MitraStar Movistar GPT-2541GNAC User Manual Download Page 127

Page: 127 / 226

Chapter 16 IPSec VPN

127

16.3.7.1 ID Type and Content Examples

Two IPSec routers must have matching ID type and content configuration in order to set up a VPN

tunnel.

The two Routers in this example can complete negotiation and establish a VPN tunnel.

Table 74

Matching ID Type and Content Configuration Example

ROUTER A

ROUTER B

Local ID type: E-mail

Local ID type: IP

Local ID content: [email protected]

Local ID content: 1.1.1.2

Remote ID type: IP

Remote ID type: E-mail

Remote ID content: 1.1.1.2

Remote ID content: [email protected]

The two Routers in this example cannot complete their negotiation because Router B’s

Local ID

Type

, but Router A’s

Remote ID Type

is set to

E-mail

. An “ID mismatched” message displays in

the IPSEC LOG.

Table 75

Mismatching ID Type and Content Configuration Example

ROUTER A

ROUTER B

Local ID type: IP

Local ID content: 1.1.1.10

Local ID content: 1.1.1.2

Remote ID type: E-mail

Remote ID type: IP

Remote ID content: [email protected]

Remote ID content: 1.1.1.0

16.3.8 Pre-Shared Key

A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see

Section

16.3.3 on page 123

for more on IKE phases). It is called “pre-shared” because you have to share it

with another party before you can communicate with them over a secure connection.

E-mail

Type an e-mail address (up to 31 characters) by which to identify this Router.

The domain name or e-mail address that you use in the

Local ID

Content

field is used

for identification purposes only and does not need to be a real domain name or e-

mail address.

Table 73

Local ID Type and Content Fields (continued)

LOCAL ID

TYPE=

CONTENT=

Summary of Contents for Movistar GPT-2541GNAC

Page 1: ...Firmware Version 1 00 Edition 1 9 2015 Default Login Details http 192 168 1 1 User Name admin Password 1234 GPT 2541GNAC Indoor GPON HGU User s Guide...

Page 2: ...Graphics in this book may differ slightly from the product due to differences in operating systems operating system versions or if you installed updated firmware software for your device Every effort...

Page 3: ...r 3 WAN 25 GPON Layer2 Interface 26 Layer 2 GPON Interface Configuration 26 Ethernet Layer2 Interface 27 Ethernet Layer 2 Interface Configuration 27 WAN Service 29 WAN Connection Configuration 46 Chap...

Page 4: ...l Control 80 Time Restriction 81 Add a Time Restriction Rule 82 URL Filter 83 Add a URL Filter Rule 84 Chapter 9 Quality of Service QoS 84 QoS General 85 Queue Setup 86 Add a QoS Queue 87 Class Setup...

Page 5: ...Sec Architecture 122 Encapsulation 123 IKE Phases 124 Negotiation Mode 124 IPSec and NAT 125 VPN NAT and NAT Traversal 126 ID Type and Content 127 Pre Shared Key 128 Diffie Hellman DH Key Groups 129 C...

Page 6: ...0 SIP Server 176 Dial Plan Rules 177 Phone Region 178 Call Rule 179 Call History Summary 180 Outgoing Calls 181 Incoming Calls 181 Technical Reference 190 Quality of Service QoS 191 Phone Services Ove...

Page 7: ...ter 29 GPON Password 215 GPON Password 216 Chapter 30 Update Software 216 Update Software 218 Chapter 31 Reboot 218 Restart Using the Web Configurator 219 Chapter 32 Troubleshooting 219 Overview 219 P...

Page 8: ...apability It has a phone port for making calls over the Internet Voice over IP or VoIP It also supports IPTV service when available from your service provider The following figure shows an application...

Page 9: ...this port Telf Use a telephone cable to connect the Router to a VoIP phone for VoIP service Eth 1 4 Use an Ethernet cable to connect a computer to one of these ports for initial configuration and or I...

Page 10: ...the Router sets up a WPS Connection with the wireless device Note To activate WPS you must enable WPS in the Router and in another wireless device within two minutes of each other Reset Use this butt...

Page 11: ...lue On The Router is receiving power and ready for use Red On The Router has hardware failure Blinking The Router detected an error while self testing Off The Router is not receiving power Eth 1 4 Blu...

Page 12: ...eless is not activated Internet Blue On The Router has a PPP connection but no traffic It has a WAN IP address either static or assigned by a DHCP server PPP negotiation was successfully completed if...

Page 13: ...screens Enter the IP address http 192 168 1 1 2 The login screen appears The default password is random Please refer to the label sticker at the bottom of the device Enter the password Click Entrar t...

Page 14: ...Chapter 1 Introduction 14 4 Click the Menu button and then Configuraci n avanzada 5 Click Aceptar...

Page 15: ...oduction 15 6 The advanced configuration screens display Use the menu on the left to navigate the screens Refer to the rest of this guide for details about the screens Click Logout to exit the configu...

Page 16: ...e Info Summary Table 3 Device Info Summary LABEL DESCRIPTION Board ID This field displays the ID number of the circuit board in the Router Symmetric CPU Threads This field displays the number of threa...

Page 17: ...s to resolve a domain name into a numeric IP address Secondary DNS Server The Router uses this DNS server first when it needs to resolve a domain name into a numeric IP address if the primary DNS serv...

Page 18: ...through this connection This displays N A when there is no VLAN ID number assigned IPv6 This displays whether or not IPv6 is enabled on the interface Igmp Pxy This shows whether IGMP Internet Group Mu...

Page 19: ...BEL DESCRIPTION Interface These fields identify the LAN interfaces eth0 eth3 represent the ethernet LAN ports 1 4 wlo represents the wireless LAN interface Received Transmitted These fields display th...

Page 20: ...terface Errs This indicates the number of frames with errors transmitted on this interface Drops This indicates the number of outgoing packets dropped on this interface Reset Statistics Click this to...

Page 21: ...ical Gigabit Ethernet line The number after the dot represents the VLAN ID number assigned to traffic sent through this connection The number after the underscore _ represents the index number of conn...

Page 22: ...uses a gateway G the target is in the neighbor cache C the target is a host H reinstate route for dynamic routing R the route was dynamically installed by redirect D or modified from redirect M Metric...

Page 23: ...gure 10 ARP Info Table 8 ARP Info LABEL DESCRIPTION IPv4 IPv6 address The learned IP address of a device connected to one of the system s ports Flags Static static entry Dynamic dynamic entry that is...

Page 24: ...Address This field displays the MAC address to which the IP address is currently assigned or for which the IP address is reserved Click the column s heading cell to sort the table entries by MAC addr...

Page 25: ...The name of a configured layer 2 interface veip0 stands for a virtual Ethernet card and is the foundation for veip0 which are virtual WAN interfaces of the physical GPON line The number after the dot...

Page 26: ...r a virtual Ethernet card and is the foundation for veip0 which are virtual WAN interfaces of the physical GPON line Back Click this button to return to the previous screen without saving any changes...

Page 27: ...yer 2 Interface Configuration Click the Add button in the Layer2 Interface ETH Interface screen to open the following screen Use this screen to create a new layer 2 interface Figure 15 ETH Interface C...

Page 28: ...e This shows the method of encapsulation used by this connection IP over Ethernet PPP over Ethernet or bridging IP This displays the IP address the connection uses This displays N A when the connectio...

Page 29: ...MLD proxy is activated or not for this connection MLD is not available when the connection uses the bridging service MLD Source This shows whether MLD source is activated or not for this connection Re...

Page 30: ...to continue Table 15 WAN Configuration WAN Interface continued LABEL DESCRIPTION Table 16 WAN Configuration WAN Service Configuration LABEL DESCRIPTION Select WAN service type Select the method of en...

Page 31: ...0 to 7 to add to traffic through this connection The greater the number the higher the priority level Enter 802 1Q VLAN ID 0 4094 Type the VLAN ID number from 1 to 4094 for traffic through this connec...

Page 32: ...Chapter 3 WAN 32 PPPoE This screen displays when you select PPP over Ethernet PPPoE in the WAN Service Configuration screen Figure 19 WAN Configuration PPPoE...

Page 33: ...only when you select Enable NAT Select this check box to activate full cone NAT on this connection PPP IP extension Select this only if your service provider requires it PPP IP extension extends the s...

Page 34: ...sages on the console Bridge PPPoE Frames Between WAN and Local Ports Select this option to forward PPPoE packets from the WAN port to the LAN ports and from the LAN ports to the WAN port In addition t...

Page 35: ...Select this check box to have the Router add routing table entries based on the MLD traffic Back Click this button to return to the previous screen Next Click this button to continue Table 17 WAN Con...

Page 36: ...Chapter 3 WAN 36 IPoE This screen displays when you select IP over Ethernet in the WAN Service Configuration screen Figure 20 WAN Configuration IPoE...

Page 37: ...ss Use the following Static IP address Select this if you have a static IP address WAN IP Address Enter the static IP address provided by your ISP WAN Subnet Mask Enter the subnet mask provided by you...

Page 38: ...Pv6 address prefix to create the routable global IPv6 address WAN Interface Identifier If you selected Random this field is automatically configured If you selected Manual enter the WAN Identifier in...

Page 39: ...nection Enable Fullcone NAT Select this check box to activate full cone NAT on this connection This field is available only when you select Enable NAT Enable IGMP Multicast Proxy Select this check box...

Page 40: ...ows the Router to get subscription information and maintain a joined member list for each multicast group It can reduce multicast traffic significantly Enable MLD Multicast Source Select this check bo...

Page 41: ...d Default Gateway Interfaces Select a WAN interface through which to forward the service s traffic You can select multiple WAN interfaces for the device to try The Router tries the WAN interfaces in t...

Page 42: ...ffic You can select multiple WAN interfaces for the device to try The Router tries the WAN interfaces in the order listed and uses only the default gateway of the first WAN interface that connects the...

Page 43: ...Chapter 3 WAN 43 If you configure only one IPoE connection you must enter the static DNS server address Figure 23 WAN Configuration DNS Server PPPoE or IPoE...

Page 44: ...om Use the following Static DNS IP address Select this to have the Router use the DNS server addresses you configure manually Primary DNS server Enter the first DNS server address assigned by the ISP...

Page 45: ...the connection uses the bridging service IGMP Multicast Source Enabled This shows whether IGMP source enable is activated or not for this connection IGMP source enable has the Router add routing tabl...

Page 46: ...LAN Setup Click Advanced Setup LAN to open the LAN Setup screen Use this screen to set the Local Area Network IP address and subnet mask of your Router and configure the DNS server information that t...

Page 47: ...Chapter 4 LAN 47 Figure 25 LAN Setup...

Page 48: ...the Router not provide DHCP services Users must configure LAN devices with manual network settings if you do not have another DHCP server on the network Enable DHCP Server Select this to have the Rou...

Page 49: ...r assign DHCP option 240 to the LAN set top box Option240 Value Enter the option 240 value Configure the second IP Address and Subnet Mask for LAN interface Select the check box to use IP alias to con...

Page 50: ...screen Chapter 4 LAN 50 4 2 LAN Additional Subnet Click Advanced Setup LAN Additional Subnet to open the Additional Subnet screen Use this screen to configure IP alias and public static IP IP alias a...

Page 51: ...lic IP addresses by DHCP server Enable ARP Proxy Select the check box to enable the ARP Address Resolution Protocol proxy Apply Save Click this button to save your changes and go back to the previous...

Page 52: ...affic The larger the number the higher the priority Remove Select an entry and click the Remove button to delete it Add Click this button to create a new LAN VLAN setting entry Apply Save Click this b...

Page 53: ...Pv6 LAN Auto Configuration Click Advanced Setup LAN IPv6 Autoconfig to open the IPv6 LAN Auto Configuration screen Use this screen to set the Local Area Network interface IPv6 settings Figure 29 IPv6...

Page 54: ...o a DHCPv6 client before making it available for reassignment to other systems Obtain IPv6 DNS info from a WAN interface Select this to have the Router get the IPv6 DNS server addresses from the ISP a...

Page 55: ...he prefix Set this greater than or equal to the preferred life time 1 means no time limit Enable MLD Snooping Select this to have the Router check Multicast Listener Discovery MLD packets to learn the...

Page 56: ...This screen contains the following fields Table 28 L2TP Client LABEL DESCRIPTION Tunnel Name This is the name of this client connection LNS Ip Address This is the IP address of the L2TP VPN server Re...

Page 57: ...tion Options are PAP Password Authentication Protocol PAP authentication occurs in clear text and does not use encryption It s probably not a good idea to rely on this for security CHAP Challenge Hand...

Page 58: ...P server Password Enter the password for connecting to the L2TP server Retype Retype the password for connecting to the L2TP server Get IP automatically Select Yes to have the L2TP server assign a loc...

Page 59: ...Chapter 5 VPN 59 5 1 1 2 PPP This screen displays second when you add a new L2TP client WAN service Figure 32 L2TP Client Add PPP...

Page 60: ...HAP only MS CHAP is the Microsoft version of the CHAP Enable NAT Select this check box to activate NAT on this connection Enable Fullcone NAT This field is available only when you select Enable NAT Se...

Page 61: ...this connection IGMP is not available when the connection uses the bridging service IGMP Multicast Source Enabled This shows whether IGMP source enable is activated or not for this connection IGMP sou...

Page 62: ...orld even though NAT makes your whole inside network appear as a single computer to the outside world Many residential broadband ISP accounts do not allow you to run any server processes such as a Web...

Page 63: ...s the inside IP address of the server WAN Interface This field displays the WAN interface through which the service is forwarded Current UPNP Rule Listing Universal Plug and Play UPnP is a distributed...

Page 64: ...er identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP a...

Page 65: ...st port number in a series that begins with the port number in the External Start Port field above Protocol Select the protocol supported by this virtual server Choices are TCP UDP or TCP UDP Internal...

Page 66: ...ure a new IP address each time you want a different LAN computer to use the application For example Figure 36 Trigger Port Forwarding Process Example 1 Jane requests a file from the Real Audio server...

Page 67: ...to record the IP address of the LAN computer that sent the traffic to a server on the WAN This is the first port number that identifies a service Trigger Port Range End This is the last port number t...

Page 68: ...t to configure port triggering rules Application Name Choose an application from the drop down list or select Custom application and enter a name to identify this rule using keyboard characters A Z a...

Page 69: ...en it sends out a particular service The Router forwards the traffic with this port or range of ports to the client computer on the LAN that requested the service Type a port number or the starting po...

Page 70: ...DESCRIPTION DMZ Host IP Address Enter the IP address which receives packets from ports that are not specified in the Port Forwarding screen Note If you do not assign a default server the Router disca...

Page 71: ...the SIP register server the SIP ALG translates the Router s private IP address inside the SIP data stream to a public IP address You do not need to use STUN or an outbound proxy if you enable the SIP...

Page 72: ...firewall allows traffic from all interfaces to go to all interfaces Configure firewall interface default policies to block specific traffic directions or firewall rules to block specific traffic No T...

Page 73: ...ows the passage of the packets Remove Select entries and click the Remove button to delete them Edit Click the Edit button to go to the screen where you can edit the rule Add Click Add to create a new...

Page 74: ...r in which the rules are listed The firewall rules that you configure here take priority over the general firewall action settings in the General screen Figure 43 Firewall Rules Default Action Specify...

Page 75: ...e This displays the name of the rule Interface This displays the LAN or WAN interface s to which this rule is applied Filter Criteria This displays the filtering criteria such as the source or destina...

Page 76: ...els Figure 44 Firewall Rules Add Table 41 Firewall Rules Add LABEL DESCRIPTION Active Select this check box to enable the rule Rule Name Enter a descriptive name of up to 16 printable English keyboard...

Page 77: ...of port numbers of the source Destination IP Address Enter the destination IP address in dotted decimal notation Destination Subnet Mask Enter the destination subnet mask Destination IPv6 Address Ente...

Page 78: ...isted wireless and LAN client MAC addresses and block access from MAC addresses not in the list Select Deny to have the Router block access from the listed wireless and LAN client MAC addresses and al...

Page 79: ...the labels in this menu Table 43 MAC Filtering Add LABEL DESCRIPTION MAC Address Enter the MAC address in a valid MAC address format that is six hexadecimal character pairs for example 12 34 56 78 9a...

Page 80: ...LABEL DESCRIPTION Username This is the name of the user whose access the rule controls MAC This is the MAC address of the LAN or wireless device whose access the rule controls Mon Sun This shows an x...

Page 81: ...rowser s MAC Address automatically displays the MAC address of the LAN device where the browser is running This is the MAC address of the LAN or wireless device whose access the rule controls Other MA...

Page 82: ...SCRIPTION URL List Type Select Exclude to block access to the URLs in the list and allow access to other URLs Select Include to allow access to the URLs in the list and block access to other URLs Addr...

Page 83: ...gure a URL filtering setting to control access to certain web sites Figure 50 URL Filter Add Table 47 URL Filter Add LABEL DESCRIPTION URL Address Specify a web site or URL to which to filter access P...

Page 84: ...ABEL DESCRIPTION Enable QoS Select the check box to turn on QoS to improve your network performance You can give priority to traffic that the Router forwards out through the WAN interface Give high pr...

Page 85: ...ce through which traffic in this queue passes Qid This shows the priority of this queue for the interface Prec Alg Wght This displays the queue s default precedence queue management algorithm and weig...

Page 86: ...up Add Add Click Add to create a new queue Enable Select disabled entries and click the Enable button to activate them Table 49 Queue Setup continued LABEL DESCRIPTION Table 50 Queue Setup Add LABEL D...

Page 87: ...ce level from 1 to 8 to configure for the selected interface The smaller the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower...

Page 88: ...ol of traffic to which the classifier applies SrcPort This displays the source port of traffic to which the classifier applies DstPort This displays the destination port of traffic to which the classi...

Page 89: ...Class Table 52 Add QoS Class LABEL DESCRIPTION Traffic Class Name Enter a descriptive name of up to 15 printable English keyboard characters not including spaces Rule Order Select this classifier s p...

Page 90: ...Type the mask for the specified MAC address to determine which bits a packet s MAC address should match Enter f for each bit of the specified source MAC address that the traffic s MAC address should...

Page 91: ...that matches this classifier Mark Differentiated Service Code Point DSCP Select the DSCP mark to add to traffic that matches this classifier Use Auto marking to automatically apply a DSCP mark accordi...

Page 92: ...o select WAN interfaces to serve as system default gateways Figure 56 Default Gateway Move the WAN interfaces to serve as system default gateways from Available Routed WAN Interfaces to Selected Defau...

Page 93: ...Gateway This is the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Int...

Page 94: ...erface such as IPoE IPoA or LAN The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Apply Save Click t...

Page 95: ...ing LABEL DESCRIPTION Policy Name This displays the name of the rule Source IP This displays the source IP address LAN Port This displays the source LAN port number WAN This displays the WAN interface...

Page 96: ...licy Name Enter a descriptive name of printable English keyboard characters not including spaces Physical LAN Port Select the source LAN Ethernet port number Source IP Enter the source IP address Use...

Page 97: ...hat the Router sends it recognizes both formats when receiving RIP version 1 is universally supported but RIP version 2 carries more information RIP version 1 is probably adequate for most networks un...

Page 98: ...domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a machine before you can access it Use this screen t...

Page 99: ...Chapter 11 DNS 99 Figure 62 DNS Server...

Page 100: ...ver address assigned by the ISP Secondary DNS server Enter the second DNS server address assigned by the ISP Obtain IPv6 DNS info from a WAN interface Select this to have the Router get the IPv6 DNS s...

Page 101: ...Table 59 Dynamic DNS LABEL DESCRIPTION Hostname This displays the entry s domain name Username This displays the entry s user name Service This displays the entry s Dynamic DNS service provider Inter...

Page 102: ...Dynamic DNS Add LABEL DESCRIPTION D DNS provider Select your Dynamic DNS service provider from the drop down list box Hostname Type the domain name assigned to your Router by your Dynamic DNS provide...

Page 103: ...ice can leave a network smoothly and automatically when it is no longer in use Use the UPnP screen to enable the UPnP feature on your Router Click Advanced Setup UPnP Figure 65 UPnP Table 61 UPnP LABE...

Page 104: ...y screen Figure 66 DNS Proxy Table 62 DNS Proxy LABEL DESCRIPTION Enable DNS Proxy Select this to have the Router send its own address to the LAN clients for them to use as the DNS server Host name of...

Page 105: ...es You can manually add a LAN interface to a new group Alternatively you can have the Router automatically add the incoming traffic and the LAN interface on which traffic is received to an interface g...

Page 106: ...move button to delete the group from the Router WAN Interface This shows the WAN interfaces in the group LAN Interfaces This shows the LAN interfaces in the group DHCP Vendor IDs This shows the DHCP V...

Page 107: ...Chapter 14 Interface Grouping 107 An interface can belong to only one group at a time Figure 68 Interface Grouping Add...

Page 108: ...nterface to this group Grouped LAN Interfaces Available LAN Interfaces Select one or more LAN interfaces Ethernet LAN HPNA or wireless LAN in the Available LAN Interfaces list and use the left arrow t...

Page 109: ...v4 WAN address and tunnels IPv6 traffic to the ISP s Border Relay router BR in the figure to connect to the native IPv6 Internet The local network can also use IPv4 services The Router uses it s confi...

Page 110: ...for the IPv4 network 6rd Prefix This displays the IPv6 prefix for tunneling IPv6 traffic to the ISP s border relay router and connecting to the native IPv6 Internet Boarder Relay Address This display...

Page 111: ...D type to static Select Automatic to have the Router detect it automatically through DHCP IPv4 Mask Length Enter the subnet mask number 1 32 for the IPv4 network 6rd Prefix with Prefix Length Enter an...

Page 112: ...ernet IPv6 AFTR IPv4 in IPv6 IPv4 Internet IPv6 IPv4 LAN IPv6 IPv4 WAN IPv6 IPv4 in IPv6 Dual Stack Lite Click Advanced Setup IP Tunnel IPv4inIPv6 to view and configure Dual Stack Lite to let local co...

Page 113: ...erface Select a WAN interface to associate with the IPv4 to IPv6 tunnel Associated LAN Interface Select a LAN interface to associate with the IPv4 to IPv6 tunnel Manual Automatic Select the 6RD type S...

Page 114: ...c is a standards based VPN that provides confidentiality data integrity and authentication This chapter shows you how to configure the Router s VPN settings Figure 75 IPSec Fields Summary Local Networ...

Page 115: ...his is the IP address of the remote IPSec router in the IKE SA Local Addresses This displays the IP address es on the LAN behind your Router Remote Addresses This displays the IP address es on the LAN...

Page 116: ...ec VPN 116 16 2 IPSec VPN Add Screen Use these settings to add IPSec VPN policies Click the Add New Connection button in the Advanced Setup IPSec VPN screen to open this screen as shown next Figure 77...

Page 117: ...by their subnet mask by entering a static IP address on the LAN behind your Router Then enter the subnet mask to identify the network address Mask or Prefix Length If Subnet is selected enter the sub...

Page 118: ...Type your pre shared key in this field A pre shared key identifies a communicating party during a phase 1 IKE negotiation Type from 8 to 31 case sensitive ASCII characters or from 16 to 62 hexadecimal...

Page 119: ...ation Both routers must use the same DH key group Key Life Time Define the length of time before an IPSec SA automatically renegotiates in this field A short SA Life Time increases security by forcing...

Page 120: ...hm to use in the IKE SA Choices are DES a 56 bit key with the DES encryption algorithm 3DES a 168 bit key with the DES encryption algorithm AES AES CBC encryption CBC creates message authentication co...

Page 121: ...ication Header protocol RFC 2402 describe the packet formats and the default standards for packet structure including implementation algorithms The Encryption Algorithm describes the use of encryption...

Page 122: ...t be verified for integrity against the data With the use of AH as the security protocol protection is extended forward into the IP header to verify the integrity of the entire packet by use of portio...

Page 123: ...lifetime This field allows you to determine how long an IKE SA should stay up before it times out An IKE SA times out when the IKE SA lifetime period expires If an IKE SA times out when an IPSec SA i...

Page 124: ...sing the AH protocol digitally signs the outbound packet both data payload and headers with a hash value appended to the packet When using AH protocol packet contents the data payload are not encrypte...

Page 125: ...transport mode either but the Router s NAT Traversal feature provides a way to handle this NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers Figure...

Page 126: ...D type and content configuration the Router does not allow you to save multiple active rules with overlapping local and remote IP addresses With main mode see Section 16 3 4 on page 124 the ID type an...

Page 127: ...lays in the IPSEC LOG Table 75 Mismatching ID Type and Content Configuration Example ROUTER A ROUTER B Local ID type IP Local ID type IP Local ID content 1 1 1 10 Local ID content 1 1 1 2 Remote ID ty...

Page 128: ...hat allows two parties to establish a shared secret over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys Upon completion of the Diffie Hellman...

Page 129: ...and certification requests Figure 82 Local Certificates Table 76 Local Certificates LABEL DESCRIPTION Name This field displays the name used to identify this certificate It is recommended that you gi...

Page 130: ...fication request For a certification request click Load Signed to import the signed certificate Click the Remove button to delete the certificate or certification request You cannot delete a certifica...

Page 131: ...the company or group to which the certificate owner belongs You may use any character including spaces but the Router drops trailing spaces State Province Name Type up to 32 characters to identify th...

Page 132: ...Signed Certificate LABEL DESCRIPTION Certificate Name This is the name of the signed certificate Certificate Copy and paste the signed certificate into the text box to store it on the Router Apply Cli...

Page 133: ...mmended that each certificate have unique subject information Type This field displays general information about the certificate ca means that a Certification Authority signed the certificate Action C...

Page 134: ...e ca means that a Certification Authority signed the certificate Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Orga...

Page 135: ...88 Trusted CA Import Certificate The following table describes the fields in this screen Table 81 Trusted CA Import Certificate LABEL DESCRIPTION Certificate Name Type a name for the signed certificat...

Page 136: ...r 18 Power Management 18 1 Power Management Click Advanced Setup Power Management to control hardware modules to reduce power consumption Use the control buttons to select the desired option click App...

Page 137: ...ble to set the Ethernet interfaces to power saving mode Clear this to turn off power saving on the Ethernet interfaces Ethernet Auto Power Down and Sleep Select Enable to power down Ethernet interface...

Page 138: ...19 Chapter Chapter 19 Multicast 138 CHAPTER 19 Chapter 19 Multicast 19 1 Multicast Click Advanced Setup Multicast to configure multicast and IGMP and MLD group settings Figure 90 Multicast...

Page 139: ...Robustness Value Enter the number of times 1 7 the Router can resend a packet if packet loss occurs due to network congestion Maximum Multicast Groups Enter a number to limit the number of multicast g...

Page 140: ...up Wireless to enable or disable the 2 4 GHz Wireless LAN and configure basic settings If you are configuring the Router from a computer connected to the wireless LAN and you change the Router s SSID...

Page 141: ...tgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Clients Isolation Select this to keep the wireless clients in this SSID from communicating with each o...

Page 142: ...ated Wireless devices associating to the access point AP must have the same SSID Enter a descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN Note If you are configuring the...

Page 143: ...etwork Authentication to Open and WEP Encryption to Disabled to allow wireless stations to communicate with the Router without any data encryption or authentication If you do not enable any wireless s...

Page 144: ...Chapter 20 Wireless 144 Figure 92 Wireless Security...

Page 145: ...s current wireless security settings for WPS Unconfigured has the Router change its wireless security settings when you do one of the following Add a wireless enrollee The Router automatically uses W...

Page 146: ...le the wireless data transmissions between the wireless stations and the access points AP to keep network communications private Both the wireless stations and the access points must use the same WEP...

Page 147: ...eless MAC Filter Table 86 Wireless MAC Filter LABEL DESCRIPTION Select SSID Select an SSID for which to configure MAC filter settings MAC Restrict Mode Define the filter action for the list of MAC add...

Page 148: ...ilter Add Table 87 Wireless MAC Filter Add LABEL DESCRIPTION MAC Address Enter the MAC address of the wireless device that is to be allowed or denied access to the Router Enter the MAC addresses in a...

Page 149: ...Chapter 20 Wireless 149 20 4 Wireless Advanced Click Wireless Advanced to configure advanced wireless settings Figure 95 Wireless Advanced...

Page 150: ...z It is often better to use the 20 MHz setting in a location where the environment hinders the wireless signal 20MHz in 2 4G Band and 40MHz in 5G Band uses a single radio channel in the 2 4 GHz band a...

Page 151: ...th the same AP but out of range of one another When enabled a wireless client sends an RTS Request To Send and then waits for a CTS Clear To Send before it transmits This stops wireless clients from t...

Page 152: ...environment with a lot of Radio Frequency RF noise Otherwise leave it disabled WMM APSD When using WMM enable APSD Automatic Power Save Delivery to have the Router manage radio usage to help increase...

Page 153: ...less client s connection to the Router was authorized SSID This is the name of the wireless network on the Router to which the wireless client is connected Interface This is the name of the wireless L...

Page 154: ...irm You must then change the wireless settings of your computer to match the Router s new settings Figure 97 Wireless 5GHz Basic Table 90 Wireless 5GHz Basic LABEL DESCRIPTION EnableWireless Guest Net...

Page 155: ...Router from a computer connected to the wireless LAN and you change the Router s SSID or WEP settings you will lose your wireless connection when you press Save Apply to confirm You must then change t...

Page 156: ...se throughput An 80MHz channel bonds two adjacent 40 MHz channels to get even higher data rates The wireless clients must also support 40 MHz or 80 MHz It is often better to use the 20 MHz setting in...

Page 157: ...Beamforming Select this option to have the Router focus the wireless signal and aim it directly at the wireless clients Clear this option to disable beamforming You may need to do this if beamforming...

Page 158: ...entification Number PIN in the field that displays when you select this option Select Use AP PIN to add a client by entering the AP s PIN from the Device PIN field in the client s WPS configuration Ad...

Page 159: ...hat WPS worked check the list of associated wireless clients in the AP s configuration utility If you see the wireless client in the list WPS was successful Select SSID Select an SSID for which to con...

Page 160: ...reless 5GHz MAC Filter Table 93 Wireless 5GHz MAC Filter LABEL DESCRIPTION Select SSID Select an SSID for which to configure MAC filter settings MAC Restrict Mode Define the filter action for the list...

Page 161: ...Filter Add Table 94 Wireless MAC Filter Add LABEL DESCRIPTION MAC Address Enter the MAC address of the wireless device that is to be allowed or denied access to the Router Enter the MAC addresses in a...

Page 162: ...peer sides match one another the connection between devices is made Wireless Bridge Limitations At the time of writing WDS is compatible with other APs of the same brand only Not all models support W...

Page 163: ...evice in a valid MAC address format six hexadecimal character pairs for example 12 34 56 78 9a bc Apply Save Click this to save and apply your changes 20 11 Wireless 5GHz Station Info The station moni...

Page 164: ...SID for which to display the authenticated wireless stations and their status MAC This displays the MAC address in XX XX XX XX XX XX format of a connected wireless station RSSI This displays the Recei...

Page 165: ...s SIP number In order to make or receive a VoIP call you need to enable and configure a SIP account and map it to a phone port The SIP account contains information that allows your Router to connect...

Page 166: ...Chapter 21 Voice 166...

Page 167: ...characters Authentication User Name Enter the user name for registering this SIP account exactly as it was given to you You can use up to 95 printable ASCII characters Password Enter the user name fo...

Page 168: ...he Router to accept the first choice Select the Router s third choice for voice coder decoder Select None if you only want the Router to accept the first or second choice Speaking Volume Control Enter...

Page 169: ...to hear a waiting beeping dial tone on your phone when you have at least one voice message Your VoIP service provider must support this feature Expiration Time Keep the default value for this field un...

Page 170: ...1 2 SIP Server Click Voice SIP Server to open the SIP Server screen Use this screen to configure the SIP server information QoS for VoIP calls the numbers for certain phone functions and dialing plan...

Page 171: ...D_NEW in the Service Provider Selection General SIP Service Provider Name Enter a descriptive name of up to 63 printable characters for this SIP service provider profile Spaces are not allowed SIP Loc...

Page 172: ...er Port and REGISTER Server Port fields are grayed out and not applicable and the Transport Type can also be set to AUTO if you select this option RFC 3262 RFC 3262 defines a mechanism to provide reli...

Page 173: ...this is already handled by the outbound proxy server Outbound Proxy Port Enter the SIP outbound proxy server s listening port if your VoIP service provider gave you one Otherwise keep the default val...

Page 174: ...f seconds the Router waits before it tries again to register the SIP account if the first try failed or if there is no response Session Expires Enter the number of seconds the Router lets a SIP sessio...

Page 175: ...one number you specified in the SIP SIP Account screen if the phone port is busy Call Forward When Busy Disable Specify the key combinations that you can enter to turn the busy forward function off On...

Page 176: ...number matching this rule can be 2 6 7 8 or The dot appended to a digit allows the digit to be ignored or repeated multiple times Any digit 0 9 after the dot will be ignored For example 01 means a num...

Page 177: ...fter the character will be ignored In this example dial plan 0 49 11 1 2 9 xx xxxxxxx 1 947 xxxxxxx you can dial 0 to call the local operator call 411 or 911 or make a long distance call with an area...

Page 178: ...example on your phone s keypad to call the phone number Figure 109 Call Rule Each field is described in the following table Apply Click this to save your changes and to apply them to the Router Cance...

Page 179: ...ies and to erase them This field displays the speed dial number you should dial to use this entry Number This field displays the SIP number the Router calls when you dial the speed dial number Descrip...

Page 180: ...when the call was made phone port This is the phone port on which you made the call phone number This is the SIP number you called duration This displays how long the call lasted No This is a read on...

Page 181: ...was unanswered phone number This is the SIP number that called you duration This displays how long the call lasted 21 8 Technical Reference This section contains background material relevant to the V...

Page 182: ...P URI For example if the SIP address is 1122334455 VoIP provider com then VoIP provider com is the SIP service domain SIP Registration Each Router is an individual SIP User Agent UA To provide voice s...

Page 183: ...ient could be a computer or a SIP phone One device can act as both a SIP client and a SIP server SIP User Agent A SIP user agent can make and receive VoIP telephone calls This means that SIP can be us...

Page 184: ...hat sent the request Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do not initiate SIP req...

Page 185: ...password when you register RTP When you make a VoIP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 1889 for details on RTP Pulse Code Modulation Puls...

Page 186: ...l is terminated SIP Call Progression Through Proxy Servers Usually the SIP UAC sets up a phone call by sending a request to the SIP proxy server Then the proxy server looks up the destination to which...

Page 187: ...shows two proxy servers PROXY 1 and PROXY 2 Figure 116 SIP Call Through Proxy Servers UA 1 UA 2 PROXY 1 PROXY 2 SIP SIP SIP SIP RTP The following table shows the SIP call progression Table 105 SIP Ca...

Page 188: ...uest and the call is terminated Voice Coding A codec coder decoder codes analog voice signals into digital signals and decodes the digital signals back into analog voice signals The Router supports th...

Page 189: ...have a messaging system that sends message waiting status SIP packets as defined in RFC 3842 Custom Tones IVR IVR Interactive Voice Response is a feature that allows you to use your telephone to inter...

Page 190: ...r when you are done 21 8 1 Quality of Service QoS Quality of Service QoS refers to both a network s ability to deliver data with minimum delay and the networking methods used to provide bandwidth for...

Page 191: ...or that each packet gets across the DiffServ network Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding Resources can then be allocated according...

Page 192: ...d timeout 2 seconds expires or issue an invalid sub command the current operation will be aborted Table 107 European Flash Key Commands COMMAND SUB COMMAND DESCRIPTION Flash Put a current call on hold...

Page 193: ...ss the flash key and then 2 European Call Transfer Do the following to transfer an incoming call that you have answered to another phone 1 Press the flash key to put the caller on hold 2 When you hear...

Page 194: ...phone USA Call Hold Call hold allows you to put a call A on hold by pressing the flash key If you have another call press the flash key to switch back and forth between caller A and B by putting eith...

Page 195: ...e following table shows the key combinations you can enter on your phone s keypad to use certain features Table 109 Phone Functions Summary ACTION FUNCTION DESCRIPTION 98 Call transfer Transfer a call...

Page 196: ...Chapter 21 Voice 196...

Page 197: ...r Chapter 22 Diagnostics 197 CHAPTER 22 Chapter 22 Diagnostics 22 1 Diagnostics Click Diagnostics to test the Router s connections Figure 118 Diagnostics Click Rerun Diagnostic Tests to perform the te...

Page 198: ...n the screen shown next Figure 119 Ping TraceRoute Nslookup Table 110 Ping TraceRoute Nslookup LABEL DESCRIPTION Ping Type an IPv4 or IPv6 address to which to test a connection Click Ping and the ping...

Page 199: ...is screen to back up save the Router s current configuration to a file on your computer Once your Router is configured and functioning properly it is highly recommended that you back up your configura...

Page 200: ...ou want to upload Remember that you must decompress compressed ZIP files before you can upload them Update Settings Click this to begin the upload process Do not turn off the Router while configuratio...

Page 201: ...to clear all user entered configuration information and return the Router to its factory defaults You can also press the RESET button on the rear panel to reset the factory defaults of your Router Yo...

Page 202: ...log Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog...

Page 203: ...nal message 7 Debug The message is intended for debug level purposes Table 112 Syslog Severity Levels continued CODE SEVERITY Table 113 System Log LABEL DESCRIPTION Date Time This field displays when...

Page 204: ...is to close the log screen Table 113 System Log continued LABEL DESCRIPTION Table 114 System Log Configuration LABEL DESCRIPTION Log Select Enable to have the Router log events Log Level Select the se...

Page 205: ...the Security Log screen Figure 126 Security Log Server IP Address Enter the IP address of the syslog server that will log the selected categories of logs Server UDP Port Enter the port number used by...

Page 206: ...log facility allows you to send logs to different files in the syslog server Refer to the documentation of your syslog program for more details Severity This field displays the severity level of the l...

Page 207: ...nd a manager An agent is a management software module that resides in a managed device the Router An agent translates the local management information from the managed device into a form compatible wi...

Page 208: ...he agent to inform the manager of some events Click Management SNMP Agent to open the following screen Use this screen to configure the Router SNMP settings Figure 128 Management SNMP Agent The follow...

Page 209: ...ct Enter the SNMP system contact Trap Manager IP Type the IP address of the station to send your SNMP traps to Save Apply Click this to save your changes back to the Router Table 116 Management SNMP A...

Page 210: ...aged by an ACS Auto Configuration Server Figure 129 TR 069 Client Table 117 TR 069 Client LABEL DESCRIPTION Inform Select Enable for the Router to send periodic inform via TR 069 on the WAN Otherwise...

Page 211: ...tion request user name When the ACS makes a connection request to the Router this user name is used to authenticate the ACS Connection Request Password Enter the connection request password When the A...

Page 212: ...hapter 27 Internet Time 212 CHAPTER 27 Chapter 27 Internet Time 27 1 Internet Time Click Management Internet Time to configure the Router to get the time from time servers on the Internet Figure 130 I...

Page 213: ...to configure the time server Check with your ISP network administrator if you are unsure of this information Time zone offset Choose the time zone of your location This will set the time difference b...

Page 214: ...er the name of one of the Router system accounts Old Password Type the account s default password or existing password New Password Type your new system password up to 30 characters Note that as you t...

Page 215: ...rd Click Management GPON Password to enter the password for your GPON Internet access account Figure 132 GPON Password Table 120 GPON Password LABEL DESCRIPTION Enter GPON Password Enter the password...

Page 216: ...pload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot Do NOT turn off the Router while software upload is in progress Figu...

Page 217: ...he Router again The Router automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 134 Network Tempor...

Page 218: ...Chapter Chapter 31 Reboot 218 CHAPTER 31 Chapter 31 Reboot 31 1 Restart Using the Web Configurator Click Management Reboot to open the following screen Use this screen to restart the Figure 135 Reboo...

Page 219: ...ne of the LEDs turn on 1 Make sure the Router is turned on 2 Make sure you are using the power adaptor or cord included with the Router 3 Make sure the power adaptor or cord is connected to the Router...

Page 220: ...Please refer to the label sticker at the bottom of the device 2 If you can t remember the password you have to reset the device to its factory defaults See Section 1 2 on page 9 I cannot see or access...

Page 221: ...his does not work you have to reset the device to its factory defaults See Section 32 2 on page 219 I cannot Telnet to the Router See the troubleshooting suggestions for I cannot see or access the Log...

Page 222: ...be a lot of traffic on the network Look at the LEDs and check Section 1 3 on page 11 If the Router is sending or receiving a lot of information try closing some programs that use the Internet especia...

Page 223: ...ess points and the wired network The available security modes in your Router are as follows WPA2 PSK recommended This uses a pre shared key with the WPA2 standard WPA PSK This has the device use eithe...

Page 224: ...er 32 7 UPnP When using UPnP and the Router reboots my computer cannot detect UPnP and refresh My Network Places Local Network 1 Disconnect the Ethernet cable from the Router s LAN port or from your c...

Page 225: ...or first before connecting it to a power outlet Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use th...

Page 226: ...the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV...

Search results

Summary of Contents for Movistar GPT-2541GNAC

Reviews:

Related manuals for Movistar GPT-2541GNAC

Brands by name

Popular brands

MitraStar Movistar GPT-2541GNAC, User Manual

Search results

Summary of Contents for Movistar GPT-2541GNAC

Reviews:

Related manuals for Movistar GPT-2541GNAC

Brands by name

Popular brands