LevelOne GBR-4001 User Manual Download Page 85

Page: 85 / 191

Chapter 8 User Management

http://www.level1.com

Page 80

2. How the WEB authenticated users to go off line safely

Users open the browser for authentication using the user name, password.

After successful authentication, the dialog box for successful authentication that opens,

click Go off line safely.

Click OK in the web page message dialog box that opens.

8.4.3

WEB Authentication Client Status

Figure 8_22 WEB Authentication Client Status

User name: Displays the user name of the users who are using the WEB authentication.

IP address: Displays the IP address of the users who are using the WEB authentication.

Tip

The user names and IP addresses in the WEB authentication connection status list are those of the

users who are using WEB authentication.

Summary of Contents for GBR-4001

Page 1: ...GBR 4001 4 WAN Gigabit Broadband VPN Router User Manual V1 0 Digital Data Communications Asia Co Ltd http www level1 com...

Page 2: ...WAN1 Port Configuration Dynamic IP access 12 4 2 WAN1 port configuration Static IP access 13 4 3 WAN1 configuration PPPoE access 13 Chapter 5 Start menu 15 5 1 Configuration Wizard 15 5 2 Interface s...

Page 3: ...Port mirroring 55 7 6 Port VLAN 56 7 7 SYSLOG configuration 58 Chapter 8 User management 59 8 1 User status 59 8 2 IP MAC binding 61 8 2 1 IP MAC binding list 62 8 2 2 IP MAC binding configuration 63...

Page 4: ...103 11 2 1 Access Control Rule 104 11 2 2 Access control list 105 11 2 3 Access Control Settings 106 11 2 4 Access Control Settings instance 112 11 3 Domain filtering 115 11 3 1 Domain filtering Setti...

Page 5: ...stem log information 163 14 3 2 Log Management Settings 165 Chapter 15 Customer service 166 Appendix A Configuration of LAN computers 167 Appendix A FAQ 170 B 1 How ADSL users go online 170 B 2 How th...

Page 6: ...rfaces IP address subnet mask LAN port 192 168 1 1 255 255 255 0 WAN port Dynamic IP access Table 0 1 Factory settings of interfaces 2 The factory user name of the system administrator is admin and th...

Page 7: ...d provide a fixed IP allocation account billing and other functions Support routine business notification due account notification functions Support WEB authentication function Support Internet behavi...

Page 8: ...s Support filtering of MAC addresses 1 2 Specifications Meets IEEE802 3 Ethernet and IEEE802 3u Fast Ethernet standards Supports TCP IP DHCP ICMP NAT PPPoE static routes and other protocols The physic...

Page 9: ...system burden is heavy Defective often light or often Link Act Port status indicator When a device is properly connected to a port the status LED that corresponds to the port stays lit and it will fl...

Page 10: ...on and automatically restart Note The above operations will delete all the original device configurations please use it with care 2 2 Precaution for installation 1 Make sure to install the workbench a...

Page 11: ...device on a sufficiently large stable and properly grounded workbench with its bottom up 2 Remove the adhesive protective paper from the foot pad and stick the 4 pads in the 4 round slots at the bott...

Page 12: ...e 2 Establish a WAN connection Connect the WAN port of the router to the Internet with a network cable as shown in the figure below 3 Connect the power supply Before connecting the power supply make s...

Page 13: ...P address You can use either of the following methods 1 Set the computer s IP address as one of the addresses from 192 168 1 2 192 168 1 254 the subnet mask is 255 255 255 0 and the default gateway is...

Page 14: ...ce can be configured through browsers such as Internet Explorer or Firefox Open the browser and type in the IP address of the device s LAN port in the address bar such as http 192 168 1 1 After the co...

Page 15: ...f username password are Admin case sensitive on the login interface and then click OK Figure 3_1 WEB login interface If user name and password are correct the browser will display the homepage of the...

Page 16: ...n 3 Booking Service Link to the booking service page of LEVELONE s official website for advance reservation of the customer service in a certain working period 2 This page displays the main menu bar o...

Page 17: ...izard homepage appears directly in the main operating page As shown in Figure 4_1 Figure 4_1 Home page of configuration wizard In logging next time the wizard will no longer automatically pop up When...

Page 18: ...The following describes the meaning of the parameters for configuration of fixed IP access Figure 4_3 Configuration Wizard Static IP access IP address subnet mask gateway address primary DNS server s...

Page 19: ...you If you have any questions please ask your ISP User name Type in the password the ISP provides you If you have any questions please ask your ISP Tip 1 After configuring the Internet line for the WA...

Page 20: ...faces and view the statistics data of the devices real time traffics 5 1 Configuration Wizard The Start Configuration wizard pages can help you to quickly configure the basic parameters required by so...

Page 21: ...Figure 5_2 Interface Traffic WAN WAN port of the device click on the tab to view the dynamic figure of receiving sending traffic LAN LAN port of the device click on the tab to view the dynamic figure...

Page 22: ...Flip bLeveloneon and the colors can swap to receive and send data 5 4 Restart Device If you need to restart the device just enter into the Start Restart device page to click Restart Figure 5_3 Restart...

Page 23: ...onfigure not only the line information modify or delete the configured lines according to the actual needs but also view the connection status of lines After completing the configuration of Internet l...

Page 24: ...and China Mobile respectively Working mode options include NAT and routing mode NAT mode Network address translation The router working in this mode can convert the IP address of the Intranet LAN side...

Page 25: ...through Operator policy and the system will generate a corresponding route based on the user s choice you can easily achieve the goal that Telecom traffic flows on the Telecom routes while Unicom traf...

Page 26: ...rnet media are selected the device will obtain the IP address subnet mask and gateway address information through dial up User name and password The user name and password provided by the operator whe...

Page 27: ...n the premise of using the correct user name and password Idle time The time length after there is no traffic of access and before automatic disconnection 0 means no automatic disconnection Unit minut...

Page 28: ...for the WAN interface provided by ISP Downstream rate upstream rate The downlink uplink average rate of the current line in the time interval of two times of list refreshing The unit is KB s 1 Dial u...

Page 29: ...re 6_7 Internet Connection List Dynamic IP access Update The system automatically complete the process of releasing the IP address and then obtaining an IP address again Release Releases the currently...

Page 30: ...nse within a detection cycle this line will be deemed to be failed and it will be shielded immediately For example if the 3 inspection packets that are sent have no response within a detection cycle t...

Page 31: ...s automatically redistributed In the Partial line load balancing while the others backed up mode part of the lines are used as main lines the other part of the lines is used as backup lines Working pr...

Page 32: ...ation mode Partial Load Balancing is selected here Main line The list box represents the main line group and all the lines in the list box are used as the main lines Main line The list box represents...

Page 33: ...ion Click on the interface of the line or the Edit hyperlink corresponding to the line to skip to the relevant page for change Refresh Click Refresh to get the latest status information of line combin...

Page 34: ...hosts on the current line is to be used in priority in Intranet Save The above configuration parameters take effect Refill Restores to the configuration parameters before modification Return Returns t...

Page 35: ...multiple lines are configured please enable the device s identity binding function to make normal use of such apps as QQ online bank 6 3 Configuration of LAN port The device s LAN ports can be config...

Page 36: ...plex 100M HD 100M half duplex 1000M FD 1000M full duplex supported by Gigabit devices The default is Auto which is usually not required to be modified and if there is any compatibility issue or the de...

Page 37: ...ort of the device Gateway address The gateway IP address the DHCP server automatically assigns to the network computer which should be consistent with the LAN IP address of the device Leasing time The...

Page 38: ...unction without having to change the PC setting after the device enables the DNS proxy function 6 4 2 Static DHCP This section describes the static DHCP list and the way to configure a static DHCP Usi...

Page 39: ...below Below is a description of the meaning of the parameters for configuring static DHCP Figure 6_16 Static DHCP configuration User name Configures the user name of the computer bound by this DHCP c...

Page 40: ...lient Enabling this function can protect against network ARP spoofing If it is not enabled no automatic binding operation is to be done Enable DHCP automatic deletion When DHCP automatic deletion is e...

Page 41: ...e addresses The host with the MAC address of00 21 85 9B 45 46 assigns the fixed IP address of 192 168 1 15 while the host with the MAC address of00 1F 3C 0f 07 F4 assigns the fixed IP address of 192 1...

Page 42: ...CP service settings Instance The third step is to enter the Network parameters DHCP server Static DHCP page and click Add new entry to configure the two static DHCP instances in the request such as Fi...

Page 43: ...list as shown in Figure 6_22 If configuration errors are found you can click the corresponding item s icon directly and enter into the Static DHCP configuration page for modification and saving Figur...

Page 44: ...ELONE does not guarantee the DDNS service must be able to meet the requirements nor guarantee the service will not be uninterrupted nor guarantee the timeliness safety and accuracy of network services...

Page 45: ...s feature Figure 6_23 UPnP configuration Enable UPnP Ticking the check box for enabling the UPnP feature Internal address The host IP address when port translation is needed in the intranet Internal p...

Page 46: ...limited range of public network IP addresses Since the internal network can be effectively isolated from the outside world so NAT can also provide some assurance for network security LEVELONE routing...

Page 47: ...omputers if any If there are no matching static mappings it will check to see if there is a matching virtual server 3 Two types of NAT rules The device provides two NAT types Easy IP and One2One Easy...

Page 48: ...tic mapping entry named as admin is added in the list after remote management is enabled in Systems management Remote management page they cannot be edited or deleted in this page 2 Static NAT mapping...

Page 49: ...hen you are unable to confirm that the protocol used by the application is TCP or UDP select TCP UDP External starting port The starting service port the device provides to the Internet IP address The...

Page 50: ...with the intranet IP address of 192 168 1 20 192 168 1 25 to 200 200 202 20 and binds to the WAN1 port to achieve Internet access The NAT type of an instance One2One converts the address with the intr...

Page 51: ...ng IP address internal ending IP address The IP address range for the computers in the intranet that have the priority to use the NAT rules for Internet access Binding Selects the interface bound by t...

Page 52: ...ternal starting IP address is set to 192 168 1 50 Internal ending IP address is set to 192 168 1 52 external starting address is set to 200 200 202 50 then 192 168 1 50 192 168 1 51 192 168 1 52 are i...

Page 53: ...a single line for Internet access and the ISP has assigned 8 addresses for this line 218 1 21 0 29 218 1 21 7 29 where 218 1 21 1 29 is the gateway address of the line and 218 1 21 2 29 is the IP addr...

Page 54: ...he next hop is set to the IP address of the bound interface III One2One configuration instance Demands An enterprise applies for a line of Telecom which adopts the fixed IP access method and the bandw...

Page 55: ...e Configuration steps are follows The first step is to enter the Advanced configuration NAT and DMZ configurations NAT rules page and click Add new entry The second step is to enter the NAT rules conf...

Page 56: ...network failure you need to manually modify the static routing information in the routing table Setting and using static routes correctly can improve network performance and meet special requirements...

Page 57: ...etwork segment Priority Sets the priority of a static route When the destination network subnet mask are the same select the high priority routing for forwarding data and the smaller the value is the...

Page 58: ...policy routing This is a global switch of policy routing Only after it is enabled can the configured policy routing can take effect Move to Users can appropriately sort the policies using this bLevelo...

Page 59: ...ss and the ending IP address following this policy route User group The user group following this policy route click on User group to refer to the source address for policy reference for the user grou...

Page 60: ...t 7 4 Anti NetSniper This section describes the Advanced Configuration Anti NetSniper page and configuration methods Network vanguard defense is used to crack the shared detection set by the network o...

Page 61: ...monitored port cannot be the same port as the monitoring port 7 6 Port VLAN This section describes the port VLAN function of the Advanced configuration Port VLAN page VLAN virtual LAN can split the n...

Page 62: ...he VLAN group name of the VLAN VLAN members Displays the members to the VLAN 4 Port VLAN Figure 7_17 Port VLAN settings VLAN group number Sets the VLAN group number VLAN group name Sets the name of th...

Page 63: ...tionally both LAN2 port and LAN3 port are not in the same VLAN and the hosts under LAN2 and LAN3 cannot access to each other 7 7 SYSLOG configuration This section describes the Advanced Configuration...

Page 64: ...o on by viewing analyzing the pie charts and lists in this page Figure 8_1 User Status Analysis of the current network traffic usage analyzes the current percentage of network traffic used by Intranet...

Page 65: ...d minor yellow normal green When an intranet user s behavior of accessing shopping websites social networking sites using stock software and playing online web game accounts for a range of 100 70 of a...

Page 66: ...n and the list will refresh the list at the automatic refreshing interval 8 2 IP MAC binding This section describes the User management IP MAC binding page and configuration method To implement networ...

Page 67: ...e device Allow Ticking this check box means to allow the bound user to connect to the device but unchecking it means to disallow the bound user to connect to the device Modify the IP MAC binding entri...

Page 68: ...Figure 8_5 IP MAC binding configuration Network segment The management IP address subnet mask of the device by default Text box Displays the scanned IP MAC information or the configured IP MAC bindin...

Page 69: ...white list are legal users their IP and MAC address exactly matches an entry in the IP MAC binding information list and the entry selects Allow The users in the black list are illegal users their IP a...

Page 70: ...es of the host that is prohibited from Internet access as the IP MAC address binding pair and deselect Allow no in the box namely to prohibit the users that exactly match the IP MAC address from acces...

Page 71: ...t to prohibit a host with the IP address of 192 168 1 30 and the MAC address of 0021859b2564 from connecting and passing the device you can add an IP MAC address binding pair enter the host s IP addre...

Page 72: ...overy stage This stage is used to establish a connection When a user host wants to start a PPPoE session it must first implement the discovery stage to identify the Ethernet MAC address of PPPoE Serve...

Page 73: ...PPoE session together uniquely 2 PPP session stage When PPPoE enters the PPP session stage the client and the server will conduct a standard PPP negotiation and after this the data is sent over PPP en...

Page 74: ...oE server automatically assigns to the network computers Primary DNS server The IP address of the primary DNS server automatically assigned by the PPPoE server to the network computers Secondary DNS s...

Page 75: ...nd confirming password 4 Click Submit to display Operation is successful and the password is successfully changed 2 Users can modify their password 5 times a day on their own 3 The administrator can u...

Page 76: ...feature please go to Behavior management Electronic notification page for configuration Expired Means that the account is not in the effective date of account Date of account opening date of account...

Page 77: ...ed IP address assigned for the PPPoE dial up user which must be within the scope of address pool Added to the account groups the user name will be added to the appropriate account group which must be...

Page 78: ...formation of the IP addresses the user s MAC address online time of PPPoE connections upload download rates etc the PPPoE server assigns to the user in the list Figure 8_13 PPPoE User Status List Tip...

Page 79: ...password for the account in the txt format 8 3 6 Import PPPOE Accounts Figure 8_15 Import PPPOE Accounts Tip 1 When configuring PPPOE accounts to be imported and bound in batch its input format is Ac...

Page 80: ...or to account expiration the maximum number of sessions of test3 is set to 5 2 Configuration steps 1 Configure the PPPoE server Log on to the device enter the User management PPPoE server page configu...

Page 81: ...the maximum number of sessions for its account to 5 Figure 8_18 Instance PPPoE User Status List 4 Configure the account expiration notification feature Enter the Behavior management Electronic notifi...

Page 82: ...ure 8_19 WebAuth Global Settings Enable WEB authentication Checking it means that the intranet users cannot access the Internet unless passing the WEB authentication Enable background image Check it t...

Page 83: ...text Tip texts for custom WEB authentication pop up window Network image link Enters the network link to the picture to make this picture as the background of the WEB authentication pop up window 8 4...

Page 84: ...s the maximum number of sessions for the account Hang up Clicks this bLeveloneon to hang up the connection to the user Add new entry Click this bLeveloneon to enter the Figure 8_21 page to configure t...

Page 85: ...lick Go off line safely 3 Click OK in the web page message dialog box that opens 8 4 3 WEB Authentication Client Status Figure 8_22 WEB Authentication Client Status User name Displays the user name of...

Page 86: ...oup list Figure 8_24 User group Settings Group name Customizes the group name of the user group Group type It consists of address group and account group Here account group refers to the PPPoE authent...

Page 87: ...and click Add new entry to enter into the configuration page as shown in Figure 9_2 Time period defines the effective time for related features one time period can define the three time units Figure 9...

Page 88: ...http www level1 com Page 83 Figure 9_2 Schedule Settings 9 2 Application Control This section describes the net behavior management list and net behavior management configuration in the App Control Ap...

Page 89: ...behavior management feature 9 2 2 Internet Application Management Settings Click Add new entry on the above image to enter the Net behavior management configuration page to manage intranet users net b...

Page 90: ...ets the time when the net behavior management instance takes effect Tip When a net behavior management feature does not take effect make sure that this policy library is up to date In the Behavior man...

Page 91: ...and game software checking stocks and game site information and access to the shopping website during the working time In the rest of the time all operations are opened up Here the users at the manage...

Page 92: ...1 Enter the Behavior management Net behavior management page to enter the Net behavior management configuration page 2 Configure behavior management policies for sales department customer service dep...

Page 93: ...evel1 com Page 88 Figure 9_5 Internet Application Management Figure 9_6 Internet Application Management Continued Figure 9_5 9 3 QQ white list QQ white list refers to the QQ users who are defined to b...

Page 94: ...entry to add QQ white list users in the QQ white list configuration page Figure 9_7 QQ white list Allow 400 800 Business QQ Checks to allow 400 800 Business QQ Enable QQ white list Checks to enable th...

Page 95: ...TM Whitelist Aliwangwang White List refers to the Aliwangwang users allowed to log in after Aliwangwang is prohibited in the Net behavior management Enter the App Control TM Whitelist page and after t...

Page 96: ...he App Control Notification page to configure routine business notification and account expiration notification Notification is a notice sent by the device to users in the form of Web pages when the I...

Page 97: ...dress range of routine business notification which can only contain 65535 addresses at maximum Notification title content Sets the title and content of the routine business notification Redirecting ti...

Page 98: ...page for the first time with the effective time period Tip When the routine business notification only involves the change of Notification title Notification content click Save and the notification wi...

Page 99: ...ction describes the net behavior audit feature Enter the App Control Application Audit Log Management page as shown in the figure below Figure 9_12 Log management Enable web logs Enables the web log t...

Page 100: ...rd the latest 400 log information 9 7 Policy Database This section describes the App Control Policy Database page and operating procedures The system provides 11 different types of policies at present...

Page 101: ...scribes the meaning of the parameters in the policy library info list Name The name of a policy Type The type of a policy for example QQ is of the IM type as shown in the above figure Notes A detailed...

Page 102: ...ers can limit the uploading downloading rates of the Intranet users in a segment of address through the fine rate limit feature in order to achieve a rational distribution and utilization of bandwidth...

Page 103: ...the fine rate limit to take effect Rate limit policy The available options are exclusive and shared Exclusive means each IP addresses in this range can use this bandwidth Shared means the IP addresses...

Page 104: ...width feature Uplink and downlink bandwidth of WAN1 Sets the uplink and downlink bandwidth of WAN1 applied for from ISP and the custom maximum value of Gigabit devices can be set to 1000M Uplink and d...

Page 105: ...connections The maximum number of TCP connections established per host in the Intranet whose default is 1000 Total connections The maximum number of UDP connections established per host in the Intran...

Page 106: ...set too low so it is recommended that The number of TCP connections is not less than 100 the number of UDP connections is not less than 50 the number of ICMP connections is not less than 10 If their v...

Page 107: ...ion 1 Internal Attack Prevention Figure 11_1 Attack Prevention Internal Attack Prevention Enable DDoS attack defense When enabled the device will effectively defend against the common Intranet DDOS at...

Page 108: ...d the WAN port of the device does not respond to the ping requests from the external network 11 2 Access control This section describes the functions and configuration methods of the Firewall Access c...

Page 109: ...l in the IP header is TCP or UDP then filter again according to the TCP header information source port and destination port or UDP header information source port and destination port When filter type...

Page 110: ...warding and discarding and the corresponding actions are allow or disallow When the packets to be processed match a defined access control policy and if the action of the policy is allow then the devi...

Page 111: ...ttings Access control policy is to control the packets flowing through the device Click Add new entry in the above figure to enter the Access control policy configuration page to configure the require...

Page 112: ...e access control policy Action The implementing action for the access control policy the options are allow or disallow Allow Allows the packet that matches the access control policy to pass that is th...

Page 113: ...defined then set them to the same value with the range of values as 1 65535 Destination starting address destination ending address The destination starting IP address and destination ending address f...

Page 114: ...es that start with the domain name are matched Or you can enter the substring of the domain name and then all pages that contain the substring in the URL are matched thus filtering all web pages of a...

Page 115: ...e you need to disallow or allow FTP connections by configuring the access control policy of IP filter type 3 Access Control Settings Keyword filtering Figure 11_6 Access Control Settings Keyword filte...

Page 116: ...ther parameters have the same meaning as that of the parameters in the IP filter type which will not be repeated here Please refer to the related description Filter type Here DNS filtering is selected...

Page 117: ...0 Analysis Custom policy 1 Allows the DNS application in 192 168 1 10 192 168 1 20 Custom policy 2 Allows the WEB application in 192 168 1 10 192 168 1 20 Custom policy 3 Disallows all other applicati...

Page 118: ...100 from visiting the website http www bbc com IP address is 212 58 246 93 and the website http www cnn com IP address is 157 166 255 18 but allow all other online services of the group Analysis Conf...

Page 119: ...Chapter 11 Firewall http www level1 com Page 114 Figure 11_10 Access Control Settings Instance II Figure 11_11 Access Control Settings Instance I Continued Figure 11_10...

Page 120: ...attention in the domain name filtering operation steps domain name filtering configuration process 11 3 1 Domain filtering Settings Figure 11_12 Domain filtering page Steps of configuring domain name...

Page 121: ...one as displayed in the Domain list in whole word it will not be able to access the web page corresponding to that domain name 3 You can filter multiple domain names by entering the wildcard character...

Page 122: ...le of the notification information pushed by the device Redirecting time Sets the redirecting time for accessing the domain name as listed in the domain name list Blank means no redirecting while 0 me...

Page 123: ...k Notification page 11 4 MAC Address Filtering This section describes the MAC address filtering function of the Firewall MAC address filtering page including The steps of MAC address filtering and the...

Page 124: ...MAC address filtering function Filtering rules Users can choose Allow Allow only the MAC addresses in the list to access to the network or Disallow Disallow only the MAC addresses in the list to acce...

Page 125: ...ddress filtering configuration page as shown in the figure below Figure 11_16 MAC Address Filtering Settings User name Displays the user name of the configured MAC address filtering MAC address Config...

Page 126: ...ss which can be obtained using the ipconfig all command under the DOS environment on Windows platforms User name It can be ignored because the system will automatically assign a name for it Tip 1 In t...

Page 127: ...e Intranet The basic function of the PPTP is to transmit user data packets encapsulated using PPP in the IP network PPTP client is responsible for receiving the raw data from users and encapsulates it...

Page 128: ...iew the information related to the PPTP tunnel such as user name business type remote Intranet IP address session state time of connection established Figure 12_2 PPTP list Tip 1 The operation of the...

Page 129: ...figuration PPTP page click Add a server in the page as shown in Figure 12_2 and enter the PPTP server page 12 1 3 1 Global Settings Figure 12_3 PPTP server Global Settings Enable PPTP server Check to...

Page 130: ...server after dialing through the VPN but cannot open the web pages Encryption mode Sets the data encryption mode with the options of MPPE encryption no encryption Note In the use of MPPE encryption m...

Page 131: ...r address pool Remote Intranet network address Fills in the IP addresses used by the LAN at the opposite end of the PPTP tunnel which may be the LAN IP address of the device at the opposite end of the...

Page 132: ...The password used when dialing the tunnel Password authentication mode Sets the password authentication mode to establish PPTP VPN The options include MS CHAPV2 PAP CHAP ANY automatically negotiate w...

Page 133: ...ses the PPTP to establish VPN tunnels and the VPN gateway in both places are using HiPER router and the mobile users using the built in PPTP client software of the Windows operating systems at the fol...

Page 134: ...LAN User name Test2 Password 123456 Password authentication mode MS CHAPV2 Remote Intranet network addresses 192 168 16 1 Remote Intranet subnet mask 255 255 255 0 Figure 12_8 PPTP server Settings LA...

Page 135: ...lients are configured as shown in the above figure user name test1 Password 123456 Password authentication mode MS CHAPV2 Remote Intranet network addresses 192 168 1 1 Remote subnet mask 255 255 255 0...

Page 136: ...elect Optional encryption which can connect without encryption 12 In Allow these protocols check Unencrypted password PAP Challenge Handshake Authentication Protocol CHAP Microsoft CHAP MS CHAP Micros...

Page 137: ...ectively to view the PPTP instance connection information As shown in the figure below you can view the user name service type session status using time remote Intranet IP address mask and other infor...

Page 138: ...www level1 com Page 133 Figure 12_13 PPTP Client Info List 1 Figure 12_14 PPTP Client Info List 2 12 2 IPSec 12 2 1 IPSec Overview With the development of security standards and network protocols vari...

Page 139: ...tegrity and authenticity of packets sent across the Internet through encryption and data origin authentication at the IP layer IKE Internet Key Exchange IKE is used for both communicating parties to n...

Page 140: ...rties data integrity and data source authentication as well as the anti replay feature PSK Pre Shared Key One of the IKE authentication methods which requires that each IKE peer use a predefined and s...

Page 141: ...ond phase both parties negotiate about encryption algorithms keys life cycle as well as authentication of IPSec and establish a channel for encryption and authentication of user data IPSec SA 1 Phase...

Page 142: ...icate if you are using a certificate The third message The initiator authenticates the responder and confirms the exchange Since the participants identities are exchanged in the plain text in the firs...

Page 143: ...y DH exchanges and generation of current numbers So the survival time of SA is usually set to relatively long 1 hour to 1 day typically Within the validity period the two communicating parties can onl...

Page 144: ...IPSec NAT Traversal NAT T is under standardization by the IPSec network of the Internet Engineering Task Force In the IPSec negotiation process the two peers can be determined automatically according...

Page 145: ...s of connection namely gateway to gateway dynamic connection to the gateway the other party dynamically connects to the local The following describes the meaning of the configuration parameters for th...

Page 146: ...ddress of the Intranet protected at the remote end of the IPSec tunnel if the remote end is a mobile single user then fill in the IP address of the device Network mask The subnet mask of the Intranet...

Page 147: ...cond phase Figure 12_17 IPSec Advanced options Main mode First phase Negotiation mode Sets the negotiation mode in the first phase with the options main mode and aggressive mode When selecting gateway...

Page 148: ...re to reject the received packets or copies of packets in order to protect themselves from attacks DPD Sets whether to enable DPD After enabled the device sends a heartbeat packet on a regular basis t...

Page 149: ...can only be used as the initiator when establishing an IPSec tunnel and the IPSec tunnel should have the aggressive mode selected at both ends for the IKE negotiation in the first phase Remote end Id...

Page 150: ...onnect to local machine has been described in the previous two sections so there is no need to repeat any more When selecting Other party dynamically connects to the local the remote gateway address d...

Page 151: ...ijing and hopes to achieve a mutual access to the internal resources of the LAN in two places This scenario uses the IPSec protocol to establish VPN tunnels and the HiPER router is used by the VPN gat...

Page 152: ...N IP address of Beijing gateway 200 200 202 127 and remote Intranet address is the LAN IP address of Beijing gateway 192 168 1 1 which is locally bound at WAN1 port Set the preshared key for the first...

Page 153: ...68 1 1 which is locally bound at WAN1 port Set the preshared key for the first phase to testing and the encryption and authentication algorithms for the second phase is esp ase 128 View connection sta...

Page 154: ...Chapter 12 VPN http www level1 com Page 149 Figure 12_23 IPSec connection status Shanghai gateway Figure 12_24 IPSec connection status Beijing gateway...

Page 155: ...utual access to the internal resources of the LAN in two places This scenario uses the IPSec protocol to establish VPN tunnels and the HiPER router is used by the VPN gateway in two places at the foll...

Page 156: ...mically connecting to the local machine and Beijing gateway dynamically connecting to Shanghai gateway Meanwhile set the Beijing gateway information such as Intranet addresses identity ID Locally boun...

Page 157: ...gateway to a dynamic connection to the gateway Meanwhile sets up Shanghai gateway related information such as gateway address Intranet address identity ID Locally bound at the WAN1 port set the presha...

Page 158: ...Chapter 12 VPN http www level1 com Page 153 Figure 12_28 IPSec connection status Other party connects to local host dynamically Figure 12_29 IPSec connection status Connect to local host dynamically...

Page 159: ...software upgrade remote management scheduled task page This chapter mainly describes how to change administrator user name and password How to set the device clock How to back up and import configura...

Page 160: ...dification you must use the new user name and password to log into the device 13 2 Language This section describes the System management Language selection page Select the device s WEB interface langu...

Page 161: ...nchronization After using the network time synchronization function to set up a right NTP server and when the device is connected to the Internet it will automatically synchronize the time with the se...

Page 162: ...u have checked the check box Restore factory settings before import click the Import bLeveloneon and the device will be restored to the factory settings Tip Do not cut off the device s power supply in...

Page 163: ...st version of the software Upgrading steps Step 1 Download the latest version of software Click on the hyperlink Download the latest version and go to the official site of LEVELONE to download the lat...

Page 164: ...ed of human intervention 13 6 Remote Management This section describes the System Remote management page To facilitate the network maintenance by remote administrators on this page you can configure t...

Page 165: ...ty purposes unless absolutely necessary do not enable the remote management function In looking for LEVELONE s customer service engineer s service please enable the remote management function 13 7 Sch...

Page 166: ...13 10 Scheduled Task Settings Task name Name of the custom tasks Startup type Indicates time cycle and the options are per week per day per hour per minute Running time Means the specific time for im...

Page 167: ...again here 14 2 System information In the System status System information page network administrators can understand the system related information and view the system history Through system informa...

Page 168: ...the product model of the device Hardware version Displays the hardware version number of the device Software version Displays the software version number of the device Refresh Click Refresh to view th...

Page 169: ...it to a user at this point the system will assign another IP address to the user ARP Spoof mac MAC address New IP IP address mac MAC address Old IP IP address mac MAC address Means the spoofing of ga...

Page 170: ...Check to enable DHCP logging for recording the conflicts of the DHCP server and DHCP Distribute the address conflicts and other messages Enable notification logging Check to enable notification loggin...

Page 171: ...ces LEVELONECare Link to the customer service page of LEVELONE s official website to acquire customer services and technical supports Product Discussion Link to the discussion forums of LEVELONE s off...

Page 172: ...on the Network connections icon right click on Local connection and select Properties In the Local connection Properties This connection uses the following items check to see if TCP IP is already ins...

Page 173: ...Figure A 1 select Internet Protocol TCP IP option in This connection uses the following items and then click the Properties bLeveloneon 3 Enter the Internet Protocol TCP IP properties window select U...

Page 174: ...ght click the Local connection select Properties enter the Local connection Properties window as shown in Figure A 1 select Internet Protocol TCP IP option in This connection uses the following items...

Page 175: ...ckage fee you can select the type of dial up as Auto dial If not you can select the type of dial up as Dial on demand or Manual dial and you can type in the idle time to prevent forgetting line breaka...

Page 176: ...rmal which can be tested by a PC 2 Connect the WAN port of the device to the ISP network device with a network cable 3 In the Network parameters WAN configuration page configure the parameters of the...

Page 177: ...ion you can view the configuration and status information for the line Figure B 3 when a dynamic IP is connected such as Connection status which is displayed as Connected in normal connection with the...

Page 178: ...password If you forget the administrator password you will not be able to enter the WEB interface and now you can only use the Reset bLeveloneon to restore the factory settings of the device The step...

Page 179: ...gure 6_3 PPPoE access 21 Figure 6_4 Internet Connection List 22 Figure 6_5 Internet Connection List information Continued Figure 6_4 23 Figure 6_6 Internet Connection List PPPoE access 24 Figure 6_7 I...

Page 180: ...e 8_6 IP MAC binding information list Instance I 65 Figure 8_7 IP MAC binding information list Instance II 66 Figure 8_8 IP MAC binding information list Instance III 66 Figure 8_9 Basic workflow of Di...

Page 181: ...cess Control Settings DNS filtering 111 Figure 11_8 Access Control Settings Instance I 112 Figure 11_9 Access Control Settings Instance I Continued Figure 11_8 113 Figure 11_10 Access Control Settings...

Page 182: ...12_26 Dynamic on one party The other party dynamically connects to local machine 151 Figure 12_27 Dynamic on one party Dynamically connects to the gateway 152 Figure 12_28 IPSec connection status Oth...

Page 183: ...d LGPLv2 inquiries Please direct all GPL and LGPL inquiries to the following address Digital Data Communications GmbH Zeche Norm Str 25 44319 Dortmund Deutschland Phone 49 231 9075 0 Fax 49 231 9075 1...

Page 184: ...oftware and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know yo...

Page 185: ...m does 1 You may copy and distribute verbatim copies of the Program s source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate...

Page 186: ...te the Program or a work based on it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following we use this doubled UL t...

Page 187: ...ribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enfor...

Page 188: ...er of this License you may choose any version ever published by the Free Software Foundation 10 If you wish to incorporate parts of the Program into other free programs whose distribution conditions a...

Page 189: ...GNU General Public License as published by the Free Software Foundation either version 2 of the License or at your option any later version This program is distributed in the hope that it will be usef...

Page 190: ...e program Gnomovision which makes passes at compilers written by James Hacker signature of Ty Coon 1 April 1989 Ty Coon President of Vice This General Public License does not permit incorporating your...

Page 191: ...http www level1 com Page 186...

Search results

Summary of Contents for GBR-4001

Reviews:

Related manuals for GBR-4001

Brands by name

Popular brands

LevelOne GBR-4001, User Manual

Search results

Summary of Contents for GBR-4001

Reviews:

Related manuals for GBR-4001

Brands by name

Popular brands