number called party number or calling party number is translated depends on the direction incoming or outgoing of the call in question For incoming calls it is the called party number for outgoing calls the calling party number that is translated For example the internal number 340 can be shown externally as 09119673900 or a call from outside for the number 09...

Page 419: ...lt value For incoming and outgoing calls bidirectional For incoming calls For outgoing calls Associated Line Select the ISDN line or SIP account via which the calls are to be routed Possible values A B Restricts the call to the selected PRI interface A B Restricts the call to the selected BRI interface A 0 B restricts the call to the selected SIP ac count Local Address Enter the internal number e ...

Page 420: ...s translated to Local Address For outgoing calls the signalled Calling Party Number corresponds in the menu to the Local Address field is translated to External Address The External Address is not shown if the field Associated Line A 0 B is set In this case the User Name of the selected SIP Account is used as External Address 20 2 6 ISDN Trunks The ISDN Trunks menu is only displayed if you device ...

Page 421: ... Mode Select the mode in which the party line is to be operated Possible values default value Point to Point TE connection telecom party line Point to Point NT connection for connection of a PABX Members Select the desired ISDN interfaces to be included with this party line 20 2 7 Options In the VoIP Media Gateway Options menu you can perform global settings for the Me dia Gateway Funkwerk Enterpr...

Page 422: ...actly agree with an existing SIP account the call routing is handled by the ses sion border controller i e all SIP messages configured for the corresponding SIP account are forwarded to the session bor der controller For all other extensions the call routing is handled by the media gateway in accordance with the entries configured under Call Routing Note that the call routing is handled by the med...

Page 423: ...media gateway and routed via the media gateway The participating terminal devices e g SIP telephones are not connected dir ectly with one another Note that for VoIP to VoIP connections there is no code translation for different VoIP terminal codecs The codecs of media gateway and VoIP terminals must there fore agree If the function is disabled RTP sessions are not terminated on the media gateway i...

Page 424: ...dials A period at the end of the number indicates a complete number This is dialled immediately the period is recognised If you want to use a speeddial number from this list you must dial followed by the speed dial number 20 3 RTSP In this menu you configure the use of the RealTime Streaming protocol RTSP RTSP is a network protocol for controlling multimedia traffic flows in IP based networks Payl...

Page 425: ... fields Fields in the Basic Parameters menu Field Description RTSP Proxy Select whether you want to permit RTSP sessions The function is activated by selecting The function is disabled by default RTSP Port Select the port over which the RTSP messages are to come in and go out Possible values are to The default value is Funkwerk Enterprise Communications GmbH 20 VoIP bintec Rxxx2 RTxxx2 411 ...

Page 426: ... network is usually located by its IP address Because host names are often used in networks to reach different devices it is necessary for the associated IP address to be known This task can be performed by a DNS server which resolves the host names into IP addresses Alternatively name resolution can also take place over the HOSTS file which is available on all PCs Your device offers the following...

Page 427: ...and then the secondary DNS server If one of the DNS servers can resolve the name the information is forwarded and a dynamic entry created in the cache 4 Otherwise if a suitable Internet or dialin connection is selected as the standard inter face the relevant DNS server is asked depending on the configuration of the Internet or dialin connections if necessary by setting up a WAN connection at extra...

Page 428: ...our device WINS Server Primary Secondary Enter the IP address of the first and if necessary alternative global Windows Internet Name Server WINS or NetBIOS Name Server NBNS The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Positive Cache Select whether the positive dynamic cache is to be activated 21 Local Services Funkwerk Enterpris...

Page 429: ...tical entries are not deleted Cache Size cannot be set to lower than the current number of static entries Possible values The default value is Maximum TTL for Pos itive Cache Entries Enter the value to which the TTL is to be set for a positive dy namic DNS entry in the cache if its TTL is or its TTL exceeds the value for Maximum TTL for Positive Cache Entries The default value is Maximum TTL for N...

Page 430: ...e values No name server address is sent 0 The address of your device is transferred as the name server address 1 default value The addresses of the global name servers entered on your device are sent 21 1 2 DNS Servers A list of all configured DNS servers is displayed in the Local Services DNS DNS Serv ers menu 21 1 2 1 Edit or New Choose the icon to edit existing entries Select the New button to ...

Page 431: ...S Server and Secondary DNS Server to an interface i e for example to an Ethernet port or a PPPoE WAN partner The pair with the highest priority is used if the interface is up Possible values from highest priority to lowest priority The default value is Interface Select the interface to which the DNS server pair is to be as signed A global DNS server is created with the setting Interface Mode Selec...

Page 432: ...enter the IP address of an alternative name server 21 1 3 Static Hosts A list of all configured static hosts is displayed in the Local Services DNS Static Hosts menu 21 1 3 1 New Choose the New button to set up new static hosts Fig 160 Local Services DNS Static Hosts New The menu Local Services DNS Static Hosts New consists of the following fields Fields in the Basic Parameters menu 21 Local Servi...

Page 433: ...st for DNS Hostname gets a negat ive response default value A DNS request for DNS Host name is answered with the related IP Address A DNS request is ignored no answer is given IP Address Only if Response Enter the IP address assigned to DNS Hostname TTL Enter the validity period of the assignment from DNS Hostname to IP Address in seconds only relevant for Response transmitted to requesting hosts ...

Page 434: ...n also start with the wildcard e g funkwerk com If a name is entered without a full stop you complete with OK Default Domain after confirmation Domain Only for Forwarding 1 Enter the name of the domain to be forwarded The entry can also start with the wildcard e g funkwerk com If a name is entered without a full stop you complete with OK Default Domain after confirmation Forward to Select the forw...

Page 435: ...1 5 Cache In the Local Services DNS Cachemenu a list of all available cache entries is dis played Fig 162 Local Services DNS Cache You can select individual entries using the checkbox in the corresponding line or select them all using the Select all button A dynamic entry can be converted to a static entry by marking the entry and confirming with Make static This entry then disappears from the lis...

Page 436: ...uests Shows the number of valid DNS requests received and ad dressed direct to your device Cache Hits Shows the number of requests that were answered with static or dynamic entries from the cache Forwarded Requests Shows the number of requests forwarded to other name serv ers Cache Hitrate Indicates the number of Cache Hits per DNS Requests in per centage Successfully Answered Queries Shows the nu...

Page 437: ...ked up configuration connection via HTTPS Fig 164 Local Services HTTPS HTTPS Server The Local Services HTTPS HTTPS Servermenu consists of the following fields Fields in the HTTPS Parameters menu Field Description HTTPS TCP Port Enter the port via which the HTTPS connection is to be estab lished Possible values are to The default value is Local Certificate Select a certificate that you want to use ...

Page 438: ...service e g H The service providers offer various domain names for this so that a unique host name results for your device e g H The DynDNS provider relieves you of the task of answer ing all DNS requests concerning the host H with the dynamic IP address of your device To ensure that the provider always knows the current IP address of your device your device contacts the provider when setting up a...

Page 439: ... service e g the interface of the Internet Ser vice Provider User Name Enter the user name as registered with the DynDNS provider Password Enter the password as registered with the DynDNS provider Provider Select the DynDNS provider with which the above data is re gistered A choice of DynDNS providers is already available in the uncon figured state and their protocols are supported Other DynDNS pr...

Page 440: ... not to receive mail Ask your provider about this forwarding service and make sure e mails can be received from the host entered as MX Wildcard Select whether forwarding of all subdomains of the Host Name is to be enabled for the current IP address of the Interface advanced name resolution The function is activated by selecting The function is disabled by default 21 3 2 DynDNS Provider A list of a...

Page 441: ...ch the provider s DynDNS service runs Update Path Enter the path on the provider s server that contains the script for managing the IP address of your device Ask your provider for the path to be used Port Enter the port at which your device is to reach your provider s server Ask your provider for the relevant port The default value is Protocol Select one of the protocols implemented Possible value...

Page 442: ...assigned by your device You therefore do not need to allocate fixed IP addresses to PCs which reduces the amount of configuration work in your network To do this you set up a pool of IP addresses from which your device assigns IP addresses to hosts in the LAN for a defined period of time A DHCP server also transfers the addresses of the domain name server entered statically or by PPP negotiation D...

Page 443: ...interface over which the addresses defined in IP Ad dress Range are to be assigned to DHCP clients When a DHCP request is received over this Interface one of the addresses from the address pool is assigned IP Address Range Enter the first first field and last second field IP address of the IP address pool Pool Usage Specify whether the IP pool is used for DHCP requests in the same subnet or for DH...

Page 444: ...ble values default value No IP address is sent 3 Here the IP address defined for the Interface is transferred Enter the corresponding IP address Lease Time Enter the length of time in minutes for which an address from the pool is to be assigned to a host After the Lease Time expires the address can be reassigned by the server The default value is DHCP Options Specify which additional data is forwa...

Page 445: ...ceived an IP address from your device via DHCP You can now allocate an IP address from a defined IP address pool to specific MAC ad dresses You can do this by selecting the Static Binding option in the list to convert a list entry as a fixed binding or you manually create a fixed IP MAC binding by configuring this in the New sub menu Note You can only create new static IP MAC bindings if IP addres...

Page 446: ...to the MAC address spe cified in MAC Address is to be assigned MAC Address Enter the MAC address to which the IP address specified in IP Address is to be assigned 21 4 3 DHCP Relay Settings If your device for the local network does not distribute any IP addresses to the clients by DHCP it can still forward the DHCP requests on behalf of the local network to a remote DHCP server The DHCP server the...

Page 447: ...Serv er Enter the IP address of an alternative BootP or DHCP server 21 5 Web Filter In theLocal Services Web Filter menu you can configure a URL based Web Filter ser vice which during operation accesses the Proventia Web Filter from the company Internet Security Systems www iss net and checks how a requested Internet page is categorised by the Proventia Web Filter The action resulting from the cla...

Page 448: ...he following fields Fields in the Web Filter Options menu Field Description Web Filter Status Activate or deactivate the filter The function is activated by selecting The function is disabled by default Filtered Input Inter face s Select for which of the existing Ethernet and WLAN interfaces web filtering is to be activated 21 Local Services Funkwerk Enterprise Communications GmbH 434 bintec Rxxx2...

Page 449: ...allup is permitted Callup of the requested page is blocked 2 Callup is permitted but logged Action if license not re gistered Select what is to be done with URL requests if the licence key status is 8 Possible values 0 default value Callup is permitted Callup of the requested page is blocked 2 Callup is permitted but logged The menu License Information consists of the following fields Fields in th...

Page 450: ...uring the filters First a filter list can be created that only contains entries for those addresses that are to be blocked In this case it is necessary to make an entry at the end of the filter list that al lows all accesses that do not match a filter Setting for this Category 1 Action 0 or 0 2 If you only create entries for those addresses that are to be allowed or logged it is not necessary to c...

Page 451: ... of the week A B The filter is used on a certain day of the week Only one day can be selected per filter several filters must be configured if several individual days are to be covered 5 The filter is used from Monday to Friday The default value is Schedule Start Stop Time In From enter from which time the filter is to be activated The time is entered in the form hh mm Enter the time at which the ...

Page 452: ...ither of the two lists contains entries 21 5 3 1 Add Use the Add button to add further URLs or IP addresses to the list Fig 172 Local Services Web Filter Black White List Add The Local Services Web Filter Black White List Addmenu consists of the following fields Fields in the Black White List menu Field Description URL IP Address You enter a URL or IP address The length of the entry is limited to ...

Page 453: ...s connection of incoming and outgoing data and voice calls to com munications applications on hosts in the LAN that access the Remote CAPI interface of your device This enables for example hosts connected to your device to receive and send faxes Note All incoming calls to the CAPI are offered to all registered and eavesdropping CAPI applications in the LAN In the ex works state a user with the use...

Page 454: ...Enter the user name for which access to the CAPI service is to be allowed or denied Password Enter the password which the user User Name shall use for identification to gain access to the CAPI service Access Select whether access to the CAPI service is to be permitted or denied for the user The function is activated by selecting The function is enabled by default 21 Local Services Funkwerk Enterpr...

Page 455: ...s The function is activated by selecting The function is disabled by default CAPI Server TCP Port The field can only be edited if Enable server is enabled Enter the TCP port number for remote CAPI connections The default value is 21 7 Scheduling Your device has a event scheduler which enables certain standard actions for example activating and deactivating interfaces to be carried out Moreover eve...

Page 456: ...tem checks whether at least one event has oc curred This event is used as the initiator for a configured action Caution The configuration of actions that are not available as defaults requires extensive know ledge of the method of operation of bintec gateways An incorrect configuration can cause considerable disruption during operation If applicable save the original config uration on your PC Note...

Page 457: ...ist select the event list you want and add at least one more event to it You can use event lists to create complex conditions for initiat ing an action The events are processed in the same order in which they are created in the list Description Only for Event List Enter your chosen designation for the event list Event Type Select the type of event Possible values default value The operations confi...

Page 458: ...igured as initiator First select the System in which the MIB variable is saved then the MIB Table and finally the MIB Variable itself Only the MIB tables and MIB variables present in the respective area are displayed Compare Condition Only for Event Type 7 Select whether the MIB variable default value F 2 F must have the value given in 4 8 or must lie within to initiate the operation Compare Value...

Page 459: ...nitiating an operation Possible values C default value Incoming data traffic is monitored C Outgoing data traffic is monitored Interface Traffic Condi tion Only for Event Type Select whether the value for data traffic must be default value or 2 the value specified in in order to initiate the operation Transferred Traffic Only for Event Type Enter the desired value in kBytes for the data traffic to...

Page 460: ...fter which a ping must be resent The default value is seconds Trials Only for Event Type Enter the number of ping tests to be performed until Destina tion IP Address as 3 applies The default value is Monitored Certificate Only for Event Type 4 2 Select the certificate whose validity should be checked Remaining Validity Only for Event Type 4 2 Indicate the remaining validity of the certificate in p...

Page 461: ...alues for Condition Settings in Condition Type 1 Start Time Enter the time from which the initiator is to be activated Activa tion is carried on the next scheduling interval the default value of this interval is 55 seconds Stop Time Enter the time from which the initiator is to be deactivated De activation is carried on the next scheduling interval If you do not enter a Stop Time or set a Stop Tim...

Page 462: ...values default value Your device is rebooted 7 The desired value is entered for a MIB variable The status of an interface is modified 3 A software update is initiated 4 A configuration file is loaded onto your device or backed up by your device Accessibility of an IP address is checked 4 A certificate is to be renewed deleted or entered 246 A Neighbor Scan is initiated in a WLAN network controlled...

Page 463: ...in seconds that must elapse after occur rence of the event until the device is restarted The default value is seconds MIB SNMP Variable to add edit Only if Command Type 7 Select the MIB table in which the MIB variable whose value shall be changed is saved First select the System then the MIB Table Only the MIB tables present in the respective area are displayed Command Mode Only if Command Type 7 ...

Page 464: ...f Command Type 7 Select the MIB variable whose value is to be configured as de pendent upon initiator status If the initiator is active Trigger Status 0 the MIB vari able is described with the value entered in Active Value If the initiator is inactive Trigger Status the MIB variable is described with the value entered in Inactive Variable If the MIB variable is to be modified depending on whether ...

Page 465: ...ded from an HTTP server that you define in 3 2 5 The latest software will be downloaded from an HTTP server that you define in 3 2 Server URL For Command Type 3 If Source Location not 4 5 Enter the URL of the server from which the desired software version is to be retrieved For Command Type 4 with Action or Enter the URL of the server from which a configuration file is to be retrieved or on which ...

Page 466: ...lues default value 1 4 For Command Type 4 Select which operation you wish to perform on a certificate file Possible values default value 1 4 Protocol Only for Command Type 4 and 4 if Action Select the protocol for the data transfer Possible values default value 5 CSV File Format Only for Command Type 4 and Action or 21 Local Services Funkwerk Enterprise Communications GmbH 452 bintec Rxxx2 RTxxx2 ...

Page 467: ...d For Action Enter the file name under which it should be saved on the serv er Local File Name Only for Command Type 4 and Action or 4 At import renaming or copying enter a name for the configura tion file under which to save it locally on the device File Name in Flash For Command Type 4 and Action Select the file to be exported For Command Type 4 and Action Select the file to be renamed For Comma...

Page 468: ... device should restart after the intended Ac tion The function is disabled by default Version Check Only for Command Type 4 and Action Select whether when importing a configuration file to check on the server for the presence of a more current version of the already loaded configuration If not the file import is interrupted The function is disabled by default Destination IP Address Only if Command...

Page 469: ...nly for Command Type 4 and Action Enter the URL of the server from which a certificate file is to be retrieved Local Certificate De scription For Command Type 4 and Ac tion Enter a description for the certificate under which to save it on the device For Command Type 4 and Ac tion 1 Select the certificate to be deleted Password for protec ted Certificate Only for Command Type 4 and Action Select wh...

Page 470: ...CEP certificate on your device is to be saved URL SCEP Server URL Only for Command Type 4 and Action 4 Enter the URL of the SCEP server e g 677 6 7 7 Your CA administrator can provide you with the necessary data Subject Name Only for Command Type 4 and Action 4 Enter a subject name with attributes Example O4 I8 E 14I E 14I E I1 O CA Name Only for Command Type 4 and Action 4 Enter the name of the C...

Page 471: ...s the enrolment is completed and the certificate has been downloaded from the CA server it is automatically saved in the device configuration The function is enabled by default Use CRL Only for Command Type 4 and Action 4 Define the extent to which certificate revocation lists CRLs are to be included in the validation of certificates issued by the own er of this certificate Possible values 0 defau...

Page 472: ...sists of the following fields Fields in the Scheduling Options menu Field Description Schedule Interval Select whether the schedule interval is to be enabled for the in terface Enter the period of time in seconds after which the system checks whether configured events have occurred Possible values are to The value is recommended 5 minute accuracy Values lower than 60 are generally pointless and ar...

Page 473: ... server 21 8 1 Hosts A list of all monitored hosts is displayed in the Local Services Surveillance Hosts menu 21 8 1 1 Edit or New Choose the icon to edit existing entries Choose the New button to create additional monitoring tasks Fig 179 Local Services Surveillance Hosts New The menu Local Services Surveillance Hosts New consists of the following fields Funkwerk Enterprise Communications GmbH 21...

Page 474: ... to be monitored Source IP Address Select how the IP address is to be determined that your device uses as the source address of the packet sent to the host to be monitored Possible values 0 default value The IP address is determined automatically Enter the IP address in the adjacent input field Interval Enter the time interval in seconds to be used for checking the availability of hosts Possible v...

Page 475: ...ons you select an Interface to which the Action relates All physical and virtual interfaces can be selected For each interface select whether it is to be enabled disabled 1 default value reset or the con nection restablished With Action you can monitor the IP address that is specified under Monitored IP Address 21 8 2 Interfaces A list of all monitored hosts is displayed in the Local Services Surv...

Page 476: ...articular Interface Action Possible values default value Interface Action Select the action that is to follow the state or state transition defined in Trigger The action is applied to the Interface s selected in Interface Possible values default value Activation of interface s 1 Deactivation of interface s Interface Select the interface s for which the action defined in Interface is to be performe...

Page 477: ...lds in the Basic Parameters menu Field Description Destination IP Address Enter the IP address to which the ping is automatically sent Source IP Address Enter the source IP address of the outgoing ICMP echo request packets Possible values 0 The IP address is determined automatically default value Enter the IP address in the adja cent input field e g to test a particular extended route Interval Ent...

Page 478: ...ated 21 9 1 Options All interfaces for which the theft protection is enabled are administratively set to down when the gateway boots The gateway then calls itself by ISDN and checks its location If the configured ISDN call numbers differ from the numbers dialled the interfaces remain disabled If the numbers agree the device assumes that it is at the original location and the inter faces are admini...

Page 479: ...ng Number Only if ISDN Theft Protection Service is enabled Enter the subscriber number that the gateway dials to call itself Incoming Number Only if ISDN Theft Protection Service is enabled Enter the subscriber number to be compared with the current calling party number Outgoing Number Only if ISDN Theft Protection Service is enabled Enter the subscriber number to be set as calling party number Mo...

Page 480: ... enabled gateway UPnP enables mostly Windows based operating systems to take control of other devices with UPnP functionality on the local network These include gateways access points and print servers No special device drivers are needed as known common protocols are used such as TCP IP HTTP and XML Your gateway makes it possible to use the subsystem of the Internet Gateway Device IGD from the UP...

Page 481: ...u can determine whether UPnP requests from clients are accepted by each interface for requests from the local network and or whether the interface can be controlled via UPnP requests Fig 183 Local Services UPnP Interfaces The menu Local Services UPnP Interfaces consists of the following fields Fields in the Interfaces menu Field Description Interface Shows the name of the interface for which the U...

Page 482: ...PnP Status Decide how the gateway processes UPnP requests from the LAN The function is enabled with The gateway proceeds with UPnP releases in accordance with the parameters con tained in the request from the LAN UPnP client independently of the IP address of the requesting LAN UPnP client The function is disabled by default The gateway rejects UPnP requests NAT releases are not made UPnP TCP Port...

Page 483: ...as he attempts to access any Internet site with a browser the user is redirected to the home login page After the user has entered the registration data user password these are sent to the central RADIUS server Hotspot server as RADIUS registration Following successful registration the gateway opens Internet access For each user the gateway sends regular additional information to the RADIUS server...

Page 484: ...er Walled Garden Network Individually set for customers by customer dealer Walled Garden Server URL Individually set for customers by customer dealer Terms Conditions URL Individually set for customers by customer dealer Access data for configuration of the Hotspot server Admin URL https hotspot funkwerk ec com Username Individually set by FEC Password Individually set by FEC Note Also refer to th...

Page 485: ...Services HotSpot Gateway HotSpot Gateway menu Choose the New button to set up additional Hotspot networks Fig 186 Local Services HotSpot Gateway HotSpot Gateway The Local Services HotSpot Gateway HotSpot Gateway menu consists of the fol lowing fields Fields in the Basic Parameters menu Field Description Interface Choose the interface to which the Hotspot LAN or WLAN is con nected When operating ov...

Page 486: ...erver can distinguish between the different cli ents customers Walled Garden Enable this function if you want to define a limited and free area of websites intranet The function is not activated by default Walled Network Net mask Only if Walled Garden is enabled Enter the network address of the Walled Network and the cor responding Netmask of the intranet server For the address range resulting fro...

Page 487: ...ts of the following fields Fields in the Advanced Settings menu Field Description Ticket Type Select the ticket type Possible values 8 Only the user name must be entered Define a de fault password in the input field 3 7 default value User name and pass word must be entered Allowed HotSpot Client Here you can define which type of users can log in to the Hot spot Possible values 0 All clients are ap...

Page 488: ...c Router Redundancy Protocol is a Bintec specific implementation of the VRRP Virtual Router Redundancy Protocol A router redundancy procedure is used mainly to safeguard the availability of a physical gateway in a LAN or WAN Terms and Definitions A number of special terms are used to describe the functionality The following terms are defined in the relevant RFC and in the Internet draft BRRP terms...

Page 489: ...Res olution Protocol requests for these IP addresses Virtual Router Backup The group of VRRP routers that take over responsibility for for warding the packets if the master fails In backup status these VRRP routers are inactive i e they do not respond to any ARP requests 21 12 1 Virtual Routers When using a route redundancy protocol multiple routers are combined into a logical unit The router redu...

Page 490: ...n the group All passive routers in the group must monitor this address so that if the advertise ment data packets are not received that can react according to their priority and BRRP configuration Configuration of the interface for transmitting usage data configuration of the virtual in terface A virtual interface is activated and deactivated by assigning it to a virtual router over the BRRP route...

Page 491: ...ll interfaces on a device have to be deactivated Consequently the operating status of all interfaces on a device must be synchronised This synchronisation is required if multiple interfaces are monitored on a single device This configuration is performed in the Local Services BRRP VR Synchronisation New menu Switching on the redundancy procedure This configuration is performed in the Local Service...

Page 492: ...t interface is displayed and cannot be changed Note The Ethernet interface for sending the advertisements is always up and running and cannot therefore be used as the Vir tual Router Interface IP Address Shows the IP address es of the interface via which BRRP ad vertisement packets are sent and expected Fields in the BRRP Monitored Interface menu Field Description Virtual Router Interface Indicate...

Page 493: ...the current master Possible values are whole numbers between and Virtual Router Priority Define the logical priority of the virtual router Possible values are between and The higher the value the higher the priority The value defines that this virtual router always functions as master as soon as it is active The default value is The virtual router with the highest priority normally takes over the ...

Page 494: ...wn interval is the time calculated from the number of expected but omitted BRRP advertisements the advertisement interval and the skew time which adds a minim um period depending on the priority The higher the priority the shorter the time added Consequently a backup router with a higher priority responds more quickly than a router with lower priority Possible values are whole numbers between and ...

Page 495: ...ed by default 21 12 2 VR Synchronisation The watchdog daemon is configured in the Local Services BRRP VR Synchronisation menu i e you define how state changes are handled After opening the menu Local Services BRRP VR Synchronisation a list of all syn chronisations is displayed You can either synchronise virtual interfaces or interfaces New synchronisations can be added in the New menu For example ...

Page 496: ...outers New Advanced Set tings menu Virtual Router ID Select a virtual router using the Virtual Router ID and define which interface is to be checked You can choose previously defined IDs see Virtual Router ID in menu Local Services BRRP Virtual Router New BRRP Monitored Interface The watchdog daemon requests detailed information entered in the Virtual Router Fields in the Synchronisation VR Interf...

Page 497: ...Local Services BRRP Options menu you can enable or disable the BRRP func tion Fig 190 Local Services BRRP Options The Local Services BRRP Optionsmenu consists of the following fields Fields in the Basic Parameters menu Field Description Enable BRRP Enable or disable the BRRP function The function is enabled with The function is disabled by default Funkwerk Enterprise Communications GmbH 21 Local S...

Page 498: ...igger a system reboot in this menu 22 1 Diagnostics In the Maintenance Diagnostics menu you can test the availability of individual hosts the resolution of domain names and certain routes 22 1 1 Ping Test Fig 191 Maintenance Diagnostics Ping Test You can use the ping test to check whether a certain host in the LAN or an internet address can be reached The Outputfield displays the ping test message...

Page 499: ...st is correctly re solved The Outputfield displays the DSN test messages The DSN test is launched by en tering the domain name to be tested in DNS Address and clicking the Go button 22 1 3 Traceroute Test Fig 193 Maintenance Diagnostics Traceroute Test Funkwerk Enterprise Communications GmbH 22 Maintenance bintec Rxxx2 RTxxx2 485 ...

Page 500: ...t system software at www funkwerk ec com The current documentation is also available here Important If you want to update your software make sure you consider the corresponding re lease notes These describe the changes implemented in the new system software The result of an interrupted update e g power failure during the update could be that your gateway no longer boots Do not turn your device off...

Page 501: ...software versions This is a CSV format which can be read and modified easily In addition you can view the corres ponding file clearly using Microsoft Excel for example The administrator can store encryp ted backup files for the configuration When the configuration is sent by e mail e g for sup port purposes confidential configuration data can be protected fully if required You can save or import f...

Page 502: ... file you want to import Note Click Go to first load the file under the name in the flash memory for the device You must restart the device to enable it Note The files to be imported must be in CSV format You can import additional language ver sions of the Funkwerk Configuration Interface into your device You can download the files to your PC from the down load area at www funkwerk ec com and from...

Page 503: ... the Select file field is re named to New File Name 1 The configuration in the Select file field is deleted 1 The file in the Select file field is deleted Configuration Encryp tion Only for Action Define whether the data of the selected Action are to be encrypted The function is activated by selecting The function is disabled by default If the function is enabled you can enter the Password in the ...

Page 504: ...ault Source File Name Only for Action 4 select the source file to be copied Destination File Name Only for Action 4 Enter the name of the copy Select file Only for Action 1 or 1 select the file or configuration to be renamed or de leted New File Name Only for Action Enter the new name of the configura tion file 22 3 Reboot 22 3 1 System Reboot In this menu you can trigger an immediate reboot of yo...

Page 505: ...king the Save configuration button so that these are not lost when you reboot Fig 195 Maintenance Reboot System Reboot If you wish to restart your device click on the OK button The device will reboot Funkwerk Enterprise Communications GmbH 22 Maintenance bintec Rxxx2 RTxxx2 491 ...

Page 506: ...itted to one or more external PCs for storage and processing e g to the system ad ministrator s PC The syslog messages saved internally on your device are lost when you reboot Warning Make sure you only pass syslog messages to a safe computer Check the data regu larly and ensure that there is always enough spare capacity available on the hard disk of your PC Syslog Daemon All Unix operating system...

Page 507: ... menu External Reporting Syslog Syslog Servers New consists of the following fields Fields in the Basic Parameters menu Field Description IP Address Enter the IP address of the host to which syslog messages are passed Level Select the priority of the syslog messages that are to be sent to the host Possible values highest priority 0 4 default value Funkwerk Enterprise Communications GmbH 23 Externa...

Page 508: ...ossible values The default value is Timestamp Select the format of the time stamp in the syslog Possible values default value No system time indicated System time without date 1 L System time with date Protocol Select the protocol for the transfer of syslog messages Note that the syslog server must support the protocol Possible values 31 default value 4 Type of Messages Select the message type Pos...

Page 509: ...ollect a lot of useful information about the IP network traffic each individual IP session 23 2 1 Interfaces In this menu you can configure the IP Accounting function individually for each interface Fig 197 External Reporting IP Accounting Interfaces In the External Reporting IP Accounting Interfaces menu a list of all interfaces con figured on your device is shown For each entry you can activate ...

Page 510: ...n start in the format DD MM YY t Time of the session start in the format HH MM SS a Duration of the session in seconds c Protocol i Source IP Address r Source Port f Source interface index I Destination IP Address R Destination Port F Destination interface index p Packets sent o Octets sent P Packets received O Octets received s Serial number for accounting message By default the following format ...

Page 511: ... Description Alert Service Enable or disable the function Sender E Mail Address Enter the mail address to be entered in the sender field of the E mail Maximum Messages per Minute Limit the number of outgoing mails per minute Possible values are to the default value is Fields in the SMTP Settings menu Field Description SMTP Server Enter the address IP address or valid DNS name of the mail server to...

Page 512: ...Only if SMTP Authentication or Enter the user name for the POP3 or SMTP server Password Only if SMTP Authentication or Enter the password of this user POP3 Server Only if SMTP Authentication Enter the address of the server from which the e mails are to be retrieved POP3 Timeout Only if SMTP Authentication Enter how long the router must wait after the POP3 call before it is forced to send the alert...

Page 513: ...scription Recipient Enter the E mail address of the recipient The entry is limited to 40 characters E Mail Subject Enter a name for the email Event Select the event to trigger an email notification Possible values default value A Syslog mes sage includes a specific string 0 A new adjacent AP has been found 0 A new Rough AP has been found i e an AP using an SSID of its own network yet is not a com ...

Page 514: ...e mail alert Possible values default value 0 4 1 Message Timeout Enter how long the router must wait after a relevant event be fore it is forced to send the alert mail Possible values are to The value 0 disables the timeout Number of Messages Enter the number of syslog messages that must be reached be fore an E mail can be sent for this case If timeout is configured the mail is sent when this expi...

Page 515: ...ager As SNMP is a standard protocol you can use any other SNMP managers e g HPOpenView For more information on the SNMP versions see the relevant RFCs and drafts SNMP V 1 RFC 1157 SNMP V 2c RFC 1901 1908 SNMP V 3 RFC 3410 3418 23 4 1 SNMP Trap Options In the event of errors a message known as a trap packet is sent unrequested to monitor the system In the External Reporting SNMP SNMP Trap Options m...

Page 516: ...t value is SNMP Trap Com munity Only if SNMP Trap Broadcasting is enabled Enter a new SNMP code This must be sent by the SNMP Man ager with every SNMP request so that this is accepted by your device A character string of between and characters is possible here The default value is 23 4 2 SNMP Trap Hosts In this menu you specify the IP addresses to which your device is to send the SNMP traps In the...

Page 517: ...ol A permanent overview of the utilisation of your device is possible Method of operation A Status Daemon collects information about your device and transfers it as UDP packets to the broadcast address of the first LAN interface default setting or to an explicitly entered IP address One packet is sent per time interval which can be adjusted individually to val ues from 1 60 seconds Up to 100 physi...

Page 518: ...n Monitored Interfaces Select the type of information to be sent in the UDP packets to the Windows application Possible values default value Deactivates the sending of information to the Activity Monitor Only information about the physical interfaces is sent 7 0 78 Information about physical and virtual interfaces is sent Send information to Select where your device sends the UDP packets Possible ...

Page 519: ...s Possible values are to The default value is UDP Destination Port Enter the port number for the Windows application Activity Monitor The default value is registered by IANA Internet As signed Numbers Authority Password Enter the password for the Activity Monitor Funkwerk Enterprise Communications GmbH 23 External Reporting bintec Rxxx2 RTxxx2 505 ...

Page 520: ... the configured Maximum Num ber of Syslog Entries and the configured Maximum Message Level of Syslog Entries These values can be changed in the System Management Global Settings System menu Fig 204 Monitoring Internal Log System Messages Values in the System Messages list Field Description No Displays the serial number of the system message Date Displays the date of the record Time Displays the ti...

Page 521: ...IP address of the remote IPSec Peers Remote Networks Displays the currently negotiated subnets of the remote termin al Security Algorithm Displays the encryption algorithm of the IPSec tunnel Status Displays the operating status of the IPSec tunnel Action Enables you to change the status of the IPSec tunnel as dis played Details Opens a detailed statistics window You change the status of the IPSec...

Page 522: ...uthentication Method Shows the authentication method MTU Shows the current MTU Maximum Transfer Unit Alive Check Shows the method for checking that the peer is reachable NAT Detection Displays the NAT detection method Local Port Shows the local port Remote Port Shows the remote port Packets Shows the total number of incoming and outgoing packets Bytes Shows the total number of incoming and outgoin...

Page 523: ...itoring IPSec IPSec Statistics menu statistical values for all IPSec connec tions are displayed Fig 207 Monitoring IPSec IPSec Statistics The Monitoring IPSec IPSec Statistics menu consists of the following fields Field in the Licences menu Field Description IPSec Tunnels Shows the IPSec licences currently in use In Use and the maximum number of licenses usable Maximum Field in the Peers menu Funk...

Page 524: ...se 2 SAs Total Fields in the Packet Statistics menu Field Description Total Shows the number of all processed incoming In or outgoing Out packets Passed Shows the number of incoming In or outgoing Out packets forwarded in plain text Dropped Shows the number of all rejected incoming In or outgoing Out packets Encrypted Shows the number of all incoming In or outgoing Out pack ets protected by IPSec ...

Page 525: ...PPP connections Direction Displays the send direction Charge Displays the costs of the current connection Duration Displays the duration of the current connection Stack Displays the related ISDN port STACK Channel Displays the number of the ISDN B channel Status Displays the state of the connection F F F 24 3 2 Call History In the Monitoring ISDN Modem Call History menu a list of the last 20 ISDN ...

Page 526: ...ming calls Interface Displays additional information for PPP connections Direction Displays the send direction Charge Displays the costs of the connection Start Time Displays the time at which the call was made or received Duration Displays the duration of the connection 24 4 Interfaces 24 4 1 Statistics In the Monitoring Interfaces Statistics menu current values and activities of all device inter...

Page 527: ...he total number of packets sent Tx Bytes Displays the total number of octets sent Tx Errors Shows the total number of errors sent Rx Packets Shows the total number of packets received Rx Bytes Displays the total number of bytes received Rx Errors Shows the total number of errors received Status Shows the operating status of the selected interface Unchanged for Shows the length of time for which th...

Page 528: ...ed bridge Port Shows the port on which the bridge is active 24 6 HotSpot Gateway 24 6 1 HotSpot Gateway A list of all linked hotspot users is displayed in the Monitoring HotSpot Gateway Hot Spot Gateway menu Fig 212 Monitoring HotSpot Gateway HotSpot Gateway Values in the HotSpot Gateway list Field Description User Name Displays the user s name 24 Monitoring Funkwerk Enterprise Communications GmbH...

Page 529: ...ing QoS QoS menu Fig 213 Monitoring QoS QoS Values in the QoS list Field Description Interface Shows the interface for which QoS has been configured QoS Queue Shows the QoS queue which has been configured for this inter face Send Shows the number of sent packets with the corresponding pack et class Dropped Shows the number of rejected packets with the corresponding packet class in case of overload...

Page 530: ...u a list of all interfaces configured for OSPF is dis played Fig 214 Monitoring OSPF Status Values in the Status list Field Description View Select the desired view from the dropdown menu Are available 0 5 5 and 5 2 1 In the OSPF Interfaces area all enabled OSPF interfaces are listed Values in the OSPF Interfaces list Field Description Interface Shows the interface for which OSPF has been configur...

Page 531: ...PF in which the DR and BDR are determined The interface is a point to point interface DR or BDR are not shown 1 The gateway is the designated router within the BMA network 1 The gateway is the backup designated router within the BMA network 1 Another gateway is desig nated router or backup designated router within the BMA net work The Neighbor section lists the neighbor gateways that have been ide...

Page 532: ...ow synchronized The headers of all Link State Advertisements LSA are listed in the section for the Link State Database Values in the OSPF Link State Database list Field Description Area Indicates the area database to which the LSA is assigned Type Indicates the LSA type There are five LSA types Router Link Network Link Summary Link Summary ASBR and AS Extern al Link State ID The Link State ID of t...

Page 533: ...ent Link State Ac knowledge Packets Displays the number of Link State Acknowlede packets sent Received Link State Request Packets Displays the number of Link State Request packets received Sent Link State Re quest Packets Displays the number of Link State Request packets sent Received Link State Update Packets Displays the number of Link State Update packets received Sent Link State Update Packets...

Page 534: ...en received 24 9 PIM 24 9 1 Global Status The status of all configured PIM components is displayed in the Monitoring PIM Global Status menu Fig 216 Monitoring PIM Global Status Values in the Global Status list Field Description View Select the desired view from the dropdown menu Are available 0 and 7 Values in the PIM Interfaces list 24 Monitoring Funkwerk Enterprise Communications GmbH 520 bintec...

Page 535: ...the last PIM Neighbor is a neighbor of the local router Expired Indicates when the PIM Neighbor is no longer entered as neigh bor If the value is displayed the PIM Neighbor always re mains entered as neighbor Values in the Multicast Group RP Mappings list Field Description Multicast Group Ad dress Displays the multicast group address Multicast Group Prefix Length Displays the related network mask ...

Page 536: ... address of the Rendezvous Point RP for the group Upstream Join State The Upstream RP Join Prune Status indicates the status of the Upstream RP State Machine in the PIM SM Specifica tion Upstream Neighbor IP Address Displays the primary IP address of the Upstream Neighbors or unknown 0 if the Upstream Neighbor IP address is not known or if it is not a PIM Neighbor Uptime Indicates the timespan of ...

Page 537: ...try was generated by the local router Upstream Join Timer Indicates the remaining time until the local router sends out the next periodic G Join message on pimStarGRPFIfIndex In the PIM SM specification this address is named G Upstream Join Timer If the timer is deactivated it has the value Values in the S G States list Field Description Multicast Group Ad dress Displays the multicast group addres...

Page 538: ...icast group address InetAddressType is defined in the pimStarGAddressType object Source IP Address Displays the source IP address InetAddressType is defined in the pimStarGAddressType object Reverse Path Forwarding RPF Indicates the address type of the RPF Next Hop to the RP or unknown 0 if the RPF Next Hop is not known Uptime Indicates the timespan since the entry was generated by the local route...

Page 539: ...e State Indicates the status that results from the G Join Prune mes sages received on this interface This corresponds to the status of the Downstream Per Interface G State Machine in the PIM SM specification Uptime Indicates the timespan since the entry was generated by the local router Expiry Timer Displays the remaining time until the G Join State becomes invalid for this interface In the PIM SM...

Page 540: ...IM DM Uptime Indicates the time remaining before the local router reacts to an S G Prune message received on this interface The router waits this period to check whether another downstream router corrects the Prune message In the PIM SM specification this timer is named S G Prune Pending Timer If the timer is deac tivated it has the value Expiry Timer Displays the remaining time until the S G Join...

Page 541: ...icates whether the local router should sever the source of the RP tree This corresponds in the PIM SM specification to the status of the Upstream S G rpt State Machine for Triggered Messages Expiry Timer Displays the remaining time until the S G rpt Prune State be comes invalid for this interface In the PIM SM specification this timer is named S G rpt Prune Expiry Timer If the timer is de activate...

Page 542: ...ard can communicate with each oth er even if they come from different hardware manufacturers The IEEE802 11b standard specifies the data rates of 1 2 5 5 and 11 mbps a working frequency in the range of 2 4 to 2 4835 GHz and WEP encryption IEEE802 11 wireless networks are also known as Wi Fi networks A subscriber The A subscriber is the caller a b interface For connection of an analogue terminal In...

Page 543: ...to peer basis Ad hoc mode is also known as IBSS mode Independent Ba sic Service Set and makes sense for the smallest networks e g if two notebooks are to be linked to each other without an access point ADSL Asymmetric digital subscriber line AH Authentication header Alphanumeric dis play Display unit e g for T Concept PX722 system telephone able to display letters and other characters as well as d...

Page 544: ...d characters must be marked by start and stop bits in contrast to synchronous transmission ATM Asynchronous transfer mode Attention tone Superimposing of an acoustic signal during a telephone call e g for call waiting Authentication Check on the user s identify Authorisation Based on the identity authentication the user can access certain services and resources Automatic callback Special feature o...

Page 545: ... the re ceiver a connection to the required subscriber is established auto matically Automatic clearing of Internet connec tion ShortHold You can activate ShortHold When you do so you define the time after which an existing connection is cleared if data transfer is no longer taking place If you enter a time of 0 ShortHold is deactiv ated Automatic outside line After the receiver of a telephone is ...

Page 546: ...subject to dialling control e g entry 0190 would block all connections to expensive service providers Block Cipher Modes Block based encryption algorithm Blowfish An algorithm developed by Bruce Schneier It relates to a block cipher with a block size of 64 bit and a key of variable length up to 448 bits Bluetooth Bluetooth is a wireless transfer technology that can connect up dif ferent devices Bl...

Page 547: ...an be grouped into bundles When an external call is initiated by the exchange code or in the event of automatic external line access a bundle released for this subscriber is used to establish the connection If a subscriber has authorisation for several bundles the connection is established using the first released bundle If one bundle is occupied the next released bundle is used If all the release...

Page 548: ...ons of call forwarding in the exchange via the keypad if certain services are activated for your connection You can receive more information on this from your T Com advisor The exchange connects the calling subscriber with an external sub scriber you have specified Call forwarding in the PBX The call forwarding CF performance feature of the PBX enables you to be reached even if you are not in the ...

Page 549: ...re taking a call a second caller hears the engaged tone Callback on Busy Performance feature in T ISDN PBXs and T Net A connection is set up automatically as soon as the Busy status on the destination connection ends When the connection is free this is signalled to the caller As soon as the caller lifts the receiver the connection is set up automatically However Callback must first be activated by...

Page 550: ...dling CHAP Challenge Handshake Authentication Protocol Checksum field Frame Check Sequence FCS CLID Calling Line Identification Client A client uses the services provided by a server Clients are usually workstations CLIP Abbreviation for Calling Line Identification Presentation Telephone number display of calling party CLIR Abbreviation for Calling Line Identification Restriction Temporary suppres...

Page 551: ...ion of the PBX with the tele phone With some restrictions you can also program your PBX using the telephone For information on programming your PBX using the tele phone please see the accompanying user s guide Connection of ana logue terminals The performance features for analogue terminals can only be used with terminals that use the MFC dialling method and that have an R or flash key Connection ...

Page 552: ...hat you are not disturbed you can use call assignment You can allocate each subscriber two different call allocations call assignment Day and call assignment Night With call assignments it is also possible to forward the call to an external subscriber so that you can be contacted at all times With call assignment Day Night therefore you define which internal terminals are to ring in the event of a...

Page 553: ...e trans mission As a result of the internationally standardised Pulse Code Modula tion PCM analogue voice signals are converted to a digital pulse flow of 64 kbps Advantages Better voice quality and less suscept ibility to faults during analogue voice transmission DIME Desktop Internetworking Management Environment DIME Browser Old name for Configuration Manager Direct Call You are not at home How...

Page 554: ...stem Do not disturb Station guarding DOI Domain of Interpretation Domain A domain refers to a logical group of devices in a network On the Internet this is part of a naming hierarchy e g bintec de Door intercom Door intercom device It can be connected to various PBXs A tele phone can be used to take an intercom call and open the door Door intercom on analogue connection An analogue connection can ...

Page 555: ...parameters are stored in lists which together permit the right con nection to be set up The PBX uses the PPP Point to Point Pro tocol for ISDN access and PPPoE Point to Point Protocol over Ethernet for access over T DSL The traffic on these two Internet connections is monitored separately by the PBX DSL modem Special modem for data transmission using DSL access technology DSL splitter A DSL splitt...

Page 556: ... of these numbers it is recognised by the PBX and a B channel of the T ISDN is automatically freed up for your emergency call Emer gency calls are not subject to configuration restrictions If Calling with prefix plus code number is set for a a connection the internal connection is busy To make an external call first dial 0 and then the required emergency number Encapsulation Encapsulation of data ...

Page 557: ... between local exchanges and remote exchanges Exchange access right PBXs differentiate between the following exchange access rights These can be set up differently for each subscriber in the configura tion Extended redialling A selected telephone number is parked in the telephone s memory It can be redialled later even if you have called other numbers in the meantime Extension For PBXs describes t...

Page 558: ...tination address These criteria can be used to se lect a packet from the traffic flow Such a packet can then be handled in a specific way For this purpose a certain action is asso ciated with the filter which creates a filter rule Firewall Describes the whole range of mechanisms to protect the local net work against external access Your gateway provides protection mechanisms such as NAT CLID PAP C...

Page 559: ... the telephone that can be assigned telephone numbers or network functions G 991 1 Data transmission recommendation for HDSL G 991 2 Data transmission recommendation for SHDSL G 992 1 Data transmission recommendation for ADSL See also G 992 1 An nex A and G 992 1 Annex B G 992 1 Annex A Data transmission recommendation for ADSL ITU T G 992 1 Annex A G 992 1 Annex B Data transmission recommendation...

Page 560: ...ge Digest Al gorithm Version 5 HMAC SHA1 Hashed Message Authentication Code uses Secure Hash Al gorithm Version 1 Holding a call A telephone call is put on hold without breaking the connection inquiry brokering Holding in the PBX Both B channels of the ISDN connection are needed for the per formance features Call another person during a call and Speak al ternately with two people brokering As a re...

Page 561: ...rnet Engineering Task Force Index The index from 0 9 is fixed Every external multiple subscriber number entered is assigned to an index You need this index when configuring performance features using the telephone s codes e g configuring Call forwarding in the exchange or Define telephone number for the next external call Infrastructure mode A network in infrastructure mode is a network that conta...

Page 562: ...omP IP payload compression IPCONFIG A tool used on Windows computers to check or change its own IP settings IPoA IP over ATM ISDN Integrated Services Digital Network ISDN address The address of an ISDN device that consists of an ISDN number fol lowed by further numbers that relate to a specific terminal e g 47117 ISDN Basic Rate In terface ISDN subscriber connection The Basic Rate Interface consis...

Page 563: ...from out side As a further call is signalled over the D channel your PBX can depending on the setting specifically shut down a B channel so that you can take the call ISDN Intern al External Alternative name for the So bus ISDN PRI ISDN Primary Rate Interface ISO International Standardization Organization ISP Internet Service Provider ITU International Telecommunication Union Key Escrow Stored key...

Page 564: ...the Middle Attack Encryption using public keys requires the public keys to be ex changed first During this exchange the unprotected keys can be in tercepted easily making a man in the middle attack possible The attacker can set a key at an early stage so that a key known to the man in the middle is used instead of the intended key from the real communication partner MD5 See HMAC MD5 MFC Multifrequ...

Page 565: ...all forwarding a melody is played that the waiting subscriber hears On your PBX you can choose between two internal melodies MWI Transmission of a voice message from a mailbox e g T NetBox or MailBox to a terminal The receipt of the message on the terminal is signalled e g by a LED NAT Network Address Translation NDIS WAN NDIS WAN is a Microsoft enhancement of this standards in relation to wide ar...

Page 566: ... call forwarding in the exchange NMS Network Management Station Notebook function During a telephone call a telephone number can be entered in the telephone s buffer so that it can be dialled at a later point in time NT Network Termination NTBA Network Termination for Basic Access NTP Network Time Protocol OAM Operation and Maintenance Offline Without connection Connectionless operating state e g ...

Page 567: ...used for brokering Possible in T Net T ISDN and PBXs The ter minal must have MFC and the R key PBX Private Branch Exchange PBX The features offered by a PBX are manufacturer specific and enable operation of exchanges free internal calls callback on busy and conference calls among other things PBXs are used e g for office communication voice text and data transfer PBX Private Branch Exchange PBX PB...

Page 568: ...int to multipoint connection for the PBX You enter the multiple subscriber numbers received from T Com with the order confirmation in the table fields defined for them in the configuration As a rule you receive three multiple subscriber num bers but can apply for up to 10 telephone numbers for each con nection When you enter the telephone numbers they are assigned to an index and also to a team No...

Page 569: ...roxy ARP ARP Address Resolution Protocol PSN Packet Switched Network PSTN Public Switched Telephone Network PVID Port VLAN ID R key Telephones that have a R key inquiry key can also be connected to a PBX In modern telephones the R key triggers the hook flash function This is required for use of performance features in T Net such as inquiry brokering and three party conference RADIUS Remote Authent...

Page 570: ...ial state This may be necessary if you have made incor rect configuration settings or the device is to be reprogrammed RFC Specifications proposals ideas and guidelines relating to the Inter net are published in the form of RFCs request for comments Rijndael AES Rijndael AES was selected as AES due to its fast key generation low memory requirements and high level of security against attacks For mo...

Page 571: ...interface See Primary Rate Interface SAD The SAD Security Association Database contains information on security agreements such as AH or ESP algorithms and keys se quence numbers protocol modes and SA life For outgoing IPSec connections an SPD entry refers to an entry in the SAD i e the SPD defines which SA is to be applied For incoming IPSec connec tions the SAD is queried to determine how the pa...

Page 572: ... or telephony 3k1Hz The same applies for faxing Here too there is the collective term Fax plus a couple of more specific cases From a purely technical point of view the services are bits in a data word evaluated by means of a mask If you include several bits in the mask all these services are approved for activa tion while in the case of just one bit it is just the one selected ser vice Setup Tool...

Page 573: ...ct SMS enabled telephones to your PBX and thus use the SMS performance feature in the T Com fixed network SMSs are forwarded to the recipient via the T Com SMS server To send an SMS with an SMS enabled terminal the telephone number 0193010 of the SMS server must be prefixed to the recipient num ber This telephone number is already stored in your PBX so manu al input of the server telephone is not ...

Page 574: ...l costs at the end of a connection inquiry brokering telephone num ber transmission In the special features connection three multiple subscriber numbers are included as standard Specify own tele phone number for next call If you want to make a business call late in the evening from your private sphere say the living room for example you can define your business telephone number as the outgoing mul...

Page 575: ...ec tion is set up Addressing that goes beyond the pure MSN which can be used e g specifically to locate several ISDN terminals that can be reached on one telephone number for a particular service In the called terminal e g a PC various applications can also be ad dressed and in some cases executed Costs are charged for the performance feature and it must be requested separately from the network op...

Page 576: ...bps networks Switchable dialling method Option of switching between the pulse dialling method and MFC method by means of a switch or key input on the terminal such as the telephone or fax machine Synchronous Transmission process in which the sender and receiver operate with exactly the same clock signals in contrast to asynchronous trans mission Spaces are bridged by a stop code Syslog Syslog is u...

Page 577: ...igital telephone network of T Com for connecting analogue ter minals T NetBox The answering machine in T Net and T ISDN The T NetBox can store up to 30 messages T NetBox telephone number Enter the current T NetBox telephone number here if it differs from the 08003302424 entered ex works As soon as your T NetBox re ceives a voice or fax message notification is sent to your PBX T Online Umbrella ter...

Page 578: ...echnology and describes data communication between systems and devices Telnet Protocol from the TCP IP protocol family Telnet enables communic ation with a remote device in the network Terminal adapter Device for interface adaptation It enables different equipment to be connected to T ISDN The terminal adapter a b is used to connect analogue terminals to the So interface of the ISDN Basic Rate Int...

Page 579: ... it is dis carded Twofish Twofish was a possible candidate for the AES Advanced Encryp tion Standard It is regarded as just as secure as Rijndael AES but is slower U ADSL Universal Asymmetric Digital Subscriber Line UDP User Datagram Protocol Update Update to a software program PBX firmware An update is the up dated version of an existing software product and is indicated by a new version number U...

Page 580: ...odems data is sent in digital form to the client when the V 90 standard is used and does not need to be first converted from digital to analogue on one side of the modem provider as was the case with V 34 and earlier modems This makes higher transmission rates possible A maximum speed of 56 kbps can be achieved only under optimum conditions Vanity Letter dialling VDSL Very high bit rate digital su...

Page 581: ...ers secure encryption and authentication Uses 802 1x and the Extensible Au thentication Protocol EAP and thus offers an effective means of user authentication WPA PSK Intended for private users or small businesses that do not run a central authentication server PSK stands for Pre Shared Key and means that AP and client use a fixed character string 8 to 63 char acters known to all subscribers as th...

Page 582: ...telephone directory The Internet supports several databases with information on users such as e mail addresses telephone numbers and postal ad dresses You can search these databases to obtain information about individuals X 509 ITU T standards that define the format of the certificates and certific ate queries and their use Glossary Funkwerk Enterprise Communications GmbH 568 bintec Rxxx2 RTxxx2 ...

Page 583: ... Allowed Addresses 179 Allowed HotSpot Client 473 Always on 263 269 273 278 286 348 355 Answer to client request 467 APN Access Point Name 122 Apply QoS 369 Area 518 Area ID 239 241 ARP Lifetime 227 ARP Processing 175 As DHCP Server 416 As IPCP Server 416 Assert State 525 526 Assert Winner IP Address 525 526 Assigned Wireless Network VSS 166 Associated Line 405 ATM Interface 143 ATM PVC 273 ATM Se...

Page 584: ...e 143 Code 378 Codec Proposal Sequence 390 397 Comfort Noise Generation CNG 391 398 Command Mode 448 Command Type 448 Common Name 115 Compare Condition 443 Compare Value 443 Compression 95 307 310 351 358 Configuration Encryption 488 Configuration contains certificates keys 448 Configuration Interface 92 Configured Speed Mode 125 Confirm Admin Password 83 Congestion Avoidance RED 217 Connection St...

Page 585: ... 206 220 Destination Port Range 378 Details 507 Device Mode 143 DH Group 326 DHCP Hostname 150 296 DHCP Options 430 DHCP Server 162 DHCP Broadcast Flag 150 DHCP Client on Interface 227 DHCP MAC Address 150 296 Dial Latency 408 Dialling Number 465 Direction 209 233 405 511 512 Distribution Mode 198 Distribution Policy 198 199 Distribution Ratio 200 DNS Hostname 418 DNS Negotiation 266 270 275 284 2...

Page 586: ... server 414 Faxheader 441 File Encoding 118 119 File Name 448 File Name in Flash 448 Filename 488 Filter 209 Filter Rules 371 Filtered Input Interface s 434 Firewall Status 373 First Timeserver 86 Flow Control 125 Force certificate to be trusted 110 Forward 420 Forward to 420 Forwarded Requests 422 Fragmentation Threshold 172 Frozen Parameters 204 Full Filtering 373 G Garbage Collection Timer 236 ...

Page 587: ...Compression 335 IP Accounting 495 IP Address 240 296 298 418 432 478 493 503 514 520 521 IP Address Assignment 318 IP Address Mode 265 269 274 279 287 349 356 IP Address Range 429 IP Address Range 162 IP Address Netmask 149 233 IP Address Owner 474 IP Assignment Pool 279 287 318 IP Assignment Pool IPCP 349 356 IP Pool Name 429 IP Pool Name 292 339 363 IP Pool Range 292 339 363 IPSec Phase 2 510 IP...

Page 588: ...lly resetting the device 18 Master down trials 479 Matching String 499 Max Clients 175 Max incomming control connections per remote IP Address 361 Max queue size 217 Max Receive Lifetime 172 Max Transmission Rate 171 Max Transmit MSDU Lifetime 172 Maximum Number of Dialup Retries 266 270 275 281 288 Maximum Retries 346 Maximum Groups 251 Maximum Message Level of Syslog Entries 80 Maximum Messages ...

Page 589: ...tive Cache 414 Negotiation Type 508 Neighbor 517 Netmask 227 296 298 349 Network Address 227 Network Configuration 227 Network Type 186 Network Name SSID 175 New Destination IP Address Netmask 196 New File Name 488 New Source IP Address Netmask 187 196 No 190 506 513 Number of Messages 499 Number of Spatial Streams 169 Number of Dialling Retries 466 Number of Admitted Connections 319 Number of B C...

Page 590: ...ion queue 215 Prioritize TCP ACK Packets 266 270 275 288 298 307 310 351 358 Priority 101 106 202 215 369 401 417 Propagate PMTU 335 Propagate routes bound on discard re fuse interface 243 Propagation Delay 255 Proposals 326 333 Protocol 194 202 206 220 378 383 385 387 393 427 448 493 Protocol Header Size below Layer 3 212 Provider 295 425 Provider Name 427 Proxy Interface 250 Proxy ARP 150 320 Pr...

Page 591: ...ariable Timer 235 RIP UDP Port 235 Robustness 248 Role 337 Route Announce 231 Route Entries 265 269 274 279 287 306 309 318 349 356 364 Route Selector 200 Route Timeout 236 Route Type 186 Router ID 517 518 Routing table updates caused by Ex ternal Advertisements 519 Routing table updates caused by Sum mary Links Advertisements 519 RSA Key Status 96 RTS Threshold 172 RTSP Port 411 RTSP Proxy 411 RT...

Page 592: ... Endpoint IP Address 387 393 SIP Header Field s for Caller Address 396 Slave AP location 162 SMTP Authentication 497 SMTP Server 497 SNMP 93 SNMP Version 98 SNMP Listen UDP Port 98 SNMP Read Community 83 SNMP Trap Broadcasting 502 SNMP Trap Community 502 SNMP Trap UDP Port 502 SNMP Write Community 83 Sort Order 390 397 Source 369 Source Interface 187 202 252 Source Location 448 Source Port 187 Sou...

Page 593: ...tus 448 Triggered Hello Interval 255 Trunk Mode 393 TTL 418 Tunnel Profile 348 Tx Bytes 513 Tx Errors 513 Tx Packets 513 Type 206 220 295 378 399 513 518 Type of Endpoint 385 Type of Messages 493 Type of traffic 193 U UDP Inactivity 373 UDP Destination Port 345 UDP Destination Port 353 504 UDP Port 103 UDP Source Port 345 UDP Source Port Selection 353 Unchanged for 513 Unsuccessful Trials 460 Upda...

Page 594: ...Address 478 Virtual Router Master 474 VLAN 179 263 VLAN Identifier 153 VLAN Members 153 VLAN ID 149 179 263 VLAN Name 153 VRRP Advertisement 474 VRRP router 474 W Walled Garden 471 Walled Network 471 Walled Garden URL 471 Web Filter Status 434 Weight 215 WEP Key 1 4 176 Whitelisted 438 Wildcard 426 WINS Server 414 Wire Mode 143 Wireless Mode 171 WLC SSID 448 WMM 175 WPA Cipher 176 WPA Mode 176 WPA...

Reviews:

No comments

Related manuals for R1202

Ubisys G1 Assembly And Commissioning Instructions preview
G1
Brand: Ubisys Pages: 51
H3C Voice Gateway H3C VG 10-10 Safety Manual preview
Voice Gateway H3C VG 10-10
Brand: H3C Pages: 31
H3C SR6602-I AI Series Installation Manual preview
SR6602-I AI Series
Brand: H3C Pages: 80
H3C SR6602-I AI Series Hardware Information preview
SR6602-I AI Series
Brand: H3C Pages: 33
H3C SecPath M9000 Series Quick Manual preview
SecPath M9000 Series
Brand: H3C Pages: 4
H3C SecPath M9000 Series Installation, Quick Start preview
SecPath M9000 Series
Brand: H3C Pages: 15
H3C MSR3610-I Series Installation, Quick Start preview
MSR3610-I Series
Brand: H3C Pages: 5
H3C SecPath M9000 Series Compliance And Safety Manual preview
SecPath M9000 Series
Brand: H3C Pages: 57
NBN Fibre to the Curb Setup Manual preview
Fibre to the Curb
Brand: NBN Pages: 9
Patton SmartNode SN4150 User Manual preview
SmartNode SN4150
Brand: Patton Pages: 80
EAE DA110 Product Manual preview
DA110
Brand: EAE Pages: 22
Gree ME30-44/D2 B Owner'S Manual preview
ME30-44/D2 B
Brand: Gree Pages: 24
Telco Access 211N Installation Manual preview
Access 211N
Brand: Telco Pages: 4
iSMA CONTROLLI iSMA-B-MG-IP User Manual preview
iSMA-B-MG-IP
Brand: iSMA CONTROLLI Pages: 29
Paradyne WIRELESS DATA GATEWAY Installation And Operation Manual preview
WIRELESS DATA GATEWAY
Brand: Paradyne Pages: 66
Sharp DN3E6JE074 User Manual preview
DN3E6JE074
Brand: Sharp Pages: 16
Bang & Olufsen BeoLink 1703 Installation Manual preview
BeoLink 1703
Brand: Bang & Olufsen Pages: 62
SAGEMCOM F@ST 5355 Manual preview
F@ST 5355
Brand: SAGEMCOM Pages: 29

Brands by name

Popular brands

Load more brands