Huawei B222s User Manual Download | Manualshive

Page: 235 / 259

background image

Appendix D Wireless LANs

B222s User’s Guide

235

RADIUS is a simple package exchange in which your AP acts as a message relay between the
wireless client and the network RADIUS server.

Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the RADIUS
server for user authentication:

• Access-Request

Sent by an access point requesting authentication.

• Access-Reject

Sent by a RADIUS server rejecting access.

• Access-Accept

Sent by a RADIUS server allowing access.

• Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access point
sends a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the RADIUS
server for user accounting:

• Accounting-Request

Sent by the access point requesting accounting.

• Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a shared secret
key, which is a password, they both know. The key is not sent over the network. In addition to the
shared key, password information exchanged is also encrypted to protect the network from
unauthorized access.

Types of EAP Authentication

This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and
LEAP. Your wireless LAN device may not support all authentication types.

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE
802.1x transport mechanism in order to support multiple types of user authentication. By using EAP
to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a
RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that
supports IEEE 802.1x. .

For EAP-TLS authentication type, you must first have a wired connection to the network and obtain
the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used
to authenticate users and a CA issues certificates and guarantees the identity of each certificate
owner.

«
...
233
234
235
236
237
...
»

Summary of Contents for B222s

Page 1: ...www zyxel com www huawei com B222s LTE Outdoor CPE IMPORTANT Copyright 2012 Huawei Technologies Co LTD Edition 1 6 2012 Default Login Details Web Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ...as been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guid shows how to connect the LTE Device and access the Web Configurator wizards See the wizard real time help for information on configuring each screen It also contains a connection diagram and package contents list Note It is recommended you use the Web Configurator to ...

Page 3: ...9 Broadband 35 Wireless 43 Home Networking 69 Routing 75 DNS Route 79 Quality of Service QoS 83 Network Address Translation NAT 95 Dynamic DNS 103 Firewall 105 MAC Filter 115 Parental Control 117 VoIP 121 Logs 145 Traffic Status 149 User Account 155 Remote MGMT 157 System 159 Time Setting 161 Log Setting 163 Firmware Upgrade 165 Backup Restore 167 Diagnostic 171 Troubleshooting 173 ...

Page 4: ...Contents Overview B222s User s Guide 4 ...

Page 5: ... 4 Ways to Manage the LTE Device 18 1 5 Good Habits for Managing the LTE Device 18 1 6 LEDs Lights 18 1 7 The RESET Button 20 Chapter 2 Introducing the Web Configurator 21 2 1 Overview 21 2 1 1 Accessing the Web Configurator 21 2 2 The Web Configurator Layout 23 2 2 1 Title Bar 23 2 2 2 Main Window 24 2 2 3 Traffic Status 24 2 2 4 User Account 24 2 2 5 Navigation Panel 24 Part II Technical Referen...

Page 6: ... 2 The Wireless General Screen 45 5 2 1 No Security 47 5 2 2 Basic Static WEP Shared WEP Encryption 47 5 2 3 More Secure WPA 2 PSK 49 5 2 4 WPA 2 Authentication 50 5 3 The More AP Screen 51 5 3 1 Edit More AP 52 5 4 The WPS Screen 53 5 5 The WMM Screen 55 5 6 Scheduling Screen 57 5 7 Technical Reference 57 5 7 1 Additional Wireless Terms 58 5 7 2 Wireless Security Overview 58 5 7 3 Signal Problems...

Page 7: ...2 What You Need to Know 83 9 2 The QoS General Screen 84 9 3 The Queue Setup Screen 86 9 3 1 Add Edit a QoS Queue 87 9 4 The Class Setup Screen 87 9 4 1 Add Edit QoS Class 89 9 5 The QoS Monitor Screen 92 9 6 QoS Technical Reference 92 9 6 1 IEEE 802 1p 93 9 6 2 IP Precedence 93 9 6 3 DiffServ 93 Chapter 10 Network Address Translation NAT 95 10 1 Overview 95 10 1 1 What You Can Do in this Chapter ...

Page 8: ...ry Screen 108 12 4 The Access Control Screen 109 12 4 1 The Add New ACL Rule Edit Screen 110 12 5 The DoS Screen 111 12 6 Firewall Technical Reference 112 12 6 1 Guidelines For Enhancing Security With Your Firewall 112 12 6 2 Security Considerations 112 Chapter 13 MAC Filter 115 13 1 Overview 115 13 1 1 What You Need to Know 115 13 2 The MAC Filter Screen 115 Chapter 14 Parental Control 117 14 1 O...

Page 9: ... Chapter 16 Logs 145 16 1 Overview 145 16 1 1 What You Can Do in this Chapter 145 16 1 2 What You Need To Know 145 16 2 The System Log Screen 146 16 3 The Phone Log Screen 147 16 4 The VoIP Call History Screen 147 Chapter 17 Traffic Status 149 17 1 Overview 149 17 1 1 What You Can Do in this Chapter 149 17 2 The WAN Status Screen 149 17 3 The LAN Status Screen 150 17 4 The NAT Status Screen 151 17...

Page 10: ...165 23 1 Overview 165 23 2 The Firmware Upgrade Screen 165 Chapter 24 Backup Restore 167 24 1 Overview 167 24 2 The Backup Restore Screen 167 24 3 The Reboot Screen 169 Chapter 25 Diagnostic 171 25 1 Overview 171 25 2 The Ping TraceRoute Screen 171 Chapter 26 Troubleshooting 173 26 1 Overview 173 26 2 Power Hardware Connections and LEDs 173 26 3 LTE Device Access and Login 174 26 4 Internet Access...

Page 11: ... s Guide 11 Appendix B Setting Up Your Computer s IP Address 189 Appendix C Pop up Windows JavaScript and Java Permissions 219 Appendix D Wireless LANs 229 Appendix E Common Services 249 Appendix F Legal Information 253 Index 255 ...

Page 12: ...Table of Contents B222s User s Guide 12 ...

Page 13: ...13 PART I User s Guide ...

Page 14: ...14 ...

Page 15: ...omplete security solution with a robust firewall based on Stateful Packet Inspection SPI technology and Denial of Service DoS See the chapter on product specifications for a full list of features 1 2 Applications for the LTE Device Here are some example uses for which the LTE Device is well suited 1 2 1 Internet Access Your LTE Device provides Internet access by connecting to an LTE network wirele...

Page 16: ...ss Connection By default the wireless LAN WLAN is enabled on the LTE Device Once Wireless is enabled IEEE 802 11b g n compliant clients can wirelessly connect to the LTE Device to access network resources You can set up a wireless network with WPS WiFi Protected Setup or manually add a client to your wireless network Figure 3 Wireless Connection Application 1 3 The WLAN Button You can use the WIRE...

Page 17: ... 1 Make sure the PWR SYS LED is on not blinking 2 Press the WIRELESS On Off button for more than five seconds and release it Press the WPS button on another WPS enabled device within range of the LTE Device The WLAN WPS LED should flash while the LTE Device sets up a WPS connection with the wireless device Note You must activate WPS in the LTE Device and in another wireless device within two minut...

Page 18: ... will have to reset the LTE Device to its factory default settings If you backed up an earlier configuration file you would not have to totally re configure the LTE Device You could simply restore your last configuration Keep in mind that backing up a configuration file will not back up passwords used to set up PPPoE and VoIP Write down any information your ISP provides you 1 6 LEDs Lights The fol...

Page 19: ...less clients Orange Blinking The LTE Device is setting up a WPS connection Off The wireless network is not activated PHONE Green On A SIP account is registered for the phone port Blinking A telephone connected to the phone port has its receiver off of the hook or there is an incoming call Orange On A SIP account is registered for the phone port and there is a voice message in the corresponding SIP...

Page 20: ...configuration file This means that you will lose all configurations that you had previously and the passwords will be reset to the defaults 1 Make sure the POWER LED is on not blinking 2 To set the device back to the factory default settings press the RESET button for 5 seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink the defaults have been rest...

Page 21: ...vaScript enabled by default Java permissions enabled by default See Appendix C on page 219 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator 1 Make sure your LTE Device hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser 3 Type 192 168 1 1 as the URL 4 A password screen displays Type admin as the defau...

Page 22: ...t password Enter a new password retype it to confirm and click Apply alternatively click Skip to proceed to the main menu if you do not want to change the password now Figure 7 Change Password Screen 6 The Connection Status screen appears Figure 8 Connection Status 7 Click System Info to display the System Info screen where you can view the LTE Device s interface and system information ...

Page 23: ...ollowing screen See Section 3 3 on page 31 for more information Figure 9 Web Configurator Layout As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel 2 2 1 Title Bar The title bar shows the following icon in the upper right corner Click this icon to log out of the web configurator B C A a b ...

Page 24: ...appears showing the connection status of the LTE Device s ports The connected ports are in color and disconnected ports are gray Figure 10 Virtual Device 2 2 3 Traffic Status Use the Maintenance Traffic Status screens to look at network traffic status and statistics of the WAN LAN interfaces and NAT See Chapter 20 on page 159 for more information 2 2 4 User Account Use the Maintenance User Account...

Page 25: ...s screen to enable QoS and decide allowable bandwidth using QoS Queue Setup Use this screen to configure QoS queue assignment Class Setup Use this screen to set up classifiers to sort traffic into different flows and assign priority and define actions to be performed for a classified traffic flow Monitor Use this screen to view each queue s statistics NAT Port Forwarding Use this screen to make yo...

Page 26: ...ssions on the LTE Device VoIP Status VoIP Status Use this screen to view the SIP phone and call status of the LTE Device Maintenance Users Account Users Account Use this screen to configure the passwords your user accounts Remote MGMT Remote MGMT Use this screen to enable specific traffic directions for network services System System Use this screen to configure the LTE Device s name domain name m...

Page 27: ...27 PART II Technical Reference The appendices provide general information Some details may not apply to your LTE Device ...

Page 28: ...28 ...

Page 29: ... status of the device system resources interfaces LAN WAN and WLAN and SIP accounts You can also register and unregister SIP accounts If you click Virtual Device on the System Info screen a visual graphic appears showing the connection status of the LTE Device s ports See Section 2 2 2 on page 24 for more information 3 2 The Connection Status Screen Use this screen to view the network connection s...

Page 30: ... LTE Device to update this screen in Refresh Interval Figure 11 Connection Status Icon View Figure 12 Connection Status List View In Icon View if you want to view information about a client click the client s name and Info Click the IP address if you want to change it If you want to change the name or icon of the client click Change name icon In List View you can also view the client s information...

Page 31: ... the web configurator language from the drop down list box Refresh Interval Select how often you want the LTE Device to update this screen from the drop down list box Device Information Host Name This field displays the LTE Device system name It is used for identification You can change this in the Maintenance System screen s Host Name field Model Name This is the model name of your device MAC Add...

Page 32: ...een configured SSID 1 4 Information SSID This is the descriptive name used to identify the LTE Device in the wireless LAN Status This shows whether or not the SSID is enabled on Security Mode This displays the type of security the LTE Device is using in the wireless LAN LTE Status Status This displays 4G LTE if there is an LTE connection otherwise it displays N A Signal Strength This displays the ...

Page 33: ...ughput is not going to improve anymore If you want some applications to have more throughput you should turn off other applications Memory Usage This field displays what percentage of the LTE Device s memory is currently used Usually this percentage should not increase much If memory usage does get close to 100 the LTE Device is probably becoming unstable and you should restart the device See Chap...

Page 34: ...e when the SIP account has been registered and ready for use or In Active when the SIP account is not yet registered URI This field displays the account number and service domain of the SIP account You can change these in VoIP SIP SIP Settings Table 3 System Info Screen continued LABEL DESCRIPTION ...

Page 35: ...tions This LTE Device supports LTE connection for the WAN only Figure 14 LAN and WAN 4 1 1 What You Can Do in this Chapter Use the Broadband screen to view remove or add an LTE WAN interface You can also configure the WAN settings on the LTE Device for Internet access Section 4 2 on page 38 4 1 2 What You Need to Know The following terms and concepts may help as you read this chapter Encapsulation...

Page 36: ... is required for LTE stations to enter the LTE network and then the Internet CAPWAP The LTE Device supports CAPWAP This is ZyXEL s implementation of the CAPWAP protocol RFC 5415 The CAPWAP dataflow is protected by Datagram Transport Layer Security DTLS The following figure illustrates a CAPWAP wireless network You U configure the AP controller C which then automatically updates the configurations ...

Page 37: ...vice can find the controller in one of the following ways Manually specify the controller s IP address using the commands See the LTE Device CLI Reference Guide for details Get the controller s IP address from a DHCP server with the controller s IP address configured as option 138 Broadcasting to discover the controller within the broadcast domain The AP controller must have a static IP address it...

Page 38: ...AP s link to the AP controller is broken the managed AP continues to use the wireless settings with which it was last provided 4 1 3 Before You Begin You may need to know your Internet access settings such as LTE APN WAN IP address and SIM card s PIN code if the INTERNET light on your LTE Device is off Get this information from your service provider 4 2 The Broadband Screen The LTE Device must hav...

Page 39: ...ange in this section Cancel Click this to restore your previously saved settings in this section Internet Setup Name This is the service name of the connection APN This is the name of the LTE network to which the LTE Device will connect Encapsulation This shows the method of encapsulation used by this connection NAT This shows whether NAT is activated or not for this connection NAT is not availabl...

Page 40: ... Select IPv4 Only if you just connect this WAN interface to an IPv4 network Select IPv6 IPv4 Dual Stack if you connect this WAN interface to both an IPv6 and an IPv4 networks Select IPv6 Only if you just connect this WAN interface to an IPv6 network MTU The Maximum Transmission Unit MTU defines the size of the largest packet allowed on an interface or connection Enter the MTU for this WAN interfac...

Page 41: ...t you must know the IP address of a computer before you can access it The LTE Device can get the DNS server addresses in the following ways 1 The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses manually enter them in the DNS server fields 2 If your ISP dynamically assigns the DNS server IP addresses alon...

Page 42: ... 1495 9 MHz 1510 9 MHz FDD 24 1626 5 MHz 1660 5 MHz 1525 MHz 1559 MHz FDD 33 1900 MHz 1920 MHz 1900 MHz 1920 MHz TDD 34 2010 MHz 2025 MHz 2010 MHz 2025 MHz TDD 35 1850 MHz 1910 MHz 1850 MHz 1910 MHz TDD 36 1930 MHz 1990 MHz 1930 MHz 1990 MHz TDD 37 1910 MHz 1930 MHz 1910 MHz 1930 MHz TDD 38 2570 MHz 2620 MHz 2570 MHz 2620 MHz TDD 39 1880 MHz 1920 MHz 1880 MHz 1920 MHz TDD 40 2300 MHz 2400 MHz 2300...

Page 43: ...erate each day Section 5 6 on page 57 You don t necessarily need to use all these screens to set up your wireless connection For example you may just want to set up a network name a wireless radio channel and some security in the General screen 5 1 2 Wireless Network Overview Wireless networks consist of wireless clients access points and bridges A wireless client is a radio connected to a user s ...

Page 44: ... Every device in the same wireless network must use security compatible with the AP Security stops unauthorized devices from using the wireless network It can also protect the information that is sent in the wireless network Radio Channels In the radio spectrum there are certain frequency bands allocated for unlicensed civilian use For the purposes of wireless networking these bands are divided in...

Page 45: ...r wireless devices support WPA PSK for example What is the best one to use Do the other wireless devices support WPS Wi Fi Protected Setup If so you can set up a well secured network very easily Even if some of your devices support WPS and some do not you can use WPS to set up your network and then add the non WPS devices manually although this is somewhat more complicated to do What advanced opti...

Page 46: ...lect this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool BSSID This shows the MAC address of the wireless interface on the LTE Device when wireless LAN is enabled Mode Select This makes sure that only compliant WLAN devices can associate with the LTE Device Select 802 11b g n to allow IEEE802 11b IEEE802 11g and...

Page 47: ...erence changing the channel may help Try to use a channel that is as many channels away from any channels used by neighboring APs as possible The channel number which the LTE Device is currently using then displays in the Operating Channel field Operating Channel This is the channel currently being used by your AP Security Level Security Mode Select Basic or More Secure to add security on this wir...

Page 48: ...from the Security Mode list Figure 22 Wireless General Basic Static WEP Shared WEP The following table describes the labels in this screen Table 9 Wireless General Basic Static WEP Shared WEP LABEL DESCRIPTION Security Mode Choose Static WEP or Shared WEP from the drop down list box Select Static WEP to have the LTE Device allow association with wireless clients that use Open System mode Data tran...

Page 49: ...General screen Select More Secure as the security level Then select WPA PSK or WPA2 PSK from the Security Mode list Figure 23 Wireless General More Secure WPA 2 PSK The following table describes the labels in this screen Table 10 Wireless General WPA 2 PSK LABEL DESCRIPTION Security Level Select More Secure to enable WPA 2 PSK data encryption Security Mode Select WPA PSK or WPA2 PSK from the drop ...

Page 50: ...Then select WPA or WPA2 from the Security Mode list Figure 24 Wireless General More Secure WPA 2 WPA PSK Compatible This field appears when you choose WPA PSK2 as the Security Mode Check this field to allow wireless devices using WPA PSK security mode to connect to your LTE Device The LTE Device supports WPA PSK and WPA2 PSK simultaneously Encryption If the security mode is WPA PSK the encryption ...

Page 51: ...he external authentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up to 128 alphanumeric characters as the key to be shared between the external authentication server and the LTE Device The key must be the same on the external authentication server and ...

Page 52: ...gray bulb signifies that this SSID is not active SSID An SSID profile is the set of parameters relating to one of the LTE Device s BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field displays the name of the wireless profile on the network When a wireless client scans for an AP to associate with this is the name that is broadcast an...

Page 53: ...the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool BSSID This shows the MAC address of the wireless interface on the LTE Device when wireless LAN is enabled Security Level Security Mode Select Basic...

Page 54: ... a new device with WPS Method Method 1 PBC Use this section to set up a WPS wireless network using Push Button Configuration PBC WPS Click this button to add another WPS enabled wireless device within wireless range of the LTE Device to your wireless network This button may either be a physical button on the outside of device or a menu button similar to the WPS button on this screen Note You must ...

Page 55: ... Device create a new PIN Status This displays Configured when the LTE Device has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have been changed The current wireless and wireless security settings also appear in the screen This displays Not Configured when there is no wireless or wireless security changes on the LTE Device or you cli...

Page 56: ...ice a priority level according to the ToS value in the IP header of packets it sends WMM QoS Wifi MultiMedia Quality of Service gives high priority to voice and video which makes them run more smoothly Enable WMM Automatic Power Save Deliver APSD Click this to increase battery life for battery powered wireless clients APSD uses a longer beacon interval when transmitting traffic that does not requi...

Page 57: ...ppendix Table 16 Network Setting Wireless Scheduling LABEL DESCRIPTION Wireless LAN Scheduling Select Enable to activate wireless LAN scheduling on your LTE Device WLAN status Select On or Off to enable or disable the wireless LAN Day Select the day s you want to turn the wireless LAN on or off Between the following times Specify the time period during which to apply the schedule For example you w...

Page 58: ...curity standard is very secure if you use a long key which is difficult for an attacker s software to guess for example a twenty letter long string of apparently random numbers and letters but it is not very secure if you use a short key which is very easy to guess for example a three letter word from the dictionary Because of the damage that can be done by a malicious attacker it s not just peopl...

Page 59: ...ell the LTE Device which devices are allowed or not allowed to use the wireless network If a device is allowed to use the wireless network it still has to have the correct information SSID channel and security If a device is not allowed to use the wireless network it does not matter if it has the correct information This type of security does not protect the information that is sent in the wireles...

Page 60: ...nauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your LTE Device you can also select an option WPA compatible to support WPA as well In this case if some of the devices support WPA and some support WPA2 you should set up WPA2 PSK or WPA2 depending on the type of wireless network login and select the WPA compatible option in the ...

Page 61: ... APs to configure different Basic Service Sets BSSs As well as the cost of buying extra APs there is also the possibility of channel interference The LTE Device s MBSSID Multiple Basic Service Set IDentifier function allows you to use one access point to provide several BSSs simultaneously You can then assign varying QoS priorities and or security modes to different SSIDs Wireless devices can use ...

Page 62: ...Ensure that the two devices you want to set up are within wireless range of one another 2 Look for a WPS button on each device If the device does not have one log into its configuration utility and locate the button see the device s User s Guide for how to do this for the LTE Device see Section 5 4 on page 53 3 Press the button on one of the devices it doesn t matter which For the LTE Device you m...

Page 63: ...n of the client s configuration interface see the device s User s Guide for how to find the WPS PIN for the LTE Device see Section 5 4 on page 53 4 Enter the client s PIN in the AP s configuration interface 5 If the client device s configuration interface has an area for entering another device s PIN you can either enter the client s PIN in the AP or enter the AP s PIN in the client it does not ma...

Page 64: ...acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the existing in...

Page 65: ...t is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act as enrollee or registrar in subsequent WPS connec...

Page 66: ... know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this case AP1 must be the registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 34 WPS Example Network Step ...

Page 67: ...ollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices However you can still add non WPS devices to a network you already set up using WPS WPS works by automatically issuing a randoml...

Page 68: ...is has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open the access point s configuration interface and look at the list of associated clients usually displayed by MAC address It does not matter if the access point is the WPS registrar the enrollee or was not...

Page 69: ...n to set the LAN IP address subnet mask and DHCP settings Section 6 2 on page 71 Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 6 3 on page 72 Use the UPnP screen to enable UPnP Section 6 4 on page 73 6 1 2 What You Need To Know The following terms and concepts may help as you read this chapter 6 1 2 1 About LAN IP...

Page 70: ... addresses you enter when you set up DHCP are passed to the client machines along with the assigned IP address and subnet mask 6 1 2 2 About UPnP How do I know if I m using UPnP UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed on your network will appear as a separate icon Selecting the icon of a UPnP device will allow you to...

Page 71: ...1 1 factory default IP Subnet Mask Type the subnet mask of your network in dotted decimal notation for example 255 255 255 0 factory default Your LTE Device automatically computes the subnet mask based on the IP address you enter so do not change this field unless you are instructed to do so DHCP Server State DHCP Select Enable to have your LTE Device assign IP addresses an IP default gateway and ...

Page 72: ...NS Proxy if Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right If you chose User Defined but leave the IP address set to 0 0 0 0 User Defined changes to None after you click Apply If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you click Apply Select None i...

Page 73: ...net adapter has a hardwired address that is assigned at the factory This address follows an industry standard that ensures no other adapter has a similar address IP Address This field displays the IP address relative to the field listed above Reserve Select the check box in the heading row to automatically select all check boxes or select the check box es in each entry to have the LTE Device alway...

Page 74: ...ting Home Networking UPnP The following table describes the labels in this screen Table 22 Network Settings Home Networking UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP Be aware that anyone could use a UPnP application to open the web configurator s login screen without entering the LTE Device s IP address although you must still enter the password to access the web configurator Appl...

Page 75: ...ic routes For example the next figure shows a computer A connected to the LTE Device s LAN interface The LTE Device routes most traffic from A to the Internet through the LTE Device s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LA...

Page 76: ...e static route is currently in use or not A yellow bulb signifies that this static route is in use A gray bulb signifies that this static route is not in use Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The ...

Page 77: ...ou need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address You can decide if you want to forward packets to a gateway IP address or a bound interface If you want to configure Gateway IP Address enter the IP address of the next hop...

Page 78: ...Chapter 7 Routing B222s User s Guide 78 ...

Page 79: ...ain names that do not match any DNS routing entry After the LTE Device receives a DNS reply from a DNS server it creates a new entry for the resolved IP address in the routing table In the following example the DNS server 168 92 5 1 obtained from the WAN interface atm0 100 is set to be the system DNS server The DNS server 10 10 23 7 is obtained from the WAN interface ppp1 123 You configure a DNS r...

Page 80: ...ormation for a DNS route Figure 45 DNS Route Add Edit Table 25 Network Setting DNS Route LABEL DESCRIPTION Add new DNS route Click this to create a new entry This is the number of an individual DNS route Status This shows whether the DNS route is currently in use or not A yellow bulb signifies that this DNS route is in use A gray bulb signifies that this DNS route is not in use Domain Name This is...

Page 81: ... wildcard character an asterisk as the left most part of a domain name such as example com The LTE Device forwards DNS queries for any domain name ending in example com to the WAN interface specified in this route WAN Interface Select a WAN interface through which the matched DNS query is sent You must have the WAN interface s already configured in the Broadband screen Apply Click Apply to save yo...

Page 82: ...Chapter 8 DNS Route B222s User s Guide 82 ...

Page 83: ...ons include both those that require a low level of latency delay and a low level of jitter variations in delay such as Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video Note The LTE Device has built in configurations for Voice over IP IP The Quality of Service QoS feature does not affect VoIP traffic See Section 9 6 on page 92 for advanced tech...

Page 84: ... a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whether to add or change the DSCP DiffServ Code Point value and IEEE 802 1p priority level in a matched packet When the packet passes through a compatible network the networking device such as a backbone switch can provide specific ...

Page 85: ...ansmission speed of 1 Mbps Setting this number higher than the interface s actual transmission speed will stop lower priority traffic from being sent if higher priority traffic uses all of the actual bandwidth If you set this number lower than the interface s actual transmission speed the LTE Device will not use some of the interface s available bandwidth Leave this field blank to have the LTE Dev...

Page 86: ...ive or not A yellow bulb signifies that this queue is active A gray bulb signifies that this queue is not active Name This shows the descriptive name of this queue Interface This shows the name of the LTE Device s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Buffer Management This shows the queue mana...

Page 87: ...them run more smoothly Similarly give low priority to many large file downloads so that they do not reduce the quality of other applications Table 29 Queue Setup Add Edit LABEL DESCRIPTION Active Select to enable or disable this queue Name Enter the descriptive name of this queue Interface This shows the interface of this queue Priority Select the priority level from 1 to 7 of this queue The large...

Page 88: ...Class Name This is the name of the classifier Classification Criteria This shows criteria specified in this classifier for example the interface from which traffic of this class should come and the source MAC address of traffic that matches this classifier Forward to This is the interface through which traffic that matches this classifier is forwarded out DSCP Mark This is the DSCP number added to...

Page 89: ...he labels in this screen Table 31 Class Setup Add Edit LABEL DESCRIPTION Class Configuration Active Select to enable this classifier Class Name Enter a descriptive name of up to 32 printable English keyboard characters including spaces Classification Order Select an existing number for where you want to put this classifier to move the classifier to the number you selected after clicking Apply Sele...

Page 90: ... Select the check box and enter the source MAC address of the packet MAC Mask Type the mask for the specified MAC address to determine which bits a packet s MAC address should match Enter f for each bit of the specified source MAC address that the traffic s MAC address should match Enter 0 for the bit s of the matched traffic s MAC address which can be of any hexadecimal character s For example if...

Page 91: ...hen you select IP in the Ether Type field Select this option and specify a DSCP DiffServ Code Point number between 0 and 63 in the field provided TCP ACK This field is available only when you select IP in the Ether Type field If you select this option the matched TCP packets must contain the ACK Acknowledge flag DHCP This field is available only when you select IP in the Ether Type field and UDP i...

Page 92: ... Monitor LABEL DESCRIPTION Monitor Refresh Interval Select how often you want the LTE Device to update this screen Select No Refresh to stop refreshing statistics Status This is the index number of the entry Name This shows the name of the WAN interface on the LTE Device Pass Rate bps This shows how much traffic bps forwarded to this interface are transmitted successfully Queue Monitor This is the...

Page 93: ...ces to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service TOS field in the...

Page 94: ...vice will not conflict with the DSCP mapping The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule different kinds of traffic can be marked for different kinds of forwarding Resources can then be allocated according to the DSCP values and the configured policies DSCP 6 bits Unused 2 bits ...

Page 95: ...concepts may help as you read this chapter Inside Outside and Global Local Inside outside denotes where a host is located relative to the LTE Device for example the computers of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global local denotes the IP address of a host in a packet as the packet traverses a router for example the local address ref...

Page 96: ...ght be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports The most often used port numbers and services are shown in Appendix E on page 249 Please refer to RFC 1700 for further information about port numbers Note Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP server...

Page 97: ... manually added a service You can change this by clicking the edit icon WAN Interface This shows the WAN interface through which the service is forwarded Start Port This is the first external port number that identifies a service End Port This is the last external port number that identifies a service Translation Start Port This is the first internal port number that identifies a service Translati...

Page 98: ... the start port number here and the end port number in the External End Port field End Port Enter the last port of the original destination port range To forward only one port enter the port number in the External Start Port field above and then enter it again in this field To forward a series of ports enter the last port number in a series that begins with the port number in the External Start Po...

Page 99: ...ork Setting NAT Port Forwarding screen Figure 55 Network Setting NAT DMZ The following table describes the fields in this screen 10 4 The Sessions Screen Use the Sessions screen to limit the number of concurrent NAT sessions each client can use Click Network Setting NAT Sessions to display the following screen Figure 56 Network Setting NAT Sessions Table 36 Network Setting NAT DMZ LABEL DESCRIPTIO...

Page 100: ...address of an inside host in a packet when the packet is still in the local network while an inside global address IGA is the IP address of the same inside host when the packet is on the WAN side The following table summarizes this information NAT never changes the IP address either local or global of an outside host Table 37 Network Setting NAT Sessions LABEL DESCRIPTION MAX NAT Session Use this ...

Page 101: ...re information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 10 5 3 How NAT Works Each packet has two addresses a source address and a destination address For outgoing packets the ILA Inside Local Address is the source address on the LAN and the IGA Inside Global Address is the source address on the WAN For incoming packets the ILA is the destination address on ...

Page 102: ...Chapter 10 Network Address Translation NAT B222s User s Guide 102 ...

Page 103: ...ch time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 11 1 1 What You Need ...

Page 104: ...N Dynamic DNS Configuration Active Dynamic DNS Select this check box to use dynamic DNS Service Provider Select the name of your Dynamic DNS service provider Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider Host Name Type the domain name assigned to your LTE Device by your Dynamic DNS provider You can specify up to two host names in the...

Page 105: ...an initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 59 Default Firewall Action 12 1 1 What You Can Do in this Chapter Use the General screen to enable or disable the LTE Device s firewall Section 12 2 on page 107 Use the Services screen to view the configured f...

Page 106: ...Device is installed between the LAN WLAN and a broadband modem connecting to the Internet This allows it to act as a secure gateway for all data passing between the Internet and the LAN The LTE Device has one Ethernet WAN port and four Ethernet LAN ports which are used to physically separate the network into two areas The WAN Wide Area Network port attaches to the broadband cable or DSL modem to t...

Page 107: ...control and protects against Denial of Service DoS attacks when the firewall is activated Easy Medium High Select Easy to have the firewall allow both LAN to WAN and WAN to LAN traffic to flow through the LTE Device Select Medium to have the firewall only allow traffic sent from the LAN to the WAN All traffic sent or access from the WAN will be blocked Select High to have the firewall only allow T...

Page 108: ...w ACL Rule Edit screen To access this screen click Security Firewall Services and then the Add New Serviice Entry button Figure 62 Security Firewall Services Add New Service Entry Table 41 Security Firewall Services LABEL DESCRIPTION Add New Service Entry Click this to define a new service Name This is the name of a configured service Type This is the protocol type TCP UDP ICMP or Others of the se...

Page 109: ... enter the port number Select Multiple if the service uses two or more source or destination ports then enter a port range For example suppose you want to define the Gnutella service Select TCP type and enter a port range of 6345 6349 Apply Click Apply to save your changes Back Click Back to exit this screen without saving your changes Table 43 Security Firewall Access Control LABEL DESCRIPTION Ru...

Page 110: ...ll Access Control continued LABEL DESCRIPTION Table 44 Security Firewall Access Control Add New ACL Rule Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters not including spaces underscores and dashes You must enter the filter name to add an ACL rule This field is read only if you are editing the ACL rule Source Address Type Select Single or Range depend...

Page 111: ...n you select Select Service in Select Protocol and TCP or UDP in Protocol Select Single or Range and then enter a single port number or the range of port numbers of the source Select Any to indicate any source port Destination Port This field is displayed only when you select Select Service in Select Protocol and TCP or UDP in Protocol Select Single or Range and then enter a single port number or ...

Page 112: ...he firewall in a secured locked room 12 6 2 Security Considerations Note Incorrectly configuring the firewall may block valid access or introduce security risks to the LTE Device and your protected network Use caution when creating or deleting firewall rules and test your rules after you configure them Consider these security ramifications before creating a rule 1 Does this rule stop LAN users fro...

Page 113: ...example if FTP ports TCP 20 21 are allowed from the Internet to the LAN Internet users may be able to connect to computers with running FTP servers 4 Does this rule conflict with any existing rules Once these questions have been answered adding rules is simply a matter of entering the information into the correct fields in the web configurator screens ...

Page 114: ...Chapter 12 Firewall B222s User s Guide 114 ...

Page 115: ...Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC address of the devices to configure this screen 13 2 The MAC Filter Screen Use the MAC Filter screen to allow wireless and LAN clients access to the LTE Device To change your LTE Device s ...

Page 116: ...e LTE Device MAC addresses not listed will be denied access to the LTE Device If you clear this the MAC Address field for this set clears MAC Address Enter the MAC addresses of the wireless station and LAN devices that are allowed access to the LTE Device in these address fields Enter the MAC addresses in a valid MAC address format that is six hexadecimal character pairs for example 12 34 56 78 9a...

Page 117: ...ABEL DESCRIPTION Parental Control Select Enable to activate parental control Add new PCP Click this if you want to configure a new parental control rule This shows the index number of the rule Status This indicates whether the rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active PCP Name This shows the name of the rule Home Netwo...

Page 118: ... Add Edit Parental Control Rule The following table describes the fields in this screen Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to delete an existing rule Add Click Add to create a new schedule Apply Click Apply to save your changes back to the LTE Device Table 47 Parental Control Parental Control continued LABEL DESCRIPTION Table 48 Add Edi...

Page 119: ...If you select Access the LTE Device blocks access to all URLs except ones listed below Add new service Click this to show a screen in which you can add a new service rule You can configure the Service Name Protocol and Name of the new rule This shows the index number of the rule Select the checkbox next to the rule to activate it Service Name This shows the name of the rule Protocol Port This show...

Page 120: ...Chapter 14 Parental Control B222s User s Guide 120 ...

Page 121: ...figure audio settings such as volume levels for the phones connected to the LTE Device Section 15 3 on page 129 Use the Phone Device screen to control which SIP accounts the phones connected to the LTE Device use Section 15 5 on page 133 Use the Region screen to change settings that depend on the country you are in Section 15 6 on page 134 Use the Call Rule screen to set up shortcuts for dialing f...

Page 122: ...moves these difficulties by taking care of the call routing and setup figuring out how to get your call to the right place in a way that you and the other person can talk to one another Voice Activity Detection Silence Suppression Voice Activity Detection VAD detects whether or not speech is present This lets the LTE Device reduce the bandwidth that a call uses by not transmitting silent packets w...

Page 123: ...ith a VoIP service provider over the Internet You should have the information your VoIP service provider gave you ready before you start to configure the LTE Device 15 2 The SIP Service Provider Screen Use this screen to configure the SIP server information QoS for VoIP calls the numbers for certain phone functions and dialing plan Click VoIP SIP to open the SIP Service Provider screen ...

Page 124: ...ote Click more to see all the fields in the screen You don t necessarily need to use all these fields to set up your account Click hide more to see and configure only the fields needed for this feature Figure 69 VoIP SIP SIP Service Provider ...

Page 125: ...Chapter 15 VoIP B222s User s Guide 125 ...

Page 126: ...IP Server Port field SIP Service Domain Enter the SIP service domain name In the full SIP URI this is the part after the symbol You can use up to 127 printable ASCII Extended set characters RFC Support PRACK RFC 3262 RFC 3262 defines a mechanism to provide reliable transmission of SIP provisional response messages which convey information on the processing progress of the request This uses the opt...

Page 127: ...oIP service provider has a SIP outbound server to handle voice calls This allows the LTE Device to work with any type of NAT router and eliminates the need for STUN or a SIP ALG Turn off any SIP ALG on a NAT router in front of the LTE Device to keep it from re translating the IP address since this is already handled by the outbound proxy server Server Address Enter the IP address or domain name of...

Page 128: ...l It allows you to place the first incoming call on hold and answer the second call so that you won t miss any important calls Call Waiting Disable This code is used to turn the Call Waiting feature off One Shot Call Waiting Enable This code is used to enable call waiting only for the phone call your are going to make See the description for the Call Waiting Enable field for more information One S...

Page 129: ...cribes the labels in this screen Do Not Disturb Disable This code is used to turn the Do Not Disturb feature off Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 49 VoIP SIP SIP Service Provider continued LABEL DESCRIPTION Table 50 VoIP SIP SIP Account LABEL DESCRIPTION This is the index number of the entry Active This shows whether the SIP...

Page 130: ...Guide 130 15 3 1 Add Edit SIP Account You can configure a new SIP account or edit one To access this screen click Add new SIP Account in the SIP Account screen or Edit icon next to an existing account Figure 71 SIP Account Add Edit ...

Page 131: ...service domain name Voice Features Primary Compression Type Secondary Compression Type Third Compression Type Select the type of voice coder decoder codec that you want the LTE Device to use G 711 provides higher voice quality but requires more bandwidth 64 kbps G 711MuLaw is typically used in North America and Japan G 711ALaw is typically used in Europe G 729 only requires 8 kbps G 726 32 operate...

Page 132: ...t this if you want the LTE Device to forward incoming calls to the specified phone number if the phone port is busy Specify the phone number in the To Number field on the right If you have call waiting the incoming call is forwarded to the specified phone number if you reject or ignore the second incoming call Active No Answer Forward Select this if you want the LTE Device to forward incoming call...

Page 133: ...Edit to activate a SIP account see Section 15 3 on page 129 for more information Figure 73 Phone Device Edit The following table describes the labels in this screen Table 52 VoIP Phone Phone Device LABEL DESCRIPTION This is the index number of the entry Phone ID This is the phone device number Outgoing SIP Number This is the outgoing SIP number of the phone device Modify Click the Edit icon to con...

Page 134: ...tinguish between them when you receive phone calls If you do not select a source for incoming calls you cannot receive any calls on this phone port SIP Number This shows the SIP account number Apply Click Apply to save your changes Back Click Back to return to the previous screen without saving Table 53 Phone Device Edit continued LABEL DESCRIPTION Table 54 VoIP Phone Region LABEL DESCRIPTION Regi...

Page 135: ...lick this to use the information in the Speed Dial section to update the Speed Dial Phone Book section Phone Book Use this section to look at all the speed dial entries and to erase them This field displays the speed dial number you should dial to use this entry Number This field displays the SIP number the LTE Device calls when you dial the speed dial number Description This field displays a shor...

Page 136: ... that of the signaling SIP handles telephone calls and can interface with traditional circuit switched telephone networks SIP Identities A SIP account uses an identity sometimes referred to as a SIP address A complete SIP identity is called a SIP URI Uniform Resource Identifier A SIP account s URI identifies the SIP account in a way similar to the way an e mail address identifies an e mail account...

Page 137: ...require a username and password for authorization These credentials are validated via a challenge response system using the HTTP digest mechanism as detailed in RFC3261 SIP Session Initiation Protocol SIP Servers SIP is a client server protocol A SIP client is an application program or device that sends SIP requests A SIP server responds to the SIP requests When you use SIP to make a VoIP call it ...

Page 138: ...ice that sent the request Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do not initiate SIP requests In the following example you want to use client device A to call someone who is using client device C 1 Client device A sends a call invitation for C to the SIP redirect server B 2 The SIP ...

Page 139: ...egister RTP When you make a VoIP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 3550 for details on RTP Pulse Code Modulation Pulse Code Modulation PCM measures analog signal amplitudes at regular time intervals and converts them into bits SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call A...

Page 140: ...rsion ADPCM converts analog audio into digital signals based on the difference between each audio sample and a prediction based on previous samples The more similar the audio sample is to the prediction the less space needed to describe it G 726 operates at 16 24 32 or 40 kbps G 729 is an Analysis by Synthesis AbS hybrid waveform codec that uses a filter based on information about how the human vo...

Page 141: ...ustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping Figure 79 DiffServ Differentiated Service Field The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule diffe...

Page 142: ...will be aborted European Call Hold Call hold allows you to put a call A on hold by pressing the flash key If you have another call press the flash key and then 2 to switch back and forth between caller A and B by putting either one on hold Press the flash key and then 0 to disconnect the call presently on hold and keep the current call on line Press the flash key and then 1 to disconnect the curre...

Page 143: ... that you have answered to another phone number 1 Press the flash key to put the caller on hold 2 When you hear the dial tone dial 98 followed by the number to which you want to transfer the call to operate the Intercom 3 After you hear the ring signal or the second party answers it hang up the phone European Three Way Conference Use the following steps to make three way conference calls 1 When yo...

Page 144: ...Chapter 15 VoIP B222s User s Guide 144 ...

Page 145: ... attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event me...

Page 146: ... 58 Syslog Severity Levels CODE SEVERITY Table 59 System Monitor Log System Log LABEL DESCRIPTION Select the type of the logs that you want to search in the first drop down list box Level Select a severity level from this drop down list box This filters search results according to the severity level you have selected When you select a severity the LTE Device searches through all logs of that sever...

Page 147: ...details of the calls performed on the LTE Device Figure 82 System Monitor Log VoIP Call History Table 60 System Monitor Log Phone Log LABEL DESCRIPTION Select a category of logs to view from the drop down list box select All Logs to view all logs Level Select the severity level that you want to view Refresh Click this to renew the log screen Clear Logs Click this to delete all the logs This field ...

Page 148: ... this to renew the log screen Clear Logs Click this to delete all the logs This field is a sequential value and is not associated with a specific entry Time This field displays the time the call was recorded Local Number This field displays the phone number you used to make or receive this call Peer Number This field displays the phone number you called or from which this call is made Interface Th...

Page 149: ... s client s Section 17 4 on page 151 Use the VoIP Status screen to view the VoIP traffic statistics Section 17 5 on page 152 17 2 The WAN Status Screen Click System Monitor Traffic Status to open the WAN screen You can view the WAN traffic statistics in this screen Figure 83 System Monitor Traffic Status WAN The following table describes the fields in this screen Table 62 System Monitor Traffic St...

Page 150: ...cates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 62 System Monitor Traffic Status WAN continued LABEL DESCRIPTION Table 63 System Monitor Traffic Status LAN LABEL DESCRIPTION Refresh Interval Select how often you want the LTE Devi...

Page 151: ...ed packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 63 System Monitor Traffic Status LAN continued LABEL DESCRIPTION Table 64 System Monitor Traffic Status NAT LABEL DESCRIPTION Refresh Interval Select how often you want the LTE Device to update this screen f...

Page 152: ...he LTE Device automatically tries to register the SIP account when you turn on the LTE Device or when you activate it Inactive The SIP account is not active You can activate it in VoIP SIP SIP Account Last Registration This field displays the last time you successfully registered the SIP account The field is blank if you never successfully registered this account URI This field displays the accoun...

Page 153: ...codec is being used for a current VoIP call through a phone port Peer Number This field displays the SIP number of the party that is currently engaged in a VoIP call through a phone port Phone Status Account This field displays the phone accounts of the LTE Device Outgoing Number This field displays the SIP number that you use to make calls on this phone port Incoming Number This field displays th...

Page 154: ...Chapter 17 Traffic Status B222s User s Guide 154 ...

Page 155: ...nce User Account LABEL DESCRIPTION User Name You can configure the password for the Power User and Admin accounts Old Password Type the default password or the existing password you use to access the system in this field New Password Type your new system password up to 30 characters Note that as you type a password the screen displays a for each character you type After you change the password use...

Page 156: ...Chapter 18 User Account B222s User s Guide 156 ...

Page 157: ...nce Remote MGMT to open the following screen Figure 88 Maintenance Remote MGMT The following table describes the fields in this screen Table 67 Maintenance Remote MGMT LABEL DESCRIPTION Services This is the service you may use to access the LTE Device LAN WLAN Select the Enable check box for the corresponding services that you want to allow access to the LTE Device from the LAN and WLAN WAN Select...

Page 158: ...pter 19 Remote MGMT B222s User s Guide 158 Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 67 Maintenance Remote MGMT continued LABEL DESCRIPTION ...

Page 159: ...port files the domain name is www example com 20 2 The System Screen Use the System screen to configure the system s host name domain name and inactivity time out interval The Host Name is for identification purposes However because some ISPs check this name you should enter your computer s Computer Name Find the system name of your Windows computer In Windows XP click start My Computer View syste...

Page 160: ...ve this field blank the ISP may assign a domain name via DHCP The domain name entered by you is given priority over the ISP assigned domain name Administrator Inactivity Timer Type how many minutes a management session either via the web configurator can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle ...

Page 161: ...tenance System Time Setting LABEL DESCRIPTION Current Date Time Current Time This field displays the time of your LTE Device Current Date This field displays the date of your LTE Device Time and Date Setup Time Protocol This shows the time service protocol that your time server sends when you turn on the LTE Device Time Server Address Enter the IP address or URL up to 31 extended ASCII characters ...

Page 162: ...The time you type in the o clock field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings The o clock field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the fi...

Page 163: ...where the LTE Device sends logs and which logs and or immediate alerts the LTE Device records in the Log Setting screen 22 2 The Log Setting Screen To change your LTE Device s log settings click Maintenance Log Setting The screen appears as shown Figure 91 Maintenance Log Setting ...

Page 164: ...ogging Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of logs UDP Port Enter the port number used by the syslog server Active Log and Select Level Log Category Select the categories of logs that you want to record Log Level Select the severity level of logs that you want to record If you want to record all logs select ALL Apply Click Ap...

Page 165: ...ransfer Protocol and may take up to three minutes After a successful upload the system will reboot Do NOT turn off the LTE Device while firmware upload is in progress Figure 92 Maintenance Firmware Upgrade The following table describes the labels in this screen Table 71 Maintenance Firmware Upgrade LABEL DESCRIPTION Current Firmware Version This is the present Firmware version File Path Type in th...

Page 166: ...ically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 94 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful an error screen will appear Click OK to go back to the Firmware Upgrade screen Figure 95 Error ...

Page 167: ...figuration appears in this screen as shown next Figure 96 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the LTE Device s current configuration to a file on your computer Once your LTE Device is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup configu...

Page 168: ...arily Disconnected If you restore the default configuration you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix B on page 189 for details on how to set up your computer s IP address If the upload was not successful an error screen will appear Click OK to go back to the Configuration screen Table 72 Restor...

Page 169: ...cess Message You can also press the RESET button on the back panel to reset the factory defaults of your LTE Device Refer to Section 1 7 on page 20 for more information on the RESET button 24 3 The Reboot Screen System restart allows you to reboot the LTE Device remotely without turning the power off You may need to do this if the LTE Device hangs for example Click Maintenance Reboot Click the Reb...

Page 170: ...Chapter 24 Backup Restore B222s User s Guide 170 ...

Page 171: ...hoot network or Internet connections Click Maintenance Diagnostic to open the Ping TraceRoute screen shown next Figure 100 Maintenance Diagnostic Ping TraceRoute The following table describes the fields in this screen Table 73 Maintenance Diagnostic Ping TraceRoute LABEL DESCRIPTION Ping Type the IP address of a computer that you want to ping in order to test a connection Click Ping and the ping s...

Page 172: ...Chapter 25 Diagnostic B222s User s Guide 172 ...

Page 173: ...n on 1 Make sure the LTE Device is turned on 2 Make sure you are using the power adaptor or cord included with the LTE Device 3 Make sure the power adaptor or cord is connected to the LTE Device and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the LTE Device off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expec...

Page 174: ...not work you have to reset the device to its factory defaults See Section 1 7 on page 20 I forgot the password 1 The default admin password is 1234 and the default user password is 1234 2 If you can t remember the password you have to reset the device to its factory defaults See Section 1 7 on page 20 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the cor...

Page 175: ... is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the LTE Device Log out of the LTE Device in the other session or ask the person who is logged in to log out 3 Turn the LTE Device off and on 4 If this does not work you have to reset the device to its factory defaults See Section 26 2 on page 173 26 4 Internet Access I cannot access the Internet 1 Check ...

Page 176: ...ly peer to peer applications 2 Turn the LTE Device off and on 3 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Check the settings for QoS If it is disabled you might consider activating it If it is enabled you might consider raising or lowering the priority for some applications 26 5 Wireless Internet Access What fac...

Page 177: ...s WPA2 PSK recommended This uses a pre shared key with the WPA2 standard WPA PSK This has the device use either WPA PSK or WPA2 PSK depending on which security mode the wireless client uses WPA2 WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA It requires the use of a RADIUS server and is mostly used in business networks ...

Page 178: ...PnP and the LTE Device reboots my computer cannot detect UPnP and refresh My Network Places Local Network 1 Disconnect the Ethernet cable from the LTE Device s LAN port or from your computer 2 Re connect the Ethernet cable The Local Area Connection icon for UPnP disappears in the screen Restart your computer I cannot open special applications such as white board file transfer and video when I use ...

Page 179: ...nd the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the net...

Page 180: ... the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous sequ...

Page 181: ...As these two IP addresses cannot be used for individual hosts calculate the maximum number of possible hosts in a network as follows Notation Since the mask is always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually sp...

Page 182: ...maximum of 28 2 or 254 possible hosts The following figure shows the company network before subnetting Figure 102 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 ...

Page 183: ...68 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is...

Page 184: ...2 168 1 127 Highest Host ID 192 168 1 126 Table 80 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 81 Subnet 4 IP SUBNET MASK NE...

Page 185: ...254 255 Table 83 24 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 84 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO ...

Page 186: ...need to change the subnet mask computed by the LTE Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has res...

Page 187: ...omputer B which is a DHCP client Neither can access the Internet This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address automatically Figure 104 Conflicting Computer IP Addresses Example Conflicting Router IP Addresses Example Since a router connects different networks it must have interfaces using different network numbers...

Page 188: ...n not use the same IP address In the following example the computer and the router s LAN port both use 192 168 1 1 as the IP address The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port Figure 106 Conflicting Computer and Router IP Addresses Example ...

Page 189: ...S X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure that your network s computers have IP addresses that place them in the same subnet In this appendix you can set up an IP address for Windows XP NT 2000 on page 189 Windows Vista on page 193 Windows 7 on page 197 Mac...

Page 190: ...etting Up Your Computer s IP Address B222s User s Guide 190 1 Click Start Control Panel Figure 107 Windows XP Start Menu 2 In the Control Panel click the Network Connections icon Figure 108 Windows XP Control Panel ...

Page 191: ... 191 3 Right click Local Area Connection and then select Properties Figure 109 Windows XP Control Panel Network Connections Properties 4 On the General tab select Internet Protocol TCP IP and then click Properties Figure 110 Windows XP Local Area Connection Properties ...

Page 192: ...ess that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided 7 Click OK to close the Internet Protocol TCP IP Properties window 8 Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start All Programs Accessories Command Prompt 2 In the Command Pr...

Page 193: ...n shows screens from Windows Vista Professional 1 Click Start Control Panel Figure 112 Windows Vista Start Menu 2 In the Control Panel click the Network and Internet icon Figure 113 Windows Vista Control Panel 3 Click the Network and Sharing Center icon Figure 114 Windows Vista Network And Internet ...

Page 194: ...ections Figure 115 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then select Properties Figure 116 Windows Vista Network and Sharing Center Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue ...

Page 195: ...Appendix B Setting Up Your Computer s IP Address B222s User s Guide 195 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 117 Windows Vista Local Area Connection Properties ...

Page 196: ...P address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced 9 Click OK to close the Internet Protocol TCP IP Properties window 10 Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start All Programs Accessories Command Prom...

Page 197: ...reens from Windows 7 Enterprise 1 Click Start Control Panel Figure 119 Windows 7 Start Menu 2 In the Control Panel click View network status and tasks under the Network and Internet category Figure 120 Windows 7 Control Panel 3 Click Change adapter settings Figure 121 Windows 7 Network And Sharing Center ...

Page 198: ...User s Guide 198 4 Double click Local Area Connection and then select Properties Figure 122 Windows 7 Local Area Connection Status Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue ...

Page 199: ...Appendix B Setting Up Your Computer s IP Address B222s User s Guide 199 5 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 123 Windows 7 Local Area Connection Properties ...

Page 200: ...ubnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced if you want to configure advanced settings for IP DNS and WINS 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK t...

Page 201: ...e IP settings are displayed as follows Figure 125 Windows 7 Internet Protocol Version 4 TCP IPv4 Properties Mac OS X 10 3 and 10 4 The screens in this section are from Mac OS X 10 4 but can also apply to 10 3 1 Click Apple System Preferences Figure 126 Mac OS X 10 4 Apple Menu ...

Page 202: ... In the System Preferences window click the Network icon Figure 127 Mac OS X 10 4 System Preferences 3 When the Network preferences pane opens select Built in Ethernet from the network connection type list and then click Configure Figure 128 Mac OS X 10 4 Network Preferences ...

Page 203: ...select Using DHCP from the Configure IPv4 list in the TCP IP tab Figure 129 Mac OS X 10 4 Network Preferences TCP IP Tab 5 For statically assigned settings do the following From the Configure IPv4 list select Manually In the IP Address field type your IP address In the Subnet Mask field type your subnet mask ...

Page 204: ...0 4 Network Preferences Ethernet 6 Click Apply Now and close the window Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network Interface from the Info tab Figure 131 Mac OS X 10 4 Network Utility Mac OS X 10 5 The screens in this section are from Mac OS X 10 5 ...

Page 205: ...ing Up Your Computer s IP Address B222s User s Guide 205 1 Click Apple System Preferences Figure 132 Mac OS X 10 5 Apple Menu 2 In System Preferences click the Network icon Figure 133 Mac OS X 10 5 Systems Preferences ...

Page 206: ...f available connection types Figure 134 Mac OS X 10 5 Network Preferences Ethernet 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings do the following From the Configure list select Manually In the IP Address field enter your IP address In the Subnet Mask field enter your subnet mask ...

Page 207: ...B Setting Up Your Computer s IP Address B222s User s Guide 207 In the Router field enter the IP address of your LTE Device Figure 135 Mac OS X 10 5 Network Preferences Ethernet 6 Click Apply and close the window ...

Page 208: ... to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default Ubuntu 8 installation Note Make sure you are logged in as the root administrator Follow the steps bel...

Page 209: ... By default the Unlock button is greyed out until clicked You cannot make changes to your configuration unless you first enter your admin password Figure 138 Ubuntu 8 Network Settings Connections 3 In the Authenticate window enter your admin account name and password then click the Authenticate button Figure 139 Ubuntu 8 Administrator Account Authentication ...

Page 210: ...The Properties dialog box opens Figure 141 Ubuntu 8 Network Settings Properties In the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the IP address Subnet mask and Gateway address fields 6 Click OK to save the changes and close the Properties dialog box and return to...

Page 211: ...er s Guide 211 7 If you know your DNS server IP address es click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided Figure 142 Ubuntu 8 Network Settings DNS 8 Click the Close button to apply the changes ...

Page 212: ...143 Ubuntu 8 Network Tools Linux openSUSE 10 3 KDE This section shows you how to configure your computer s TCP IP settings in the K Desktop Environment KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default openSUSE 10 3 installation N...

Page 213: ...s B222s User s Guide 213 1 Click K Menu Computer Administrator Settings YaST Figure 144 openSUSE 10 3 K Menu Computer Menu 2 When the Run as Root KDE su dialog opens enter the admin password and click OK Figure 145 openSUSE 10 3 K Menu Computer Menu ...

Page 214: ...ow opens select Network Devices and then click the Network Card icon Figure 146 openSUSE 10 3 YaST Control Center 4 When the Network Settings window opens click the Overview tab select the appropriate connection Name from the list and then click the Configure button Figure 147 openSUSE 10 3 Network Settings ...

Page 215: ... the Address tab Figure 148 openSUSE 10 3 Network Card Setup 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address Fill in the IP address Subnet mask and Hostname fields 7 Click Next to save the changes and close the Network Card Setup window ...

Page 216: ...nd then enter the DNS server information in the fields provided Figure 149 openSUSE 10 3 Network Settings 9 Click Finish to save your settings and close the window Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP IP properties From the Options sub menu select Show Connection Information Figure 150 openSUSE 10 3 KNetwork Manager ...

Page 217: ... Computer s IP Address B222s User s Guide 217 When the Connection Status KNetwork Manager window opens click the Statistics tab to see if your connection is working properly Figure 151 openSUSE Connection Status KNetwork Manager ...

Page 218: ...Appendix B Setting Up Your Computer s IP Address B222s User s Guide 218 ...

Page 219: ...net Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 152 Pop up Blocker You ca...

Page 220: ...he screen This disables any web pop up blockers you may have enabled Figure 153 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab ...

Page 221: ... B222s User s Guide 221 2 Select Settings to open the Pop up Blocker Settings screen Figure 154 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 ...

Page 222: ...d to move the IP address to the list of Allowed sites Figure 155 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScript If pages of the web configurator do not display properly in Internet Explorer check that JavaScript are allowed ...

Page 223: ...r click Tools Internet Options and then the Security tab Figure 156 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Page 224: ...K to close the window Figure 157 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Page 225: ...missions B222s User s Guide 225 5 Click OK to close the window Figure 158 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected ...

Page 226: ...K to close the window Figure 159 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java JavaScript and pop ups in one screen Click Tools then click Options in the screen that appears Figure 160 Mozilla Firefox Tools Options ...

Page 227: ...C Pop up Windows JavaScript and Java Permissions B222s User s Guide 227 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 161 Mozilla Firefox Content Security ...

Page 228: ...Appendix C Pop up Windows JavaScript and Java Permissions B222s User s Guide 228 ...

Page 229: ...s commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 162 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go ...

Page 230: ...S consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immedi...

Page 231: ... interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel ...

Page 232: ... and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead in...

Page 233: ...e short preamble when all wireless devices on the network support it otherwise the LTE Device uses long preamble Note The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11 Mb...

Page 234: ... profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is th...

Page 235: ...work security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Types of EAP Authentication This section discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP and LEAP ...

Page 236: ...kes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the server ...

Page 237: ...y that only requires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a wireless client will be granted access to a WLAN If the AP or the wireless clients do not support WPA2 just use WPA or WPA PSK depending on whether you have an external RADIUS server or not Select WEP only when the AP and or wireless clients do not s...

Page 238: ...mon password approach makes WPA 2 PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs a consistent single alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys This prevent all wireless devices sharing the same encryption keys a weakness of WEP User Authentication WPA and WPA2 apply IEEE 802 1x and ...

Page 239: ...US server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 166 WPA 2 with RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as follo...

Page 240: ...ouples RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF signals from the air Positioning the antennas properly increases the range and coverage area of a wireless LAN Table 88 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL E...

Page 241: ...two types of antennas used for wireless LAN applications Omni directional antennas send the RF signal out in all directions on a horizontal plane The coverage area is torus shaped like a donut which makes these antennas ideal for a room environment With a wide coverage area it is possible to make circular overlapping coverage areas with multiple access points Directional antennas concentrate the R...

Page 242: ...evices you want to set up are within wireless range of one another 2 Look for a WPS button on each device If the device does not have one log into its configuration utility and locate the button see the device s User s Guide for how to do this for the LTE Device see Section 5 4 on page 53 3 Press the button on one of the devices it doesn t matter which 4 Within two minutes press the button on the ...

Page 243: ...into the configuration utility of the registrar Select the PIN connection mode not the PBC connection mode Locate the place where you can enter the enrollee s PIN if you are using the LTE Device see Section 5 4 on page 53 Enter the PIN from the enrollee device 4 Activate WPS on both devices within two minutes Note Use the configuration utility to activate WPS not the push button on the device itse...

Page 244: ...acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the existing in...

Page 245: ...s that it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act as enrollee or registrar in subsequent WP...

Page 246: ... You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this case AP1 must be the registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 171 WPS Example Network ...

Page 247: ...ollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices However you can still add non WPS devices to a network you already set up using WPS WPS works by automatically issuing a randoml...

Page 248: ...f this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open the access point s configuration interface and look at the list of associated clients usually displayed by MAC address It does not matter if the access point is the WPS registrar the enrollee or was...

Page 249: ...89 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers BGP TCP 179 Border Gateway Protocol BOOTP_CLIENT UDP 68 DHCP Client BOOTP_SERVER U...

Page 250: ...IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the data channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound...

Page 251: ...d in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP 7000 Another videoconferencing solution Table 89 Commonly Used Services continu...

Page 252: ...Appendix E Common Services B222s User s Guide 252 ...

Page 253: ...ice off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help F...

Page 254: ... information Make sure to connect the cables to the correct ports Place connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 23...

Page 255: ...equest 140 C CA 236 call hold 142 call rule 134 call service mode 142 call transfer 143 call waiting 143 CAPWAP 36 38 Certificate Authority see CA certifications 253 notices 254 channel 231 interference 231 channel scan 47 channel wireless LAN 44 Class of Service 141 Class of Service see CoS client list 72 client server protocol 137 comfort noise generation 122 configuration backup 167 reset 169 r...

Page 256: ...SS 230 Europe type call service mode 142 Extended Service Set IDentification 46 53 Extended Service Set see ESS F FCC interference statement 253 filters MAC address 59 firewalls 105 configuration 108 DoS 106 security 112 firmware 165 flash key 142 flashing 142 fragmentation threshold 58 232 FTP 96 G G 168 122 Guide Quick Start 2 H hidden node 231 host 155 host name 31 I IANA 186 IBSS 229 IEEE 802 ...

Page 257: ...ultimedia 136 Multiple BSS see MBSSID N NAT 96 186 definitions 100 how it works 101 what it does 101 Network Address Translation see NAT network map 24 non proxy calls 134 O OK response 140 other documentation 2 P Pairwise Master Key PMK 238 239 passphrase 48 passwords 21 PBC 62 peer to peer calls 134 Per Hop Behavior see PHB PHB 94 141 phone book speed dial 134 PIN WPS 62 example 64 ports 18 PPP ...

Page 258: ...l progression 139 client 137 identities 136 INVITE request 140 number 136 proxy server 137 redirect server 138 register server 139 servers 137 service domain 136 URI 136 user agent 137 speed dial 134 SSID 59 activation 52 MBSSID 61 static route 75 status 29 status indicators 18 subnet 179 subnet mask 180 subnetting 182 supplementary services 141 syslog protocol 145 severity levels 145 system firmw...

Page 259: ...9 RTS CTS threshold 58 scheduling 57 security 58 SSID 59 activation 52 WEP 60 WPA 60 WPA PSK 60 WPS 62 64 example 65 limitations 67 PIN 62 push button 62 wireless network example 43 wireless security 233 WLAN 43 auto scan channel 47 interference 231 passphrase 48 scheduling 57 security parameters 240 see also wireless WEP 48 WLAN button 17 WPA 60 237 key caching 238 pre authentication 238 user aut...

Reviews:

No comments

Related manuals for B222s

Brand: Media5 Pages: 54

Brand: Moxa Technologies Pages: 7

Brand: Ubiquiti Pages: 22

Brand: ANTIFERENCE Pages: 26

Brand: Asus Pages: 21

Brand: Asus Pages: 42

Brand: Asus Pages: 53

Aaeon UPC-GWS01

Brand: Asus Pages: 21

Brand: Asus Pages: 160

Brand: Asus Pages: 38

Brand: Asus Pages: 52

Brand: HOOC Pages: 18

KonNad C2000-D2-DCTZ02

Brand: SinoCon Pages: 11

Brand: SonicWALL Pages: 7

OfficeConnect 3CR856-95

Brand: 3Com Pages: 2

Brand: Vonamic Pages: 32

Brand: Owon Pages: 8

Brand: Telstra Pages: 7

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands