manualshive.com logo in svg

Huawei BM2022, User Manual

The Huawei BM2022 user manual is available for free download on manualshive.com. This comprehensive manual provides detailed instructions and information to help you maximize the potential of your Huawei BM2022 device. Get your copy now and unleash the full potential of your device with ease.

Share
Download
background image

 Chapter 8 Security

BM2022 Users Guide

139

Address Type

Select 

Single address 

or 

Subnet address 

to specify if the VPN connection 

terminates at an IP address or subnet.

Start IP 
Address

If 

Single address 

is selected, enter a (static) IP address on the LAN behind the 

remote IPSecs router. 

If 

Subnet address

 is selected, specify IP addresses on a network by their 

subnet mask by entering a (static) IP address on the LAN behind the remote 
IPSecs router.  Then enter the subnet mask to identify the network address.

Subnet Mask

If 

Subnet address 

is selected, enter the subnet mask to identify the network 

address.

Remote Port

Select how the BM2022 checks the connection. The peer must be configured to 
respond to the method you select. 

Select 

icmp

 to have the BM2022 regularly ping the address you specify to make 

sure traffic can still go through the connection. You may need to configure the 
peer to respond to pings. 

Select 

tcp

 or 

udp

 to have the BM2022 regularly perform a TCP or UDP 

handshake with the address you specify to make sure traffic can still go through 
the connection. You may need to configure the peer to accept the TCP or UDP 
connection.  If you select 

tcp

 or 

udp

, specify the port number to use for the 

connectivity check.

IPSec Proposal

Encapsulation 
Mode

Select 

Tunnel

 mode or 

Transport

 mode from the drop-down list box. 

Active 
Protocol

Select the security protocols used for an SA. 

Both 

AH

 and 

ESP

 increase processing requirements and communications latency 

(delay). 

If you select 

ESP

 here, you must select options from the 

Encryption

 

Algorithm

 

and 

Authentication

 

Algorithm

 fields (described below).

Encryption 
Algorithm

Select which key size and encryption algorithm to use in the IPSec SA. Choices 
are:

DES

 - a 56-bit key with the DES encryption algorithm

3DES

 - a 168-bit key with the DES encryption algorithm

AES128

 - a 128-bit key with the AES encryption algorithm

AES192

 - a 192-bit key with the AES encryption algorithm

AES256

 - a 256-bit key with the AES encryption algorithm

The BM2022 and the remote IPSec router must use the same key size and 
encryption algorithm. Longer keys require more processing power, resulting in 
increased latency and decreased throughput.

Authentication 
Algorithm

Select which hash algorithm to use to authenticate packet data. Choices are 

SHA1

 and 

MD5

SHA1

 is generally considered stronger than 

MD5

, but it is also 

slower.

SA Life Time

Define the length of time before an IPSec SA automatically renegotiates in this 
field.

A short SA Life Time increases security by forcing the two VPN gateways to 
update the encryption and authentication keys. However, every time the VPN 
tunnel renegotiates, all users accessing remote resources are temporarily 
disconnected. 

Table 56   

IPSec VPN: Add

LABEL

DESCRIPTION

Summary of Contents for BM2022

Page 1: ... com BM2022 WiMAX IEEE 802 16 Indoor CPE Copyright 2011 Huawei Technologies Co LTD Firmware Version V2 00 Edition 1 4 2011 Default Login Details IP Address http 192 168 1 1 Username admin Password 1234 HES 209M1H ...

Page 2: ...ation for example other things you may need to configure or helpful tips or recommendations Syntax Conventions The product s described in this book may be referred to as the BM2022 the device the system or the product in this User s Guide Product labels screen names field labels and field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER m...

Page 3: ...res Figures in this User s Guide may use the following generic icons The BM2022 icon is not an exact representation of your product Table 1 Common Icons BM2022 Computer Wireless Signal Notebook Server Base Station Telephone Switch Router Internet Cloud Network Cloud ...

Page 4: ...he power adaptor first before connecting it to a power outlet Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the device and the power source Do NOT attempt to ...

Page 5: ... Introducing the Web Configurator 21 Setup Wizard 27 Tutorials 35 Technical Reference 59 System Status 61 WiMAX 65 Network Setting 91 Security 121 The VoIP General Screens 147 The VoIP Account Screens 153 The VoIP Line Screens 167 Maintenance 171 Troubleshooting 193 Product Specifications 199 ...

Page 6: ...re 18 1 2 1 LEDs 19 1 3 Good Habits for Managing the BM2022 20 Chapter 2 Introducing the Web Configurator 21 2 1 Overview 21 2 1 1 Accessing the Web Configurator 21 2 1 2 The Reset Button 22 2 1 3 Saving and Canceling Changes 22 2 1 4 Working with Tables 23 2 2 The Main Screen 23 Chapter 3 Setup Wizard 27 3 1 Overview 27 3 1 1 Welcome to the Setup Wizard 27 3 1 2 LAN Settings 28 3 1 3 WiMAX Freque...

Page 7: ... Setting 45 4 9 Configuring Static Route for Routing to Another Network 45 4 10 Remotely Managing Your BM2022 47 4 11 VLAN Configuration Examples 48 4 11 1 Scenario 1 49 4 11 2 Scenario 2 50 4 11 3 Scenario 3 52 4 11 4 Scenario 4 54 4 11 5 Scenario 5 56 Part II Technical Reference 59 Chapter 5 System Status 61 5 1 Overview 61 5 2 System Status 61 Chapter 6 WiMAX 65 6 1 Overview 65 6 1 1 What You N...

Page 8: ...0 7 9 Static Route Add 101 7 10 RIP 101 7 11 Port Forwarding 103 7 11 1 Port Forwarding Wizard 104 7 12 Port Trigger 105 7 12 1 Port Trigger Wizard 106 7 12 2 Trigger Port Forwarding Example 107 7 13 DMZ 107 7 14 ALG 108 7 15 QoS 109 7 16 UPnP 109 7 16 1 Installing UPnP in Windows XP 110 7 16 2 Web Configurator Easy Access 114 7 17 VLAN 115 7 18 DDNS 117 7 19 IGMP Proxy 118 7 20 Content Filter 119...

Page 9: ...N NAT and NAT Traversal 144 8 12 7 ID Type and Content 144 8 12 8 Pre Shared Key 146 8 12 9 Diffie Hellman DH Key Groups 146 Chapter 9 The VoIP General Screens 147 9 1 VoIP Overview 147 9 1 1 What You Can Do in This Chapter 147 9 1 2 What You Need to Know 147 9 1 3 Before you Begin 149 9 2 Media 149 9 3 QoS 150 9 4 SIP Settings 151 9 5 Speed Dial 151 9 6 Technical Reference 152 9 6 1 DSCP and Per ...

Page 10: ...12 1 Overview 171 12 1 1 What You Need to Know 171 12 2 Password 176 12 3 HTTP 177 12 4 Telnet 177 12 5 SSH 178 12 6 SNMP 179 12 7 CWMP 179 12 8 OMA DM 181 12 9 Date 183 12 10 Time Zone 183 12 11 Upgrade File 184 12 11 1 The Firmware Upload Process 184 12 12 Upgrade Link 185 12 13 CWMP Upgrade 185 12 14 Backup 186 12 15 Restore 186 12 15 1 The Restore Configuration Process 187 12 16 Factory Defaul...

Page 11: ...efaults 197 13 4 1 Pop up Windows JavaScript and Java Permissions 197 Chapter 14 Product Specifications 199 Appendix A WiMAX Security 205 Appendix B Setting Up Your Computer s IP Address 209 Appendix C Pop up Windows JavaScript and Java Permissions 233 Appendix D IP Addresses and Subnetting 243 Appendix E Importing Certificates 253 Appendix F Common Services 279 Index 283 ...

Page 12: ...15 PART I User s Guide ...

Page 13: ...s See the Quick Start Guide for instructions on hardware connection In a wireless metropolitan area network MAN the BM2022 connects to a WiMAX base station BS for Internet access The following diagram shows a notebook computer equipped with the BM2022 connecting to the Internet through a WiMAX base station marked BS Figure 1 Mobile Station and Base Station When the firewall is on all incoming traf...

Page 14: ...2022 to make and receive the following type of VoIP telephone calls Calls via a VoIP service provider The BM2022 sends your call to a VoIP service provider s SIP server which forwards your calls to either VoIP or PSTN phones Figure 2 Calls via VoIP Service Provider 1 2 BM2022 Hardware Follow the instructions in the Quick Start Guide to make hardware connections ...

Page 15: ...f testing startup WiMAX Link Off The BM2022 is not connected to a wireless WiMAX network Green The BM2022 is successfully connected to a wireless WiMAX network Green Blinking Slowly The BM2022 is searching for a wireless WiMAX network Green Blinking Quickly The BM2022 has found a wireless WiMAX network and is connecting Signal Strength Indicator The Strength Indicator LEDs display the Interference...

Page 16: ... crashes If you forget your password you will have to reset the BM2022 to its factory default settings If you backed up an earlier configuration file you would not have to totally re configure the BM2022 You could simply restore your last configuration Voice Off No SIP account is registered or the BM2022 is not receiving power Green A SIP account is registered Green Blinking A SIP account is regis...

Page 17: ...by default in many operating systems and web browsers JavaScript enabled by default in most web browsers Java permissions enabled by default in most web browsers See the Appendix C on page 233 for more information on configuring your web browser 2 1 1 Accessing the Web Configurator 1 Make sure your BM2022 hardware is properly connected refer to the Quick Start Guide for more information 2 Launch y...

Page 18: ...elease it The device restarts when the defaults have been restored 3 Reconfigure the BM2022 following the steps in your Quick Start Guide 2 1 3 Saving and Canceling Changes All screens to which you can make configuration changes must be saved before those changes can go into effect If you make a mistake while configuring the BM2022 you can cancel those changes and start over Figure 5 Saving and Ca...

Page 19: ...lable menus and screens vary depending on the user account you use for login Table 4 Saving and Canceling Changes LABEL DESCRIPTION Items per Page This displays the number of items displayed per table page Use the menu to change this value First Page Click this to go to the first page in the table Previous Page Click this to go to the previous page in the table Page Indicator Jump to Page This ind...

Page 20: ...ther information WiMAX Click this to open the WiMAX menu which gives you options for configuring your WiMAX settings Network Setting Click this to open the Network menu which gives you options for configuring your network settings Security Click this to open the Security menu which gives you options for configuring your firewall and security settings VoIP Click this icon to open the VoIP menu whic...

Page 21: ...ining your BM2022 and performing basic network connectivity tests Language Use this menu to select the Web Configurator s language Setup Wizard Click this to open the Setup Wizard where you can configure the most essential settings for your BM2022 to work Logout Click this to log out of the Web Configurator Table 5 Main Icons continued ICON DESCRIPTION ...

Page 22: ...Chapter 2 Introducing the Web Configurator BM2022 User s Guide 26 ...

Page 23: ...d helps you to perform They are 1 Set up your Local Area Network LAN options which determine how the devices in your home or office connect to the BM2022 2 Set up your BM2022 s broadcast frequency which is the radio channel it uses to communicate with the ISP s base station 3 Set up your BM2022 s login options which are used to connect your LAN to the ISP s network and verify your account 4 Set up...

Page 24: ...rator again by typing the new IP address in the browser IP Subnet Mask Enter the subnet mask of the LAN DHCP Server Enable Select this if you want the BM2022 to be the DHCP server on the LAN As a DHCP server the BM2022 assigns IP addresses to DHCP clients on the LAN and provides the subnet mask and DNS server information Start IP Enter the IP address from which the BM2022 begins allocating IP addr...

Page 25: ...MAX Frequency Settings Second DNS Server Specify the second IP address of three DNS servers that the network can use The BM2022 provides these IP addresses to DHCP clients Third DNS Server Specify the third IP address of three DNS servers that the network can use The BM2022 provides these IP addresses to DHCP clients Back Click to display the previous screen Next Click to proceed to the next scree...

Page 26: ...ng of the frequency range to use The frequency is increased in increments equal to the Step value until the End Frequency is reached at which time the cycle starts over with the Start Frequency Note This field only appears when you select By Range under Setting Type End Frequency Enter the frequency value at the end of the frequency range to use Note This field only appears when you select By Rang...

Page 27: ...AX Authentication Settings LABEL DESCRIPTION Authentication Authenticatio n Mode Select a WiMAX authentication mode for authentication network sessions with the ISP Options are No authentication User authentication Device authentication User and Device authentication EAP Supplication EAP Mode Select an EAP authentication mode See Table 13 on page 74 if you need more information ...

Page 28: ... a device certificate file if required Before you import certificate from WebGUI the certificate file must be signed by chipset vendor due to security reason Device Cert Info This field displays information about the assigned device certificate Device Private Key Browse for and choose a device private key if required Device Private Key Info This field displays information about the assigned device...

Page 29: ...nt SIP Server Enter the IP address or domain name of the SIP server Port Number Enter the SIP server s listening port number Subscriber Number Enter your SIP number In the full SIP URI this is the part before the symbol Display Name Enter the name that appears on the other party s device if they have Caller ID enabled Authentication Name Type the SIP user name associated with this account for auth...

Page 30: ...awei com If everything was configured properly the web page should display You can now surf the Internet Refer to the rest of this guide for more detailed information on the complete range of BM2022 features available in the more advanced web configurator Note If you cannot access the Internet open the web configurator again to confirm that the Internet settings you configured in the wizard setup ...

Page 31: ... the MAC Address Filter see page 39 Setting Up NAT Port Forwarding see page 41 Access the BM2022 Using DDNS see page 43 Configuring Static Route for Routing to Another Network see page 45 Remotely Managing Your BM2022 on page 47 VLAN Configuration Examples on page 48 4 2 WiMAX Connection Settings This tutorial provides you with pointers for configuring the BM2022 to connect to an ISP 1 Connect the...

Page 32: ...n the Network Setting LAN screen and set the IP Address to 192 168 100 1 Use the default IP Subnet Mask of 255 255 255 0 Click Save 2 Manually change the IP address of your computer that your are using to 192 168 100 x for example 192 168 100 5 and keep the subnet set to 255 255 255 0 3 Type http 192 168 100 1 in your browser after the BM2022 finishes starting up completely INFORMATION VALUE SEE A...

Page 33: ... the Network Setting WAN screen and select NAT in the Operation Mode field Click Save 8 Connect your computers to the BM2022 s Ethernet ports and you re all set Note You may need to configure the computers on your LAN to automatically obtain IP addresses For information on how to do this see Appendix B on page 209 Once your network is configured and hooked up you will want to connect it to the Int...

Page 34: ...ion Settings screen In the EAP Supplicant section click each Browse button and locate the security certificates that were provided by your new ISP s 2 Configure your new Internet access settings based on the information provided by the ISP Note You can also use the Internet Connection Wizard to configure the Internet access settings 3 You may need to configure the Options section according to the ...

Page 35: ...Filter 2 Select Enable URL Filter 3 Select Blacklist 4 Click Add and configure a URL filter rule by selecting Active and entering www example com as the URL 5 Click OK 6 Click Save Open a browser from your computer in the BM2022 s LAN network you should get an Access Violation message when you try to access to http www example com You may also need to block the IP address of the website if you do ...

Page 36: ...he MAC address of the computer If not you can look for the MAC address in the Network Setting LAN DHCP screen 192 168 100 3 mapping to 00 02 E3 53 16 95 in this example 2 Click Security Firewall MAC Filter Select Blacklist and click the Add button in the MAC Filter Rules table ...

Page 37: ...lay online games with them on Xbox LIVE In order to communicate and play with other gamers on Xbox LIVE Thomas needs to configure the port settings on his BM2022 Xbox 360 requires the following ports to be available in order to operate Xbox LIVE correctly TCP 53 80 3074 UDP 53 88 3074 1 You have to know the Xbox 360 s IP address first You can check it through the Xbox 360 console You may be able t...

Page 38: ...orwarding Click Network Setting WAN and make sure NAT is selected in the Operation Mode field Click Save 3 Click Network Setting NAT Port Forwarding and then click the first entry to edit the rule 4 Configure the screen as follows to open TCP UDP port 53 for the Xbox 360 Click OK ...

Page 39: ... traffic is forwarded to the Xbox 360 but port 80 is also the default listening port for remote management via WWW If Thomas also wants to manage the BM2022 from the Internet he has to assign an unused port to WWW remote access Click Maintenance Remote MGMT Enter an unused port in the Port field 81 in this example Click Save 4 8 Access the BM2022 Using DDNS If you connect your BM2022 to the Intern...

Page 40: ...owser and type http www dyndns org 2 Apply for a user account This tutorial uses UserName1 and 12345 as the username and password 3 Log into www dyndns org using your account 4 Add a new DDNS host name This tutorial uses the following settings as an example Hostname mywimax dyndns org Service Type Host with IP address IP Address Enter the WAN IP address that your BM2022 is currently using You can ...

Page 41: ...b c d that is connected to the Internet 2 Type http mywimax dyndns org and press Enter 3 The BM2022 s login page should appear You can then log into the BM2022 and manage it 4 9 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions you may connect a router to the BM2022 s LAN The router may be used to separate two department...

Page 42: ... on the BM2022 to specify R as the router in charge of forwarding traffic to N2 In this case the BM2022 routes traffic from computer A to R and then R routes the traffic to computer B This tutorial uses the following example IP settings DEVICE COMPUTER IP ADDRESS The BM2022 s WAN 172 16 1 1 The BM2022 s LAN 192 168 1 1 A 192 168 1 34 R s IP address on N1 192 168 1 253 R s IP address on N2 192 168 ...

Page 43: ... destination N2 3b Enter 192 168 1 253 R s IP address on N1 in the IP Address field under Next Hop 3a Click Save Now computer B should be able to receive traffic from computer A You may need to additionally configure R s firewall settings to accept specific traffic to pass through 4 10 Remotely Managing Your BM2022 The remote management feature allows you to log into the device through the Interne...

Page 44: ...s 80 and 443 3 Select Allow Connection from WAN This allows remote management connections not only from the local network but also the WAN network Internet 4 Click Save 4 11 VLAN Configuration Examples This section shows VLAN configuration scenarios See Section 7 17 on page 115 if you need more information about VLAN Before enabling VLANs you will need to change the BM2022 to bridge mode ...

Page 45: ...nd enter the WAN IP Address WAN IP Subnet Mask and Gateway IP Address 4 11 1 Scenario 1 In this scenario PC A is connected directly to interface LAN1 on the BM2022 PC B is connected to interface WiMAX and interface IAD for managing the BM2022 A B No VLAN Tag No VLAN Tag No VLAN Tag CPE LAN Manager IP No VLAN Tag No VLAN Tag No VLAN Tag User Network PC Manager IP No VLAN Tag LAN Transparent Network...

Page 46: ...Tagged packets will be untagged when they are forwarded out of each interface since the devices attached to these interfaces do not support VLAN tagged packets 4 11 2 Scenario 2 In this scenario PC A and PC C are on VLAN 5 while PC B and PC D are on VLAN 10 PC A and PC B are connected to interface LAN1 through VLAN supporting switch S1 PC C is connected to interface WiMAX and interface IAD for man...

Page 47: ... and Tag Untag settings for the interfaces as below by clicking each row Then press OK VLAN TagID 5 VLAN TagID 10 A B No VLAN Tag No VLAN Tag VLAN TagID 5 VLAN TagID 5 VLAN TagID 10 VLAN TagID 10 No VLAN Tag No VLAN Tag C D S1 S2 CPE LAN Manager IP User Network Router Manager IP Enable VLAN LAN Transparent Network operators Transparent Note Manager IP VLAN ID is the same as one of the LAN transpar...

Page 48: ...l be untagged when they are forwarded 4 11 3 Scenario 3 In this scenario PC A and PC C are on VLAN 5 PC B and PC D are on VLAN 10 and PC E is on VLAN 3 PC A and PC B are connected to interface LAN1 through VLAN supporting switch S1 PC C and PC D are connected to interface WiMAX through VLAN supporting switch S2 PC E is connected to interface IAD through VLAN supporting switch S2 for managing the B...

Page 49: ... No VLAN Tag VLAN TagID 5 VLAN TagID 5 VLAN TagID 10 VLAN TagID 10 No VLAN Tag No VLAN Tag C D No VLAN Tag E VLAN TagID 3 VLAN TagID 3 S1 S2 CPE LAN Manager IP User Network Router Manager IP Enable VLAN LAN Transparent Network operators Transparent Note Manager IP VLAN ID is different from VLAN Tag ID 5 VLAN Tag ID 5 VLAN Tag ID 10 VLAN Tag ID 10 VLAN Tag ID 3 VLAN Tag ID 3 the LAN transparent VLA...

Page 50: ... Interface IAD is configured as an Access port so tagged packets will be untagged when they are forwarded 4 11 4 Scenario 4 In this scenario PC A is connected directly to interface LAN1 on the BM2022 while PC B is on VLAN 5 PC B is connected to interface WiMAX and interface IAD for managing the BM2022 through VLAN supporting switch S1 Note You will need to configure the VLAN supporting switches to...

Page 51: ...s as below by clicking each row Then press OK A VLAN TagID 5 VLAN TagID 5 B S1 No VLAN Tag No VLAN Tag CPE LAN Manager IP No VLAN Tag User Network PC Network operators Manager IP Enable VLAN LAN Transparent Note Manager IP VLAN ID is the same as the LAN transparent VLAN ID VLAN Tag ID 5 VLAN Tag ID 5 VLAN Tag ID 5 ...

Page 52: ...ded out since PC A does not support VLAN tagged packets Interface IAD is configured as an Access port so tagged packets will be untagged when they are forwarded 4 11 5 Scenario 5 In this scenario PC A is directly connected to interface LAN1 on the BM2022 PC B is on VLAN 5 while PC C is on VLAN 10 PC B is connected to interface WiMAX and interface IAD for managing the BM2022 through VLAN supporting...

Page 53: ...w Then press OK A VLAN TagID 5 VLAN TagID 5 VLAN TagID 10 VLAN TagID 10 No VLAN Tag B C S1 No VLAN Tag No VLAN Tag CPE LAN Manager IP No VLAN Tag User Network PC Network operators Manager IP Enable VLAN LAN Transparent VLAN Tag ID 5 VLAN Tag ID 5 VLAN Tag ID 10 VLAN Tag ID 10 Note Manager IP VLAN ID is different from the LAN transparent VLAN ID ...

Page 54: ...it receives from the VLAN supporting switch VLAN tagged packets will also be forwarded out of these interfaces On the LAN1 interface the BM2022 will tag packets it receives so that they are recognized in VLAN 10 On LAN1 tagged packets will be untagged when they are forwarded out since PC A does not support VLAN tagged packets Interface IAD is configured as an Access port so tagged packets will be ...

Page 55: ...59 PART II Technical Reference ...

Page 56: ...60 ...

Page 57: ...this screen to view a summary of your BM2022 connection status 5 2 System Status This screen allows you to view the current status of the device system resources and interfaces LAN and WAN Click System Status to open this screen as shown next Figure 14 System Status ...

Page 58: ...y deleting rules in functions such as incoming call policies speed dial entries and static routes CPU This field displays what percentage of the BM2022 s CPU is currently used The higher the CPU usage the more likely the BM2022 is to slow down WiMAX Device Status This field displays the BM2022 current status for connecting to the selected base station Scanning The BM2022 is scanning for available ...

Page 59: ...eld indicates the Domain Name Server DNS to which your BM2022 is connected LAN MAC Address This field indicates the MAC address of the port making the LAN connection on the BM2022 IP Address This field displays the current IP address of the BM2022 in the LAN Subnet Mask This field displays the current subnet mask in the LAN MTU This field indicates the Maximum Transmission Unit MTU between the BM2...

Page 60: ...Chapter 5 System Status BM2022 User s Guide 64 ...

Page 61: ...s a member of the WiMAX Forum the industry group dedicated to promoting and certifying interoperability of wireless broadband products In a wireless MAN a wireless equipped computer is known either as a mobile station MS or a subscriber station SS Mobile stations use the IEEE 802 16e standard and are able to maintain connectivity while switching their connection from one base station to another ba...

Page 62: ... between the BM2022 and the base station are controlled by the base station The BM2022 follows the base station s configuration Authentication When authenticating a user the base station uses a third party RADIUS or Diameter server known as an AAA Authentication Authorization and Accounting server to authenticate the mobile or subscriber stations The following figure shows a base station using an ...

Page 63: ...nds You can set the downlink frequencies anywhere within the WiMAX frequency range In this example the downlink frequencies have been set to search all of the operator range for a connection Certification Authority A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and gov...

Page 64: ...s below the arbitrarily specified threshold then BM2022 is free to transmit any data packets EAP Authentication EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism in order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server an access point helps a wireless station an...

Page 65: ...nnection from one base station to another base station Enable MS Initiated Idle Mode Select this to have the BM2022 enter the idle mode after it has no traffic passing through for a pre defined period Make sure your base station also supports this before selecting this Idle Mode Interval Set the idle duration in minutes This is how long the BM2022 waits during periods of no activity before going i...

Page 66: ... network entry process it searches for the preamble and uses it to additional channel information The preamble ID is used to synchronize the upstream and downstream transmission timing with the base station Frequency MHz This field displays the radio frequency of the BM2022 s connection to the base station Bandwidth MHz This field displays the bandwidth of the base station in megahertz MHz RSSI dB...

Page 67: ...result of the frequency to scan you configured in this screen will be shown in the WiMAX Connect screen Select this option to determine whether to also append the wide scanning result configured in the WiMAX Wide Scan screen to the same table Default Bandwidth Select the default bandwidth size per frequency band you specify in table A A When By List is selected in the Setting Type field Frequency ...

Page 68: ...ding an entry End Frequency KHz This indicates the end of the frequency band in kilohertz KHz Click this field to modify it Step KHz This indicates the frequency step within each band in kilohertz KHz Click this field to modify it Bandwidth MHz This indicates the bandwidth in megahertz MHz Click this field to modify it OK Click this button to save any changes made to the list Valid Band Info B Thi...

Page 69: ...Chapter 6 WiMAX BM2022 User s Guide 73 Click WiMAX Profile Authentication Settings to open this screen as shown next Figure 22 Authentication Settings Screen ...

Page 70: ...user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS This protocol is an extension of the EAP TLS authentication that uses certificates for only the server side authentications to establis...

Page 71: ...thentication security PAP Password Authentication Protocol uses unencrypted plaintext to send a passwords for authentication over the network It s probably not a good idea to rely on this for security Username Enter the username required for the EAP TTLS inner method Password Enter the password required for the EAP TTLS inner method Options Enable Auth Mode Decoration in EAP Outer ID Select this t...

Page 72: ...e station with NAP ID 1 The BM2022 uses ND S and is able to access another base station with NAP ID 2 This base station is associated with another service provider V NSP with NSP ID 20 The subscriber s service agreement specifies to route traffic from the other service provider to the Home NSP so the Home NSP authenticates and authorizes the connection Figure 23 ND S Scenario The channel plan sett...

Page 73: ...End Frequency KHz This indicates the end of the frequency band in kilohertz KHz Click this field to modify it Step KHz This indicates the frequency step within each band in kilohertz KHz Click this field to modify it The minimum step is 250KHz and the maximum step is the difference between the start frequency and end frequency Bandwidth MHz This indicates the bandwidth in megahertz MHz Click this ...

Page 74: ...to search for the NAP Click WiMAX ND S CAPL Settings Add to open this screen as shown next Figure 26 CAPL Settings Add Table 15 CAPL Settings LABEL DESCRIPTION NAP ID This displays the NAP ID Priority This displays the priority for the NAP ID Channel Plan ID This displays the Channel Plan ID Delete Click this button to remove an item from the list Add Click this button to add an item to the list S...

Page 75: ...er 1 250 where 1 is the highest priority The BM2022 will search for NAPs according to the priority specified Priority may be determined by the number of base stations an NAP has with a NAP having more base stations being assigned a higher priority If the same priority is assigned to a NAP ID the BM2022 will consider them as having equal priority Select Channel Plan ID Select After clicking a Chann...

Page 76: ...ervice Provider NSP ID in the format XX XX XX where X is a hexadecimal character If the Home NSP ID is entered in this list the BM2022 will try to use it to establish a connection Priority Specify the priority for the NSP Enter 1 250 where 1 is the highest priority Delete Click this button to remove an item from the list Add Click this button to add an item to the list OK Click this button to save...

Page 77: ...fied in the CAPL to be used for establishing connections to the H NSP Select Partially Flexible to allow the BM2022 to use NAPs not specified in the CAPL to connect to the H NSP Before attempting NAPs not specified in the CAPL the BM2022 will first try the NAPs specified in the CAPL to connect to the H NSP Select Flexible to allow the BM2022 to use any NAPs for establishing connections to the H NS...

Page 78: ... you made in the WiMAX Profile Frequency Settings and WiMAX Wide Scan screens Note You cannot see the wide scanning result that you made in WiMAX Wide Scan screen if the Join Wide Scan Result is set to No in the WiMAX Profile Frequency Settings screen Frequency KHz This field displays the available center frequency of a frequency band in kilohertz KHz Bandwidth MHz This field displays the bandwidt...

Page 79: ...cted base station Disconnect Click this to disconnect from the selected base station BSID This field displays the base station MAC address NSP This field displays the NSP ID NAP This field displays the NAP ID Network Type This field displays the network type Preamble ID This field displays the preamble ID The preamble ID is the index identifier in the header of the base station s broadcast message...

Page 80: ...AX connection is available Network Entry A WiMAX connection is initializing Normal The WiMAX connection has been successfully established BSID This field displays the MAC address of the base station to which the BM2022 is connected Frequency MHz This field displays the frequency the base station uses in megahertz MHz RSSI dBm This field displays the Received Signal Strength Indication RSSI which i...

Page 81: ...r the step increment in kilohertz KHz that the wide scan jumps each time it scans between the start and end frequencies Bandwidth MHz Enter the frequency bandwidth to be scanned Delete Click this to remove a range of frequencies from the wide scan range list Add Click this to add a range of frequencies to the wide scan range list OK Click this so save any changes to the wide scan range list Wide S...

Page 82: ...ll radio signal quality where a higher value means a better quality signal CINR R1 This field displays the average Carrier to Interference plus Noise Ratio R1 for the current connection This value is an indication of overall radio signal quality where a higher value means a better quality signal CINR Std Dev This field displays the average Carrier to Interference plus Noise Ratio Std Dev for the c...

Page 83: ...nection from one base station to another base station since the BM2022 last restarted Handover Maximum Latency This field displays the maximum latency for switching connections from one base station to another base station since the BM2022 last restarted Handover Minimum Latency This field displays the minimum latency for switching connections from one base station to another base station since th...

Page 84: ... through the WiMAX device since its last reboot Table 22 Link Statistics LABEL DESCRIPTION Link This section provides a detailed overview of link statistics HARQ This section provides a detailed overview of Hybrid Automatic Repeat Request link statistics TX RX This section provides a detailed overview of transmission and receiving link statistics MCS This section provides a detailed overview of Mo...

Page 85: ...AX Service Flow to open this screen as shown next Figure 34 Service Flow Screen This screen contains the following fields Table 23 Connection Info LABEL DESCRIPTION Active Connection CID This displays the unique unidirectional 16 bit Connection Identifier CID for an active connection Connection Type This displays the type of connection Table 24 Service Flow LABEL DESCRIPTION SFID This displays a 3...

Page 86: ...Chapter 6 WiMAX BM2022 User s Guide 90 ...

Page 87: ...ddress DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a machine before you can access it The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask There are two ways that an ...

Page 88: ...the broadcasting method of the RIP packets that the BM2022 sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M uses ...

Page 89: ... port When the BM2022 s WAN port receives a response with a specific port number and protocol incoming port the BM2022 forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not need to configure a new IP address each time you want a ...

Page 90: ...ation that supports NAT traversal and UPnP Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues Network information and configuration may also be obtained and modified by users in some network environments All UPnP enabled devices may communicate freely with each other without additio...

Page 91: ... use their own internal IP addresses while communicating with devices on the WAN WAN Protocol Select the protocol the BM2022 uses to connect to the WAN The options are Ethernet Select this if you have a persistent connection to the network PPPoE Select this if must log into the network before initiating a persistent connection GRE Tunnel Select this if you connect to the network using Point to Poi...

Page 92: ... Maximum Transmission Unit MTU for the BM2022 This is the largest protocol unit that the BM2022 allows to pass through it Clone MAC Address Enter a MAC address here for registering bridged devices on the network if their current MAC addresses are causing problems For example this can happen when a desktop computer swaps network interface cards the original NIC may have used its MAC address to regi...

Page 93: ...security MS CHAP v1 2 This is Microsoft s variant of Challenge Handshake Authentication Protocol CHAP It allows for mutual authentication between devices MPPE Encryption Use this option to enable or disable authentication through Microsoft Point To Point Encryption MPPE protocol MPPE Stateful Use this option to allow or disallow the BM2022 to use the Microsoft Point To Point Encryption MPPE protoc...

Page 94: ... these settings to configure the LAN connection between the WiMAX Device and your local network Click Network Setting LAN IP to open this screen as shown next Figure 40 IP Screen This screen contains the following fields Table 27 GRE LABEL DESCRIPTION Peer IP Address Enter the IP address of the GRE peer Table 28 EtherIP LABEL DESCRIPTION Peer IP Address Enter the IP address of the EtherIP peer Tab...

Page 95: ...DHCP Server DHCP Mode Select this if you want the BM2022 to be the DHCP server on the LAN As a DHCP server the BM2022 assigns IP addresses to DHCP clients on the LAN and provides the subnet mask and DNS server information None This disables DHCP mode for the BM2022 Server This sets the BM2022 as a DHCP server for the LAN Relay This sets the BM2022 as a DHCP relay for the LAN allowing it to pass th...

Page 96: ...the ISP User Define Select this to manually enter the DNS server used by the BM2022 Static DHCP MAC Address This field displays the MAC address of the static DHCP client connected to the BM2022 IP Address This field displays the IP address of the static DHCP client connected to the BM2022 Add Click this to add a new static DHCP entry OK Click this to save any changes made to this list DHCP Leased ...

Page 97: ... other routers Metric This field displays the static route metric Add Click this to add a new static route to the list Table 31 Static Route continued LABEL DESCRIPTION Table 32 Static Route LABEL DESCRIPTION Destination IP Enter the destination IP address of the static route Subnet Mask Enter the subnet mask of the static route Next Hop Select Interface and then select WAN or LAN for the next hop...

Page 98: ...stributed Metric This indicates the metric that is being used for redistribution Edit Click this to edit a selected route OK Click this to save any changes to the redistribution table LAN Direction Set the LAN network direction to use with RIP Version Set the RIP version to use Authentication Use this option to enable or disable RIP authentication Authentication ID Enter the authentication ID to u...

Page 99: ... the authentication key to use for RIP authentication Table 33 RIP continued LABEL DESCRIPTION Table 34 Port Forwarding LABEL DESCRIPTION Active This indicates whether the port forwarding rule is active or not Name The displays the name of the port forwarding rule Protocol This displays the protocol to which the port forwarding rule applies Incoming Port s Start Port This displays the starting por...

Page 100: ... to save any changes made to the port forwarding list Table 34 Port Forwarding continued LABEL DESCRIPTION Table 35 Port Forwarding Wizard LABEL DESCRIPTION Active Select this to make this port forwarding rule active Port Forward Rule Select the type of port forwarding rule Rule Name Enter a name for the port forwarding rule Protocol Select the port forwarding protocol Incoming Start Port Enter th...

Page 101: ...rd to the IP address the BM2022 records To forward one port number enter the port number in the Start Port and End Port fields To forward a range of ports enter the port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Port field If you want to delete this rule click the Delete icon Open Protocol This indicates which protocol is ...

Page 102: ...s to add a new port trigger rule OK Click this to save any changes made to the port trigger list Table 36 Port Trigger continued LABEL DESCRIPTION Table 37 Port Trigger Wizard LABEL DESCRIPTION Active Select this to make this port trigger rule active Port Trigger Rule Select the type of port trigger rule Rule Name Enter a name for the port trigger rule Trigger Protocol Select the type of port trig...

Page 103: ...to Jane s computer IP address 5 Only Jane can connect to the Real Audio server until the connection is closed or times out The BM2022 times out in three minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control Protocol Internet Protocol Two points to remember about trigger ports 1 Trigger events only happen on data that is coming from inside the BM2022 and going to the out...

Page 104: ...ss of your network DMZ host if you have one 0 0 0 0 means this feature is disabled Table 39 Network Setting NAT ALG LABEL DESCRIPTION Enable FTP ALG Turns on the FTP ALG to detect FTP File Transfer Program traffic and helps build FTP sessions through the BM2022 s NAT Enable H 323 ALG Turns on the H 323 ALG to detect H 323 traffic used for audio communications and helps build H 323 sessions through...

Page 105: ... information Table 39 Network Setting NAT ALG continued LABEL DESCRIPTION Table 40 QoS LABEL DESCRIPTION Interface This displays the interface for the QoS rule The IAD interface is for device management Configure DiffServ Code Point DSCP and or Priority marking based on which method is supported within your network With DSCP you can use 64 0 63 different markings compared to 6 1 6 with Priority ma...

Page 106: ...Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Table 41 UPnP LABEL DESCRIPTION Enable UPnP Select this to enable UPnP on the BM2022 Enable NAT PMP Select this to enable NAT Port Mapping Protocol on the BM20...

Page 107: ...to the Windows Optional Networking Component Wizard window and click Next 7 16 1 1 Auto discover Your UPnP enabled Network Device in Windows XP This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the BM2022 Make sure the computer is connected to a LAN port of the BM2022 Turn on your computer and the BM2022 1 Clic...

Page 108: ...r 7 Network Setting BM2022 User s Guide 112 2 Right click the icon and select Properties 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created ...

Page 109: ...add port mappings 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show icon in notification area when connected option and click OK An icon displays in the system tray 7 Double click on the icon to display your current Internet connection status ...

Page 110: ... helpful if you do not know the IP address of the BM2022 Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections 3 Select My Network Places under Other Places 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your BM2022 and select Invoke The web configurator l...

Page 111: ...ties window displays with basic information about the BM2022 7 17 VLAN Use this screen to configure port based VLAN settings on the BM2022 This screen allows you to assign port s to specific virtual LAN s in order to isolate traffic from different VLAN groups See Section 4 11 on page 48 for example configurations for VLANs ...

Page 112: ...nly one VLAN The device connected to an access port does not support VLAN tagged packets so the BM2022 will remove packets forwarded out of this port Packets received on access ports will be tagged with the specified PVID Select Trunk to allow packets belonging to different VLAN groups to pass through the port The device connected to this port should support VLAN tagged packets You must configure ...

Page 113: ...Untagged packets received will be forwarded If the port is an Access port the BM2022 will add tags to untagged packets it receives and drop tagged packets it receives If the port is a Trunk port the BM2022 will add tags to untagged packets it receives and retag tagged packets OK Click this to save the changes in the Port Setting section Filter Setting This is the index number of a filter Name This...

Page 114: ... Domain Name Enter the domain name Login Name Enter the user name Password Enter the password IP Update Policy Select the policy used by the BM2022 Options are Auto Detect WAN User Defined User Defined IP If chose User Defined for the IP Update Policy enter the user defined IP address Wildcards Select this to allow a hostname to use wildcards such as MX Select this to enable mail routing if suppor...

Page 115: ...d to carry user data Select this option to have the BM2022 act as an IGMP proxy This allows the BM2022 to get subscribing information and maintain a joined member list for each multicast group It can reduce multicast traffic significantly Save Click this to save the changes made Cancel Click this avoid any changes made from being saved to your configuration Table 45 Content Filter LABEL DESCRIPTIO...

Page 116: ...Setting BM2022 User s Guide 120 Delete Click this to delete a specified rule Add Click this to add a new filter rule OK Click this to save any changes made to the list Table 45 Content Filter continued LABEL DESCRIPTION ...

Page 117: ... theft destruction and modification of data The BM2022 is installed between the LAN and a WiMAX base station connecting to the Internet This allows it to act as a secure gateway for all data passing between the Internet and the LAN The BM2022 has one Ethernet LAN port The LAN Local Area Network port attaches to a network of computers which needs security from the outside world These computers will...

Page 118: ...pty rule then enter the incoming port number for the BM2022 to block If you want to delete this rule click the Delete icon Destination IP This displays the destination IP address for the IP filter rule Click Add to create a new empty rule then enter the outgoing IP address for the BM2022 to block If you want to delete this rule click the Delete icon Destination Port This displays the destination p...

Page 119: ...dd to create a new empty rule then enter the incoming MAC address for the BM2022 to block If you want to delete this rule click the Delete icon Destination MAC This displays the destination MAC for the MAC filter rule Click Add to create a new empty rule then enter the outgoing MAC address for the BM2022 to block If you want to delete this rule click the Delete icon Mon Sun Select which days of th...

Page 120: ...Port Scan Select this to monitor for and block port scan attacks A port scan attack is typically the precursor to a full blown denial of service attack wherein each port on a device is probed for security holes that can be exploited Once a security flaw is discovered an attacker can initiate the appropriate denial of service attack or intrusion attack against the client device Prevent from LAND At...

Page 121: ...block ping of death attacks A Ping of Death POD attack is one where larger than allowed ping packets are fragmented then sent against a client device This results in the client device suffering from a buffer overflow and subsequent system crash Prevent from PING from WAN Select this to ignore ping requests from the WAN Table 48 DDOS continued LABEL DESCRIPTION Table 49 PPTP Server LABEL DESCRIPTIO...

Page 122: ...ly select either MPPE 40 or MPPE 128 Local IP Address Enter the local endpoint for the PPTP connection Remote Start IP Enter the local IP address range the BM2022 assigns to remote users if the remote client device is set to obtain an IP address automatically Idle Timeout Enter the time in minutes to timeout PPTP connections DNS Server 1 DNS Server 2 Specify the IP addresses of DNS servers to assi...

Page 123: ...ABEL DESCRIPTION This is the index number of the connection Profile Name This is the name of this client connection Server IP This is the IP address of the PPTP VPN server Assign IP This is the local IP address the client assigns to itself or is assigned by the server MTU This field indicates the Maximum Transmission Unit MTU for the connection Status This is the connection status Add Click this t...

Page 124: ... handshake MSCHAPv1 Microsoft CHAP v1 MSCHAPv1 provides authentication through a shared secret key and uses a three way handshake It provides improved usability with Microsoft products MSCHAPv2 Microsoft CHAP v2 MSCHAPv2 provides encryption through a shared secret key and uses a three way handshake It provides additional security over MSCHAPv1 including two way authentication MPPE Encryption If MS...

Page 125: ...Enter the password for connecting to the PPTP server Retype Retype the password for connecting to the PPTP server Get IP automatically Select Yes to have the PPTP server assign a local IP address to the client Assign IP Address Enter the IP address for the client Ensure that the IP address is configured to be allowed on the PPTP server Idle Timeout Enter the time in minutes to timeout PPTP connect...

Page 126: ...thentication MPPE Encryption If MSCHAPv1 or MSCHAPv2 is selected as an Auth Protocol use the drop down list box to select the type of Microsoft Point to Point Encryption MPPE Options are MPPE 40 MPPE with 40 bit session key length MPPE 128 MPPE with 128 bit session key length Auto Automatically select either MPPE 40 or MPPE 128 Local IP Address Enter the local endpoint for the L2TP connection Remo...

Page 127: ...L2TP connection started Link Time s This displays the duration of the L2TP connection Disconnect Select a client and click this button to disconnect the selected client Table 52 L2TP Server LABEL DESCRIPTION Table 53 L2TP Client LABEL DESCRIPTION This is the index number of the connection Profile Name This is the name of this client connection Server IP This is the IP address of the L2TP VPN serve...

Page 128: ...on this for security CHAP Challenge Handshake Authentication Protocol CHAP provides authentication through a shared secret key and uses a three way handshake MSCHAPv1 Microsoft CHAP v1 MSCHAPv1 provides authentication through a shared secret key and uses a three way handshake It provides improved usability with Microsoft products MSCHAPv2 Microsoft CHAP v2 MSCHAPv2 provides encryption through a sh...

Page 129: ...etype the password for connecting to the L2TP server Get IP automatically Select Yes to have the L2TP server assign a local IP address to the client Assign IP Address Enter the IP address for the client Ensure that the IP address is configured to be allowed on the L2TP server Idle Timeout Enter the time in minutes to timeout L2TP connections Table 54 L2TP Client Add LABEL DESCRIPTION Table 55 IPSe...

Page 130: ...splays the single static IP address on the LAN behind your BM2022 or the IP address and subnet mask of a network behind your BM2022 Remote Network This displays the single static IP address on the LAN behind the remote IPSec router or the IP address and subnet mask of a network behind the remote IPSec router Add Click this button to add an item to the list Table 55 IPSec VPN LABEL DESCRIPTION ...

Page 131: ...Chapter 8 Security BM2022 User s Guide 135 8 11 2 IPSec VPN Add Use these settings Click Security IPSec VPN Add to open this screen as shown next Figure 69 IPSec VPN Add ...

Page 132: ...62 hexadecimal 0 9 A F characters You must precede a hexadecimal key with a 0x zero x which is not counted as part of the 16 to 62 character range for the key For example in 0x0123456789ABCDEF 0x denotes that the key is hexadecimal and 0123456789ABCDEF is the key itself Local ID Type Select IP to identify the BM2022 by its IP address Select Domain Name to identify this BM2022 by a domain name Sele...

Page 133: ... IKE Phase 1 Proposal This field is a sequential value and it is not associated with a specific proposal The sequence of proposals should not affect performance significantly Encryption Select which key size and encryption algorithm to use in the IKE SA Choices are DES a 56 bit key with the DES encryption algorithm 3DES a 168 bit key with the DES encryption algorithm AES128 a 128 bit key with the ...

Page 134: ... Endpoint field set to 0 0 0 0 Address Type Select Single address or Subnet address to specify if the VPN connection begins at an IP address or subnet Start IP Address If Single address is selected enter a static IP address on the LAN behind your BM2022 If Subnet address is selected specify IP addresses on a network by their subnet mask by entering a static IP address on the LAN behind your BM2022...

Page 135: ... Select Tunnel mode or Transport mode from the drop down list box Active Protocol Select the security protocols used for an SA Both AH and ESP increase processing requirements and communications latency delay If you select ESP here you must select options from the Encryption Algorithm and Authentication Algorithm fields described below Encryption Algorithm Select which key size and encryption algo...

Page 136: ...ructure including implementation algorithms The Encryption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms Perfect Forward Secrecy PFS Select whether or not you want to enable Perfect Forward Secrecy PFS PFS changes the root key that is used to generate encryption keys for each IPSec SA The longer the key the more secure the encry...

Page 137: ...in the packet such as TCP and UDP With ESP protection is applied only to the upper layer protocols contained in the packet The IP header information and options are not used in the authentication process Therefore the originating IP address cannot be verified for integrity against the data With the use of AH as the security protocol protection is extended forward into the IP header to verify the i...

Page 138: ...hoose an authentication algorithm Choose a Diffie Hellman public key cryptography key group DH1 or DH2 Set the IKE SA lifetime This field allows you to determine how long an IKE SA should stay up before it times out An IKE SA times out when the IKE SA lifetime period expires If an IKE SA times out when an IPSec SA is already established the IPSec SA stays connected In phase 2 you must Choose an en...

Page 139: ...and headers with a hash value appended to the packet When using AH protocol packet contents the data payload are not encrypted A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value and complain that the hash va...

Page 140: ...oblem by adding a UDP port 500 header to the IPSec packet The NAT router forwards the IPSec packet with the UDP port 500 header unchanged In the above figure when IPSec router A tries to establish an IKE SA IPSec router B checks the UDP port 500 header and IPSec routers A and B build the IKE SA For NAT traversal to work you must Use ESP security protocol in either transport or tunnel mode Use IKE ...

Page 141: ...tching ID type and content configuration in order to set up a VPN tunnel The two BM2022s in this example can complete negotiation and establish a VPN tunnel The two BM2022s in this example cannot complete their negotiation because BM2022 B s Local ID type is IP but BM2022 A s Remote ID type is set to E mail An ID mismatched message displays in the IPSEC LOG Table 59 Local ID Type and Content Field...

Page 142: ... a secure connection 8 12 9 Diffie Hellman DH Key Groups Diffie Hellman DH is a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys 768 bit 1024 bit 1536 bit 2048 bit and 3072 bit Diffie Hellman groups are supported Upon completion of the Diffie Hellman ex...

Page 143: ... set up and maintain global VoIP settings on the BM2022 The QoS screen Section 9 3 on page 150 lets you set up and maintain QoS settings for voice traffic flowing through the BM2022 The SIP screen Section 9 4 on page 151 lets you enable session timer and select the SIP session refresh method The Speed Dial screen Section 9 5 on page 151 lets you add edit or remove speed dial entries for the phone ...

Page 144: ... based on the application types and traffic flow Packets are marked with DiffServ Code Points DSCPs indicating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a pa...

Page 145: ... 74 VoIP General Media The following table describes the labels in this screen Table 62 VoIP General Media LABEL DESCRIPTION Port Range Media Port Start Media Port End Enter the listening port number s for RTP traffic on the BM2022 if your VoIP service provider gave you this information Otherwise keep the default values To enter one port number enter the port number in the both Media Port Start an...

Page 146: ...the end user but as packet loss increases the quality of sound degrades Select this to have the BM2022 to improve the voice quality when packet loss occurs T 38 Static Jitter Length T 38 is an ITU T standard that VoIP devices use to send fax messages over the Internet Select the number of milliseconds for the jitter buffer size used for transmitting T 38 fax messages Table 62 VoIP General Media co...

Page 147: ...r is a function used by both of the communication peers to determine if the call session is still active alive or not It uses the method specified in the following Refresh Method field to periodically refresh the SIP sessions Refresh Method Select the method to be used for periodically refreshing SIP sessions to determine if the session is still active Select UPDATE to use Update requests to refre...

Page 148: ...rwarding Resources can then be allocated according to the DSCP values and the configured policies Table 65 VoIP General Speed Dial LABEL DESCRIPTION Speed Dial Rules This is a list of speed dial numbers To edit an existing speed dial rule you can click the row for the rule and editable fields will appear Active This field displays whether the rule is activated or not Short Number This field displa...

Page 149: ... 161 lets you configure the SIP additional functions such as DTMF call forward and call waiting for the phone line The Dialing screen Section 10 6 on page 162 lets you configure some timeout setting for the phone line The FAX screen Section 10 7 on page 163 lets you configure which standard the phone line uses for sending faxes 10 1 2 What You Need to Know The following terms and concepts may help...

Page 150: ...t A SIP user agent can make and receive VoIP telephone calls This means that SIP can be used for peer to peer communications even though it is a client server protocol In the following figure either A or B can act as a SIP user agent client to initiate a call A and B can also both act as a SIP user agent to receive the call Figure 79 SIP User Agent SIP Proxy Server A SIP proxy server receives requ...

Page 151: ...type of NAT router and eliminates the need for STUN or a SIP ALG Turn off a SIP ALG on a NAT router in front of the BM2022 to keep it from retranslating the IP address since this is already handled by the outbound proxy server NAT and SIP The BM2022 must register its public IP address with a SIP register server If there is a NAT router between the BM2022 and the SIP register server the BM2022 prob...

Page 152: ... from your VoIP service provider 10 2 Status Click VoIP Account Status to view VoIP settings and current status Figure 82 VoIP Account Status The following table describes the labels in this screen Table 66 VoIP Account Status LABEL DESCRIPTION Server Status SIP Register This field displays the IP address or domain name and service port number of the register server if you have configured one SIP ...

Page 153: ...rver successfully Line Status Subscriber Number This field displays the SIP phone number for the phone line Account Status This indicates whether the SIP account is activated or not Enable means activated and Disable means deactivated Phone Status This field displays the phone status such as Idle Calling Ringing Connecting InCall Hold and Disconnecting Call History Received call This field display...

Page 154: ...Enter the registration expiry time in seconds for the SIP account specified in Section 10 4 on page 159 The allowable range is 60 65535 seconds However this value is just a default preference value by user the actual registration expiry time used by the SIP account is determined by the registrar server after the registration process Once the SIP account has registered at the registrar server succe...

Page 155: ...rt number if your VoIP service provider gave you one Otherwise leave it as the default 5060 If the outbound proxy is disabled set to 0 0 0 0 then this port will be ignored Table 67 VoIP Account Server LABEL DESCRIPTION Table 68 VoIP Account SIP LABEL DESCRIPTION SIP Account Enable Select this if you want the BM2022 to use this account Clear it if you do not want the BM2022 to use this account SIP ...

Page 156: ... a codec Session Timer Min Session Timer Enter the minimum session expiry time in seconds The allowable range is 90 65535 seconds When an incoming call requests a session expiry time that is lower than this value the BM2022 will respond with a 423 session timer too small message and tell the peer to use this value as the minimum bound Session Timer Enter the session expiry time in seconds for all ...

Page 157: ... not send caller ID Do Not Disturb DND Select this to have the BM2022 not forward calls to the phone line while processing incoming calls Thus for any incoming call the remote peer can hear ringback tone but the phone connected on the BM2022 would not ring Meanwhile the BM2022 can still make outgoing calls as usual Note The DND function should be used very carefully since enabling DND makes the BM...

Page 158: ... SIP messages Call Forward Setting Unconditional CF Unconditional CF Target Select this if you want the BM2022 to forward all incoming calls to the specified phone number regardless of other rules in this Call Forward Setting section Specify the phone number in the Unconditional CF Target field Note The Unconditional CF function should be used very carefully since enabling this function makes the ...

Page 159: ...mber after you press the first key on the phone If the BM2022 cannot receive the next digit entered within this time period the BM2022 processes digits you have dialed First digit Timeout Set the number of seconds 5 30 for the BM2022 to wait for you to start dialing a number after you pick up the telephone receiver If you do not dial any number within that time period the dial tone becomes a busy ...

Page 160: ...he call reaches half of the SE time period the session is refreshed Table 72 SIP Call Progression A P B 1 INVITE SE 60 2 422 MSE 3600 3 ACK 4 INVITE SE 3600 MSE 3600 5 INVITE SE 3600 MSE 3600 6 INVITE SE 3600 MSE 3600 7 OK SE 3600 8 OK SE 3600 9 OK SE 3600 10 ACK 11 ACK 12 Dialogue voice traffic ...

Page 161: ...0 and MSE of 3600 5 The SE in the new INVITE is acceptable so P forwards it to B 6 B receives the INVITE 7 B responds with an OK message which includes the SE of 3600 8 P forwards the OK message to A 9 A receives the OK 10 A then sends an ACK message to acknowledge that the call is established completely 11 The proxy server forwards the ACK message to B 12 Now A and B exchange voice media talk 13 ...

Page 162: ...firming receipt of the BYE request and the call is terminated 10 8 2 SIP Client Server SIP is a client server protocol A SIP client is an application program or device that sends SIP requests A SIP server responds to the SIP requests When you use SIP to make a VoIP call it originates at a client and terminates at a server A SIP client could be a computer or a SIP phone One device can act as both a...

Page 163: ...2022 is in 11 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter Voice Activity Detection Silence Suppression Comfort Noise Voice Activity Detection VAD detects whether or not speech is present This lets the BM2022 reduce the bandwidth that a call uses by not transmitting silent packets when you are not speaking When using VAD the BM2022 generates ...

Page 164: ... hook and off hook cycle in order to recognize a hook flash event Hook Flash Detect Lower Bound Enter the number of milliseconds for the lower bound of a quick on hook and off hook cycle in order to recognize a hook flash event Voice Tx Level Select the volume level transmitted by the BM2022 9 is the quietest and 9 is the loudest Voice Rx Level Select the volume level transmitted to the BM2022 9 i...

Page 165: ...Echo Canceller Tail Length Select the maximum number of milliseconds of an echo length 16 ms 32 ms or 48 ms the BM2022 can handle and eliminate the effect An echo is normally caused by the sound of your voice reverberating in the telephone receiver while you talk Select Disable to turn this feature off Table 74 VoIP Line Voice LABEL DESCRIPTION Table 75 VoIP Line Region LABEL DESCRIPTION Country P...

Page 166: ...g at one time Remote Management and NAT When NAT is enabled Use the BM2022 s WAN IP address when configuring from the WAN Use the BM2022 s LAN IP address when configuring from the LAN System Timeout There is a default system management idle timeout of five minutes The BM2022 automatically logs you out if the management session remains idle for longer than this timeout period The management session...

Page 167: ...our BM2022 and then configure it appropriately The ACS server which it will use must also be configured by its administrator Figure 91 TR 069 Example In this example the BM2022 A receives data from at least 3 sources A SIP server for handling voice calls an HTTP server for handling web services and an ACS for configuring the BM2022 remotely All three servers are owned and operated by the client s ...

Page 168: ...Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects The BM2022 supports MIB II that is defined in RFC 1213 and RFC 1215 The focus of the MIBs is to let administrators collect statistical data and monitor status and performance SNMP itself is a simple request response protocol based on the manager agent m...

Page 169: ... DM Data Management OMA DM Authentication In order to ensure the integrity of the connection between an OMA DM server and the BM2022 communication between the two is encoded using one of three common algorithms They are not intended to be used in lieu of proper digital security but instead as a means of transmitting multiple Table 76 SNMP Traps TRAP TRAP NAME DESCRIPTION 0 coldStart defined in RFC...

Page 170: ...than basic access authentication this protocol is not as strong as say HMAC or as secure as the client using a client side private key encryption scheme Hash Message Authentication Code Also known as HMAC this code relies on cryptographic hash functions to bolster an existing protocol such as MD5 It is a method for generating a stronger significantly higher encryption key OMA DM Data Model Each de...

Page 171: ...Internet in order to obtain a precise time setting from an official time server These time servers are accurate to within 200 microseconds 12 2 Password Use this screen to set up admin and guest accounts for logging into and managing the WiMAX Device The admin user can access and configure all screens The guest user can only perform some basic settings such as viewing the system status information...

Page 172: ...nable Select this to enable remote management using this service Port Number Enter the port number this service can use to access the BM2022 The computer must use the same port number HTTPS Server Enable Select this to enable remote management using this service Port Number Enter the port number this service can use to access the BM2022 The computer must use the same port number HTTP and HTTPS All...

Page 173: ...ter the port number this service can use to access the BM2022 The computer must use the same port number Allow Connection from WAN Select this to allow connections using this service that originate on the WAN Allow Connection from LAN Select this to allow connection using this service that originate on the LAN Table 80 SSH LABEL DESCRIPTION Enable Select this to enable remote management using this...

Page 174: ...ation of the SNMP server for example Engineering Dept Floor 6 Building A New York City Contact Enter contact information for the administrator managing the SNMP server for example Bill Smith IT Dept 555 555 5454 Read Community Enter the password for the incoming Get and GetNext requests from the management station The default is public and allows all requests Write Community Enter the password for...

Page 175: ...2022 connects to an ACS and which is used for authentication You can enter up to 31 alphanumeric characters a z A Z 0 9 and underscores but spaces are not allowed Periodical Inform Enable Select this to allow the BM2022 to periodically connect to the ACS and check for configuration updates If you do not enable this feature then the BM2022 can only be updated automatically when the ACS initiates co...

Page 176: ... provided by the ACS administrator CA Certificate File Click Browse to upload a Certificate Authority CA certificate to the BM2022 CA Certificate Info This displays information about the currently active CA certificate Client Certificate File Click Browse to upload a client certificate to the BM2022 Client Certificate Info This displays information about the currently active client certificate Tab...

Page 177: ... Type up to 20 digits for the OMA DM server nonce Client Auth Type Select the encryption algorithm scheme used by the OMA DM server to communicate with client devices If the scheme selected here does not match the actual scheme used by the server then server will challenge the BM2022 to automatically update its settings None No authentication Basic Server ID and Password are encoded using a Basic ...

Page 178: ...ance Date Time Time Zone to open this screen as shown next Figure 103 Time Zone Screen Table 84 Date LABEL DESCRIPTION Manual New Time Enter the new time in this field New Date Enter the new date in this field Get from Time Server Time Protocol Select the time service protocol that your time server uses Check with your ISP or network administrator or use trial and error to find a protocol that wor...

Page 179: ... about two minutes The device also automatically restarts in this time This causes a temporary network disconnect Note Do not turn off the device while firmware upload is in progress Table 85 Time Zone LABEL DESCRIPTION Time Zone Select the time zone at your location Enable Daylight Savings Time Select this if your location uses daylight savings time Daylight savings is a period from late spring t...

Page 180: ...MP Upgrade Use this screen to upgrade the firmware on the WiMAX Device using CWMP Request Download Click Maintenance Firmware Upgrade CWMP Upgrade to open this screen as shown next Figure 106 CWMP Upgrade Screen This screen contains the following fields Table 87 Upgrade Link LABEL DESCRIPTION Upgrade Link Enter the URL or IP address of the firmware s upgrade location on the network Upgrade Click t...

Page 181: ...WiMAX Device settings from a backup file on a local computer Click Maintenance Backup Restore Restore to open this screen as shown next Figure 108 Restore Screen Table 89 Backup Restore LABEL DESCRIPTION Backup Click this to save the BM2022 s current configuration to a file on your computer Once your device is configured and functioning properly it is highly recommended that you back up your confi...

Page 182: ...e notified with an error message 12 16 Factory Defaults Use this screen to restore the WiMAX Device to its factory default settings Click Maintenance Backup Restore Factory Defaults to open this screen as shown next Figure 109 Factory Defaults Screen This screen contains the following fields Table 90 Restore LABEL DESCRIPTION Configuration File Click Choose File then browse to the location of a fi...

Page 183: ...y Use this screen to view the log messages of the WiMAX Device Table 92 Log Setting LABEL DESCRIPTION Enable Log Select this to have the BM2022 log network activity according to the selected Log Level Log Level Select the type of logs to record Enable Remote Log Select this to allow logs to be recorded and stored on a remote logs server Remote Log Host Enter the remote log host IP address if Enabl...

Page 184: ...k Test Ping to open this screen as shown next Figure 112 Ping Screen This screen contains the following fields Table 93 Log Display LABEL DESCRIPTION Display Level Select the type of logs to display from this menu Refresh Click this to refresh the logs in the display window Table 94 Ping LABEL DESCRIPTION IP Address Enter the IP address or domain name of a target device to which this test will sen...

Page 185: ... screen displays information about the BM2022 that can be useful when upgrading firmware considering deployment options and working with technical support if the device encounters difficulties Click Maintenance About to open this screen as shown next Figure 114 About Screen Table 95 Traceroute LABEL DESCRIPTION IP Address Enter the IP address or domain name of a target device to which this test wi...

Page 186: ...ntification Software Version This field displays the Web Configurator software version that the BM2022 is currently running CROM Version This field displays the CROM version number Firmware Version This field displays the current version of the firmware inside the device Firmware Date This field displays the date the firmware version was created Bootloader Version This field displays the bootloade...

Page 187: ...Chapter 12 Maintenance BM2022 User s Guide 192 ...

Page 188: ...e BM2022 2 Make sure the power adapter or cord is connected to the BM2022 and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adapter or cord to the BM2022 4 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 1 2 1 on pag...

Page 189: ...187 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 7 6 on page 98 use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the BM2022 2 Check the hardware connections and m...

Page 190: ... not on 2 You cannot log in to the web configurator while someone is using Telnet to access the BM2022 Log out of the BM2022 in the other session or ask the person who is logged in to log out 3 Disconnect and re connect the power adapter or cord to the BM2022 4 If this does not work you have to reset the BM2022 to its factory defaults See Section 12 16 on page 187 I cannot Telnet to the BM2022 See...

Page 191: ...t 1 The quality of the BM2022 s wireless connection to the base station may be poor Poor signal reception may be improved by moving the BM2022 away from thick walls and other obstructions or to a higher floor in your building 2 There may be radio interference caused by nearby electrical devices such as microwave ovens and radio transmitters Move the BM2022 away or switch the other devices off Weat...

Page 192: ...2022 1 Make sure the Power LED is on and not blinking 2 Press and hold the Reset button for five to ten seconds Release the Reset button when the Power LED begins to blink The default settings have been restored If the BM2022 restarts automatically wait for the BM2022 to finish restarting and log in to the web configurator The password is 1234 If the BM2022 does not restart automatically disconnec...

Page 193: ...Chapter 13 Troubleshooting BM2022 User s Guide 198 ...

Page 194: ... Subscriber analog connector Antenna 6 0 5dBi internal antenna Weight 600 g Dimensions 165 mm W x 25 mm D x 260 mm H Certification FCC CNC Comply with WiMAX Forum Wave II standard EEE Proposal for Directive on Environmental Impacts of Electrical and Electronic Equipment EMC o EN 301 489 1 and EN 301 489 17 Emission class B Transportation Shock and Vibration o EN 300 019 2 2 Public transportation 2...

Page 195: ...ection By default when the firewall is activated all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN The BM2022 s firewall supports TCP UDP inspection DoS detection and prevention real time alerts reports and logs Content Filtering The BM2022 can block access to web sites containing specified keywords You can define time periods and days during which content...

Page 196: ...y Detection VAD reduces the bandwidth that a call uses by not transmitting when you are not speaking Comfort Noise Generation Your device generates background noise to fill moments of silence when the other device in a call stops transmitting because the other party is not speaking as total silence could easily be mistaken for a lost connection Echo Cancellation You device supports G 168 of at lea...

Page 197: ...P version 2 RFC 3262 Reliability of Provisional Responses in the Session Initiation Protocol SIP RFC 3263 Session Initiation Protocol SIP Locating SIP Servers RFC 3264 An Offer Answer Model with the Session Description Protocol SDP RFC 3265 Session Initiation Protocol SIP Specific Event Notification RFC 3323 A Privacy Mechanism for SIP RFC 3325 Private Extensions to the Session Initiation Protocol...

Page 198: ... allows you to customize the phone keypad combinations you use to access certain features on the BM2022 such as call waiting call return call forward etc The phone configuration table is configurable in command interpreter mode Firmware update enable disable If your service provider uses this feature you hear a recorded message when you pick up the phone when new firmware is available for your BM2...

Page 199: ...t call establishment between two IADs Quick dialing through predefined phone book which maps the phone dialing number and destination URL Flexible Dial Plan RFC3525 section 7 1 14 Table 103 Star and Pound Code Support 0 Wireless Operator Services 2 Customer Care Access 66 Repeat Dialing 67 Plus the 10 digit phone number to block Caller ID on a single call basis 69 Return last call received 70 Foll...

Page 200: ... to the base station or the mobile or subscriber stations PKMv2 PKMv2 is a procedure that allows authentication of a mobile or subscriber station and negotiation of a public key to encrypt traffic between the MS SS and the base station PKMv2 uses standard EAP methods such as Transport Layer Security EAP TLS or Tunneled TLS EAP TTLS for secure communication In cryptography a key is a piece of infor...

Page 201: ...nse from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the base station and the RADIUS server for user accounting Accounting Request Sent by the base station requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access poi...

Page 202: ...mode avoids the security weakness of repeated identical blocks of encrypted text that makes encrypted data vulnerable to pattern spotting Cipher Block Chaining Message Authentication also known as CBC MAC ensures message integrity by encrypting each block of plain text in such a way that its encryption is dependent on the block before it This series of chained blocks creates a message authenticati...

Page 203: ...Appendix A WiMAX Security BM2022 User s Guide 208 ...

Page 204: ...unicate with the other devices on your network Windows Vista XP 2000 Mac OS 9 OS X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure that your network s computers have IP addresses that place them in the same subnet In this appendix you can set up an IP address for Win...

Page 205: ...s XP NT 2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT 1 Click Start Control Panel Figure 116 Windows XP Start Menu 2 In the Control Panel click the Network Connections icon Figure 117 Windows XP Control Panel ...

Page 206: ...e 211 3 Right click Local Area Connection and then select Properties Figure 118 Windows XP Control Panel Network Connections Properties 4 On the General tab select Internet Protocol TCP IP and then click Properties Figure 119 Windows XP Local Area Connection Properties ...

Page 207: ...dress that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided 7 Click OK to close the Internet Protocol TCP IP Properties window Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start All Programs Accessories Command Prompt 2 In the Command Pr...

Page 208: ...n shows screens from Windows Vista Professional 1 Click Start Control Panel Figure 121 Windows Vista Start Menu 2 In the Control Panel click the Network and Internet icon Figure 122 Windows Vista Control Panel 3 Click the Network and Sharing Center icon Figure 123 Windows Vista Network And Internet ...

Page 209: ...nections Figure 124 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then select Properties Figure 125 Windows Vista Network and Sharing Center Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue ...

Page 210: ...ppendix B Setting Up Your Computer s IP Address BM2022 User s Guide 215 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 126 Windows Vista Local Area Connection Properties ...

Page 211: ... IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced 9 Click OK to close the Internet Protocol TCP IP Properties window Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start All Programs Accessories Command Promp...

Page 212: ...7 Mac OS X 10 3 and 10 4 The screens in this section are from Mac OS X 10 4 but can also apply to 10 3 1 Click Apple System Preferences Figure 128 Mac OS X 10 4 Apple Menu 2 In the System Preferences window click the Network icon Figure 129 Mac OS X 10 4 System Preferences ...

Page 213: ... in Ethernet from the network connection type list and then click Configure Figure 130 Mac OS X 10 4 Network Preferences 4 For dynamically assigned settings select Using DHCP from the Configure IPv4 list in the TCP IP tab Figure 131 Mac OS X 10 4 Network Preferences TCP IP Tab 5 For statically assigned settings do the following ...

Page 214: ...ield type your subnet mask In the Router field type the IP address of your device Figure 132 Mac OS X 10 4 Network Preferences Ethernet Click Apply Now and close the window Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network Interface from the Info tab Figure 133 Mac OS X 10 4 Network Utility ...

Page 215: ... BM2022 User s Guide 220 Mac OS X 10 5 The screens in this section are from Mac OS X 10 5 1 Click Apple System Preferences Figure 134 Mac OS X 10 5 Apple Menu 2 In System Preferences click the Network icon Figure 135 Mac OS X 10 5 Systems Preferences ...

Page 216: ...of available connection types Figure 136 Mac OS X 10 5 Network Preferences Ethernet 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings do the following From the Configure list select Manually In the IP Address field enter your IP address In the Subnet Mask field enter your subnet mask ...

Page 217: ... B Setting Up Your Computer s IP Address BM2022 User s Guide 222 In the Router field enter the IP address of your BM2022 Figure 137 Mac OS X 10 5 Network Preferences Ethernet 6 Click Apply and close the window ...

Page 218: ... to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default Ubuntu 8 installation Note Make sure you are logged in as the root administrator Follow the steps bel...

Page 219: ... By default the Unlock button is greyed out until clicked You cannot make changes to your configuration unless you first enter your admin password Figure 140 Ubuntu 8 Network Settings Connections 3 In the Authenticate window enter your admin account name and password then click the Authenticate button Figure 141 Ubuntu 8 Administrator Account Authentication ...

Page 220: ... The Properties dialog box opens Figure 143 Ubuntu 8 Network Settings Properties In the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the IP address Subnet mask and Gateway address fields 6 Click OK to save the changes and close the Properties dialog box and return t...

Page 221: ...er s Guide 226 7 If you know your DNS server IP address es click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided Figure 144 Ubuntu 8 Network Settings DNS 8 Click the Close button to apply the changes ...

Page 222: ...fying Settings Check your TCP IP properties by clicking System Administration Network Tools and then selecting the appropriate Network device from the Devices tab The Interface Statistics column shows data if your connection is working properly Figure 145 Ubuntu 8 Network Tools ...

Page 223: ...nding on your specific distribution release version and individual configuration The following screens use the default openSUSE 10 3 installation Note Make sure you are logged in as the root administrator Follow the steps below to configure your computer IP address in the KDE 1 Click K Menu Computer Administrator Settings YaST Figure 146 openSUSE 10 3 K Menu Computer Menu 2 When the Run as Root KD...

Page 224: ...dow opens select Network Devices and then click the Network Card icon Figure 148 openSUSE 10 3 YaST Control Center 4 When the Network Settings window opens click the Overview tab select the appropriate connection Name from the list and then click the Configure button Figure 149 openSUSE 10 3 Network Settings ...

Page 225: ...k the Address tab Figure 150 openSUSE 10 3 Network Card Setup 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address Fill in the IP address Subnet mask and Hostname fields 7 Click Next to save the changes and close the Network Card Setup window ...

Page 226: ...Guide 231 8 If you know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided Figure 151 openSUSE 10 3 Network Settings 9 Click Finish to save your settings and close the window ...

Page 227: ...he Task bar to check your TCP IP properties From the Options sub menu select Show Connection Information Figure 152 openSUSE 10 3 KNetwork Manager When the Connection Status KNetwork Manager window opens click the Statistics tab to see if your connection is working properly Figure 153 openSUSE Connection Status KNetwork Manager ...

Page 228: ...rnet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 154 Pop up Blocker You c...

Page 229: ...the screen This disables any web pop up blockers you may have enabled Figure 155 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab ...

Page 230: ...BM2022 User s Guide 235 2 Select Settings to open the Pop up Blocker Settings screen Figure 156 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 ...

Page 231: ...dd to move the IP address to the list of Allowed sites Figure 157 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScript If pages of the web configurator do not display properly in Internet Explorer check that JavaScript is allowed ...

Page 232: ...er click Tools Internet Options and then the Security tab Figure 158 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Page 233: ...OK to close the window Figure 159 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Page 234: ...issions BM2022 User s Guide 239 5 Click OK to close the window Figure 160 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected ...

Page 235: ...OK to close the window Figure 161 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascript and pop ups in one screen Click Tools then click Options in the screen that appears Figure 162 Mozilla Firefox TOOLS Options ...

Page 236: ...C Pop up Windows JavaScript and Java Permissions BM2022 User s Guide 241 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 163 Mozilla Firefox Content Security ...

Page 237: ...Appendix C Pop up Windows JavaScript and Java Permissions BM2022 User s Guide 242 ...

Page 238: ...work number and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which ho...

Page 239: ... the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous sequ...

Page 240: ...s these two IP addresses cannot be used for individual hosts calculate the maximum number of possible hosts in a network as follows Notation Since the mask is always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually spe...

Page 241: ...maximum of 28 2 or 254 possible hosts The following figure shows the company network before subnetting Figure 165 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 ...

Page 242: ...68 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is...

Page 243: ... 168 1 127 Highest Host ID 192 168 1 126 Table 110 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 111 Subnet 4 IP SUBNET MASK N...

Page 244: ...254 255 Table 113 24 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 114 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS N...

Page 245: ... to change the subnet mask computed by the BM2022 unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved th...

Page 246: ...omputer B which is a DHCP client Neither can access the Internet This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address automatically Figure 167 Conflicting Computer IP Addresses Example Conflicting Router IP Addresses Example Since a router connects different networks it must have interfaces using different network numbers...

Page 247: ...n not use the same IP address In the following example the computer and the router s LAN port both use 192 168 1 1 as the IP address The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port Figure 169 Conflicting Computer and Router IP Addresses Example ...

Page 248: ...is legitimate Many Huawei products issue their own public key certificates These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it However because the certificates were not issued by one of the several organizations officially recognized by the most common web browsers you will need to import the Huawei cr...

Page 249: ...s Vista 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error Figure 170 Internet Explorer 7 Certification Error 2 Click Continue to this website not recommended Figure 171 Internet Explorer 7 Certification Error 3 In the Address Bar click Certificate Error View certificates Figure 172 Internet Explorer...

Page 250: ...tes BM2022 User s Guide 255 4 In the Certificate dialog box click Install Certificate Figure 173 Internet Explorer 7 Certificate 5 In the Certificate Import Wizard click Next Figure 174 Internet Explorer 7 Certificate Import Wizard ...

Page 251: ...then go to step 9 Figure 175 Internet Explorer 7 Certificate Import Wizard 7 Otherwise select Place all certificates in the following store and then click Browse Figure 176 Internet Explorer 7 Certificate Import Wizard 8 In the Select Certificate Store dialog box choose a location in which to save the certificate and then click OK Figure 177 Internet Explorer 7 Select Certificate Store ...

Page 252: ... Finish Figure 178 Internet Explorer 7 Certificate Import Wizard 10 If you are presented with another Security Warning click Yes Figure 179 Internet Explorer 7 Security Warning 11 Finally click OK when presented with the successful certificate installation message Figure 180 Internet Explorer 7 Certificate Import Wizard ...

Page 253: ...258 12 The next time you start Internet Explorer and go to a Huawei web configurator page a sealed padlock icon appears in the address bar Click it to view the page s Website Identification information Figure 181 Internet Explorer 7 Website Identification ...

Page 254: ...n prompted you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file Figure 182 Internet Explorer 7 Public Key Certificate File 2 In the security warning dialog box click Open Figure 183 Internet Explorer 7 Open File Security Warning 3 Refer to steps 4 12 in the Internet Explorer procedure beginning on page 254 to complete the insta...

Page 255: ...rer This section shows you how to remove a public key certificate in Internet Explorer 7 1 Open Internet Explorer and click TOOLS Internet Options Figure 184 Internet Explorer 7 Tools Menu 2 In the Internet Options dialog box click Content Certificates Figure 185 Internet Explorer 7 Internet Options ...

Page 256: ...te and then click Remove Figure 186 Internet Explorer 7 Certificates 4 In the Certificates confirmation click Yes Figure 187 Internet Explorer 7 Certificates 5 In the Root Certificate Store dialog box click Yes Figure 188 Internet Explorer 7 Root Certificate Store 6 The next time you go to the web site that issued the public key certificate you just removed a certification error appears ...

Page 257: ...ion then the first time you browse to it you are presented with a certification error 2 Select Accept this certificate permanently and click OK Figure 189 Firefox 2 Website Certified by an Unknown Authority 3 The certificate is stored and you can now connect securely to the web configurator A sealed padlock appears in the address bar which you can click to open the Page Info Security window to vie...

Page 258: ... to a Huawei web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Open Firefox and click TOOLS Options Figure 191 Firefox 2 Tools Menu 2 In the Options dialog box click ADVANCED Encryption View Certificates Figure 192 Firefox 2 Options ...

Page 259: ...Import Figure 193 Firefox 2 Certificate Manager 4 Use the Select File dialog box to locate the certificate and then click Open Figure 194 Firefox 2 Select File 5 The next time you visit the web site click the padlock in the address bar to open the Page Info Security window to see the web page s security information ...

Page 260: ... Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2 1 Open Firefox and click TOOLS Options Figure 195 Firefox 2 Tools Menu 2 In the Options dialog box click ADVANCED Encryption View Certificates Figure 196 Firefox 2 Options ...

Page 261: ...e certificate that you want to remove and then click Delete Figure 197 Firefox 2 Certificate Manager 4 In the Delete Web Site Certificates dialog box click OK Figure 198 Firefox 2 Delete Web Site Certificates 5 The next time you go to the web site that issued the public key certificate you just removed a certification error appears ...

Page 262: ...P Professional however the screens can apply to Opera 9 on all platforms 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Click Install to accept the certificate Figure 199 Opera 9 Certificate signer not found ...

Page 263: ...ficates BM2022 User s Guide 268 3 The next time you visit the web site click the padlock in the address bar to open the Security information window to view the web page s security details Figure 200 Opera 9 Security information ...

Page 264: ...sing to a Huawei web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Open Opera and click TOOLS Preferences Figure 201 Opera 9 Tools Menu 2 In Preferences click ADVANCED Security Manage certificates Figure 202 Opera 9 Preferences ...

Page 265: ...022 User s Guide 270 3 In the Certificates Manager click Authorities Import Figure 203 Opera 9 Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click Open Figure 204 Opera 9 Import certificate ...

Page 266: ...e dialog box click Install Figure 205 Opera 9 Install authority certificate 6 Next click OK Figure 206 Opera 9 Install authority certificate 7 The next time you visit the web site click the padlock in the address bar to open the Security information window to view the web page s security details ...

Page 267: ...emoving a Certificate in Opera This section shows you how to remove a public key certificate in Opera 9 1 Open Opera and click TOOLS Preferences Figure 207 Opera 9 Tools Menu 2 In Preferences ADVANCED Security Manage certificates Figure 208 Opera 9 Preferences ...

Page 268: ...to remove and then click Delete Figure 209 Opera 9 Certificate manager 4 The next time you go to the web site that issued the public key certificate you just removed a certification error appears Note There is no confirmation when you delete a certificate authority so be absolutely certain that you want to go through with it before clicking the button ...

Page 269: ...nqueror 3 5 on all Linux KDE distributions 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Click Continue Figure 210 Konqueror 3 5 Server Authentication 3 Click Forever when prompted to accept the certificate Figure 211 Konqueror 3 5 Server Authentication ...

Page 270: ... Importing Certificates BM2022 User s Guide 275 4 Click the padlock in the address bar to open the KDE SSL Information window and view the web page s security details Figure 212 Konqueror 3 5 KDE SSL Information ...

Page 271: ...to you 1 Double click the public key certificate file Figure 213 Konqueror 3 5 Public Key Certificate File 2 In the Certificate Import Result Kleopatra dialog box click OK Figure 214 Konqueror 3 5 Certificate Import Result The public key certificate appears in the KDE certificate manager Kleopatra Figure 215 Konqueror 3 5 Kleopatra 3 The next time you visit the web site click the padlock in the ad...

Page 272: ...s Menu 2 In the Configure dialog box select Crypto 3 On the Peer SSL Certificates tab select the certificate you want to delete and then click Remove Figure 217 Konqueror 3 5 Configure 4 The next time you go to the web site that issued the public key certificate you just removed a certification error appears Note There is no confirmation when you remove a certificate authority so be absolutely cer...

Page 273: ...Appendix E Importing Certificates BM2022 User s Guide 278 ...

Page 274: ...ions that use this service or the situations in which this service is used Table 115 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers ...

Page 275: ... environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or oth...

Page 276: ... Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow u...

Page 277: ... 207 server 66 auto discovery UPnP 111 B base station see BS BS 65 66 links 66 BYE request 166 C CA 67 68 CBC MAC 207 CCMP 205 207 cell 65 certificates 205 CA 67 formats 67 verification 207 Certification Authority see CA chaining 207 chaining message authentication see CCMP circuit switched telephone networks 147 Class of Service CoS 148 client server protocol 166 SIP 166 CMAC see MAC codec 147 co...

Page 278: ...SP 140 Ethernet encapsulation 92 Extensible Authorization Protocol see EAP F firewall 121 FTP 171 restrictions 171 G G 168 167 G 711 147 G 729 148 H hybrid waveform codec 148 I IANA 250 ID type and content 144 identity 66 205 idle timeout 171 IEEE 802 16 65 205 IEEE 802 16e 65 IGD 1 0 94 IKE phases 142 inner authentication 207 inside header 142 Internet access 66 gateway device 94 Internet Assigne...

Page 279: ...rk activity 66 services 66 network address translators 155 Network Discovery and Selection see ND S O outbound proxy 155 SIP 155 outbound proxy server 155 outside header 141 P pattern spotting 207 PBX services 147 PCM 147 per hop behavior 152 PHB per hop behavior 152 phone services 156 PKMv2 66 205 207 plain text encryption 207 Point to Point Tunneling Protocol VPN see PPTP VPN PPTP VPN 125 pre sh...

Page 280: ...ee ALG BYE request 166 call progression 163 client 166 client server 166 identities 153 INVITE request 165 number 153 proxy server 154 register server 154 servers 166 service domain 154 URI 153 user agent 154 SIP outbound proxy 155 SNMP 171 manager 173 sound quality 147 SS 65 66 STUN 155 subnet 243 mask 244 subnetting 246 subscriber station see SS supplementary phone services 156 syntax convention...

Page 281: ... 167 verification 207 virtual LAN see VLAN VLAN 115 examples 48 voice activity detection 167 coding 147 mail 147 Voice over IP see VoIP VoIP 147 W waveform codec 147 WiMAX 65 66 security 206 WiMAX Forum 65 Wireless Interoperability for Microwave Access see WiMAX Wireless Metropolitan Area Network see MAN wireless network access 65 standard 65 wireless security 205 wizard setup 27 ...

Page 282: ...orient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s aut...

Reviews:

No comments

Related manuals for BM2022

D-Link ShareCenter Quattro DNS-345 Quick Install Manual preview
ShareCenter Quattro DNS-345
Brand: D-Link Pages: 40
D-Link ShareCenter Quattro DNS-345 Datasheet preview
ShareCenter Quattro DNS-345
Brand: D-Link Pages: 4
D-Link AirPlus G DWL-G710 Troubleshooting preview
AirPlus G DWL-G710
Brand: D-Link Pages: 5
D-Link MYDLINK DNR-322L Datasheet preview
MYDLINK DNR-322L
Brand: D-Link Pages: 4
D-Link mydlink DNR-312L Quick Install Manual preview
mydlink DNR-312L
Brand: D-Link Pages: 8
D-Link AC750 Quick Install Manual preview
AC750
Brand: D-Link Pages: 12
D-Link DNS-722-4 Quick Install Manual preview
DNS-722-4
Brand: D-Link Pages: 16
D-Link DNS-722-4 User Manual preview
DNS-722-4
Brand: D-Link Pages: 88
D-Link DSL-G2562DG Quick Start Manual preview
DSL-G2562DG
Brand: D-Link Pages: 2
4IPNET WHG301 User Manual preview
WHG301
Brand: 4IPNET Pages: 97
Cambium Networks PTP 820 Series Manual preview
PTP 820 Series
Brand: Cambium Networks Pages: 29
Zenith Data Systems Z-100 Series Installation Manual preview
Z-100 Series
Brand: Zenith Data Systems Pages: 64
Paradyne Adapter Bracket Notice preview
Adapter Bracket
Brand: Paradyne Pages: 1
Industrex M43ic Instruction Manual preview
M43ic
Brand: Industrex Pages: 51
Freescale Semiconductor MCF54455 Reference Manual preview
MCF54455
Brand: Freescale Semiconductor Pages: 921
Usr USR4504 Installation Manual preview
USR4504
Brand: Usr Pages: 2
B&B Electronics Parallel Printer Card PIOC User Manual preview
Parallel Printer Card PIOC
Brand: B&B Electronics Pages: 16
National Instruments FieldPoint cFP-RTD-122 Operating Instructions Manual preview
FieldPoint cFP-RTD-122
Brand: National Instruments Pages: 15

Brands by name

Popular brands

Load more brands