Innoband 8860-C1 Скачать руководство пользователя страница 101

Страница: 101 / 128

Chapter 4: Configuration

100

Example: QoS for your Network

Connection Diagram

Information and Settings

Upstream: 928 kbps
Downstream: 8 Mbps

VoIP User : 192.168.1.1
Normal Users : 192.168.1.2~192.168.1.5
Restricted User: 192.168.1.100

Restricted PC

Normal PCs

VoIP

Содержание 8860-C1

Страница 1: ...Version 5 51 r1 Last Revised 10 10 2007 ADSL 2 Gateway 8860 C1 User s Manual...

Страница 2: ...NNECTING YOUR GATEWAY 13 FACTORY DEFAULT SETTINGS 17 Web Interface Default Username and Password 17 LAN Device IP Settings 17 ISP setting in WAN site 17 DHCP server 17 LAN and WAN Port Addresses 18 IN...

Страница 3: ...g 64 VPN Virtual Private Networks 65 PPTP Point to Point Tunneling Protocol 65 IPSec IP Security Protocol 73 L2TP Layer Two Tunneling Protocol 84 QoS Quality of Service 96 Prioritization 96 Outbound I...

Страница 4: ...le of Content iii PROBLEMS WITH THE WAN INTERFACE 125 PROBLEMS WITH THE LAN INTERFACE 125 APPENDIX A PRODUCT SUPPORT AND CONTACT INFORMATION 126 APPENDIX B WARRANTY INFORMATION 127 Registration Card 1...

Страница 5: ......

Страница 6: ...bisplus ITU G 992 5 Virtual Private Network VPN It allows users to make a tunnel with a remote site directly to secure the data transmission among the connection Users can use embedded PPTP and L2TP c...

Страница 7: ...ming packets customer information or management information moving through the gateway at a lightning speed even under heavy load The QoS feature is configurable by sourcing IP address destination IP...

Страница 8: ...lication and comes with the on line help It also supports the remote management capability for users to configure and manage this product remotely Firmware Upgradeable Device can be upgraded to the la...

Страница 9: ...ot use this gateway in high humidity or high temperatures Do not use the same power source for this gateway as other equipment Do not open or repair the case yourself If this gateway is too hot turn o...

Страница 10: ...N 1 4 Lit when the LAN link is connected to an Ethernet device Green for 100Mbps Orange for 10Mbps Blinking when data is being transmitted and or received DSL Lit green when an ADSL connection is made...

Страница 11: ...work of 10Mbps or 100Mbps Caution Port 4 can either be a LAN or a Console port but can not be both at the same time 3 RESET To be sure the device is being turned on press RESET button for 1 3 seconds...

Страница 12: ...re not verify that you are using the proper cables Ensure that all other devices telephone or fax machine connected to the same telephone line as your gateway has an in line ADSL filter connected betw...

Страница 13: ......

Страница 14: ...Retail firewall software may block access to the default 192 168 1 1 IP address for the gateway Please follow the steps below for your PC s network environment installation Connecting Your Gateway 1...

Страница 15: ...In the LAN Area Connection Status window click Properties See Figure 3 2 4 Select Internet Protocol TCP IP and click Properties See Figure 3 3 5 Select the Obtain an IP address automatically and Obtai...

Страница 16: ...In the LAN Area Connection Status window click Properties See Figure 3 6 4 Select Internet Protocol TCP IP and click Properties See Figure 3 7 5 Select the Obtain an IP address automatically and Obtai...

Страница 17: ...Network and Internet Network and Sharing Center Manage Network Connections see Figure 3 9 2 Double click on your LAN or High Speed Internet 3 Select Internet Protocol Version 4 TCP Ipv4 See Figure 3...

Страница 18: ...our 8860 C1 you need to know the following default settings Web Interface Default Username and Password Username admin Password admin LAN Device IP Settings IP Address 192 168 1 1 Subnet Mask 255 255...

Страница 19: ...g table and keep it for reference PPPoE VPI VCI VC LLC based multiplexing Username Password Service Name and Domain Name System DNS IP address it ca be automatically assigned by your ISP when you conn...

Страница 20: ...Browser Open your web browser enter the IP address of your gateway which by default is 192 168 1 1 and click Go a user name and password window will appear The default username and password are admin...

Страница 21: ...he desired perspective setup page including Status ARP Table Routing Table DHCP Table PPTP Status IPSec Status L2TP Status Email Status Event Log Error Log NAT Sessions Diagnostic UPnP Portmap Quick S...

Страница 22: ...ces on your LAN Local Area Network MAC Address The MAC Media Access Control addresses for each device on your LAN Interface The interface name on the gateway that this IP Address connects to Static St...

Страница 23: ...e DHCP assigned IP addresses information IP Address A list of IP addresses of devices on your LAN Local Area Network Expired The expired IP addresses information Permanent The fixed host mapping infor...

Страница 24: ...s Name The name you assigned to the particular PPTP connection in your VPN configuration Type The type of connection dial in dial out Enable Whether the connection is currently enabled Active Whether...

Страница 25: ...red L2TP VPN Connections Name The name you assigned to the particular L2TP connection in your VPN configuration Type The type of connection dial in dial out Enable Whether the connection is currently...

Страница 26: ...u have enabled Intrusion or Blocking Logging in the Configuration Firewall section of the interface Please see the Firewall section of this manual for more details on how to enable Firewall logging Er...

Страница 27: ...t are connected to Ethernet ports and also the WAN Internet connection UPnP Portmap The section lists all port mapping established using UPnP Universal Plug and Play Please see the Advanced section of...

Страница 28: ...Chapter 4 Configuration 27...

Страница 29: ...he WAN section of this manual Your ISP should be able to supply all the information you need for the Quick Start section Click Start to begin scanning for encapsulation types offered by your ISP If th...

Страница 30: ...Chapter 4 Configuration 29 Select the desired option from the list and click Apply to return to the Quick Start menu to continue configuring your connection...

Страница 31: ...Wireless Security Wireless Client Filter Port Setting and DHCP Server Bridge Interface You can setup member ports for each VLAN group under the Bridge Interface section Note You should setup each VLAN...

Страница 32: ...e local networks to the service provider or to remote nodes IP Address Specify an IP address on this virtual interface SubNetmask Specify a subnet mask on this virtual interface Security Interface Spe...

Страница 33: ...Click to insert new client MAC address Blocked check this blocks network access to those client devise whose MAC addresses are listed in the MAC Address List table Click to insert new client MAC addre...

Страница 34: ...10M half duplex 10M full duplex 100M half duplex and 100M full duplex You may run into Ethernet compatibility issue with legacy Ethernet devices The default is Auto IPv4 TOS priority Control Advanced...

Страница 35: ...ool starting and ending IP addresses to be allocated to PCs in your network lease time for each assigned IP address the period of time the IP address will be valid DNS IP address and the gateway IP ad...

Страница 36: ...k Edit to input other parameters If your ISP does not use PPPoE you can change the default WAN connection entry by clicking Change Some of ISP may provide more service via different WAN connection You...

Страница 37: ...get an IP address from the ISP Internet Service Provider automatically Use the following IP Address Specify the IP address manually the IP should be given by you our ISP RIP RIP v1 RIP v2 and RIP v2 M...

Страница 38: ...rnet packets through the port PVID for Untagged Frames PVID is known as Port VLAN Identifier When an untagged packet is received by input port s this packet will be tagged with specified PVID The vali...

Страница 39: ...or Pap Connection Always on A PPPoA session will be established upon device power on and the connection will remain live or connected Connect on Demand If you want to establish a PPPoA session only wh...

Страница 40: ...able the DHCP client specifying if the gateway can obtain an IP address from the service provider automatically Please click Obtain an IP address automatically via DHCP client to enable the DHCP clien...

Страница 41: ...cess the Internet directly the NAT function can be disabled Username Enter the username provided by your service provider You can input up to 128 alphanumeric characters case sensitive Please check wi...

Страница 42: ...he Internet i e when a program on your computer attempts to access the Internet Idle Timeout Auto disconnect the broadband firewall gateway when there is no activity on the line for a predetermined pe...

Страница 43: ...provided by your service provider ATM Class The Quality of Service for ATM layer NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single account...

Страница 44: ...nternet Idle Timeout Auto disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time Detail You can define the destination port and packet type...

Страница 45: ...rst If it still fails please check with your service provider for help Note If you have subscribed ADSL1 T1 413 mode line you may go to the Advanced Options for more connection combinations Activate L...

Страница 46: ...Advanced Options ADSL Parameters displays the ADSL line statistics SNR Margin This is the Signal to Noise Ration Margin It is the relationship between DSL strength and noise ratio This margin is measu...

Страница 47: ...ified If you prefer to specify an SNTP server other than those in the list simply enter its IP address as shown above Your ISP may provide an SNTP server for you to use Daylight Saving is also known a...

Страница 48: ...stration interface using Device Management options in the Advanced section of the GUI If you wish to permanently enable remote access choose a time period of 0 minutes Firmware Upgrade Your gateway s...

Страница 49: ...backup file You may also change the name of the file if you wish to keep multiple backups Click Browse to select a file from your PC to restore You should only restore settings files that have been ge...

Страница 50: ...with a password You can set up multiple user accounts each with their own password You are able to Edit existing users and Create new users who will be able to access the device s configuration pages...

Страница 51: ...essed from the Internet Firewall Prevents access from outside your network The gateway provides three levels of security support NAT natural firewall This masks LAN users IP addresses which are invisi...

Страница 52: ...ult This means that all inbound Internet to LAN and outbound LAN to Internet packets will be blocked Users have to add their own filter rules for further access to the Internet High Medium Low securit...

Страница 53: ...e Firewall is enabled and one of these four security levels is chosen All blocked High Medium and Low The predefined port filter rules in the Packet Filter must be modified accordingly to the level of...

Страница 54: ...CP 6 23 23 NO YES NO YES NO NO SMTP 25 TCP 6 25 25 NO YES NO YES NO YES POP3 110 TCP 6 110 110 NO YES NO YES NO YES NEWS NNTP Network News Transfer Protocol TCP 6 119 119 NO YES NO YES NO NO RealAudio...

Страница 55: ...he traffic to or form set IP address and Subnet Mask to 0 0 0 0 to deactivate the Address Filter rule Tip To block access to and from a single IP address enter that IP address as the Host IP Address a...

Страница 56: ...ules Time Schedule It is self defined time period You may specify a time schedule for your prioritization policy For setup and detail refer to Time Schedule section Protocol Number Insert the port num...

Страница 57: ...level To setup a web server located on the local network when the firewall is enabled you have to configure the Port Filters setting for HTTP As you can see from the diagram below when the firewall is...

Страница 58: ...ime Schedule Source Destination IP Type Source Destination Port Inbound and Outbound Example Application Cindy_HTTP Time Schedule Always On Source Destination IP Address es 0 0 0 0 I do not wish to ac...

Страница 59: ...low 6 Configure your Virtual Server port forwarding settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server Note Go to Add Virtual Server in Virtual Serv...

Страница 60: ...lt is false Block Duration Victim Protection Block Duration This is the duration for blocking Smurf attacks Default value is 600 seconds Scan Attack Block Duration This is the duration for blocking ho...

Страница 61: ...Yes Land attack SrcIP DstIP Yes Yes Echo CharGen Scan UDP Echo Port and CharGen Port Yes Yes Echo Scan UDP Dst Port Echo 7 Src IP Scan Yes Yes CharGen Scan UDP Dst Port CharGen 19 Src IP Scan Yes Yes...

Страница 62: ...s Filtering Allows blocking by specific keywords within a particular URL rather than having to specify a complete URL e g to block any image called advertisement gif When enabled your specified keywor...

Страница 63: ...plet This function can block Web content that includes the Java Applet It is to prevent someone who wants to damage your system via standard HTTP protocol Block surfing by IP address Preventing someon...

Страница 64: ...tant Message Blocking The default is set to Disabled Disabled Instant Message blocking is not triggered No action will be performed Always On Action is enabled TimeSlot1 TimeSlot16 This is the adminis...

Страница 65: ...n 64 Firewall Log Firewall Log displays information of any out of the ordinary action experienced by your gateway Check the Enable box to activate the logs Log information can be seen in the Status Ev...

Страница 66: ...supported Remote Access and LAN to LAN Click Create to configure a new VPN connection After you have created a PPTP connection account status will be displayed See example above Enable Disable This fu...

Страница 67: ...assword PPP Authentication Type Default is Auto if you want the gateway to determine the authentication type to use You can also manually specify CHAP Challenge Handshake Authentication Protocol or PA...

Страница 68: ...ection is always on Active as default route Enables the default route Click Apply button to apply your changes Example Configuring a Remote Access PPTP VPN Dial out Connection A company s office estab...

Страница 69: ...ame 69 121 1 33 An Dialed server IP Username Username Password 123456 Auth Type Chap Auto Data Encryption Auto Key Length Auto Mode stateful 5 Idle Time 0 The connection will be disconnected when ther...

Страница 70: ...st If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the gateway to determine the authentication type to use You can also manually specify CH...

Страница 71: ...is always on Click Apply button to apply your changes Example Configuring a PPTP LAN to LAN VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private netw...

Страница 72: ...igned to branch office network Peer Network IP 192 168 0 0 Branch office network Netmask 255 255 255 0 Username username Password 123456 Auth Type Chap Auto Data Encryption Auto Key Length Auto Mode s...

Страница 73: ...s or Domain name 69 121 1 33 IP address of the head office gateway in WAN side Peer Network IP 192 168 1 0 Netmask 255 255 255 0 Username username Password 123456 Auth Type Chap Auto Data Encryption A...

Страница 74: ...ction To wish interrupting the tunnel check Disable radio button and click Apply button to deactivate the connection Name This is the user defined name of the connection Local Subnet Displays IP addre...

Страница 75: ...dress or hostname of the remote VPN device that is connected via an established VPN tunnel Remote Network Set the IP address subnet or address range of the remote network Proposal This is the IPSec se...

Страница 76: ...graphy to change encryption keys during the second phase of VPN negotiation This function will provide better security but prolongs the VPN negotiation time Diffie Hellman is a public key cryptography...

Страница 77: ...a Message Digest algorithm which coverts any length of a message into a unique set of bits MD5 Message Digest and SHA 1 Secure Hash Algorithm algorithms are widely used for this SHA1 is more resistant...

Страница 78: ...tunnel The range can be from 5 to 15 000 minutes and the default is 240 minutes Phase 2 IPSec To negotiate and establish secure authentication The range can be from 5 to 15 000 minutes and the default...

Страница 79: ...ll automatically halt the tunnel connection and re establish it based on the Reconnection Time set Default setting is 1200 seconds 180 seconds is minimum time interval for this function Reconnection T...

Страница 80: ...ey VPN Connection Type and Security Algorithm MUST BE identically set up on both sides Attention Branch Office Head Office Local Network ID 192 168 0 0 24 192 168 1 0 24 Local Gateway IP 69 1 121 30 6...

Страница 81: ...ress 192 168 1 0 Netmask 255 255 255 0 3 Secure Gateway Address or Hostname 69 121 1 30 IP address of the head office gateway in WAN side Subnet Check Subnet radio button IP Address 192 168 0 0 Netmas...

Страница 82: ...Address 192 168 0 0 Netmask 255 255 255 0 3 Secure Gateway Address or Hostname 69 121 1 3 IP address of the head office gateway in WAN side Subnet Check Subnet radio button IP Address 192 168 1 0 Netm...

Страница 83: ...Chapter 4 Configuration 82 Example Configuring a IPSec Host to LAN VPN Connection...

Страница 84: ...2 168 1 0 Netmask 255 255 255 0 3 Secure Gateway Address or Hostname 69 121 1 30 IP address of the head office gateway in WAN side Single Address Check Single Address radio button IP Address 69 121 1...

Страница 85: ...you have created a L2TP connection account status will be displayed see example above Enable Disable This function activates or deactivates the L2TP connection Check the Disable radio button and clic...

Страница 86: ...ay as a server enter the Private IP Address Assigned to Dial in User address Username If you are a Dial Out user client enter the username provided by your Host If you are a Dial In user server enter...

Страница 87: ...ption method AES Stands for Advanced Encryption Standards it uses 128 bits encryption method Perfect Forward Secrecy Choose whether to enable PFS using Diffie Hellman public key cryptography to change...

Страница 88: ...k Apply after changing settings Example Configuring a L2TP VPN Remote Access Dial in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft s VPN Adapter inc...

Страница 89: ...00 An assigned IP address for the remote worker Username username Password 123456 4 Auth Type Chap Auto Keep as default value in most of the cases 5 Idle Timeout 0 The connection will be disconnected...

Страница 90: ...g a Remote Access L2TP VPN Dial out Connection A company s office establishes a L2TP VPN connection with a file server located at a separate location The gateway is installed in the office and is conn...

Страница 91: ...e Password 123456 4 Auth Type Chap Auto Keep as default value in most of the cases 5 Idle Timeout 0 The connection will be disconnected when there Is no traffic in a predefined period of time Idle tim...

Страница 92: ...Out if you want your gateway to operate as a client connecting to a remote VPN server Check Dial In if you want your gateway to operates as a VPN server When configuring your gateway to establish a c...

Страница 93: ...e encryption method from the pull down menu There are four options DES 3DES AES and NONE NONE means it is a tunnel only with no encryption 3DES and AES are more powerful but increase latency DES Stand...

Страница 94: ...e secure password length should be 16 characters that may include numbers and characters Click Apply after changing settings Example Configuring L2TP LAN to LAN VPN Connection The branch office establ...

Страница 95: ...to branch office network Peer Network IP 192 168 0 0 Netmask 255 255 255 0 Username username Password 123456 5 Auth Type Chap Auto Keep as default value in most of the cases 6 Idle Timeout 0 The conne...

Страница 96: ...Hostname 69 121 1 33 IP address of the head office gateway in WAN side Peer Network IP 192 168 1 0 Netmask 255 255 255 0 Username username Password 123456 5 Auth Type Chap Auto Keep as default value i...

Страница 97: ...be provided in the Gateway High Normal The default is normal priority for all of traffic without setting Low And the balances of utilization for each priority are High 60 Normal 30 and Low 10 Applicat...

Страница 98: ...4 Here is the DSCP Mapping Table Note Make sure the gateway s in the backbones network have the capability in executing and checking the DSCP throughout the QoS network Table 4 DSCP Mapping Table Wir...

Страница 99: ...ation Time Schedule Scheduling your prioritization policy Refer to Time Schedule for more information Protocol The name of supported protocol Source Port Source port to be monitored Destination Port D...

Страница 100: ...tion Time Schedule Scheduling your prioritization policy Refer to Time Schedule for more information Protocol The name of supported protocol Source Port Source port to be monitored Destination Port De...

Страница 101: ...Example QoS for your Network Connection Diagram Information and Settings Upstream 928 kbps Downstream 8 Mbps VoIP User 192 168 1 1 Normal Users 192 168 1 2 192 168 1 5 Restricted User 192 168 1 100 Re...

Страница 102: ...tremely latency sensitive Most VoIP devices use SIP protocol and the port number will be assigned by SIP module automatically It is better to use fixed IP address so high priority can be set for these...

Страница 103: ...ps Other Applications 448kbps 14 32kbps 6 4 14 5 29 29 32kbps 928kbps Sometime your customers or friends may upload their files to your FTP server and that will eat up your downstream bandwidth The se...

Страница 104: ...deliver all traffic to the private IP addresses used by your PCs Please see the WAN configuration section of this manual for more information on NAT The device can be configured as a virtual server s...

Страница 105: ...also need to specify the protocol used The protocol used is determined by the particular application Most applications will use TCP or UDP External Port The Port number on the Remote WAN side used wh...

Страница 106: ...signing the IP addresses of the virtual servers in order to avoid conflicts The best way to configure Virtual Servers is to manually assign static IP address to each with an address that does not fall...

Страница 107: ...r Virtual Server entries Cautious This local computer exposing to the Internet may face varies of security risks Disabled As set in default setting it disables the DMZ function Enabled It activates yo...

Страница 108: ...e NAT to utilize these IP addresses NAT Type Select desired NAT type Global IP Address Subnet The subnet of the public WAN IP address given by your ISP If your ISP did not provide this information to...

Страница 109: ...l also need to specify the protocol used The protocol used is determined by the particular application Most applications will use TCP or UDP Global IP Define a public WAN IP address for this Applicati...

Страница 110: ...ed to as dynamic or private ports are numbered from 49152 through 65535 For further information please visit IANA s website at http www iana org assignments port numbers Table 5 Well known Ports Port...

Страница 111: ...Internet by users or by applications This Time Schedule correlates closely with gateway s time since gateway does not have a real time clock on board it uses the Simple Network Time Protocol SNTP to g...

Страница 112: ...iled settings for this Time Slot will be shown see below ID This is the time slot ID number Name A user defined description to identify this time portfolio Day The default is set from Monday through F...

Страница 113: ...hin the Advanced section Static Route Dynamic DNS Check Email Device Management IGMP and VLAN Bridge Static Route Click on Routing Table and then choose Create Route Destination This is the destinatio...

Страница 114: ...he Dynamic DNS provider using their website An example of this is http www dyndns org There are more than 5 DDNS services supported Disable Check to disable the Dynamic DNS function Enable Check to en...

Страница 115: ...ck to enable the gateways Emailing checking function Account Name Enter the login name of the POP3 account you wish to check If you are not sure what this is please consult your service provider Passw...

Страница 116: ...e port number the gateway s embedded web server for web based configuration will use The default value is the standard HTTP port 80 Users may specify an alternative if they are running a web server on...

Страница 117: ...lity UPnP Port Its default setting is 2800 It is highly recommended for users to use this port value SNMP Access Control Simple Network Management Protocol SNMP V1 and V2 Read Community Specify a name...

Страница 118: ...tem group Interfaces group Address Translation group IP group ICMP group TCP group UDP group EGP not applicable Transmission SNMP group From RFC1650 EtherLike MIB dot3Stats From RFC 1493 Bridge MIB do...

Страница 119: ...tocol is used to management hosts from multicast group IGMP Forwarding Accepting multicast packet Default is set to Enable IGMP Snooping This allows switched Ethernet to check and make correct forward...

Страница 120: ...m the example two VLAN groups need to be created Ethernet P1 Port 1 Ethernet1 P2 P3 and P4 Port 2 3 4 Please uncheck P2 P3 and P4 from Ethernet VLAN Port first Note You should setup each VLAN group wi...

Страница 121: ...of 8 VLAN is support therefore only 8 WAN interfaces can be created in the table From the example PVC 0 33 to 0 39 is assigned for video using 1483 Bridged mode Check RFC 1483 Bridged and click Next...

Страница 122: ...rom the example fill in VPI and VCI only and leave the rest as is Repeat the same procedure by clicking Create select RFC1483 Bridged fill in the rest of PVC 0 34 to 0 39 Step 3 Setup VLAN Service Go...

Страница 123: ...VLAN Bridge with Bridge Interface created in Step1 you will see the relationship in these two screenshots Step 4 IGMP Snooping Enable Go Configuration Advanced IGMP IGMP Snooping must be enabled in o...

Страница 124: ...Logout Please ensure that you have saved the configuration settings before you logout Please note that the gateway is restricted to one PC accessing the configuration web pages at one time If the exis...

Страница 125: ......

Страница 126: ...jack The ADSL LED on the front panel should be on Check that your VPI VCI encapsulation type and type of multiplexing settings are all set correctly per information provided by your service provider...

Страница 127: ...apter please contact the service provider first to make sure it is not a network issue If you believe you are experiencing a hardware issue please contact Innoband directly for service and support at...

Страница 128: ...rom our product use and in any event our liability shall not exceed the original selling price of the equipment The equipment warranty of Innoband Technologies Inc shall constitute the sole and exclus...

Результаты поиска

Содержание 8860-C1

Отзывы:

Похожие инструкции для 8860-C1

Бренды по названию

Популярные бренды

Innoband 8860-C1, Руководство пользователя

Результаты поиска

Содержание 8860-C1

Отзывы:

Похожие инструкции для 8860-C1

Бренды по названию

Популярные бренды