Bintec-elmeg WO2003n manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto Bintec-elmeg WO2003n. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoBintec-elmeg WO2003n vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual Bintec-elmeg WO2003n você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual Bintec-elmeg WO2003n, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual Bintec-elmeg WO2003n deve conte:
- dados técnicos do dispositivo Bintec-elmeg WO2003n
- nome do fabricante e ano de fabricação do dispositivo Bintec-elmeg WO2003n
- instruções de utilização, regulação e manutenção do dispositivo Bintec-elmeg WO2003n
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque Bintec-elmeg WO2003n não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos Bintec-elmeg WO2003n e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço Bintec-elmeg na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas Bintec-elmeg WO2003n, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo Bintec-elmeg WO2003n, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual Bintec-elmeg WO2003n. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    Manual bintec Next Generation WLAN Reference Copyright© V ersion 9.1.12 (3672), 2015 bintec elmeg GmbH bintec elmeg GmbH Manual bintec Ne xt Gener ation WLAN 1[...]

  • Página 2

    Legal Notice W arranty This publication is subject t o change. bintec elmeg GmbH of f er s no warr anty whatsoev er f or inf ormation contained in this manu- al. bintec elmeg GmbH is not liab le f or any dir ect, indirect, collat eral, consequential or an y other damage connected t o the deliv er y , supply or use of this man ual. Cop yright © bin[...]

  • Página 3

    T able of Cont ents Chapter 1 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 .1 bintec W1 00 1n, W1 003n, W2003n, W2003n-ext and W2004n . . . . . . 1 1 .1 .1 Set ting up and connecting . . . . . . . . . . . . . . . . . . . . . . 1 1 .1 .2 Connect ors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1 .1 .3 LEDs . .[...]

  • Página 4

    Chapter 2 Basic configuration . . . . . . . . . . . . . . . . . . . . . . 25 2.1 P reset tings . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.1 .1 P reconfigur ed data . . . . . . . . . . . . . . . . . . . . . . . . 25 2.1 .2 Sof t ware update . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.2 S yst em requir ements . . . . . . . [...]

  • Página 5

    5.2 Global Set tings . . . . . . . . . . . . . . . . . . . . . . . . . . 56 5.2.1 S ystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 5.2.2 P asswor ds . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 5.2.3 D ate and Time . . . . . . . . . . . . . . . . . . . . . . . . . . 60 5.2.4 S ystem Licences . . . . . . . . . . . .[...]

  • Página 6

    7 .1 .1 Interf aces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 2 7 .2 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 16 7 .2.1 VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 18 7 .2.2 P or t Configuration . . . . . . . . . . . . . . . . . . . . . . . . 1 19 7 .2.3 Administration . . . . . . . [...]

  • Página 7

    9.4.3 Active Clients . . . . . . . . . . . . . . . . . . . . . . . . . . 180 9.4.4 Wireless Networ ks (VSS) . . . . . . . . . . . . . . . . . . . . . 1 82 9.4.5 Client Management . . . . . . . . . . . . . . . . . . . . . . . . 182 9.5 Neighbor Monitoring . . . . . . . . . . . . . . . . . . . . . . . 183 9.5.1 Neighbor APs . . . . . . . . . . . . . [...]

  • Página 8

    1 0.6.1 Drop In Gr oups . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Chapter 1 1 R outing P rotocols . . . . . . . . . . . . . . . . . . . . . . 241 1 1 .1 RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 1 1 .1 .1 RIP Int erfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 241 1 1 .1 .2 RIP F ilter . . . . .[...]

  • Página 9

    Chapter 1 4 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 1 4.1 IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 1 4.1 .1 IPSec P eers . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 1 4.1 .2 Phase-1 P rofiles . . . . . . . . . . . . . . . . . . . . . . . . . 296 1 4.1 .3 Phase-2 P rofiles . . . . [...]

  • Página 10

    1 5.4 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 1 5.4.1 Service List . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 1 5.4.2 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Chapter 1 6 Local Services . . . . . . . . . . . . . . . . . . . . . . . 354 1 6.1 DNS . . . . . . . . . . . . . . . [...]

  • Página 11

    1 6.7 HotSpot Gat ew ay . . . . . . . . . . . . . . . . . . . . . . . . . 402 1 6.7 .1 HotSpot Gate way . . . . . . . . . . . . . . . . . . . . . . . . . 404 1 6.7 .2 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408 1 6.8 W ake-On-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . 409 1 6.8.1 W ake-On-LAN F ilter . . . . .[...]

  • Página 12

    1 8.4.2 SNMP T rap Hosts . . . . . . . . . . . . . . . . . . . . . . . . 436 Chapter 1 9 Monit or ing . . . . . . . . . . . . . . . . . . . . . . . . . . 437 1 9.1 Int ernal Log . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 1 9.1 .1 Sy stem Messages . . . . . . . . . . . . . . . . . . . . . . . . 437 1 9.2 IPSec . . . . . . . . . . . . [...]

  • Página 13

    Inde x . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493 bintec elmeg GmbH T able of C ontents bintec Ne xt Generation WLAN xi[...]

  • Página 14

    T able of C ontents bintec elmeg GmbH xii bintec Ne xt Generation WLAN[...]

  • Página 15

    Chapter 1 Installation Note Please read the saf et y notices carefull y bef ore inst alling and star ting up your de vice. These are supplied with the de vice. 1 .1 bintec W1 0 0 1n, W1 0 03n, W20 03n, W20 03n-e xt and W20 04n 1 .1 .1 Set ting up and connecting Note All you need f or this are the cables supplied with the equipment. The de vices bin[...]

  • Página 16

    F ig. 2: Connection options bintec W1 0 0 1n and bintec W1 0 03n When set ting up and connecting, carry out the steps in the f ollowing sequence: (1) Antennas F or bintec W20 03n-ext scr ew the st andard ant ennas (accessory) on to the con- nector s provided f or this purpose. If you ar e using alternative ant ennas, please not e that you hav e to [...]

  • Página 17

    (1 00–240 V). The status LED signal that your de vice is correctly connect ed to the power suppl y . Optionally , power can be supplied thr ough a standard P oE injector (par t number 5530000082). Installation The access points are t o be mounted either on the wall or on the ceiling , or use as a table- top de vice. Use as a table-t op device At [...]

  • Página 18

    F ig. 3: Ceilingmounting 1 .1 .2 Connect ors All the connections are locat ed on the underside of the device . bintec W1 0 0 1n and bintec W1 0 03n has an Ether net por t, bintec W20 03n , bint ec W20 03n-ext and bintec W2004n hav e t wo Ethernet por ts. The connections are arr anged as follo ws: F ig. 4: Underside bintec W20 03n , bintec W2003n-ex[...]

  • Página 19

    3 PO WER Soc ket for po wer suppl y 1 .1 .3 LEDs The LEDs show the radio st atus and radio activity of your de vice. Note Note that the n umber of active WLAN LEDs depends on the n umber of e xisting wire- less modules. The LEDs on bintec W1 0 03n , bintec W20 03n , bint ec W20 03n-ext and bint ec W20 04n are arr anged as follo ws: F ig. 5: LEDs of[...]

  • Página 20

    F ig. 6: LEDs of bintec W1 0 0 1n In operation mode, the LEDs display the f ollowing status inf or mation for y our de vice: LED status display LED Status Infor mation LAN No function PWR (gr een) off The power suppl y is not connected. If other LEDs are on, also Err or. on (static) Error on (flashing) Ready W (gr een) of f Radio or all assigned VS[...]

  • Página 21

    Cable sets/mains unit/other Documentation W all or ceiling mounting (printed) User's Guide (on D VD) Saf et y notices bintec W1 0 03n Ethernet cable (RJ-45, STP) Self-adhesive f eet W all or ceiling mounting Quick Install Guide (print ed) R&TTE Compliance Inf or mation (printed) User's Guide (on D VD) Saf et y notices bintec W2003n Et[...]

  • Página 22

    Pr operty V alue Dimensions and weights: Equipment dimensions without cable (W x L x H) ca. 1 62 x 1 45 x 45 mm Weight appro x. 1,000 g (with WLAN modules) LEDs bintec W1 0 0 1n : 3 (1x LAN, 1x P ow er , 1x WLAN) bintec W1 0 03n : 3 (1x P ower , 1x WLAN, 1x Ether net) bintec W2003n , bintec W2003n-ext and bintec W20 04n : 4 (1x P ower , 2x WLAN, 2x[...]

  • Página 23

    Pr operty V alue Antenna connection bintec W1 0 0 1n , bintec W1 0 03n : 2 internal antennas bintec W2003n : 4 internal antennas bintec W2003n-ext : 4 ext er ne dualband antennas bintec W2004n : 6 internal antennas T ransmit P ower (WLAN) max. 1 00 mW (20 dBm) EIRP Standards & Guidelines R&TTE Directive 1 999/5/EC EN 60950-1 (IEC60950); EN [...]

  • Página 24

    1 .2 bintec WI1 0 03n 1 .2.1 Setting up and connecting Note All you need f or this are the cables supplied with the equipment. The de vice bintec WI1 0 03n uses ext er nal antennas. F ig. 7: Connection options bintec WI1 0 03n When set ting up and connecting, carry out the steps in the f ollowing sequence: (1) Antennas Scre w the standard antennas [...]

  • Página 25

    Note The de vices are supplied without a mains unit. The po wer adapt er with EU plug (par t number 550000 1254) is av ailable as an accessory . Connect the de vice to a mains sock et. Use the pow er cord and insert it in the appro- priate sock et on your de vice. Now plug the po wer cord into a po wer soc ket (1 00–240 V). The status LED signal [...]

  • Página 26

    1 .2.2 Connectors All the connections are locat ed on the underside of the device . bintec WI1 0 03n have two Ethernet por ts. The connections are arr anged as follo ws: F ig. 8: Connector s bintec WI1 0 03n Connector s bintec WI1 0 03n 1 RESET Reset b utt on perf orms restar t (base plate of the de vice) 2 ETH1/P oE und ETH2 1 0/1 00/1 000 Base-T [...]

  • Página 27

    LED Status Infor mation on (static) Error on (flashing) Ready WLAN 1/2 (gr een) of f Radio or all assigned VSS inactiv e on (slowl y flashing) VSS is active , no client connected on (f ast flashing) VSS is activ e, at least one client con- nected on (flic kering) VSS is active , at least one client con- nected, activ e data traf fic Y ou can choose[...]

  • Página 28

    The f eatures ar e summarised in the follo wing tab le: General P roduct Feat ures Pr operty V alue Dimensions and weights: Equipment dimensions without cable (W x L x H) ca. 1 49 x 1 23 x 31 mm Weight appro x. 750 g (with WLAN modules) LEDs 1x P ower , 2x WLAN P ower consumption of the device max. 1 2 W V oltage suppl y 9 V , 1 .3 A (The power ada[...]

  • Página 29

    1 .2.6 Reset If the configuration is incorr ect or if your de vice cannot be accessed, you can r eset the de vice to the e x works standard set tings using the Reset but ton on the bot tom of the de vice. All e xisting configuration dat a will be deleted. (1) P ress the Reset but ton on your de vice. (2) K eep the Reset but ton on your de vice pres[...]

  • Página 30

    F ig. 1 0: Connectors of bintec W O20 03n When set ting up and connecting, carry out the steps in the f ollowing sequence: (1) Antennas Scre w standard antennas (accessory) on to the connect ors pr ovided for this pur - pose. Radio module 1 is assigned t o connector s 1 -1 / 1 -2; radio module 2 to connect ors 2-1 / 2-2. If you connect st andard an[...]

  • Página 31

    Use just one of the por ts ETH1 and ETH2 , the second por t is used to cascade a number of de vices. If you use both Ethernet connections on the same switch, loops may be f or med. A standar d patch cable (RJ45-RJ45) is s ymmetrical. It is theref ore not possible t o mix up the cable ends . (3) P ower connection Note The de vices are supplied witho[...]

  • Página 32

    T o attach the de vice to the wall, use the br ack et supplied with your device . T o attach the de vice on the mast, use the thef t prot ector is av ailable as an accessory (par t number 5520000 144). Optional thef t prot ection is also av ailable (K ensington loc k). W arning Bef ore drilling, mak e sure that there ar e no building inst allations[...]

  • Página 33

    por t 4 LEDs LED display f or status and WLAN 5 Grounding Connect or f or mandatory ground connection 6 ETH1 / ETH2 1 0/1 00/1 000 Base-T Ethernet interfaces; P oE is sup- por ted on ETH1 1 .3.3 LEDs The LEDs show the radio st atus and radio activity of your de vice. Note Note that the n umber of active WLAN LEDs depends on the n umber of e xisting[...]

  • Página 34

    LED Colour Status Infor mation WLAN2 gr een of f Radio or all assigned VSS inactive gr een on (slo wly f lash- ing) VSS is active , no client connected gr een on (f ast flashing) VSS is active, at least one client connect ed 4 inactive ./. ./. Y ou can choose from thr ee dif fer ent operation modes of the LEDs in the Global Set tings menu as well a[...]

  • Página 35

    General P roduct Feat ures Pr operty V alue Dimensions and weights: Equipment dimensions without cable and antennas (W x L x H) 1 40 x 1 78 x 66 mm Weight appro x. 1260 g (with WLAN modules) LEDs 1x Status, 2x WLAN P ower consumption of the device 1 3 W max. V oltage suppl y All devices m ust be ear thed. 9-36 V DC max. 1 .4 A with re ver se voltag[...]

  • Página 36

    1 .3.6 Reset There is a hall ef fect s witch/sensor for the r eset function. Mov e a magnet close to the reset s witch which is positioned bet ween the Ethernet connectors and the LEDs t o trigger a re- set. Note If you delet e the boot configuration using the GUI , all passwor ds will be reset and the current boot conf iguration delet ed. The ne x[...]

  • Página 37

    F ig. 1 3: Ethernet 1 0/1 00/1 000 BA SE-T interface (RJ45 sock et) The pin assignment f or the Ether net 1 0/1 00/1 000 Base-T interf ace (RJ45 socket) is as f ol- lows: RJ45 socet for LAN connection Pin F unktion 1 P air 0 + 2 P air 0 - 3 P air 1 + 4 P air 2 + 5 P air 2 - 6 P air 1 - 7 P air 3 + 8 P air 3 - 1 .5.2 P ow er Connector The de vices b[...]

  • Página 38

    Pin F unktion 3 V CC- - Negativ e power v oltage 4 RxD - Receiv e ser ial interf ace 5 GND - GND serial interf ace 1 .6 F r equencies and channels Dif ferent certification regulations appl y around the w orld. ETSI standards generall y apply (predominantl y used in Europe). For oper ation in Europe , please read the not es in the R&TTE Complian[...]

  • Página 39

    Chapter 2 Basic conf iguration Y ou can use the Dime Manager (IP address assignment) and the GUI (other configuration steps) f or the basic configuration of y our device . The basic configuration is e xplained below step-b y-st ep . A detailed online help s yst em gives y ou extra support. This user’ s guide assumes you hav e the following basic [...]

  • Página 40

    Y ou can use the Dime Manager to assign a ne w IP address and the requir ed pass- wor d to y our de vice. Note Please note: If your de vice has obtained an IP address dynamicall y from a DHCP server operat ed in your network for the basic configur ation, the fallbac k IP address 1 92.168.0.252 is deleted aut omatically and your de vice will no long[...]

  • Página 41

    • Internet Explorer oder Mozilla Fir efo x • Installed net work card (Ethernet) • D VD dr ive • TCP/IP protocol inst alled (see Configuring a PC on page 28 ) 2.3 Pr eparation T o prepare f or configuration, you need t o... • Obtain the data requir ed for the basic configur ation. • Check whether the PC from which y ou want to perf or m [...]

  • Página 42

    Access data Example v alue Y our values IP address of y our access point  Netmask of your access point  Access P oint mode If you run your de vice in Access P oint mode, you can set up the r equired wireless net- works. T o do this, you need the f ollowing data: Configur [...]

  • Página 43

    nections (Windo ws XP) or Control P anel -> Networ k and Sharing Cent er -> Change Adapter Set tings (Windows 7). (2) Click on LAN Connection . (3) Click on Pr oper ties in the status window . (4) Look f or the Internet P rot ocol (TCP/IP) entr y in the list of net work components. Installing the Windo ws TCP/IP protocol If you cannot f ind t[...]

  • Página 44

    (a) Place the D VD pro vided in the D VD drive of y our configuration PC . The installation wizard should st ar t automaticall y . If it does not, open the follo wing file on the D VD us- ing your f ile bro wser:  . (b) Follo w the instructions in the installation wizard. Then carr y out the f ollowing st eps to con[...]

  • Página 45

    F ig. 16: IP addr ess assignment with the Dime Manag er (3) Enter the network parameters ( Device name , IP addr ess , Netmask and Gate way ) and click on OK . Note The maximum length of the Device name paramet er is 32 character s. The Device name paramet er may contain only the let ter s "a"-"z", "A"-"Z", t[...]

  • Página 46

    F ig. 1 7: GUI Login Star t the configuration int erface as f ollows: (a) Enter the IP addr ess of your de vice in the address line of your W eb browser . With DHCP server: • the IP address that the DHCP server assigned to y our de vice Without DHCP server: • With direct connection t o the configuration PC: the f allback IP addr ess ?[...]

  • Página 47

    (d) Click OK . (e) Stor e the configuration using the Save configur ation but ton abov e the menu naviga- tion. Note the f ollowing rules on passwor d use: • The passwor d must not be easy to guess . Names, car registration n umbers , dates of bir th, etc. should not be chosen as passw ords . • The passwor d should contain at least one characte[...]

  • Página 48

    Note Windo ws XP allows se veral menus t o be modified. Depending on the configuration, the path to the wir eless net work connection you want t o configure may be dif fer ent to that described above . Conf iguring the WLAN A dapter under W indows 7 A popup window inf or ms you about all wireless networks within reach. All you hav e to do is to con[...]

  • Página 49

    er an updated v ersion of the sy stem sof t ware is av ailable. If so , your de vice will be updated automaticall y . When installation of the new sof t ware is complet e, you will be in vited t o re- star t the de vice. Caution Af ter confirming with Go , the update cannot be abor ted. If an err or occurs during the update , do not re-st ar t the [...]

  • Página 50

    Chapter 3 A ccess and conf iguration This chapter describes all the access and configur ation options. 3.1 Access Options The various access options ar e present ed below . Select the procedure t o suit your needs. There ar e various ways y ou can access your de vice to configur e it: • Via your LAN 3.1 .1 Access via LAN Access via one of the Eth[...]

  • Página 51

    3.1 .1 .2 T elnet Apar t from configur ation using a web br owser , with a T elnet connection you can also ac- cess the SNMP shell and use other configuration options . Y ou do not need any additional sof t ware on y our PC to set up a T elnet connection to y our de vice. T elnet is availab le on all operating s yst ems. P roceed as f ollows: Windo[...]

  • Página 52

    see Login on page 39 ). (2) Enter   for the input pr ompt. Y ou are no w in the Flash Management shell. (3) Call up a list of all the f iles saved on the de vice:   . If you see a display lik e the one below , the key s needed are already ther e and you can connect to the de vice via SSH: [...]

  • Página 53

    P roceed as f ollows t o log in on your device via SSH: If you hav e made sure that all the ke ys needed ar e available on the de vice, you hav e to check whether an SSH client is inst alled on your PC . Most UNIX and Linux distributions in- stall a SSH client b y default. A dditional software , e.g . P uTTY , usuall y has to be inst alled on a Win[...]

  • Página 54

    Login name P assw ord A uthorisations # # R ead and change syst em variables, sav e configurations; use GUI . 2 $ Read and write s ystem v ar iables (e xcept pass words) (changes are lost when y ou switch of f your device).  $ Read s ystem v ariables (e xcept pass words).[...]

  • Página 55

    The status page of the GUI opens in the bro wser . SNMP shell Log into the SNMP shell as f ollows: (1) Enter y our user name e.g. # , and confirm with Retur n . (2) Enter y our user passwor d, e.g . # , and confir m with Ret urn . Y our device logs in with the input pr ompt, e.g . 2'((*. . The login was successful. Y[...]

  • Página 56

    With the GUI you can perf or m all the configuration tasks easil y and convenientl y . It is integ- rat ed in your de vice and is available in English. If r equired, other languages can be down- loaded from the do wnload area of www .bintec-elmeg.com and installed on your de vice. The set tings you make with the GUI are applied with the OK or Apply[...]

  • Página 57

    3.3.1 .1 Calling up GUI (1) Check whether the de vice is connected and s witched on and that all the necessar y cables ar e correctly connect ed. (2) Check the set tings of the PC from which y ou want t o configur e your de vice (see Con- figuring a PC on page 28 ). (3) Open a W eb bro wser . (4) Enter ),--[...]

  • Página 58

    Header F ig. 20: GUI header GUI header Menu P osition Languag e : In the dropdo wn menu, choose the language in which you w ant to display the GUI . Here y ou can choose the lan- guage in which you perf or m the configuration. German and English are av ailable. Vie w : Select the desired vie w from the dr opdown menu. Stand- ard and SNMP br owsers [...]

  • Página 59

    F ig. 22: Menus The Save conf iguration but ton is found in the navig ation bar . If you sav e a current configuration, y ou can save this as the boot configuration or y ou can also archiv e the pre vious boot configuration as a bac kup. If you clic k the Save configur ation b utt on in the GUI , you will be asked "Do y ou reall y want t o sav[...]

  • Página 60

    -> Sof twar e &Configuration menu, select Action = 0$ $($ and click on Go . The archiv ed backup is used as the current boot conf iguration. The navigation bar also cont ains the main configuration men us and their sub-menus. Click the main men u you r equire . The corresponding sub-menu then opens. [...]

  • Página 61

    But ton P osition menu and the Sy stem Management -> Certificates -> CRLs menu, this b ut ton activ ates the sub-menus f or configuration of the cer tificate or CRL imports. In the Sy stem Management -> Certificates -> Certificate List menu, this b ut ton activ ates the sub-menu f or the configuration of the cer tificate r equest. V ari[...]

  • Página 62

    GUI list options Menu P osition Update Int er val Her e you can set the interval in which the vie w is to be updat ed. T o do this, enter a period in seconds in the input field and con- firm it with . Filt er Y ou can have the list entries filt ered and displayed accor ding to cer tain criteria. Y ou can determine the number of entries displayed pe[...]

  • Página 63

    Menu P osition played on the f irst page . The menu contains either a list of all the conf igured entries or the basic set tings for the function concerned. Sub-menu The New but ton is av ailable in each men u in which a list of all the configur ed entries is displayed. Click the b utt on to display the configuration men u f or creating a ne w list[...]

  • Página 64

    Menu P osition the mouse. Internal lists e.g . Click . A new list entry is creat ed. Enter the corr espond- ing data. If list input fields r emain empt y , these are not sav ed when you conf irm with OK . Delete the entries by clicking the icon. Display of options that are not av ailable Options that are not av ailable because they depend on the se[...]

  • Página 65

    Note Please note that not all de vices have the full range of functions . Check the sof t ware of your de vice on the corresponding product page under www .bintec-elmeg.com . 3.3.2 SNMP shell SNMP (Simple Net work Management P rotocol) is a pr otocol that def ines how y ou can ac- cess the configuration set tings. All configuration set tings are st[...]

  • Página 66

    Chapter 4 A ssistants The Assistants menu of fer s step-b y-st ep instructions for the f ollowing basic configuration tasks: • First st eps • Internet A ccess • VPN • Wir eless LAN • V oIP PBX in LAN Choose the corresponding t ask from the navig ation bar and f ollow the instructions and e x - planations on the separat e pages of the Wiza[...]

  • Página 67

    Chapter 5 S yst em Management The Sy stem Management menu contains general s yst em information and settings . Y ou see a sy stem st atus ov er view . Global sy stem paramet ers such as the sy stem name, date/time , pass wor ds and licences are managed and the access and authentication meth- ods are conf igured. 5.1 Stat us If you log int o the GUI[...]

  • Página 68

    F ig. 25: Syst em Manag ement -> Status The menu Sy stem Management -> Status consists of the follo wing fields: Fields in the S ystem Inf ormation menu. Field V alue Uptime Displays the time past since the de vice was reboot ed. Sy stem Date Displays the curr ent sy stem date and s yst em time. Serial Number Displays the de vice ser ial numb[...]

  • Página 69

    Field V alue Activ e IPSec T unnels Displays the n umber of currentl y activ e IPSec tunnels in relation to the n umber of configur ed IPSec tunnels. Fields in the Ph ysical Interfaces menu. Field V alue Interface - Connection Infor mation - Link The ph ysical int erf aces are list ed here and their most impor tant set tings are shown. The s yst em[...]

  • Página 70

    5.2 Global Set tings The basic sy stem parameter s are managed in the Global Settings menu. 5.2.1 Sy stem Y our device's basic s yst em data is ent ered in the Sy stem Management -> Global Set tings -> Sy stem menu. F ig. 26: Syst em Manag ement -> Global Settings -> Syst em The Sy stem Management -> Global Settings -> Sy ste[...]

  • Página 71

    Field V alue Contact Ent er the rele vant contact per son. Here you can ent er the e- mail address of the s ystem administrat or, f or ex ample. A charact er string with a maximum of 255 character s is pos- sible . Maximum Number of Sy slog Entries Enter the maxim um number of sy slog messages that are stor ed internally in the de vice. P ossible v[...]

  • Página 72

    Field V alue Maximum Number of Accounting Log Entries Enter the maxim um number of login process entries that ar e stor ed inter nally in the de vice. P ossible v alues are  to  . The def ault value is  Manual WLAN Contr ol- ler IP Ad dress This function is only av ailable on de vices with a wireless LAN controller . Enter t[...]

  • Página 73

    F ig. 27: Syst em Manag ement -> Global Settings -> Passw ords Note All bintec elmeg de vices are deliv ered with the same username and passw ord. As long as the pass word r emains unchanged, they are not pr otected ag ainst unauthorised use. Make sur e you change the passw ords t o prev ent unauthor ised access to the de vice If the pass wor[...]

  • Página 74

    Field V alue munity Fields in the Global P asswor d Options menu Field V alue Show pass wor ds and ke ys in c lear text Define whether the pass words ar e to be display ed in clear te xt (plain te xt). The function is enabled with )$% The function is disabled b y default. If you activ ate the function, all pass words and k eys in all men us are [...]

  • Página 75

    F ig. 28: Syst em Manag ement -> Global Settings -> Date and Time Y ou have the f ollowing options f or determining the sy stem time (local time): ISDN/Manual In de vices with an ISDN interf ace, the sy stem time can be updat ed via ISDN, i. e. the date and time are t aken fr om the ISDN when the fir st outgoing call is made. The time can als[...]

  • Página 76

    Y ou can obtain the s yst em time automaticall y , e.g. using v arious time ser ver s. T o ensure that the de vice uses the desired curr ent time, y ou should configure one or more time serv - ers . Switching fr om summer time to winter time (and bac k) must be carr ied out manuall y if the time is derived using this method b y changing the value i[...]

  • Página 77

    Fields in the men u A utomatic Time Set tings (Time Prot ocol) Field Description ISDN Timeserver Only f or devices with an ISDN int erface. Determine whether the sy stem time is t o be updated via ISDN. If a time ser ver is conf igured, the time is only det ermined over ISDN until a successful update is r eceived from this time server . Updating ov[...]

  • Página 78

    Field Description • +$ : This time ser ver is not curr ently used f or the time re- quest. Third Timeserv er Ent er the third time server , by using either a domain name or an IP address . In addition, select the prot ocol for the time server request. P ossible v alues: • +4 (def ault value): This server uses the simple networ k tim[...]

  • Página 79

    Field Description Inter nal Time Server Select whether the internal timeser ver is t o be used. The function is activat ed by selecting !. . Time requests from a client will be ans wered with the curr ent sy stem time. This is given as GMT , without offset. The function is disabled b y default. Time r equests from a client are not an[...]

  • Página 80

    por t section at www .bintec-elmeg .com . Please follow the online licensing instructions. (Please also note the inf or mation on the licence card f or licences at additional cost.) Y ou will then receiv e an e-mail containing the follo wing data: • Licence Key and • Licence Serial Number . Y ou enter this dat a in the Sy stem Management -> [...]

  • Página 81

    Activ ating extra licences Y ou activat e extra licences b y adding the receiv ed licence information in the S yst em Man- agement -> Global Set tings -> Sy stem Licences -> New menu. The menu Sy stem Management -> Global Settings -> Sy stem Licences -> New consists of the f ollowing fields: Fields in the Basic Set tings menu. Fie[...]

  • Página 82

    Bridging connects net wor ks of the same type. In contrast to r outing, bridges operate at lay - er 2 of the OSI model (data link lay er), are independent of higher -lev el protocols and tr ans- mit data pac kets using MA C addresses. D ata transmission is transparent, which means the inf or mation contained in the data pac kets is not interpreted.[...]

  • Página 83

    Example: ' (fir st wireless network on the first wir eless module) The name of the bridge link is made up of the follo wing par ts: (a) Abbre viation for int erf ace type (b) Number of the wireless module on which the bridge link is configur ed (c) Number of the bridge link Example: % (fir st bridge link on the fi[...]

  • Página 84

    F ig. 30: Syst em Manag ement -> Interface Mode / Bridge Groups -> Interfaces The Sy stem Management -> Interface Mode / Bridge Gr oups -> Interfaces menu consists of the f ollowing fields: Fields in the Int erfaces menu. Field Description Interface Descr iption Displays the name of the int erface. Mode / Bridge Group Select whether you[...]

  • Página 85

    F ig. 31: Syst em Manag ement -> Interface Mode / Bridge Groups -> Interfaces -> Add The Sy stem Management -> Interface Mode / Bridge Gr oups -> Interfaces -> Add menu consists of the f ollowing fields: Fields in the Int erfaces menu. Field Description Interface Select the interf ace whose status should be changed. Edit for de vi[...]

  • Página 86

    use the MA C Bridge. The Sy stem Management -> Interface Mode / Bridge Gr oups -> Interfaces -> menu consists of the f ollowing fields: Fields in the Layer -2.5 Options menu. Field V alue Interface Shows the int erf ace that is being edited. Wildcar d Mode Select the Wildcar d mode you want t o use on the interf ace. P ossible v alues: •[...]

  • Página 87

    Field V alue The function is enabled with !. . The function is disabled b y default. 5.4 Administr ative A ccess In this menu, y ou can configur e the administrativ e access to the de vice. 5.4.1 Access In the Sy stem Management -> Administr ative A ccess -> Access menu, a list of all IP - capable int erfaces is displayed. F ig[...]

  • Página 88

    Field Description Rest ore Default Set- tings Only when y ou make changes to the administrativ e access con- figuration ar e rele vant access rules set up and activ ated. Y ou can rest ore the default set tings with the icon. 5.4.1 .1 A dd Select the Ad d but ton to conf igure administr ative access f or additional interf aces. F ig. 34: Syst em Ma[...]

  • Página 89

    F ig. 35: Syst em Manag ement -> Administrativ e Access -> SSH Y ou need an SSH client application, e.g . P uTTY , t o be able t o reach the SSH Daemon. If you wish t o use SSH Login together with the P uTTY client, you may need t o comply with some special configuration r equirements, f or which we have pr epared F A Qs. Y ou will find these[...]

  • Página 90

    Field V alue f ace. The function is activat ed by selecting !. . The function is enabled b y default. SSH P or t Here y ou can enter the por t via which the SSH connection is to be estab lished. The def ault value is  . Maximum n umber of concurr ent connec- tions Enter the maxim um number of simultaneousl y active SSH con- nec[...]

  • Página 91

    Field V alue RSA Ke y Status Shows the st atus of the RS A ke y . If an RS A ke y has not been generated yet, +$ ( is displayed in r ed and a link, * , is provided. If y ou select the link, the generation pr ocess is triggered and the view is up- dated. The *( status is display[...]

  • Página 92

    Field V alue Compression Select whether data compr ession should be used. The function is activat ed by selecting !. . The function is disabled b y default. TCP Keepaliv es Select whether the device is t o send keepaliv e packets . The function is activat ed by selecting !. . The function is enabled b y default. Loggin[...]

  • Página 93

    F ig. 36: Syst em Manag ement -> Administrativ e Access -> SNMP The menu Sy stem Management -> Administr ative A ccess -> SNMP consists of the follo w- ing fields: Fields in the Basic Set tings menu. Field V alue SNMP V ersion Select the SNMP ver sion your de vice is to use to list en for e x - ternal SNMP access. P ossible v alues: •[...]

  • Página 94

    [...]

  • Página 95

    Field V alue If an access request is r eceived by y our de vice, a r equest is sent to the RADIUS server if no corr esponding connection par t- ner has been f ound on your de vice. A CCESS_ACCEPT Ser ver -> Client If the RADIUS ser ver has authenticat ed the information con- tained in the A CCESS_REQUEST , it sends an AC- CESS_A CCEPT to y our d[...]

  • Página 96

    F ig. 37: Syst em Manag ement -> Remote A uthentication -> RADIUS -> New The Sy stem Management -> Remot e A uthentication -> RADIUS -> New menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field V alue A uthentication T ype Select what the RADIUS server is to be used f or . P ossible v alues: • ?[...]

  • Página 97

    Field V alue • &+ >6? : The RADIUS ser ver is used f or controlling access to a wir eless net work. • A"49 : The RADIUS ser ver is used f or authenticating IPSec peers via XA uth. V endor Mode Only f or Authentication T ype = $( In hotspot applications, select the mode def ine by the p[...]

  • Página 98

    Field V alue ser ver s for a gr oup are queried according to Pr iority and the P olicy . P ossible v alues: • +% (def ault value): Ent er a new group description in the t ext field. • 1 *$  : Select this entr y for special applications , such as Hotspot Ser ver conf iguration. • <*$ += : S[...]

  • Página 99

    Field V alue The def ault value is  (1 second). Alive Chec k Here y ou can activat e a check of the accessibility of a RADIUS ser ver in Stat us 1$% . An Alive Chec k is carr ied out regularly (e very 20 seconds) by sending an A CCESS_REQUEST t o the IP address of the RADI- US ser ver . If the ser ver is reachab le, Status is set to [...]

  • Página 100

    Field V alue ried out. 5.5.2 T A C ACS+ T AC ACS+ permits access control f or your de vice, net work access ser ver s (NAS) and other net work components via one or more central server s. Like RADIUS , T AC ACS+ is an AAA pr otocol and of fers authentication, authorisation and accounting ser vices (T AC ACS+ A ccounting is currentl y not suppor ted[...]

  • Página 101

    F ig. 38: Syst em Manag ement -> Remote A uthentication -> T A C ACS+ -> Ne w The Sy stem Management -> Remot e A uthentication -> T AC A CS+ -> New menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description A uthentication T ype Display s which T AC ACS+ function is t o be used. The value can[...]

  • Página 102

    Field Description authentication. If no response is giv en or access is denied (only if P olicy = +$)$' ), the entr y with the next- highest prior ity is used. The availab le values are  to  , the def ault value is  . Entry active Select whether this ser ver is t o be used for login authentication. [...]

  • Página 103

    Field Description Block Time Enter the time in seconds f or which the status of the current ser ver shall r emain block ed. When the b lock has ended, the ser ver is set t o the status spe- cified in the Entry active field. The possible v alues are  to @ , the def ault value is  . The value  means that the ser ver is ne v er se[...]

  • Página 104

    Fields in the Global R ADIUS Options menu. Field Description A uthentication for PPP Dialin By def ault, the follo wing authentication sequence is used for in- coming calls with RADIUS: Fir st CLID , then PPP and then PPP with RADIUS. Options: • 0. : Only inband RADIUS requests (P AP ,CHAP , MS- CHAP V1 & V2) (i.e. PPP r equests w[...]

  • Página 105

    F ig. 40: Syst em Manag ement -> Configuration A ccess -> Access P rofiles 5.6.1 .1 Edit or Ne w Choose the icon to edit e xisting entr ies. Choose the New but ton to cr eate additional ac- cess prof iles. T o create an access pr ofile y ou can use all the entr ies in the navigation bar of the GUI plus Save conf iguration and Switch t o SNMP [...]

  • Página 106

    F ig. 41: Syst em Manag ement -> Configuration A ccess -> Access P rofiles -> New The menu Sy stem Management -> Configur ation Access -> Access P rof iles -> New con- sists of the f ollowing fields: Fields in the men u Basic Set tings Field Description Description Enter a unique name f or the access profile . Lev el No. The sy st[...]

  • Página 107

    Fields in the men u But tons Field Description Save conf iguration If you activ ate the but ton Save configur ation the user is per - mit ted to sav e configur ations. Note Note that the pass words in the sav ed file can be vie wed in clear te xt. Enable or disab le Save configur ation . The function is enabled with !. . The function[...]

  • Página 108

    Field Description Menus Y ou see all the menus fr om the GUI's navigation bar . Menus that contain at least one sub-menu ar e flagged by and . The icon indicates pages . When y ou create a ne w access prof ile, no elements ar e as- signed yet, i.e . all the availab le menus, sub-menus and pages are f lagged with the icon . Each element in the [...]

  • Página 109

    F ig. 42: Syst em Manag ement -> Configuration A ccess -> Users Y ou can click the b ut ton t o display the details of the configured user . Y ou can see which fields and menus ar e assigned to the user . bintec elmeg GmbH 5 S yst em Management bintec Ne xt Generation WLAN 95[...]

  • Página 110

    F ig. 43: Syst em Manag ement -> Configuration A ccess -> Users -> The icon means that Read-only is per mit ted. If a r ow is f lagged with the icon the inf or mation is released f or reading and writing. The icon indicates b locked entries. 5.6.2.1 Edit or New Choose the icon to edit e xisting entr ies. Choose the New but ton to ent er ad[...]

  • Página 111

    F ig. 44: Syst em Manag ement -> Configuration A ccess -> Users -> New The menu Sy stem Management -> Configur ation Access -> Users -> New consists of the f ollowing fields: Fields in the men u Basic Set tings Field Description User Enter a unique name f or the user . P assw ord Enter a pass word f or the user. User must c hange [...]

  • Página 112

    Field Description If inter secting access profiles ar e assigned to a user , read and write hav e a higher prior ity than Read-onl y . But tons cannot be set to the set ting Read-only . 5.7 Cer tif icates An asymmetric cryptosy stem is used t o encr ypt data to be transported in a net work, to gen- erat e or check digital signatur es and the authen[...]

  • Página 113

    5.7 .1 .1 Edit Click the icon to display the cont ent of the selected object (ke y , cer tificate , or request). F ig. 45: Syst em Manag ement -> Cer tificates -> Certificate List -> The cer tificates and k eys themsel ves cannot be changed, but a f ew e xternal at tributes can be changed, depending on the type of the selected entr y . The[...]

  • Página 114

    Field Description Description Shows the name of the certificate , ke y , or request. Certificate is C A Certi- ficat e Mark the cer tificate as a cer tificat e from a trust wor th y cer tifica- tion authorit y (C A). Certificates issued b y this C A are accept ed dur ing authentica- tion. The function is enabled with 4 . The function is di[...]

  • Página 115

    Caution It is e xtremel y impor tant f or VPN securit y that the integ rit y of all cer tificates manuall y marked as trust wor thy (cer tification authority and user cer tificates) is ensur ed. The dis- played "f inger prints" can be used to chec k this integrity: Compare the display ed values with the fingerpr ints specified b y the iss[...]

  • Página 116

    F ig. 46: Syst em Manag ement -> Cer tificates -> Certificate List -> Certificate R equest The menu Sy stem Management -> Certificates -> Certificate List -> Certificate R equest consists of the f ollowing fields: Fields in the Certif icate R equest menu. Field Description Certificate R equest De- scription Enter a unique descript[...]

  • Página 117

    Field Description field. This f ile must be pro vided to the C A and the receiv ed cer tificate m ust then be impor ted manuall y to your de vice. •  ! : The ke y is request ed from a C A using the Simple Cer - tificat e Enrolment P rotocol. Generat e Pr ivat e Key Onl y f or Mode = ; Select an algorithm for k ey cr eation. :[...]

  • Página 118

    Field Description not configur ed on the de vice, the v alidit y of cer tificates fr om this C A is not checked. • <name of an existing certificate>: If all the necessary cer tific- ates ar e already availab le in the sy stem, you select these manuall y . RA Sign Certificat e Onl y f or Mode =  ! Only f or CA Certificat e not = [...]

  • Página 119

    Field Description If the field is not select ed, enter the name components in Com- mon Name , E-mail , Organizational Unit , Organization , Loc- ality , State/P ro vince and Country . The function is disabled b y default. Summary Only f or Custom = enabled. Enter a subject name with at tributes not of fer ed in the list. Example: "CN=VPNServer[...]

  • Página 120

    Field Description #1 , #2 , #3 F or each entr y , define the type of name and enter additional subject names. P ossible v alues: • +$ (def ault value): No additional name is ent ered. • 0 : An IP address is enter ed. • 1+ : A DNS name is entered. • ! : An e-mail address is enter ed. • ":0 : A uniform resour[...]

  • Página 121

    F ig. 47: Syst em Manag ement -> Cer tificates -> Certificate List -> Import The menu Sy stem Management -> Certificates -> Certificate List -> Import consists of the f ollowing fields: Fields in the Import menu. Field Description Exter nal Filename Enter the f ile path and name of the cer tificat e to be imported, or use Bro wse.[...]

  • Página 122

    If a ke y is no longer to be used, e.g . because it has fallen int o the wrong hands or has been lost, the corresponding certificate is declar ed inv alid. The cer tification authority re vok es the cer tificate and pub lishes it on a cer tificat e blac klist, so-called CRL. Cer tificate user s should alw ays chec k against these lists to ensur e t[...]

  • Página 123

    [...]

  • Página 124

    Chapter 6 Ph y sical Int erfaces In this menu, y ou configur e the ph ysical int erf aces that you hav e used when connecting your g atew ay . The configuration int erface only sho ws the interf aces that are av ailable on your de vice. In the Syst em Manag ement -> Status menu, you can see a list of all ph ysical interf aces and information on [...]

  • Página 125

    Field Description P or t Shows the r espective port. The numbering corresponds to the numbering of the Ether net por ts on the back of the de vice. Interface Displays the int erface assigned to the Ethernet por t here. Configur ed Speed / Mode Select the mode in which the interf ace is to run. P ossible v alues: • 2 $($[...]

  • Página 126

    Chapter 7 LAN In this menu, y ou configur e the addresses in y our LAN and can str ucture y our local net work using VLANs. 7 .1 IP Configur ation In this menu, y ou can edit the IP configuration of the LAN and Ethernet interf aces of your de vice. 7 .1 .1 Int erfaces The e xisting IP interf aces are listed in the LAN -> IP Configuration -> I[...]

  • Página 127

    Example of subnets If your de vice is connected to a LAN that consists of two subnets, y ou should enter a second IP Ad dress / Netmask . The fir st subnet has t wo hosts with the IP addresses 1 92.1 68.42.1 and 1 92.168.42.2, f or e xample , and the second subnet has t wo hosts with the IP addresses 1 92.1 68.46.1 and 1 92.168.46.2. T o be able t [...]

  • Página 128

    Field Description Select the Ethernet interface f or which the vir tual interf ace is to be configur ed. Ad dress Mode Select how an IP addr ess is assigned to the interf ace. P ossible v alues: •  (def ault value): The int erface is assigned a static IP address in IP Ad dress / Netmask . • 19  : An IP address is assigned t[...]

  • Página 129

    Field Description Use built-in is activat ed by def ault. VLAN ID Only f or Interface Mode = 4(( >D&+? This option only applies f or routing interf aces. Assign the inter - f ace to a VLAN b y entering the VLAN ID of the r elev ant VLAN. P ossible v alues are  (default v alue) to 88 . The menu Ad vanced Set tings consist[...]

  • Página 130

    Field Description Pr oxy ARP Select whether your de vice is to respond t o ARP requests from its own LAN on behalf of def ined remot e terminals. The function is activat ed by selecting !. . The function is disabled b y default. TCP-MSS Clamping Select whether your de vice is to apply MSS Clamping . T o pre- vent IP pac kets fragment[...]

  • Página 131

    F ig. 52: VL AN segmenting VLAN for Br idging and VLAN for R outing In the LAN -> VLAN menu, VLANs (vir tual LANs) are conf igured with int erfaces that operat e in Bridging mode. Using the VLAN menu, y ou can make all the set tings needed for this and quer y their status. Caution F or interf aces that operate in R outing mode, y ou only assign [...]

  • Página 132

    7 .2.1 VLANs In this menu, y ou can display all the VLANs already conf igured, edit y our settings and cr e- ate ne w VLANs. By default, the ;( VLAN with VLAN Identifier =  is available , to which all int erfaces are assigned. 7 .2.1 .1 Edit or New Choose the icon to edit e xisting entr ies. Select the New but ton in orde[...]

  • Página 133

    Field Description f or mation) or "(( (i.e. without VLAN information). 7 .2.2 P or t Configur ation In this menu, y ou can define and vie w the rules for r eceiving frames at the VLAN por ts. F ig. 54: LAN -> VLANs -> Port Configur ation The LAN -> VLANs -> P or t Configur ation menu consists of the follo wing fields[...]

  • Página 134

    7 .2.3 A dministration In this menu, y ou make general set tings f or a VLAN. The options must be configur ed sep- arat ely f or each br idge group . F ig. 55: LAN -> VLANs -> Administration The LAN -> VLANs -> Administr ation menu consists of the f ollowing f ields: Fields in the Br idg e Group br<ID> VLAN Options menu Field Desc[...]

  • Página 135

    Chapter 8 W ireless LAN In the case of wireless LAN or Wir eless LAN (WLAN = Wireless Local Ar ea Net work), this relat es to the creation of a networ k using wireless t echnology . Netw ork functions Like a wir ed net work, a WLAN of f ers all the main networ k functions. A ccess to server s, files , printers , and the e-mail sy stem is just as re[...]

  • Página 136

    An amendment to the T elecommunications A ct (TKG) allowed the 5.8 GHz band (5755 MHz - 5875 MHz) to be used f or so-called BFW A applications (Broadband F ixed W ireless Access). This simpl y requires r egistration with the F ederal Net wor k Agenc y . Howe ver , the use of TPC and DFS is mandatory in this case. 8.1 WLAN In the Wir eless LAN ->[...]

  • Página 137

    F ig. 57: Wireless LAN -> WLAN -> Radio Settings -> f or Operation Mode $ - 7( &/ ; F ig. 58: Wireless LAN WLAN Radio Set tings for Operation Mode   The Wir eless LAN -> WLAN -> Radio Settings -> menu consists of the f ollowing f[...]

  • Página 138

    Fields in the men u Wir eless Settings Field Description Operation Mode Define the mode in which the wir eless module of your de vice is to oper ate . P ossible v alues: • 3 (def ault value): The wir eless module is not active. • $ - 7( &/ ; : Y our device is used as an[...]

  • Página 139

    Field Description Channel The number of channels y ou can select depends on the countr y set ting. Please consult the data sheet f or your de vice. Access P oint Mode / Bridge Mode: Conf iguring the net wor k name (SSID) in Access P oint mode means that wireless networks can be logically separated fr om each other , but they can still ph ysically i[...]

  • Página 140

    Field Description Bandwidth F or Operation Mode = $ - 7( &/ ; or 7( &/  Not f or Operation Band = 8 *9E 0-3$$ Select how man y channels are t o be used. P ossible v alues: •  ;9E (def ault value): One channel with [...]

  • Página 141

    Field Description Wir eless Mode Select the wireless t echnology that the access point is to use. Only f or Operation Mode =  $ - 7( &/ ; and Operation Band = 8 *9E 0-3$$ or for Operation Mode =   and Operation Band = 8 *9E[...]

  • Página 142

    Field Description 802.1 1a or 802.1 1n. Airtime fairness This function is not availab le for all de vices. The Airtime fairness function ensures that the access point's send resour ces are distributed int elligently t o the connected cli- ents. This means that a po werful client (e. g . a 802.1 1n client) cannot achie ve onl y a poor flow le v[...]

  • Página 143

    Field Description The currentl y selected channels are display ed here . With Ad d you can add channels. If all av ailable channels are displayed, y ou cannot add any more entries. Y ou can delete entries with the icon. RTS Thr eshold Here, y ou select how the R TS/CTS mechanism is to be s witched on/of f . If you choose "[...]

  • Página 144

    F ig. 59: Wireless LAN -> WLAN -> Radio Settings -> -> Ad vanced Set tings for Operation Mode   Fields in the men u Ad vanced Set tings for Access Client Mode. Field Description Scan channels Choose the channels which the WLAN client aut omatically scans f or availab le wireless net works. P ossible v al[...]

  • Página 145

    Field Description radio connection becomes weak er. • +$ :$( : The WLAN client searches f or availab le wire- less net works if it is no longer connected to a wir eless net- work. • $ :$( : Specify the individual roaming paramet- ers . Scan Threshold Indicates the v alue in dBm above which the s yst em scans [...]

  • Página 146

    Field Description liseconds. The value can onl y be modified for Roaming Pr ofile = $ :$( . The def ault value is   . 8.1 .2 Wir eless Netw orks (VSS) If you ar e operating your de vice in Access P oint Mode ( Wir eless LAN -> WLAN -> Radio Set tings -> -> Oper ation Mode = [...]

  • Página 147

    f ers the highest le vel of securit y , but this security mode is only reall y suitable f or compan- ies, because it r equires a centr al authentication ser ver . P rivate user s should choose WEP or pref erabl y WP A-PSK with higher security as their secur ity mode. WEP 802.1 1 defines the securit y standard WEP (W ired Equiv alent P rivacy = encr[...]

  • Página 148

    Security measur es T o protect the data tr ansf erred o v er the WLAN, the follo wing configuration steps should be carried out in the Wir eless LAN -> WLAN -> Wir eless Networks (VSS) -> New menu, where necessar y: • Change the access passwor ds for your de vice. • Change the default SSID , Network Name (SSID) =  [...]

  • Página 149

    F ig. 60: Wireless LAN -> WLAN -> Wireless Netw orks (VSS) -> -> New The Wir eless LAN -> WLAN -> Wir eless Networks (VSS) -> -> New menu consists of the f ollowing fields: Fields in the men u Service Set Par ameters Field Description Networ k Name (SSID) Enter the name of the wir eless net work (SSID). Enter an A SCII strin[...]

  • Página 150

    Field Description be permitt ed within a radio cell. The function is activat ed by selecting !. . The function is enabled b y default. U-APSD Select whether the Unscheduled Aut omatic P ower S av e Deliv - er y (U-APSD) mode is to be enab led. The function is activat ed by selecting !. . The function is enabled b y def[...]

  • Página 151

    Field Description WP A Mode Onl y for Security Mode =  and  ! Select whether you w ant to use WP A (with TKIP encr yption) or WP A 2 (with AES encr yption), or both. P ossible v alues: •     (def ault value): WP A and WP A 2 can be applied. •  : Only[...]

  • Página 152

    Field Description Note Change the def ault P reshared K ey! If the k ey has not been changed, your de vice will not be protect ed against unau- thorised access! EAP Pr eauthentifica- tion Only f or Security Mode =  ! Select whether the EAP preauthentif ication function is to be ac- tivat ed. This function tells y[...]

  • Página 153

    Field Description ivel y rejected when the Max. number of clients - har d limit is reached. The value of the Max. number of c lients - sof t limit must be the same as or less than that of the Max. number of c lients - hard limit . The def ault value is  . Y ou can disable this function if y ou set Max. number of c lients - sof t limit and Max[...]

  • Página 154

    Field Description The function is disabled b y default. Allow ed Ad dresses Use Ad d to make entries and ent er the MAC addr esses ( MAC Ad dress ) of the clients to be permit ted. Fields in the men u Bandwidth limitation f or each WLAN c lient Field Description Rx Shaping Select a bandwidth limitation in the r eceive dir ection. P ossible v alues [...]

  • Página 155

    Field Description come alive at the right time and r eceive the dat a. P ossible v alues are  to  . The def ault value is  . IGMP Snooping IGMP snooping r educes the data traf fic and thus the net work load, as Multicast pack ets from the LAN are not f orwarded. Onl y those Multicast pack ets will be forwar ded that are r equested by[...]

  • Página 156

    F ig. 61: Wireless LAN -> WLAN -> Client Link -> The Wir eless LAN -> WLAN -> Client Link -> menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Networ k Name (SSID) Enter the name of the wir eless net work (SSID). Enter an A SCII string with a maximum of 32 character s. Fields in the S[...]

  • Página 157

    Field Description Enter a char acter string with the right number of character s for the selected WEP mode . F or ! 8 you need a char acter string with 5 character s, f or ! 8 with 1 3 charact ers , e.g . )$ for ! 8 , % for ! 8 . WP A Mode Onl y for Security Mode =  Se[...]

  • Página 158

    8.1 .3.2 Client Link Scan Af ter the desired Client Links hav e been configur ed, the icon is sho wn in the list. Y ou use this icon to open the Scan menu. F ig. 62: Wireless LAN -> WLAN -> Client Link -> Scan Af ter successful scanning, a selection of pot ential scan par tners is display ed in the scan list. In the Action column, click Se[...]

  • Página 159

    Field Description Mode Shows the security mode (encr yption and authentication) for the wireless network. Signal Displays the signal str ength of the detected client link in dBm. Connected Displays the st atus of the link on your client. Action Y ou can change the status of the client link. The av ailable ac- tions are display ed in this field. 8.1[...]

  • Página 160

    Field Description Bridge Link Name (ID) Depending on whether you operat e the radio module as access point or as wireless bridge link, you cr eate a bridge link in mas- ter or in slav e mode. If the radio module operat es in Access P oint mode, the bridge link is in master mode . Enter a name f or the br idge link. This name also ser ves as the ID [...]

  • Página 161

    Field Description P ossible v alues are all the countries configur ed on the de vice's wireless module . The range of channels av ailable f or selection ( Channel in the Wir eless LAN -> WLAN -> Radio Settings menu) changes de- pending on the countr y set ting. The def ault value is *# . bintec elmeg GmbH 8 Wir eless LAN b[...]

  • Página 162

    Chapter 9 W ireless LAN Contr oller By using the wireless LAN contr oller, y ou can set up and manage a WLAN infrastr ucture with multiple access points (APs). The WLAN contr oller has a Wizar d which assists you in the configuration of y our access points. The sy stem uses the C APW AP protocol (C ontrol and P rovisioning of W ireless Access P oin[...]

  • Página 163

    9.1 .1 Basic Settings Here y ou can configure all of the v arious settings that y ou require f or the actual wireless LAN controller . The wireless LAN contr oller uses the following set tings: Region Select the countr y in which the wireless contr oller is to be operated. Please note: The r ange of channels that can be used varies depending on the[...]

  • Página 164

    9.1 .2 Radio Pr of ile Select which frequenc y band your WLAN contr oller shall use. If the 8 *9E :$ $ is set then the 2.4 GHz frequenc y band is used. If the  *9E :$ $ is set then the 5 GHz frequenc y band is used. If the corresponding de vice contains t wo wireless modules , you can U[...]

  • Página 165

    Enter an A SCII string with a maximum of 32 character s. Also select whether the Networ k Name (SSID) D. is to be transmit ted. Security Mode Select the securit y mode (encr yption and authentication) for the wir eless net work. Please note:  ! means 802.1 1x. WP A Mode Select f or Security Mode = [...]

  • Página 166

    Note Bef ore y ou continue , please ensure that all access points that the WLAN contr oller shall manage are corr ectly wired and s witched on. 9.1 .4 Star t automatic installation Y ou will see a list of all detect ed access points. If you wish t o change the settings of a det ected AP , click on in the corresponding entry . Y ou will see the set [...]

  • Página 167

    The number of channels y ou can select depends on the countr y set ting. Please consult the data sheet f or your device . Note Conf iguring the net wor k name (SSID) in Access P oint mode means that wireless net- works can be logically separat ed from each other , but they can still ph ysically int erfer e with each other if they ar e operating on [...]

  • Página 168

    Under Configur e the Aler t Service for WLAN surveillance , click Start to monit or your managed APs. Y ou are tak en to the External Reporting -> Aler t Service -> Alert Recipient menu with the def ault setting Event = ;(  $ . Y ou can specify that you wish to be notif ied by e-mail if the ;(?[...]

  • Página 169

    Field Description The range of channels that can be used v aries depending on the countr y set ting. The def ault value is *# . Interface Select the interf ace to be used f or the wireless contr oller. DHCP Server Select whether an e xternal DHCP ser ver shall assign IP ad- dresses t o the APs or if you wish to assign f ixed IP addr [...]

  • Página 170

    Field Description Slave AP location Select whether the APs that the wireless LAN contr oller is to manage are locat ed in the LAN or the WAN. P ossible v alues: • &$ >&+? (def ault value) • :$ >+? The :$ >+? setting is useful if , for e xample, ther e is a wireless LAN contr oller[...]

  • Página 171

    9.3.1 Slave A ccess P oints F ig. 66: Wireless LAN Contr oller -> Slave AP configur ation -> Slave Access P oints In the Wir eless LAN Controller -> Slave AP conf iguration -> Slave A ccess P oints menu a list of all APs f ound with the wizard is display ed. Y ou will see an entr y with a paramet er set for each access point ( Location [...]

  • Página 172

    Status Meaning Of fline The AP is either administrativel y disabled or switched of f or has its power suppl y cut off etc. 9.3.1 .1 Edit Choose the icon to edit e xisting entr ies. Y ou can also delete entries using the icon. If you hav e deleted APs , these will be loc- ated ag ain but shall not be configur ed. F ig. 67: Wireless LAN Contr oller -[...]

  • Página 173

    Field Description Location Displays the locality of the AP . The locations are given n umbers if no location has been enter ed. Y ou can ent er another locality . Name Displays the name of the AP . Y ou can change the name. Description Enter a unique description f or the AP . C APW AP Encryption Select whether communication between the master and s[...]

  • Página 174

    Field Description if they ar e operating on the same or closely adjacent wireless channels. So if y ou are oper ating t wo or more r adio net works close to each other , it is advisable t o allocate the net works to dif ferent channels . Each of these should be spaced at least f our channels apar t, as a net work also par tially occupies the adja- [...]

  • Página 175

    9.3.2 Radio Pr of iles F ig. 68: Wireless LAN Contr oller -> Slave AP configur ation -> Radio Prof iles An ov er view of all creat ed wireless module pr ofiles is displayed in the Wireless LAN Con- troller -> Slave AP conf iguration -> Radio Pr of iles menu. A profile with 2.4 GHz and a pr o- file with 5 GHz ar e creat ed by default; th[...]

  • Página 176

    F ig. 69: Wireless LAN Contr oller -> Slave AP configur ation -> Radio Prof iles -> / New The Wir eless LAN Controller -> Slave AP conf iguration -> Radio Pr ofiles -> / New menu consists of the f ollowing fields: Fields in the men u Radio Pr ofile Definition Field Description Description Enter the desir ed descr iption of the wir[...]

  • Página 177

    Field Description your network. Operation Band Select the frequenc y band of the wireless module pr ofile . P ossible v alues: • 8 *9E 0-3$$ (default v alue): Y our de vice is oper - ated at 2.4 GHz (mode 802.1 1b , mode 802.1 1g and mode 802.1 1n), inside or outside buildings. •  *9E 0$$ : Y our device is oper [...]

  • Página 178

    Fields in the men u P erfor mance Set tings Field Description Wir eless Mode Select the wireless t echnology that the access point is to use. F or Operation Band = 8 *9E 0-3$$ P ossible v alues: • ( : The device operat es only in accordance with 802.1 1g. 802.1 1b clients hav e no access. • [...]

  • Página 179

    Field Description Max. T ransmission Rate Select the transmission speed. P ossible v alues: • $ (def ault value): The tr ansmission speed is determined automaticall y . • <D= : According t o setting f or Operation Band , Band- width , Number of Spatial Streams and Wir eless Mode vari- ous fix ed values in mbps are av ail[...]

  • Página 180

    Field Description lected. This ensur es that no channels overlap , i.e. a distance of f our channels is maintained bet ween the channels used. This is useful if more access points ar e used with overlapping radio cells. P ossible v alues: •  : All channels can be dialled when a channel is selected. • $ : Depending on the regio[...]

  • Página 181

    Field Description RTS Thr eshold Here y ou can specify the data packet length thr eshold in bytes (1 ..2346) as of which the RTS/CTS mechanism is t o be used. This makes sense if se veral clients that ar e not in each other's wireless r ange are run in one access point. Short Guard Interval Enable this function t o reduce the guard int er val [...]

  • Página 182

    Field Description The function is enabled with !. . The function is not activat ed by def ault. 9.3.3 Wir eless Networks (VSS) F ig. 70: Wireless LAN Contr oller -> Slave AP configur ation -> Wireless Netw orks (VSS) An ov er view of all creat ed wireless networks is displayed in the Wireless LAN Contr oller - > Slave AP con[...]

  • Página 183

    F ig. 71: Wireless LAN Contr oller -> Slave AP configur ation -> Wireless Netw orks (VSS) -> New The Wir eless LAN Controller -> Slave AP conf iguration -> Wir eless Networks (VSS) -> New menu consists of the f ollowing fields: Fields in the men u Service Set Par ameters Field Description Networ k Name (SSID) Enter the name of the[...]

  • Página 184

    Field Description be permitt ed within a radio cell. The function is activat ed by selecting !. . The function is enabled b y default. ARP Pr ocessing Select whether the ARP processing function should be enab led. The ARP data traf fic is r educed in the net work by the f act that ARP broadcasts that hav e been converted to ARP unica[...]

  • Página 185

    Field Description •  ! : 802.1 1x T ransmit Ke y Only f or Security Mode = ! 8 or ! 8 Select one of the ke ys configur ed in WEP Key as a standard ke y . The def ault value is #  . WEP Ke y 1 -4 Onl y for Security Mode = ! 8 , ! 8 Enter the WEP k ey . Enter a c[...]

  • Página 186

    Field Description Select the type of encr yption you want t o apply t o WP A2. P ossible v alues: • ! (def ault value): AES is used. • 40 : TKIP is used. • !  40 : AES or TKIP is used. Pr eshared Key Only f or Security Mode =  Enter the WP A pass word. Enter an A SCII string with 8 - 63 ch[...]

  • Página 187

    Field Description less module depends on the specifications of the r espective WLAN module. This maximum is distrub uted acr oss all wireless net works configured f or this radio module. No mor e new wir e- less net works can be created and a w ar ning message will ap- pear if the maximum number of clients is r eached. P ossible v alues are whole n[...]

  • Página 188

    Field Description value): The function is not used f or this VSS. This is useful if clients are t o switch bet ween dif ferent r adio cells with as lit tle delay as possible , e. g . with V oice over WLAN. • F8 *9E .  : P ref erence is giv en to accept- ing clients in the 2.4 GHz band. •  *9E .[...]

  • Página 189

    Field Description Blacklist b locktime Enter the time f or which an entr y in the dynamic blacklist r e- mains valid. Def ault value is  seconds. Fields in the men u VLAN Field Description VLAN Select whether the VLAN segmentation is t o be used for this wireless network. The function is activat ed by selecting !. . The func[...]

  • Página 190

    9.4 Monitor ing This menu is used t o monitor y our WLAN infrastructure . Note In order t o ensure adequate timing between the WLAN Controller and the connect ed Slave APs , the inter nal time ser ver of the WLAN C ontroller should be enabled. 9 Wir eless LAN Controller bintec elmeg GmbH 1 76 bintec Ne xt Generation WLAN[...]

  • Página 191

    9.4.1 WLAN Contr oller F ig. 72: Wireless LAN Contr oller -> Monitoring -> WLAN Controller In the Wir eless LAN Controller -> Monitor ing -> WLAN Controller menu, an ov er view of the most rele vant W ireless LAN C ontroller paramet ers is displayed. The display is r e- freshed e very 30 seconds. V alues in the Ov erview list Status Mea[...]

  • Página 192

    Status Meaning AP managed Displays the number of managed access points . WLAN Controller: VSS throughput Displays the dat a traf fic in receiv e and transmit direction in byt es per second. CPU usage [%] Display s the percent aged CPU load ov er time. Memory usage [%] Displays the per centaged memory consumption over time . Connected c lients/VSS D[...]

  • Página 193

    F ig. 7 4: W ireless LAN Contr oller -> Monitor ing -> Slave A ccess Points -> Ov er view V alues in the Ov erview list Status Meaning Throughput Displays the r eceived and transmit ted data traf fic per radio mod- ule ov er time. Connected c lients Displays the n umber of connected clients per radio module o ver time. 9.4.2.2 Radio 1 In t[...]

  • Página 194

    F ig. 75: Wireless LAN Contr oller -> Monitoring -> Slave Access P oints -> Radio V alues in the Radio list Status Meaning Throughput/c lient Displays the r eceived and transmit ted data traf fic per client ov er time. 9.4.3 Activ e Clients F ig. 7 6: Wireless LAN Contr oller -> Monitoring -> Active Clients In the Wir eless LAN Contr[...]

  • Página 195

    P ossible values for Stat us Status Meaning None The client is no longer in a v alid status. Logon The client is currentl y logging on with the WLAN. Associat ed The client is logged on with the WLAN. A uthenticate The client is in the process of being authenticat ed. A uthenticated The client is authenticated. Via the icon, you can open a summary [...]

  • Página 196

    9.4.4 Wir eless Networks (VSS) F ig. 78: Wireless LAN Contr oller -> Monitoring -> Wireless Netw orks (VSS) In the Wir eless LAN Controller -> Monitor ing -> Wir eless Networks (VSS) menu, an over - view of the curr ently used AP is displayed. Y ou see which wireless module is assigned to which wireless network. For each wireless a par [...]

  • Página 197

    9.5 Neighbor Monitor ing This menu serves the monitoring of r emote access points . 9.5.1 Neighbor APs F ig. 80: Wireless LAN Contr oller + Neighbor Monitoring -> Neighbor APs In the Wir eless LAN Controller + Neighbor Monitor ing -> Neighbor APs menu, the adja- cent AP's f ound during the scan are displayed. Rogue APs , i.e. APs which a[...]

  • Página 198

    9.5.2 Rogue APs F ig. 81: Wireless LAN Contr oller + Neighbor Monitoring -> Rogue APs APs which are using an SSID fr om their own net work but are not managed b y Wireless LAN Controller are display ed in the Wireless LAN Contr oller + Neighbor Monitor ing -> Rogue APs menu. Rogue APs which have been f ound for the f irst time ar e displayed [...]

  • Página 199

    9.5.3 R ogue Clients F ig. 82: Wireless LAN Contr oller + Neighbor Monitoring -> Rogue Clients The Wir eless LAN Controller + Neighbor Monitor ing -> Rogue Clients menu displays the clients which have at tempt ed to g ain unauthor ised access to the networ k and which are theref ore on the blac klist. The blacklist is conf igured f or each VS[...]

  • Página 200

    9.5.3.1 New Choose the New but ton t o configur e additional blac klist entr ies. F ig. 83: Wireless LAN Contr oller + Neighbor Monitoring -> Rogue Clients -> New The menu consists of the f ollowing fields: Fields in the Ne w Blacklist Entry menu Field Description Rogue Client MA C Ad- dress Enter the MA C address of the client you int end to[...]

  • Página 201

    9.6.1 Fir mwar e Maintenance F ig. 84: Wireless LAN Contr oller -> Maintenance -> Firmw are Maint enance In the Wir eless LAN Controller -> Maintenance -> Fir mwar e Maintenance menu, a list of all Managed Access P oints is displayed. F or each managed AP you will see an entry with the follo wing paramet er set: Update fir m- war e , Lo[...]

  • Página 202

    Field Description Action Select the action you wish t o ex ecute . Af ter each task, a window is display ed showing the other st eps that are r equired. P ossible v alues: • " # $% : Y ou can also star t an update of the sy stem sof t ware . • ' $($[...]

  • Página 203

    Chapter 1 0 Netw orking 1 0.1 Rout es Default Rout e With a def ault route , all data is aut omatically f orwarded t o one connection if no other suit- able r oute is availab le. If y ou set up access to the Internet, you must conf igure the r oute to your Int er net Ser vice P ro vider (ISP) as a def ault rout e. If, f or ex ample, y ou configur e[...]

  • Página 204

    F ig. 85: Network -> Routes -> IPv4 Route Conf iguration -> New with Rout e Class = Standard. If the !6 option is selected f or the Rout e Class , an extr a configuration section opens. F ig. 86: Network -> Routes -> IPv4 Route Conf iguration -> New with Rout e Class Extended = !. The Networ k ->[...]

  • Página 205

    fields: Fields in the men u Basic P aramet ers Field Description Rout e T ype Select the type of rout e. P ossible v alues: • 1 :$ ' 0 : Route via a specif ic in- terf ace which is to be used if no other suitab le rout e is avail- able . • 1 :$ '[...]

  • Página 206

    Field Description ceived b y DHCP are supplemented b y routing inf or mation about a par ticular net work. Note When the DHCP lease e xpires or when the de vice is re- star ted, the r outes that consist from the combination of DH- CP set tings and those made here are initiall y deleted once more fr om the active routing . If the DHCP is reconf igur[...]

  • Página 207

    Field Description When Rout e T ype = +%$/ :$ ' 0 Also enter the r elev ant netmask in the second field. Gate way IP A ddr ess Only f or Route T ype = 1 :$ ' *%# , 9$ :$ ' *%# or +%$/ :$ &apo[...]

  • Página 208

    Field Description • # (def ault value): The r oute is valid f or all por t numbers. • ( : Enables the entry of a por t number . • :( : Enables the entry of a range of por t numbers. • '( : Entr y of pr ivileged por t numbers: 0 ... 1 023. • ' : Entr y of ser ve[...]

  • Página 209

    Field Description according t o RFC 3260 is used to signal the prior ity of IP pack ets (indicated in binar y format). • 1  1 D : Diff erentiated Services Code P oint according t o RFC 3260 is used to signal the prior ity of IP pack ets (indicated in decimal format). • 1  96 D[...]

  • Página 210

    1 0.1 .2 IPv4 R outing T able A list of all IPv4 rout es is displayed in the Network -> Routes -> IPv4 Routing T able menu. The rout es do not all need to be active , but can be activ ated at any time b y rele vant data traf fic. In the e x works state , a predef ined entr y with the parameters Destination IP Address = ?[...]

  • Página 211

    Field Description Extended R oute Displays whether a r oute has been configur ed with advanced paramet ers . Pr otocol Displays ho w the entr y has been creat ed , e.g. manuall y ( &$  ) or via one of the availab le protocols . Delete Y ou can delete entries with the symbol. 1 0.1 .3 Options Back R oute V erify The term Back R oute [...]

  • Página 212

    Field Description P ossible v alues: • !. $   : Back Rout e V erify is activ- ated f or all interf aces. • !. $   (def ault value): A list of all interf aces is displayed in which Back R oute V er ify is only enabled [...]

  • Página 213

    F ig. 89: Networking -> NA T -> NA T Interfaces F or ev er y NA T interf ace, the +4 ' , &$$./ ' ,  1# and 4 )$() can be selected. In addition, $$%( displays how man y por t forw arding rules wer e con[...]

  • Página 214

    Field Description If PPTP P assthrough is enabled, the de vice itself cannot be configur ed as a tunnel endpoint. P or tforwar dings Sho ws the number of por tf orwar ding rules configured in Net- wor king -> NA T -> NA T Configur ation . 1 0.2.2 NA T Configur ation In the Networ king -> NA T -> NA T Configur ation menu y ou can e x clu[...]

  • Página 215

    Field Description Interface Select the interf ace for which NA T is to be configur ed. P ossible v alues: • # (def ault value): NA T is configur ed f or all interf aces. • <0 = : Select one of the interf aces from the list. T ype of traf fic Select the type of data traf fic for which NA T is to be co[...]

  • Página 216

    Field Description within the e xisting connection are allo wed. In the NA T Configur ation -> Specify original tr af fic menu, you can configur e for which data traf fic NA T is to be used. Fields in the men u Specify original tr af fic Field Description Service Not for T ype of traf fic = $($( >$ +4? and NA T me[...]

  • Página 217

    Field Description • # (def ault value) • 9 • )$ • !* • ! • ** • *:! • 9; • 0 ; • 0*; • 0* • 0*: • 0 • 00 • 0' • 0A  0 • 030 • #$ • &4 • 32 • " • :1 • :D • ?[...]

  • Página 218

    Field Description original data pack ets, as the case arises. Original Destination IP Ad dress/Netmask Only f or T ype of traf fic = $( >1$ +4? Enter the destination IP addr ess and corresponding netmask of the original data pack ets, as the case arises. Original Destination P or t/Range Only f or [...]

  • Página 219

    Field Description Destination P or t/Range Only f or T ype of traf fic = $($( >$ +4? , NA T method = # , Service =  and Pro- tocol = 4  , "1 , 4 -"1 or T ype of traf fic = 6( >)$ +4? , Service [...]

  • Página 220

    Field Description 4  , "1 , 4 -"1 and Original Source P or t/Range =  or # $ Leave the sour ce por t as it appears or ent er a new source port to which the original source port is to be translat ed. 3( leaves the original source por t. If you disab le 3 (?[...]

  • Página 221

    Note Note that the int erfaces that are combined int o a load balancing group must hav e rout es with the same metr ic. If necessar y , go to the Networking -> Routes menu and check the entries there . 1 0.3.1 .1 Ne w Choose the New but ton t o creat e additional groups. F ig. 91: Networking -> Load Balancing -> Load Balancing Groups ->[...]

  • Página 222

    Field Description of the tot al data rat e handled by the int erfaces. The curr ent data rat e based on the data traf fic is decisiv e in both the send and receiv e direction. Consider Only f or Distrib ution P olicy = &$ 7%) Choose the direction in which the curr ent data rate is t o be con[...]

  • Página 223

    F ig. 92: Networking -> Load Balancing -> Load Balancing Groups -> Add Fields in the Basic P arameter s menu. Field Description Group Descr iption Shows the description of the interf ace group . Distrib ution P olicy Displays the type of data traf fic selected. Fields in the Int erface Selection for Distrib ution menu. Field Description In[...]

  • Página 224

    Field Description cisive f actor . The menu Ad vanced Set tings consists of the following f ields: Fields in the A dvanced Set tings menu. Field Description Rout e Selector The Rout e Selector parameter is an additional criterion to help define a load balancing gr oup more precisel y . Here , routing in- f or mation is added to the "int erface[...]

  • Página 225

    Field Description ancing status now v ar ies according t o the status of the assigned host sur veillance entry . Select the IP address f or the route t o be monitored. Y ou can choose from the IP addr esses you hav e entered in the Local Services -> Surveillance -> Hosts -> New menu under Monitor ed IP Address and which are monitor ed with[...]

  • Página 226

    F ig. 93: Networking -> Load Balancing -> Special Session Handling -> New The Networ king -> Load Balancing -> Special Session Handling -> New menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Admin Stat us Select whether the Special Session Handling should be activ - ated. The functi[...]

  • Página 227

    Field Description • G • ) • )( • C • # • ) •  The def ault value is "  . Pr otocol Select a prot ocol, if requir ed. The # option (default v alue) matches any pr otocol. Destination[...]

  • Página 228

    Field Description • +%$/ : Enter the net work address and the r elated net- mask. Source P ort/Rang e Enter , if requir ed, a source port number or a range of source por t numbers . P ossible v alues: •  (def ault value): The destination port is not specified. • # $ : Enter a destination por [...]

  • Página 229

    1 0.4 QoS QoS (Quality of Ser vice) makes it possible t o distr ibut e the availab le bandwidths eff ectively and intelligentl y . Cer tain applications can be given pr ef erence and bandwidth r eserved f or them. This is an advant age, especiall y f or time-critical applications such as V oIP . The QoS configuration consists of thr ee par ts: • [...]

  • Página 230

    Field Description Description Enter the name of the f ilter . Service Select one of the preconf igured services. The e xtensiv e range of ser vices configur ed e x works includes the follo wing: • '# • G • ) • )( • C • # • )?[...]

  • Página 231

    Field Description dress/Netmask corr esponding netmask. Destination P or t/Range Only f or Prot ocol = 4  or "1 Enter a destination port number or a range of destination por t number s. P ossible v alues: •  (def ault value): The destination port is not specified. • # $ : Enter a destination [...]

  • Página 232

    Field Description • 43 1 D : The TOS v alue is specified in decimal f or mat, e.g . 63. • 43 96 D : The TOS v alue is specified in he xadecimal f or mat, e.g. 3F . COS Filt er (802.1p/Layer 2) Enter the service class of the IP pack ets (Class of Ser vice, CoS). V alue ra[...]

  • Página 233

    Fields in the Basic P arameter s menu. Field Description Class map Choose the class plan y ou want t o creat e or edit. P ossible v alues: • +% (def ault value): Y ou can creat e a new class plan with this set ting. • <+ $  = : Shows a class plan that has already been cr eated, which you can select a[...]

  • Página 234

    Field Description The function is disabled b y default. Class ID Only f or High Prior ity Class not active . Choose a number which assigns the data pac kets to a class . Note The class ID is a label to assign dat a pack ets to specif ic classes. (The class ID does not def ine the prior ity .) P ossible v alues are whole number s bet ween  and ?[...]

  • Página 235

    Field Description The def ault value is ' . Interfaces Only f or Class map = +% When cr eating a new class plan, select the interf aces to which you w ant to link the class plan. A class plan can be assigned t o multiple int erfaces . 1 0.4.3 QoS Interfaces/P olicies In the Networ king -> QoS -> QoS Interfaces/P o[...]

  • Página 236

    F ig. 96: Networking -> QoS -> QoS Interfaces/P olicies -> New The Networ king -> QoS -> QoS Interfaces/P olicies -> New menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Interface Select the interf ace for which QoS is t o be configur ed. Pr ioritisation Al- gorithm Select the algori[...]

  • Página 237

    Field Description T raf fic shaping Activat e or deactivate dat a rate limiting in the send dir ection. The function is enabled with !. . The function is disabled b y default. Maximum Upload Speed Only f or T raf fic shaping = enabled. Enter a maxim um data rat e f or the selected int erface in the send direction in kbit per second. [...]

  • Página 238

    Field Description ing is ' and Prot ocol Header Siz e below Layer 3 is not " >$$$ 9 3I? . Select the encr yption method used f or the IPSec connection. The encr yption algorithm determines the length of the block cipher which is tak en into acc[...]

  • Página 239

    Field Description • %# : Real Time Jit ter C ontrol is al way s active, e ven if no real time dat a is rout ed. Queues/P olicies Conf igure the desir ed QoS queues. F or each class creat ed from the class plan, which is associat ed with the selected int erface, a queue is gener ated aut omatically and displayed her e (only for dat a t[...]

  • Página 240

    Field Description Choose the prior ity of the queue. P ossible values ar e  (high prior ity) to 8 (low priorit y). The def ault value is  . W eight Only f or Prior itisation Algorithm = () :$ :$. or () 2 H( Choose the prior ity of the queue. P ossible values a[...]

  • Página 241

    Field Description Enable or disab le the function. The function controls the band- width limit. If Ov erbooking allowed is activated, the bandwidth limit set f or this queue can be e x ceeded, as long as free bandwidth e xists on the interf ace. If Ov erbooking allowed is deactivated, the queue can ne ver occup y bandwidth bey ond the bandwidth lim[...]

  • Página 242

    Field Description ure ensur es a smaller long-ter m queue size f or TCP -based data traf fic, so that traf fic b ursts can also usuall y be transmit ted without large pac ket losses. The function is activat ed with !. . The function is disabled b y default. Min. queue size Enter the lo wer thr eshold value f or the process Cong estio[...]

  • Página 243

    A filt er describes a cer tain par t of the IP data traf fic based on the sour ce and/or destination IP address , netmask, prot ocol and source and/or destination por t. Y ou use the rules that you set up in the access lists to t ell the gate way what t o do with the filt ered dat a pack ets, i.e. whether it should allow or den y them. Y ou can als[...]

  • Página 244

    1 0.5.1 Access F ilter This menu is f or configuration of access filt er Each filt er describes a cer tain par t of the IP traf fic and defines , for e xample, the IP addr esses, the prot ocol, the source port or the des- tination por t. A list of all access filt ers is display ed in the Networking -> Access Rules -> Access Filt er menu. F ig[...]

  • Página 245

    Field Description Description Enter a description f or the filt er. Service Select one of the preconf igured services. The e xtensiv e range of ser vices configur ed e x works includes the follo wing: • '# • G • ) • )( • C • # • [...]

  • Página 246

    Field Description Y ou can define a filt er that takes the status of the TCP connec- tions into account. P ossible v alues: • # (def ault value): All TCP pac kets match the filt er . • !.) : All TCP packets that w ould not open any ne w TCP connection on routing o ver the g atew ay match the filt er . Destination I[...]

  • Página 247

    Field Description number s. DSCP/T OS Filter (Layer 3) Select the T ype of Ser vice (TOS). P ossible v alues: • 0($ (def ault value): The type of ser vice is ignored. • 1  7# D : Diff erentiated Services Code P oint according t o RFC 3260 is used to signal the prior ity of IP pack ets (indicated in binar y[...]

  • Página 248

    F ig. 99: Networking -> Access Rules -> Rule Chains 1 0.5.2.1 Edit or Ne w Choose the icon to edit e xisting entr ies. T o configure access lists , select the New but- ton. F ig. 1 00: Networ king -> Access R ules -> Rule Chains -> New The Networ king -> Access R ules -> Rule Chains -> New menu consists of the f ollowing fie[...]

  • Página 249

    Field Description Access F ilter Select an IP filt er . If the rule chain is new , select the filt er to be set at the f irst point of the rule chain. If the rule chain already e xists, select the f ilter t o be attached t o the rule chain. Action Define the action t o be tak en f or a filt ered dat a pack et. P ossible v alues: • $% [...]

  • Página 250

    F ig. 1 0 1: Networking -> Access Rules -> Interface Assignment 1 0.5.3.1 Edit or Ne w Choose the icon to edit e xisting entr ies. Choose the New but ton to configur e additional assignments. F ig. 1 02: Networ king -> Access R ules -> Interface A ssignment -> New The Networ king -> Access R ules -> Interface A ssignment -> [...]

  • Página 251

    Field Description is denied. P ossible v alues: • +$ $ : No syslog message . • 0$ (def ault value): A s yslog message is generated with the prot ocol number , source IP addr ess and source por t number . • 1 : A syslog message is gener ated with the cont ents of the fir st 64 byt es of the denied packet. 1 0.6 Dr[...]

  • Página 252

    F ig. 1 03: Networ king -> Drop In -> Drop In Gr oups -> New The Networ king -> Drop In -> Drop In Gr oups -> New menu consists of the f ollowing f ields: Fields in the Basic P arameter s menu. Field Description Group Descr iption Enter a unique name f or the Drop In group . Mode Select which mode is to be used t o send the MAC ad[...]

  • Página 253

    Field Description The function is disabled b y default. Networ k Configur ation Select how an IP address / netmask is assigned t o the Drop In net work. P ossible v alues: •  (def ault value) • 19  Networ k Ad dress Only f or Networ k Configur ation =  Enter the network address of the Drop In net work. Net[...]

  • Página 254

    Field Description • 3% 0  Interface Selection Select all the por ts which are t o be included in the Drop In gr oup (in the net work). Add ne w entr ies with Add . 1 0 Net working bintec elmeg GmbH 240 bintec Ne xt Generation WLAN[...]

  • Página 255

    Chapter 1 1 R outing P rot ocols 1 1 .1 RIP The entries in the routing tab le can be defined staticall y or the routing tab le can be updated constantl y by dynamic e xchange of r outing information bet ween se veral de vices. This ex - change is controlled b y a Routing P rotocol, e .g. RIP (R outing Information P rot ocol). By de- f ault, about e[...]

  • Página 256

    F ig. 1 05: Routing P rotocols -> RIP -> RIP Interfaces -> The menu Networ king -> RIP -> RIP Interfaces -> consists of the f ollowing f ields: Fields in the RIP P arameter s for men u. Field Description Send V ersion Decide whether routes ar e to be pr opagated via RIP and if so , select the RIP ver sion for sending RIP pac kets [...]

  • Página 257

    Field Description • +$ (def ault value): RIP is not enab led. • :0 D : Enables sending and receiving of v ersion 1 RIP pack ets. • :0 D : Enables sending and receiving of v ersion 2 RIP pack ets. • :0 D-D :Enables sending and receiving RIP pac kets of both ver sion 1 and 2. • :0 D 4(( : R[...]

  • Página 258

    tion. Y ou configur e a filt er f or a def ault rout e with the f ollowing v alues: • IP Addr ess / Netmask = no entr y f or IP address (this corr esponds to IP addr ess 0.0.0.0), f or netmask = 255.255.255.255 A list of all RIP filt ers is display ed in the Routing Pr otocols -> RIP -> RIP Filter menu. F ig. 1 06: Routing P rotocols -> [...]

  • Página 259

    Field Description Interface Select the interf ace to which the rule to be configur ed applies. IP Ad dress / Netmask Enter the IP addr ess and netmask to which the rule is to be ap- plied. This address can be in the LAN or W AN. The rules for incoming and outgoing RIP pac kets (import or ex - por t) for the same IP addr ess must be separatel y conf[...]

  • Página 260

    1 1 .1 .3 RIP Options F ig. 1 08: Routing P rotocols -> RIP -> RIP Options The menu Routing P rotocols -> RIP -> RIP Options consists of the follo wing fields: Fields in the Global RIP P arameter s menu. Field Description RIP UDP P or t The setting option UDP P or t, which is used f or sending and re- ceiving RIP updates , is only f or [...]

  • Página 261

    Field Description (=“Net work is not reachable “). The function is enabled with !. . The function is disabled b y default. RFC 2453 V ariable Timer F or the timers described in RFC 2453, select whether the same values that y ou can configure in the Timer for RIP V2 (RFC 2453) menu should be used. The function is enabled with ![...]

  • Página 262

    Field Description Garbage Collection Timer Only f or RFC 2453 V ariable Timer = !. The Garbage Collection T imer is star ted as soon as the r oute timeout has e xpired. Af ter this timeout, the inv alid rout e is deleted from the IPROUTET ABLE if no update is carried out f or the rout e. The def ault value is  (seconds). Fie[...]

  • Página 263

    Chapter 1 2 Multicast What is m ulticasting? Many ne w communication t echnologies are based on comm unication from one sender t o se ver al recipients . Theref ore, modern telecommunication s ystems such as v oice over IP or video and audio streaming (e .g. IPTV or W ebradio) focus on r educing data traf fic , e.g . by of fering T riplePlay (voice[...]

  • Página 264

    dedicated host, b ut rather a group , i.e. during the routing of multicast pac kets , the decisive f actor is whether a r ecipient is in a logged-in subnet. In the local net work, all hosts are requir ed to accept all multicast pac kets . F or Ether net or FDD , this is based on MA C mapping, wher e the group address is encoded int o the destina- t[...]

  • Página 265

    1 2.1 .1 Gener al In the Multicast -> General -> General menu y ou can disable or enab le the multicast func- tion. F ig. 1 09: Multicast -> General -> General The Multicast -> General -> General menu consists of the f ollowing fields: Fields in the Basic Set tings menu. Field Description Multicast Routing Select whether Multicast[...]

  • Página 266

    1 2.2.1 IGMP In this menu, y ou configur e the interf aces on which IGMP is to be enabled. 1 2.2.1 .1 Edit or New Choose the icon to edit e xisting entr ies. Choose the New but ton to configur e IGMP on other interf aces. F ig. 1 1 0: Multicast -> IGMP -> IGMP -> New The Multicast -> IGMP -> IGMP -> New menu consists of the f ollo[...]

  • Página 267

    Field Description Time within which hosts must r espond. The hosts randoml y select a time delay from this int er val bef ore sending the r esponse. This spreads the load in networks with sev eral hosts, impr oving per - f or mance. P ossible v alues are F to F . The def ault value is F . Rob ustness Select the multiplier fo[...]

  • Página 268

    IGMP P ro xy enables y ou to simulat e sev eral locally connect ed interf aces as a subnet to an adjacent rout er. Queries coming in t o the IGMP P ro xy interf ace are f orwar ded to the local subnets. Local r epor ts are f orwarded on the IPGM P ro xy interf ace. F ig. 1 1 1: IGMP P ro xy The menu Ad vanced Set tings consists of the following f i[...]

  • Página 269

    F ig. 1 1 2: Multicast -> IGMP -> Options The Multicast -> IGMP -> Options menu consists of the f ollowing fields: Fields in the Basic Set tings menu. Field Description IGMP Status Select the IGMP status. P ossible v alues: • $ (def ault value): Multicast is activ ated automaticall y f or hosts if the hosts open applications [...]

  • Página 270

    Field Description sources per g roup . The def ault value is 8 . IGMP State Limit Enter the maxim um permitt ed tot al number of incoming queries and messages per second. The def ault value is  , i.e. the number of IGMP status mes- sages is not limited. 1 2.3 F orw arding 1 2.3.1 F orwar ding In this menu, y ou specify which multicast gr oups[...]

  • Página 271

    Field Description this, chec k !. Disable the option if y ou only want t o forw ard one defined mul- ticast gr oup to a particular interface . The option is deactivat ed by def ault. Multicast Group A d- dress Only f or All Multicast Groups = not active. Enter her e the address of the multicast gr oup you w ant to f or - war d from a[...]

  • Página 272

    F ig. 1 1 4: Multicast -> PIM -> PIM Interfaces 1 2.4.1 .1 Edit or New Choose the icon to edit e xisting entr ies. T o configure PIM lists , select the New but ton. F ig. 1 15: Multicast -> PIM -> PIM Interfaces -> New The Multicast -> PIM -> PIM Interfaces -> New menu consists of the f ollowing fields: Fields in the PIM Int[...]

  • Página 273

    Field Description Use as Stub int erface Determine whether or not the interf ace is used for PIM data pack ets. This parameter allo ws you t o use an interface f or IG- MP , for e xample , whilst pre venting (f ake) PIM messages. If this function is deactivat ed (default v alue), the PIM data pac k- ets f or this interf ace are bloc ked. If the fun[...]

  • Página 274

    Field Description This indicates ho w long a PIM rout e is available . As soon as the Hello Hold Time has e xpired and no other Hello messages have been r eceived, the PIM rout er will be classed as unavail- able . P ossible v alues:  to @ seconds. The def ault value is  . Join/P rune Interv al Define the fr equency at which[...]

  • Página 275

    Field Description Ov erride Interv al Define the v alue that the gate way ent ers in the Ov er - ride_Interval field f or the LAN P rune Delay option. Ov erride Interv al defines the maximum time a downstr eam rout er can wait until sending a prune override message. P ossible v alues:  to  seconds. The def ault value is @ . 1 2.4.2 PIM R e[...]

  • Página 276

    The Multicast -> PIM -> PIM Rendezv ous Points -> New menu consists of the f ollowing fields: Fields in the PIM R endezvous P oint Settings menu. Field Description Multicast Group Range Select the Multicast gr oup f or the PIM Rendezv ouz point. Y ou can enter  *$ (default v alue), or specify a multicast net work segme[...]

  • Página 277

    1 2.4.3 PIM Options F ig. 1 18: Multicast -> PIM -> PIM Options The Multicast -> PIM -> PIM Options menu consists of the f ollowing fields: Fields in the Basic Set tings menu. Field Description PIM Status Select whether PIM should be activat ed. The function is activ- ated b y selecting !. . The function is disabled b y defa[...]

  • Página 278

    Chapter 1 3 W AN This menu of fer s various options f or configuring accesses or connections from your LAN t o the W AN. Y ou can also optimise voice transmission her e f or telephone calls o ver the Int er - net. 1 3.1 Inter net + Dialup In this menu, y ou can set up Internet access or dialup connections. T o enable your de vice to set up connecti[...]

  • Página 279

    A uthentication If a call is receiv ed, PPP authentication is carr ied out with the connection par tner depend- ing on the configuration, bef ore the call is accept ed. Y our device needs the necessary data f or this, which y ou should enter her e. Fir st estab lish the type of authentication process that should be perf or med, then enter a common [...]

  • Página 280

    1 3.1 .1 PPP oE A list of all PPT oE interfaces is display ed in the W AN -> Inter net + Dialup -> PPP oE menu. PPP ov er Ether net (PPP oE) is the use of the P oint-to-P oint P rot ocol (PPP) net work pro- tocol o ver an Ethernet connection. T oday , PPP oE is used for ADSL connections in Ger - many . In Austria, the P oint T o P oint T unne[...]

  • Página 281

    Fields in the Basic P arameter s menu. Field Description Description Enter a name t o uniquely identify the PPP oE par tner . The first charact er in this field must not be a n umber No special charac- ter s or umlauts must be used. PPP oE Mode Select whether you w ant to use a st andard Int ernet connection ov er PPPoE (  )[...]

  • Página 282

    Field Description VLAN ID Only if VLAN is enabled. Enter the VLAN-ID that y ou received fr om your pr ovider . Alw ays on Select whether the interf ace should alway s be activ ated. The function is enabled with !. . The function is disabled b y default. Only activ ate this option if you hav e Inter net access with a flat- rat e charg[...]

  • Página 283

    Field Description The function is enabled b y default. Creat e NA T P olicy Specify whether Net work Addr ess T ranslation (NA T) is t o be ac- tivat ed. The function is enabled with !. . The function is enabled b y default. Local IP Ad dress Onl y if IP Addr ess Mode =  Enter the st atic IP address of the connectio[...]

  • Página 284

    Field Description P ossible v alues: •  (def ault value): Onl y r un P AP (PPP P asswor d Authentic- ation P rot ocol); the passw ord is tr ansf erred unencrypted. • 9 : Only run CHAP (PPP Challenge Handshake A uthentic- ation P rot ocol as per RFC 1 994); pass wor d is transf erred en- cr ypted. • - 9 : P rimari[...]

  • Página 285

    Field Description MTU Ent er the maximum pac ket siz e (Maximum T ransfer Unit, MTU) in byt es that is allowed f or the connection. With def ault value $ , the value is specified b y link control at connection setup . If you disab le $ , you can enter a v alue. P ossible v alues are  to ?[...]

  • Página 286

    F ig. 1 20: W AN -> Internet + Dialup -> PPTP -> New The menu W AN -> Internet + Dialup -> PPTP -> New consists of the follo wing fields: Fields in the Basic P arameter s menu. Field Description Description Enter a name f or uniquely identifying the internet connection. The fir st charact er in this field must not be a n umber No [...]

  • Página 287

    Field Description When using the int er nal DSL modem, select here the EthoA in- terf ace configured in Physical Interfaces -> A TM -> Pr of iles -> New , e.g . )$ . User Name Ent er the user name. P assw ord Enter the pass word. Alw ays on Select whether the interf ace should alway s be activ ated. The function is ena[...]

  • Página 288

    Field Description defined as the def ault route . The function is enabled with !. . The function is enabled b y default. Creat e NA T P olicy Specify whether Net work Addr ess T ranslation (NA T) is t o be ac- tivat ed. The function is enabled with !. . The function is enabled b y default. Local IP Ad dress Onl y f or [...]

  • Página 289

    Field Description The def ault value is  . A uthentication Select the authentication protocol f or this Internet connection. Select the authentication specified b y your pr ovider . P ossible v alues: •  (def ault value): Onl y r un P AP (PPP P asswor d Authentic- ation P rot ocol); the passw ord is tr ansf erred unencrypted. • 9[...]

  • Página 290

    Field Description selected Ethernet por t. Local PPTP IP Ad dress Assign the PPTP interf ace an IP address that is used as the source addr ess. The def ault value is 8 . Remot e PPTP IP Ad- dress Enter the IP addr ess of the PPTP par tner . The def ault value is @ . LCP Alive Chec k Select wheth[...]

  • Página 291

    F ig. 1 21: W AN -> Internet + Dialup -> IP Pools -> New Fields in the men u Basic P aramet ers Field Description IP P ool Name Enter any description to uniquel y identify the IP pool. IP Ad dress Range Enter the f irst (f irst f ield) and last (second field) IP address of the IP address pool. DNS Server Pr imar y : Enter the IP addr ess o[...]

  • Página 292

    1 3.2.1 .1 New Click the New but ton t o optimise voice tr ansmission f or other interf aces. F ig. 1 22: W AN -> Real Time Jitt er Control -> Controlled Interfaces -> New The menu W AN -> Real Time Jit ter Control -> Controlled Int erfaces -> New consists of the f ollowing fields: Fields in the Basic Set tings menu. Field Descrip[...]

  • Página 293

    Chapter 1 4 VPN A connection that uses the Internet as a "transpor t medium" but is not pub licly accessib le is ref erred to as a VPN (V ir tual P rivate Network). Only authorised users have access t o such a VPN, which is seemingly also r eferred t o as a VPN tunnel. Nor mally the data transported ov er a VPN is encr ypted. A VPN allows[...]

  • Página 294

    The routing-based method of fer s various advantages o v er the policy -based method, e.g., NA T/P A T within a tunnel, IPSec in combination with routing prot ocols and the creation of VPN backup scenarios. W ith the routing-based method, the configur ed or dynamically learned routes ar e used to negotiat e the IPSec phase 2 SAs. Although this meth[...]

  • Página 295

    F ig. 1 23: VPN -> IPSec -> IPSec Peers P eer Monitor ing The menu f or monitoring a peer is called by selecting the but ton f or the peer in the peer list. See V alues in the IPSec T unnels list on page 439 . 1 4.1 .1 .1 New Choose the New but ton t o set up more IPSec peer s. bintec elmeg GmbH 1 4 VPN bintec Ne xt Generation WLAN 281[...]

  • Página 296

    F ig. 1 24: VPN -> IPSec -> IPSec Peers -> New The menu VPN -> IPSec -> IPSec P eers -> New consists of the f ollowing fields: Fields in the men u P eer P aramet ers 1 4 VPN bintec elmeg GmbH 282 bintec Ne xt Generation WLAN[...]

  • Página 297

    Field Description Administr ative Status Select the st atus to which y ou wish to set the peer af ter saving the peer configuration. P ossible v alues: • " (def ault value): The peer is av ailable f or set ting up a tunnel immediatel y aft er saving the configuration. • 1$% : The peer is initially not av ailable af ter the configur a[...]

  • Página 298

    Field Description sion 1 • 0!' : Internet Ke x Exchange P rotocol V ersion 2 A uthentication Method Only f or Internet Ke y Exchange = 0!' Select the authentication method. P ossible v alues: • ) # (def ault value): If y ou do not use cer tific- ates f or the authentication, you can select [...]

  • Página 299

    Field Description ternative subject name b y default. Make sur e you and your peer both use the same name, i.e . that your local ID and the peer ID your partner configures f or you are identical. Pr eshared Key Enter the pass word agr eed with the peer. The maximum length of the entry is 50 character s. All charac- ter s are possible e xcept f or ?[...]

  • Página 300

    Field Description ;$  Select whether the rout e to this IPSec peer is to be def ined as the def ault rout e. The function is enabled with !. . The function is disabled b y default. Local IP Ad dress Onl y f or IP Ad dress A ssignment =  or 0! $( ;$ ' Enter t[...]

  • Página 301

    bintec elmeg Gate ways suppor t t wo dif ferent methods f or establishing IPSec connections: • a method based on policies and • a method based on routing. The policy -based method uses data traf fic filter s to negotiate the IPSec phase 2 S As. This enables the f iltering of the IP pack ets to be very "fine gr ained" down t o prot oco[...]

  • Página 302

    F ig. 1 25: VPN -> IPSec -> IPSec Peers -> New -> Add Fields in the men u Basic P aramet ers Field Description Description Enter a description f or the filt er. Pr otocol Select a prot ocol. The # option (default v alue) matches all prot ocols. Source IP A ddress/ Netmask Enter , if requir ed, the source IP address and netmask of [...]

  • Página 303

    Field Description  (= -1) means that the por t remains unspecif ied. Destination IP Ad- dress/Netmask Enter the destination IP addr ess and corresponding netmask of the data pac kets . Destination P or t Only for Prot ocol = 4  or "1 Enter the destination port of the data pack ets. The def ault set- ting  (= -1[...]

  • Página 304

    Field Description XA UTH Prof ile Select a profile cr eated in VPN -> IPSec -> XA UTH Prof iles if you wish to use this IPSec peer XA uth for authentication. If XA uth is used together with IKE C onfig Mode , the transac- tions f or XAuth ar e carr ied out befor e the transactions for IKE Conf ig Mode. Number of Admit ted Connections Choose h[...]

  • Página 305

    Field Description set ting under Public Interface Mode . Pub lic Interface Mode Specify how strictly the set ting under Public Interface is handled. P ossible v alues: • 2$ : Only the selected int erface is used, whate ver the pri- orities in the current routing t able . •  : Depending on the pr iorities in t[...]

  • Página 306

    Field Description • 0' (def ault value): Deactiv ates P ro xy ARP f or this IPSec peer . • " $ 1$ : Y our device onl y responds t o an ARP re- quest if the status of the connection t o the IPSec peer is " (active) or 1$ (dor mant). In the case of 1$ , your de[...]

  • Página 307

    Note If a tunnel is to be set up t o a peer, the int erface ov er which the tunnel is to be imple- mented is activ ated fir st by the IPSec D aemon. If IPSec with DynDNS is configur ed on the local de vice, the own IP addr ess is propagat ed first and then the ISDN call is sent to the r emote device . This ensures that the r emote de vice can actua[...]

  • Página 308

    Note The callback conf iguration should be the same on the t wo de vices so that your device is able t o identify the IP address information from the called peer . The f ollowing r oles are possib le: • One side takes on the activ e role , the other the passive role . • Both sides can take on both r oles (both). The IP address tr ansfer and the[...]

  • Página 309

    Field Description Mode Select the Callbac k Mode. P ossible v alues: • 0' (def ault value): IPSec callbac k is deactivated. The local de vice neither reacts t o incoming ISDN calls nor initiates ISDN calls to the r emote device . • ' : The local device onl y reacts t o incoming ISDN calls and, if ne[...]

  • Página 310

    Field Description P ossible v alues: • $ . $ : Y our device aut omatically de- termines the most fav ourable mode . It fir st tries all D channel modes bef ore s witching to the B channel. (Costs ar e incurred f or using the B channel.) • $ $# 1 ) ;$[...]

  • Página 311

    F ig. 1 26: VPN -> IPSec -> Phase-1 Prof iles In the Default column, you can mark the prof ile to be used as the default pr ofile. 1 4.1 .2.1 New Choose the New (at Creat e new IKEv1 P rof ile or Create new IKEv2 P rofile ) but ton t o creat e additional profiles. bintec elmeg GmbH 1 4 VPN bintec Ne xt Generation WLAN 297[...]

  • Página 312

    F ig. 1 27: VPN -> IPSec -> Phase-1 Prof iles -> New The menu VPN -> IPSec -> Phase-1 Pr ofiles -> New consists of the follo wing fields: Fields in the Phase-1 (IKE) P arameter s menu. Field Description Description Enter a description that uniquel y defines the type of rule. Pr oposals In this field, y ou can select any combinatio[...]

  • Página 313

    Field Description (Adv anced Encr yption Standard). It is rat ed as just as secure as Rijndael (AES), but is slo wer . • 7$%) : Blowfish is a v ery secure and fast algorithm. T wofish can be reg arded as the successor to Blo wfish. • 4 : CA ST is also a v er y secure algorithm, marginall y slower than Blo wfish, but f aster th[...]

  • Página 314

    Field Description ation or the hash algorithms is based on the author ’ s knowledge and opinion at the time of creating this User Guide . In par ticular , the quality of the algor ithms is subject to r elativ e aspects and may change due to mathematical or cryptogr aphic dev elop- ments. DH Group Only f or Phase-1 (IKE) Par ameter s The Dif fie-H[...]

  • Página 315

    Field Description • ) # (def ault value): If y ou do not use cer tific- ates f or the authentication, you can select P reshar ed K ey s. These are conf igured during peer configur ation in the VPN -> IPSec -> IPSec P eers . The preshar ed ke y is the shared pass word. • 1 ( : [...]

  • Página 316

    Field Description Local ID T ype Only f or Phase-1 (IKE) Paramet ers Select the local ID type. P ossible v alues: • 2# H 1$ + >2H1+? • !  • 0D8  • +1+ >1() +? Local ID [...]

  • Página 317

    Fields in the A dvanced Set tings menu. Field Description Alive Chec k Only f or Phase-1 (IKE) Paramet ers Select the method to be used t o check the functionality of the IPSec connection. In addition to the def ault method Dead P eer Detection (DPD), the (proprietary) Hear tbeat method is implemented. This sends and receiv es signals ev er y 5 sec[...]

  • Página 318

    Field Description Block Time Define ho w long a peer is bloc ked f or tunnel setups aft er a phase 1 tunnel setup has f ailed. This only af fects locall y initiated setup at tempts. P ossible v alues are  to 8 (seconds);  means the value in the def ault profile is used and  means that the peer is ne ver b locked. The def [...]

  • Página 319

    Field Description This option can only be conf igured if certificates ar e loaded. 1 4.1 .3 Phase-2 P rof iles Y ou can define pr ofiles f or phase 2 of the tunnel setup just as for phase 1 . In the VPN -> IPSec -> Phase-2 Pr ofiles menu, a list of all configured IPSec phase 2 pr ofiles is displayed. F ig. 1 28: VPN -> IPSec -> Phase-2 [...]

  • Página 320

    F ig. 1 29: VPN -> IPSec -> Phase-2 Prof iles -> New The menu VPN -> IPSec -> Phase-2 Pr ofiles -> New consists of the follo wing fields: Fields in the Phase-2 (IPSEC) P arameter s menu. Field Description Description Enter a description that uniquel y identifies the pr ofile. The maximum length of the entry is 255 character s. Pr [...]

  • Página 321

    Field Description ! , a ke y length of 128 bits is used. • ! : Rijndael has been nominated as AES due to its f ast ke y setup , low memor y requir ements, high le vel of secur - ity against at tacks and general speed. Her e, it is used with a ke y length of 128 bits . • ! : Rijndael has been nominated a[...]

  • Página 322

    Field Description used to pr otect the ke ys of a r enewed phase 2 S A, ev en if the ke ys of the phase 1 SA hav e become known. The field has the f ollowing options: • >B 7? : During the Diff ie-Hellman ke y calculation, mod- ular e xponentiation at 7 68 bits is used to cr eate the encr yption material. • >8 7?[...]

  • Página 323

    Field Description IP Compression Select whether compr ession is to be activ ated befor e data en- cr yption. If data is compr essed ef f ectivel y , this can result in higher perf or mance and a low er volume of dat a to be trans- f erred. In the case of f ast lines or data that cannot be com- pressed, y ou are advised against using this option as [...]

  • Página 324

    1 4.1 .4 XA UTH P rof iles In the XA UTH Prof iles menu a list of all XA UTH prof iles is displayed. Extended A uthentication for IPSec (XA uth) is an additional authentication method for IPSec tunnel users . The gat eway can tak e on t wo dif fer ent roles when using XA uth as it can act as a ser ver or as a client: • As a ser ver the g ate way [...]

  • Página 325

    The VPN -> IPSec -> XA UTH Prof iles -> New menu consists of the f ollowing f ields: Fields in the Basic P arameter s menu. Field Description Description Enter a description f or this XA uth prof ile. Role Select the r ole of the gat ew ay for XA uth authentication. P ossible v alues: • ' (def ault value): The g atew [...]

  • Página 326

    [...]

  • Página 327

    Field Description DNS ser ver . 1 4.1 .6 Options F ig. 1 32: VPN -> IPSec -> Options The menu VPN -> IPSec -> Options consists of the f ollowing fields: Fields in the Global Options men u. Field Description Enable IPSec Select whether y ou want t o activ ate IPSec. The function is enabled with !. . The function is active [...]

  • Página 328

    Field Description This cancels all set tings made dur ing the IPSec configuration. Once the configuration is delet ed, you can star t with a com- pletel y new IPSec configuration. Y ou can only delet e the configur ation if Enable IPSec = not ac- tivat ed. IPSec Debug Le vel Select the pr iorit y of the sy slog messages of the IPSec subsy s- tem t [...]

  • Página 329

    Field Description The function is enabled with !. . The function is disabled b y default. Send Initial Contact Message Select whether IKE Initial Contact messages ar e to be sent dur - ing IKE (phase 1) if no SAs with a peer e xist. The function is enabled with !. . The function is enabled b y default. Sync S As with I[...]

  • Página 330

    Field Description quest P ayloads end during IKE (phase 1) are to be ignor ed. The function is enabled with !. . The function is disabled b y default. Send Certificate R e- quest P ayloads Select whether cer tificate r equests are to be sent during IKE (phase 1). The function is enabled with !. . The function is enable[...]

  • Página 331

    • L2TP LNS Mode (L2TP Net wor k Ser ver): f or incoming connections only • L2TP LAC Mode (L2TP A ccess Concentrat or): for outgoing connections onl y Note the f ollowing when configuring the ser ver and client: An L2TP tunnel pr ofile must be creat ed on each of the t wo sides (LA C and LNS). The corresponding L2TP tunnel pr ofile is used on th[...]

  • Página 332

    Fields in the Basic P arameter s menu. Field Description Description Enter a description f or the current pr ofile. The de vice automaticall y names the prof iles &4 and number s them, but the v alue can be changed. Local Hostname Enter the host name f or LNS or LAC . • & : The local hostname is used in outgoing tunnel setup mess[...]

  • Página 333

    Field Description Remot e IP Ad dress Enter the f ix ed IP address of the LNS used as the destination address f or connections based on this profile . The destination must be a de vice that can behave like an LNS . UDP Source P ort Enter ho w the por t number to be used as the sour ce por t f or all outgoing L2TP connections based on this prof ile [...]

  • Página 334

    Field Description value  means that no L2TP HELLO messages ar e sent. Minimum Time between R etries Enter the minim um time (in seconds) that your de vice waits be- f ore r esending a L2TP control pac ket for which it r eceived no re- sponse. The wait time is dynamicall y e xtended until it r eaches the Max - imum Time betw een Retries . The ava[...]

  • Página 335

    F ig. 1 34: VPN -> L2TP -> Users -> New The menu VPN -> L2TP -> Users -> New consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Description Enter a name f or uniquely identifying the L2TP par tner . The fir st charact er in this field must not be a n umber No special charact ers or umlauts [...]

  • Página 336

    Field Description L2TP net work ser ver (LNS) or the functions of a L2TP access concentrat or client (LAC client). P ossible v alues: • &+ (def ault value): If y ou select this option, the L2TP par tner is configur ed so that it accepts L2TP tunnels and rest ores the encapsulated PPP tr af fic f low . • & : If you select this opti[...]

  • Página 337

    Field Description •  (def ault value): Y ou enter a static IP addr ess. • $' 0  : Only f or Connection T ype = &+ . Y our device dynamicall y assigns an IP address to the r emote terminal. • * 0  : Only f or Connection T ype = & . Y our d[...]

  • Página 338

    Fields in the A dvanced Set tings menu. Field Description Block af ter connection failure f or Enter the w ait time in seconds bef ore the de vice should tr y again af ter an at tempt to set up a connection has f ailed. The def ault value is @ . A uthentication Select the authentication protocol f or this L2TP par tner . P ossible v alues: ?[...]

  • Página 339

    Field Description check ed by sending LCP echo requests or r eplies. This is r e- commended f or leased lines, PPTP and L2TP connections. The function is enabled with !. . The function is enabled b y default. Pr ioritize TCP A CK P ack ets Select whether the TCP download is t o be optimised in the e vent of int ensive TCP upload. Thi[...]

  • Página 340

    Field Description til someone actually w ants to use the r oute. • " $# : Y our device r esponds to an ARP r equest only if the status of the connection t o the L2TP par tner is " (active), i.e. a connection already e xists to the L2TP par tner . DNS Negotiation Select whether your de vice receiv es IP addresses f or Primary[...]

  • Página 341

    Field Description The function is disabled b y default. 1 4.3 PPTP The P oint-to-P oint T unnelling P rot ocol (=PPTP) can be used to set up an encrypted PPTP tunnel to pr ovide securit y for data tr af fic ov er an existing IP connection. Fir st a connection to an ISP (=Internet Ser vice P rovider) is set up at both sit es. Once these connections [...]

  • Página 342

    1 4.3.1 .1 New Click on New to set up further PPTP par tners . F ig. 1 36: VPN -> PPTP -> PPTP T unnels -> New The VPN -> PPTP -> PPTP T unnels -> New menu consists of the f ollowing f ields: Fields in the PPTP P ar tner P aramet ers menu. 1 4 VPN bintec elmeg GmbH 328 bintec Ne xt Generation WLAN[...]

  • Página 343

    Field Description Description Enter a unique name f or the tunnel. The fir st charact er in this field must not be a n umber No special charact ers or umlauts must be used. PPTP Mode Enter the r ole to be assigned to the PPTP int erf ace. P ossible v alues: • + (def ault value): this assigns the PPTP int erface the role of PPTP ser ver . ?[...]

  • Página 344

    Fields in the IP Mode and R outes menu. Field Description IP Ad dress Mode Select whether y our de vice is to be assigned a st atic IP address or whether it should be assigned this dynamically . P ossible v alues: •  (def ault value): Y ou enter a static IP addr ess. • $' 0  : Only f[...]

  • Página 345

    Field Description • ; : The lower the v alue, the higher the priorit y of the rout e (possible values  ). The default v alue is  . IP Assignment P ool (IPCP) Only if PPTP Mode = + , IP Ad dress Mode = $' 0  Select a IP pool configur ed in the VPN -> PPTP ->[...]

  • Página 346

    Field Description P ossible v alues: • +$ : MPP encr yption is not used. • !. (def ault value): MPP encryption V2 with 1 28 bit is used to RFC 3078. • $% $. : MPP encr yption V2 with 128 bit is used as compatible with Micr osoft and Cisco . Compression If necessar y , select the type[...]

  • Página 347

    Field Description propag ated or OSPF prot ocol pack ets sent over this int erf ace. • 0' : OSPF is disabled f or this interf ace. Pr oxy ARP Mode Select whether your de vice is to ans wer APR r equests from your LAN on behalf of the specif ic PPTP par tner . P ossible v alues: • 0' (def ault value)[...]

  • Página 348

    Field Description cial applications. Incoming ISDN Num- ber Only if Callback is enabled. Enter the ISDN n umber from which the r emote de vice calls the local de vice (calling par t y number). Outgoing ISDN Num- ber Only if Callback is enabled. Enter the ISDN n umber with which the local device calls the r e- mote de vice calls (called par t y numb[...]

  • Página 349

    Field Description GRE Windo w Adaption Select whether the GRE Windo w Adapt ation is to be enab led. This adaptation onl y becomes necessar y if you hav e installed ser vice pack 1 fr om Microsof t Windo ws XP . Since, in SP 1, Mi- crosof t has changed the confirmation algor ithm in the GRE pro- tocol, the aut omatic window adaptation f or GRE must[...]

  • Página 350

    1 4.3.3.1 Edit or New Choose the New but ton t o set up new IP addr ess pools. Choose the icon t o edit existing entries. F ig. 1 38: VPN -> PPTP -> IP Pools -> New Fields in the men u Basic P aramet ers Field Description IP P ool Name Enter any description to uniquel y identify the IP pool. IP Ad dress Range Enter the f irst (f irst f iel[...]

  • Página 351

    ov er this interface is then encapsulat ed using GRE and sent to the specified r ecipient. 1 4.4.1 GRE T unnels A list of all configur ed GRE tunnels is displayed in the VPN -> GRE -> GRE T unnels menu. 1 4.4.1 .1 New Choose the New but ton t o set up new GRE tunnels . F ig. 1 39: VPN -> GRE -> GRE T unnels -> New The VPN -> GRE -[...]

  • Página 352

    Field Description Default Rout e If you enab le the Default Route , all data is automaticall y rout ed to one connection. The function is disabled b y default. Local IP Ad dress Here , enter the (LAN-side) IP addr ess that is to be used as your de vice's source addr ess f or your o wn pack ets through the GRE tunnel. Rout e Entries Define othe[...]

  • Página 353

    Chapter 1 5 F ire wall The Stat eful Inspection Fir ewall (SIF) pr ovided f or bintec elmeg gat ew ays is a po werful se- curit y featur e. The SIF with dynamic pack et filtering has a decisive adv antage over st atic pack et filtering: The decision whether or not to send a pac ket cannot be made solely on the basis of sour ce and destination addre[...]

  • Página 354

    One of the basic functions of NA T is the translation of the local IP addresses of your LAN into the global IP addr esses you are assigned b y your ISP and vice v ersa. All connections initiated e xternally are f irst b locked, i.e . ev er y packet y our device cannot assign t o an exist- ing connection is reject ed. This means that a connection ca[...]

  • Página 355

    in succession until a rule matches. If ov er lapping occurs, i.e . more than one filter rule matches a pack et, only the fir st rule is ex ecuted. This means that if the fir st rule denies a pack et, whereas a later rule allows it, the pac ket is r ejected. A deny rule also has no ef f ect if a rele vant pac ket has pr e viously been allo wed b y a[...]

  • Página 356

    Field Description Source Select one of the preconf igured aliases f or the source of the pack et. In the list, all W AN/LAN interf aces, int erf ace gr oups (see Fire- wall -> Interfaces -> Groups ), addresses (see Fir ewall -> Ad- dresses -> Ad dress List ) and address g roups (see Fir ewall -> Addr esses -> Groups ) are av ailab[...]

  • Página 357

    Field Description Action Select the action to be applied t o a filter ed pack et. P ossible v alues: •  (def ault value): The pac kets are f orwarded on the basis of the entries. • 1# : The packets ar e rejected. • :K : The packets ar e rejected. An err or message is is- sued to the sender of the pac ket. A[...]

  • Página 358

    1 5.1 .2 QoS More and mor e applications need increasingly lar ger bandwidths, which ar e not alw ays availab le. Quality of Ser vice (QoS) makes it possible t o distribute the av ailable bandwidths ef fectiv ely and int elligently . Cer tain applications can be given pr eference and bandwidth r e- ser ved f or them. A list of all QoS rules is disp[...]

  • Página 359

    Field Description Filt er Rules This field contains a list of all conf igured f ire wall policies f or which QoS was activ ated ( Apply QoS = !. under Fire- wall -> P olicies -> Filt er Rules -> New ). The f ollowing options ar e availab le for each list entry: • Use : Select whether this entr y should be assigned to the Q[...]

  • Página 360

    Fields in the Global F irew all Options menu. Field Description Fir ewall Stat us Enable or disable the f ire wall function. The function is enabled with !. The function is enabled b y default. Logged Actions Select the fir ew all sy slog lev el. The messages are output t ogether with messages from other subsy stems. P ossible v alue[...]

  • Página 361

    Field Description P ossible v alues are @ to 8 . The def ault value is 8 . Other Inactivity Enter the inactivity time aft er which a session of another type is to be r egarded as e xpired (in seconds). P ossible v alues are @ to 8 . The def ault value is @ . 1 5.2 Interfaces 1 5.2.1 Gr oups A list of all[...]

  • Página 362

    Field Description Description Enter the desir ed descr iption of the interf ace group . Members Select the members of the group fr om the available int erfaces. T o do this, activat e the field in the Selection column. 1 5.3 Ad dr esses 1 5.3.1 A ddr ess List A list of all configur ed addresses is display ed in the Fire wall -> Addresses -> A[...]

  • Página 363

    Field Description •  :( : Enter an IP address r ange with a star t and end address . Ad dress / Subnet Only for Address T ype =  - . Enter the IP addr ess of the host or a net work address and the relat ed netmask. The def ault value is  . Ad dress Range Only f[...]

  • Página 364

    Field Description Selection Select the members of the g roup fr om the availab le Addresses . T o do this, activat e the F ields in the Selection column. 1 5.4 Ser vices 1 5.4.1 Service List In the Fir ewall -> Services -> Service List menu, a list of all av ailable services is displayed. 1 5.4.1 .1 New Choose the New but ton t o set up addit[...]

  • Página 365

    Field Description specified port number is verified. If a por t range is t o be check ed, enter the upper limit here . P ossible v alues are  to @ . Source P ort Rang e Only f or Prot ocol = 4  , "1-4  or "1 In the fir st field, ent er the source port to be check ed, if applic- able . If a por t number range is [...]

  • Página 366

    Field Description Code Selection options f or the ICMP codes are onl y available f or T ype = 1$ ). P ossible v alues: • # (def ault value) • + "). • 9$ "). • $$$ "). ?[...]

  • Página 367

    F ig. 1 48: Fire wall -> Ser vices -> Groups -> New The menu Fir ewall -> Services -> Groups -> New consists of the follo wing fields: Fields in the Basic P arameter s menu. Field Description Description Enter the desir ed descr iption of the ser vice group . Members Select the members of the group fr om the available service ali-[...]

  • Página 368

    Chapter 1 6 Local Services This menu of fer s ser vices f or the f ollowing application ar eas: • Name resolution (DNS) • Configuration via w eb bro wser (HTTPS) • Locating of dynamic IP addresses using a DynDNS pr ovider • Configuration of g atew ay as a DHCP ser ver (assignment of IP addr esses) • Aut omation of tasks accor ding to sche[...]

  • Página 369

    Y our device can also r eceive the global name servers dynamicall y via PPP or DHCP and transf er them dynamically if necessar y . Strat egy f or name resolution on y our device A DNS request is handled b y your device as f ollows: (1) If possible , the request is ans wered dir ectly fr om the static or dynamic cache with IP address or neg ative re[...]

  • Página 370

    1 6.1 .1 Global Set tings F ig. 1 49: Local Ser vices -> DNS -> Global Set tings The menu Local Services -> DNS -> Global Set tings consists of the following f ields: Fields in the Basic P arameter s menu Field Description Domain Name Ent er the standar d domain name of your de vice. WINS Server Pr imary Secondary Enter the IP addr ess [...]

  • Página 371

    Field Description i.e. successfull y resol ved names and IP addresses ar e to be stor ed in the cache. The function is activat ed by selecting !. . The function is enabled b y default. Negative Cac he Select whether the negative dynamic cache is t o be activated, i.e. whether queried names f or which a DNS ser ver has sent a negativ [...]

  • Página 372

    Fields in the IP ad dress t o use for DNS/WINS server assignment menu Field Description As DHCP Serv er Select which name ser ver addr esses are sent to the DHCP cli- ent if your de vice is used as DHCP ser ver . P ossible v alues: • +$ : No name ser ver addr ess is sent. • 3% 0  (def ault value): The addr ess o[...]

  • Página 373

    F ig. 150: Local Ser vices -> DNS -> DNS Server s -> New The Local Services -> DNS -> DNS Servers -> New menu consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Admin Stat us Select whether the DNS ser ver should be enab led. The function is activat ed by selecting !. . The f[...]

  • Página 374

    Field Description • 1# (def ault value) Interface Select the interf ace to which the DNS server pair is to be as- signed. F or Interface Mode = 1# A global DNS ser ver is cr eated with the set ting +$ . F or Interface Mode =  A DNS ser ver is conf igured for all int erfaces with the # se[...]

  • Página 375

    The menu Local Services -> DNS -> Static Hosts -> New consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description DNS Hostname Enter the host name t o which the IP Addr ess defined in this menu is t o be assigned if a positive r esponse is received t o a DNS request. If a neg ative response is r eceiv ed to [...]

  • Página 376

    1 6.1 .4.1 New Choose the New but ton t o set up additional f orwar dings. F ig. 152: Local Ser vices -> DNS -> Domain F orwarding -> New The menu Local Services -> DNS -> Domain F orwar ding -> New consists of the f ollowing fields: Fields in the F orwar ding Par ameters menu. Field Description F orwar d Select whether requests f[...]

  • Página 377

    Field Description The entr y can star t with the wildcard "*", e .g. "*.bintec-elmeg .com". If you ent er a name without a leading wildcard "*" a leading wild- card "*" is supplement ed as soon as you confirm with OK . F orwar d to Select if matching DNS requests ar e to be forw arded t o the DNS ser ver of a[...]

  • Página 378

    Y ou can select individual entries using the checkbo x in the corresponding line , or select them all using the Select all but ton. A dynamic entr y can be conv er ted t o a static entr y by marking the entr y and confirming with Make static . This corresponding entry disappears fr om the list and is displayed in the list in the Static Hosts menu. [...]

  • Página 379

    Field Description centage. Successfully Answ ered Quer ies Shows the number of successfull y answer ed requests (positiv e and negativ e). Server F ailures Shows the number of r equests that were not ans wer ed by an y name ser ver (either positiv ely or negativ ely). 1 6.2 HTTPS Y ou can operate the user int erface of y our de vice from an y PC wi[...]

  • Página 380

    Field Description Local Certificate Select a cer tificat e that you w ant to use f or the HTTPS connec- tion. P ossible v alues: • 0 (def ault value): Select this option if y ou want to use the cer tificate b uilt into the de vice. • <  = : Under Sy stem Management -> Cer- tif[...]

  • Página 381

    1 6.3.1 .1 New Choose the New but ton t o set up fur ther DynDNS registr ations to be updat ed. F ig. 156: Local Ser vices -> DynDNS Client -> DynDNS Update -> New The menu Local Services -> DynDNS Client -> DynDNS Update -> New consists of the f ol- lowing f ields: Fields in the Basic P arameter s menu. Field Description Host Nam[...]

  • Página 382

    Field Description figur ed stat e and their prot ocols are suppor ted. Other DynDNS pr ovider s can be configur ed in the Local Ser- vices -> DynDNS Client -> DynDNS Pr ovider menu. The def ault value is 1#1+ . Enable update Select whether the DynDNS entry configured here is t o be activ- ated. The function is activat ed by selecting !?[...]

  • Página 383

    F ig. 157: Local Ser vices -> DynDNS Client -> DynDNS P ro vider -> New The menu Local Services -> DynDNS Client -> DynDNS Pr ovider -> New consists of the fol- lowing f ields: Fields in the Basic P arameter s menu. Field Description Pr ovider Name Ent er a name f or this entr y . Server Enter the host name or IP addr ess of the s[...]

  • Página 384

    Field Description • 9+ • 1L+ • *1094;& • *104  • $ 1#1+ • 1!6 Update Int erval Enter the minim um time (in seconds) that your de vice must wait bef ore it is allo wed t o propag ate its curr ent IP address to the DynDNS pr ovider ag ain. The def ault value is @ second[...]

  • Página 385

    1 6.4.1 .1 Edit or New Choose the New but ton t o set up new IP addr ess pools. Choose the icon t o edit exist- ing entries. F ig. 158: Local Ser vices -> DHCP Server -> IP P ool Configur ation -> New Fields in the men u Basic P aramet ers Field Description IP P ool Name Enter any description to uniquel y identify the IP pool. IP Ad dress [...]

  • Página 386

    Note In the e x works state the DHCP pool is pr econfigured with the IP addr esses 1 92.168.0.1 0 to 1 92.1 68.0.49 and is used if there is no other DHCP server av ailable in the net work. 1 6.4.2.1 Edit or New Choose the New but ton t o set up new DHCP pools . Choose the icon to edit e xisting entries. F ig. 159: Local Ser vices -> DHCP Server [...]

  • Página 387

    Field Description P ool Usag e Select of the DHCP pool is t o be used for requests fr om clients in a net work directly connect ed to an Ethernet interface , or if it is to be used f or DHCP requests from a r emote net work that are sent to y our device via a DHCP relay st ation. In the second case, it is possib le to use an IP addr ess pool for th[...]

  • Página 388

    Field Description P ossible v alues for Option : • 4 ' (def ault value): Ent er the IP address of the time ser ver t o be sent to the client. • 1+ ' : Enter the IP address of the DNS server t o be sent to the client. • 1+ 1$ + : Enter the DNS domain to be sent t o the[...]

  • Página 389

    Choose the icon to edit an e xisting entr y . In the popup menu, you conf igure manuf ac- turer -specific set tings in the DHCP ser ver f or specific telephones, f or ex ample. Fields in the Basic P arameter s menu Field Description Select vendor Here, y ou can select for which manuf acturer specific v alues shall be transmit ted f or the DHCP ser [...]

  • Página 390

    Field Description shall be transmit ted f or the DHCP ser ver . P ossible v alues: • 3) (def ault value) • . APN Only für Select vendor = . Enter the A ccess Point Namen (APN) of the SIM car d. PIN Only für Select vendor = . Enter the PIN of the SIM car d. V endor Descrip[...]

  • Página 391

    1 6.4.3.1 New Choose the New but ton t o set up new IP/MA C bindings. F ig. 160: Local Ser vices -> DHCP Server -> IP/MA C Binding -> New The menu Local Services -> DHCP Server -> IP/MA C Binding -> New consists of the follo w- ing fields: Fields in the Basic P arameter s menu. Field Description Description Enter the name of the h[...]

  • Página 392

    F ig. 161: Local Ser vices -> DHCP Server -> DHCP R elay Settings The menu Local Services -> DHCP Server -> DHCP Relay Set tings consists of the follow - ing fields: Fields in the Basic P arameter s menu. Field Description Pr imary DHCP Server Enter the IP addr ess of a ser ver to which BootP or DHCP r e- quests are t o be forwar ded. T[...]

  • Página 393

    Caution The configuration of actions that ar e not available as def aults requires e xtensiv e know - ledge of the method of operation of bint ec elmeg gat ew ays. An incorrect conf iguration can cause considerab le disruption dur ing operation. If applicab le, sav e the original configuration on y our PC. Note T o r un the ev ent scheduler , the d[...]

  • Página 394

    The menu Local Services -> Scheduling -> T rigger -> New consists of the follo wing fields: Fields in the men u Basic P aramet ers Field Description Event List Y ou can creat e a new e vent list with +% (default v alue). Y ou give this list a name with Description . Y ou use the remaining paramet ers t o creat e the first e vent in the [...]

  • Página 395

    Field Description But ton is to be triggered. The F unction Butt on is on the case of an RS353 seriens device . T o do so, pr ess this F unction But ton for one second. • *!3 M$  : Operations configur ed and assigned in Actions are initiat ed, when the defined GEO Zones take on a specified status . Monitor ed GEO Zone Only[...]

  • Página 396

    Field Description bination of Index V ariable (usually an index v ar iable which is flagged with *) and Index V alue . Use Index V ariables to creat e more entries with Add . Monitor ed Interface Only f or Event T ype 0  and 0 4 Select the interf ace whose defined s[...]

  • Página 397

    Field Description Enter the IP addr ess whose accessibilit y is to be check ed. Source IP A ddress Only f or Event T ype ( 4 Enter an IP addr ess to be used as sender address f or the ping test. P ossible v alues: • $ (def ault value): The IP addr ess of the interface ov er which the ping is sent is autom[...]

  • Página 398

    Fields in the men u Select time interval Field Description Time Condition For Event T ype 4 only Fir st select the t ype of time entr y in Condition T ype . P ossible v alues: • /# : Select a weekday in Condition Settings . • $ (def ault value): In Condition Settings , select a par - ticular period. •[...]

  • Página 399

    1 6.5.2 A ctions In the Local Services -> Scheduling -> Actions menu is display ed a list of all operations to be initiated b y ev ents or ev ent chains configured in Local Services -> Scheduling -> T rigger . 1 6.5.2.1 New Choose the New but ton t o configur e additional operations. F ig. 163: Local Ser vices -> Scheduling -> A c[...]

  • Página 400

    Field Description • ( 4 : Accessibility of an IP address is check ed. •  ;( : A cer tificate is t o be rene wed, deleted or ent ered. •  *9E &+ 7 : Only f or de vices with a wireless LAN. A scan of the 5 GHz frequenc y band is performed. [...]

  • Página 401

    Field Description MIB T able . Only the MIB tab les present in the respectiv e area are display ed. Command Mode Only if Command T ype = ;07-+; Select how the MIB entry is to be manipulated. P ossible set tings: • )( 6( # (def ault value): An e xisting entr y shall be modified. •  ?[...]

  • Página 402

    Field Description If the initiator is inactiv e ( T rigger Status 0' ), the MIB variab le is described with the value enter ed in Inactive V alue . If the MIB variab le is to be modif ied, depending on whether the initiator is activ e or inactive ( T rigger Status 7$) ), it is de- scribed with an active initiat or with the[...]

  • Página 403

    Field Description •  $% $ " ' (def ault value): The lat est software will be do wnloaded from the up- date server . • 944 ' : The latest sof t war e will be downloaded fr om an HTTP ser ver that y ou define in ' "[...]

  • Página 404

    Field Description • 1 $($ • $# $($ F or Command T ype =  ;( Select which operation y ou wish to perf or m on a cer tificate file . P ossible v alues: • 0$  (def ault v[...]

  • Página 405

    Field Description Enter the f ile name under which it should be saved on the serv - er . Local File Name Only wher e Command T ype = $($ ;( and Action = 0$ $($ , :  $($ or $# $($?[...]

  • Página 406

    Field Description The function is disabled b y default. Reboot af ter ex ecution Only if Command T ype = $($ ;( Select whether your de vice should restart aft er the intended Ac- tion . The function is disabled b y default. V ersion Check Only wher e Command T ype = $($ ;[...]

  • Página 407

    Field Description The def ault value is @ . Server A ddress Only wher e Command T ype =  ;( and Action = 0$  Enter the URL of the server fr om which a cer tificat e file is t o be retrie ved. Local Certificate De- scription Wher e Command T ype = ?[...]

  • Página 408

    Field Description Enter a description under which the SCEP cer tificat e on your de vice is to be sav ed. URL SCEP Server URL Only wher e Command T ype =  ;( and Action =  ! Enter the URL of the SCEP server , e.g . ) ,--.($,[...]

  • Página 409

    Field Description steps of the enr olment inter nally . This is an advantage if enr ol- ment cannot be concluded immediatel y . If the status has not been saved, the incomplet e registration cannot be complet ed. As soon as the enrolment is complet ed and the cer tificat e has been downloaded fr om the C A ser ver , it is automatically sav ed in th[...]

  • Página 410

    Field Description Operation Mode ( Inact- ive ) Only wher e Command T ype = &+, 3$ ;$ Select the requir ed operating mode for the select ed radio mod- ule if it currentl y has the status 1$% . Y ou may select from any of the operating modes that y our device supports. So the choice may vary from de vice to de[...]

  • Página 411

    Y ou can monitor t emperatur e with de vices from the bintec WI ser ies. Note This function cannot be configur ed on your de vice for connections that ar e authentic- ated via a RADIUS server . 1 6.6.1 Hosts A list of all monitor ed hosts is displayed in the Local Services -> Surveillance -> Hosts menu. 1 6.6.1 .1 Edit or New Choose the icon [...]

  • Página 412

    Field Description def ault gat ew ay . The gr oup IDs are aut omatically cr eated from  to  . If an entr y has not yet been cr eated, a new gr oup is created using the +% 01 option. If entr ies have been cr eated, you can select one from the list of cr eated groups . Each host to be monit ored must be assigned to a g roup . The opera[...]

  • Página 413

    Field Description Successful T rials Specify how man y pings need to be ans wered f or the host to be reg arded as accessible . Y ou can use this set ting to specify , for e xample, when a host is deemed to be accessib le once more, and used ag ain, instead of a backup de vice. P ossible v alues are  to @ . The def ault value is @ . [...]

  • Página 414

    F ig. 166: Local Ser vices -> Surveillance -> Interfaces -> New The menu Local Services -> Surveillance -> Interfaces -> New consists of the f ollowing fields: Fields in the Basic P arameter s menu. Field Description Monitor ed Interface Select the interf ace on your de vice that is to be monitor ed. T rigger Select the state or s[...]

  • Página 415

    1 6.6.3 Ping Gener at or In the Local Services -> Surveillance -> Ping Generat or menu, a list of all configured, aut o- matically gener ated pings is display ed. 1 6.6.3.1 Edit or New Choose the icon to edit e xisting entr ies. Choose the New but ton to cr eate additional pings. F ig. 167: Local Ser vices -> Surveillance -> Ping Gener [...]

  • Página 416

    Field Description The def ault value is  . T rials Enter the n umber of ping tests t o be perf ormed until Destina- tion IP Ad dress as "). applies. The def ault value is @ . 1 6.7 HotSpot Gate w ay The HotSpot Solution allows pr ovision of pub lic Internet accesses (using WLAN or wired Ethernet). The solution [...]

  • Página 417

    A uthentication -> RADIUS -> New with Group Descr iption  ($  ) • bintec elmeg Hotspot hosting (ar ticle number 551 0000 1 98) • Access data • Documentation • Software licensing Please note that y ou must first activ ate the licence. Go to www .bintec-elmeg .com then Ser vice/Support -> Services -&g[...]

  • Página 418

    1 6.7 .1 HotSpot Gate way In the HotSpot Gate way menu, you can configur e the bintec elmeg gat eway installed onsite f or the Hotspot Solution . A list of all configur ed hotspot net works is displayed in the Local Services -> HotSpot Gate way -> HotSpot Gate way menu. F ig. 168: Local Ser vices -> HotSpot Gate way -> HotSpot Gateway Y[...]

  • Página 419

    F ig. 169: Local Ser vices -> HotSpot Gate way -> HotSpot Gateway -> The Local Services -> HotSpot Gate way -> HotSpot Gate way -> menu consists of the f ollowing fields: Fields in the men u Basic P aramet ers Field Description Interface Choose the interf ace to which the Hotspot LAN or WLAN is con- nected. W hen operating over LA[...]

  • Página 420

    Field Description Domain at the HotSpot Server Enter the domain name that y ou used when setting up the Hot- Spot ser ver f or this customer . The domain name is requir ed so that the Hotspot ser ver can distinguish between the dif f erent cli- ents (customer s). W alled Garden Enable this function if y ou want to define a limit ed and free area of[...]

  • Página 421

    Field Description The f ollowing languages ar e suppor ted: !() , 1) , 0$ , 2O , !P$ , $(Q and +  . The language can be changed on the star t/login page at any time. The menu Ad vanced Set tings consists of the following f ield[...]

  • Página 422

    Field Description P op-Up window for status indication Specify whether the de vice uses pop-up windows t o display the status. The function is enabled b y default. Default Idle Timeout Enable or disab le the Default Idle Timeout . If a hotspot user does not trigger any data traf fic f or a configur able length of time , they ar e logged out of the [...]

  • Página 423

    1 6.8 W ake-On-LAN With the function W ake-On-LAN you can start net work devices that ar e switched of f via an integ rated network card. The net work card also needs a pow er supply , ev en when the com- puter is s witched off . Y ou can use filter s and r ule chains to define the conditions that need to be met t o send the so-called magic packet,[...]

  • Página 424

    Field Description Service Select one of the preconf igured services. The e xtensiv e range of ser vices configur ed e x works includes the follo wing: • '# • G • ) • )( • C • # • ) •  The def ault [...]

  • Página 425

    Field Description Destination P or t/Range Only f or Prot ocol = 4  or "1 Enter a destination port number or a range of destination por t number s. P ossible v alues: •  (def ault value): The destination port is not specified. • # $ : Enter a destination por t. • # $[...]

  • Página 426

    Field Description • 43 96 D : The TOS v alue is specified in he xadecimal f or mat, e.g. 3F . COS Filt er (802.1p/Layer 2) Enter the service class of the IP pack ets (Class of Ser vice, CoS). P ossible v alues are whole number s bet ween  and B . V alue range  to B . The def ault value is 0($?[...]

  • Página 427

    Field Description W ake-On-LAN Rule Chain Select whether to cr eate a new rule chain or to edit an e xisting one. P ossible v alues: • +% (def ault value): Y ou can creat e a new rule chain with this set ting. • <+ $ )  )= : Shows a rule chain that has already been cr eated, which you can select a[...]

  • Página 428

    Field Description Send WOL pac ket ov er Interface Select the interf ace which is to be used to send the W ake on LAN magic pack et. T arget MAC-A ddress Only wher e Action = 0'$/ 3&   ) and 0'$/   $ $ ) Enter the MA C address o[...]

  • Página 429

    Field Description Interface Select the interf ace for which a conf igured rule chain is to be as- signed. Rule Chain Select a rule chain. bintec elmeg GmbH 1 6 Local Ser vices bintec Ne xt Generation WLAN 41 5[...]

  • Página 430

    Chapter 1 7 Maintenance This menu pr ovides y ou with numer ous functions for maint aining your de vice. It fir stly pro vides a menu f or testing availability within the net work. Y ou can manage your sy stem configuration f iles. If more r ecent sy stem sof t ware is av ailable, y ou can use this menu t o in- stall it. If y ou need other language[...]

  • Página 431

    1 7 .1 .2 DNS T est F ig. 1 75: Maintenance -> Diagnostics -> DNS T est The DNS test is used t o check whether the domain name of a par ticular host is correctly r e- solv ed. The Output field displays the DSN t est messages. The ping t est is launched by en- tering the domain name to be t ested in DNS Addr ess and clicking the Go but ton. 1 [...]

  • Página 432

    Y ou use the tracerout e test to display the r oute to a particular address (IP address or do- main name), if this can be reached. The Output field display s the tracer oute t est mes- sages. The ping t est is launched by ent er ing the IP address t o be test ed in T racerout e Ad- dress and clicking the Go but ton. 1 7 .2 Sof tw ar e &Conf igu[...]

  • Página 433

    stor ed in the wor king memor y (RAM). The contents of the RAM ar e lost if the device is s witched of f . So if you modify y our configuration and want t o keep these changes f or the ne xt time you start your de vice, y ou must save the modified conf iguration in the f lash memor y bef ore s witching off: The Save configur ation but ton ov er the[...]

  • Página 434

    The Maintenance -> Sof twar e &Configuration -> Options menu consists of the f ollowing fields: Fields in the Cur rently Installed Sof tware menu. Field Description BOSS Shows the curr ent sof t war e ver sion loaded on your de vice. Sy stem Logic Shows the curr ent sy stem logic loaded on your de vice. ADSL Logic Shows the curr ent ver s[...]

  • Página 435

    Field Description ./  '$ .$$ $($ the current configuration w as saved as boot configuration and the pr evi- ous boot configuration w as also archived. Y ou can load back the ar chiv ed boot configuration. • 1 $%-% : The file i[...]

  • Página 436

    Field Description Select the source of the updat e. P ossible v alues: • &$ 2 (def ault value): The s yst em software file is stor ed locally on your PC . • 944 ' : The file is stor ed on a remot e ser ver specified in the URL . •  $% $ "?[...]

  • Página 437

    Field Description Enter the ne w name of the configuration file . 1 7 .3 Reboot 1 7 .3.1 S ystem R eboot In this menu, y ou can trigger an immediate reboot of y our device. Once y our syst em has rest ar ted, y ou must call the GUI again and log in. P ay att ention to the LEDs on y our device. F or information on the meaning of the LEDs, see the T [...]

  • Página 438

    Chapter 1 8 Exter nal Reporting In this sy stem menu, you def ine what sy stem prot ocol messages are sav ed on which com- puter s, and whether the sy stem administrat or should receive an e-mail f or cer tain ev ents. Inf or mation on IP data traf fic can also be sav ed--depending on the individual interf aces. In addition, SNMP traps can be sent [...]

  • Página 439

    A list of all configur ed sy stem log ser ver s displayed in the External Reporting -> Sy slog -> Sy slog Ser ver s menu. 1 8.1 .1 .1 New Select the New but ton t o set up additional sy slog ser vers . F ig. 1 79: External R eporting -> Syslog -> Syslog Serv ers -> New The menu Exter nal Reporting -> Sy slog -> Sy slog Ser ver [...]

  • Página 440

    Field Description • 1.( (lowest priority) Sy slog messages are only sent t o the host if they hav e a higher or identical prior ity to that indicated, i.e . at sy slog lev el 1.( all messages generated ar e f orwar ded to the host. Facility Enter the sy slog f acility on the host. This is only r equired if the Log Host is a Unix compu[...]

  • Página 441

    1 8.2 IP Accounting In modern net works, inf ormation about the t ype and number of data pac kets sent and r e- ceived o ver the net work connections is oft en collected for commer cial reasons. This inf or m- ation is e xtremel y impor tant f or Internet Ser vice P rovider s that bill their customers b y data volume . Howe ver , there ar e also no[...]

  • Página 442

    F ig. 181: External R eporting -> IP Accounting -> Options In the Exter nal Reporting -> IP Accounting -> Options menu, y ou can define the Log F ormat of the IP accounting messages. The messages can contain charact er strings in any or der , sequences separated b y a slash, e.g . R or R or defined tags. P ossible f ormat tags: F [...]

  • Página 443

    1 8.3 Aler t Service It was pr e viously possib le to send sy slog messages from the r outer to an y sy slog host. De- pending on the configuration, e-mail alerts are sent to the administr ator as soon as r elev ant sy slog messages appear. 1 8.3.1 Alert Recipient A list of Sy slog messages is displayed in the Aler t Recipient menu. 1 8.3.1 .1 New [...]

  • Página 444

    Field Description P ossible v alues: • E-mail • SMS Recipient Ent er the recipient's e-mail addr ess. The entry is limited t o 40 charact ers . Message Compression Select whether the te xt in the aler t E-mail is to be shor tened. The e-mail then contains the s yslog message onl y once plus the number of r elev ant ev ents. Enable or disab[...]

  • Página 445

    Field Description enter ed therefor e usually contains wildcards . T o be informed of all sy slog messages of the selected lev el, just enter "*". Sev erity Select the se verity lev el which the str ing configured in the Matching String field must r each to trigger an e-mail aler t. P ossible v alues: !(# (default v alue[...]

  • Página 446

    1 8.3.2 Alert Settings F ig. 183: External R eporting -> Aler t Service -> Alert Settings The menu Exter nal Reporting -> Alert Ser vice -> Alert Settings consists of the follo wing fields: Fields in the Basic P arameter s menu. Field Description Alert Ser vice Select whether the aler t ser vice is to be enab led f or the inter - f ace.[...]

  • Página 447

    Field Description SMTP Server Enter the addr ess (IP address or valid DNS name) of the mail ser ver t o be used for sending the mails. The entr y is limited t o 40 characters . SMTP P or t Encr yption of e-mails (SSL / TLS). The field SMTP P or t is per default pr eset to  and SSL En- cr yption is enabled. SMTP A uthentication A uthentication[...]

  • Página 448

    Field Description SMS Device Y ou can receiv e notification of sy stem alerts in te xt messages. Select the de vice to be used t o send the te xt message. Maximum SMS per Day Limit the maximum number of SMS sent during a single day . Activ ating +$ &$ allows an y number of SMS to be sent. The defualt value is 1 0 SMS per[...]

  • Página 449

    F ig. 184: External R eporting -> SNMP -> SNMP T rap Options The menu Exter nal Reporting -> SNMP -> SNMP T rap Options consists of the following fields: Fields in the Basic P arameter s menu. Field Description SNMP T rap Broadcast- ing Select whether the transf er of SNMP traps is to be activ ated. Y our device then sends SNMP traps t [...]

  • Página 450

    1 8.4.2 SNMP T r ap Hosts In this menu, y ou specify the IP addresses t o which your de vice is to send the SNMP traps . In the Exter nal Reporting -> SNMP -> SNMP T rap Hosts menu, a list of all configured SN- MP trap hosts is display ed. 1 8.4.2.1 New Select the New but ton t o creat e additional SNMP trap hosts. F ig. 185: External R eport[...]

  • Página 451

    Chapter 1 9 Monit or ing This menu contains inf or mation that enable y ou to locat e prob lems in your net work and monitor activities , e.g . at your de vice's W AN interf ace. 1 9.1 Inter nal Log 1 9.1 .1 S y stem Messages In the Monitor ing -> Inter nal Log -> Sy stem Messages menu, a list of all internally stor ed sy stem messages i[...]

  • Página 452

    Field Description Subsy stem Displays which subs ystem of the de vice generated the mes- sage. Message Displays the message te xt. 1 9.2 IPSec 1 9.2.1 IPSec T unnels A list of all configur ed IPSec tunnel pro viders is display ed in the Monitor ing -> IPSec -> IPSec T unnels menu. F ig. 187: Monitoring -> IPSec -> IPSec T unnels V alues[...]

  • Página 453

    F ig. 188: Monitoring -> IPSec -> IPSec T unnels -> V alues in the IPSec T unnels list Field Description Description Shows the description of the peer . Local IP Ad dress Sho ws the W AN IP address of your de vice. Remot e IP Ad dress Shows the W AN IP address of the connection partner . Local ID Shows the ID of y our de vice f or this IPS[...]

  • Página 454

    Field Description Role / Algorithm / Life- time remaining / Status IPSec (Phase-2) SA s (x) Role / Algorithm / Life- time remaining / Status Shows the paramet ers of the IPSec (Phase 2) SAs . Messages The syst em messages for this IPSec tunnel are display ed here. 1 9.2.2 IPSec Statistics In the Monitor ing -> IPSec -> IPSec Statistics menu, [...]

  • Página 455

    Field Description Status Displays the n umber of IPSec tunnels by their curr ent status . • Up : Currently activ e IPSec tunnels. • Going up : IPSec tunnels currently in the tunnel setup phase . • Blocked : IPSec tunnels that are bloc ked. • Dormant : Currently inactiv e IPSec tunnels. • Configur ed : Configur ed IPSec tunnels. Fields in [...]

  • Página 456

    F ig. 190: Monitoring -> Interfaces -> Statistics Change the status of the int erface b y clicking the or the but ton in the Action column. V alues in the Statistics list Field Description No. Shows the serial number of the int erface . Description Displays the name of the int erface. T ype Displays the int erface te xt. Tx P ack ets Shows th[...]

  • Página 457

    F ig. 191: Monitoring -> Interfaces -> Statistics -> V alues in the Statistics list Field Description Description Displays the name of the int erface. MA C Address Displays the int erf ace te xt. IP Ad dress / Netmask Shows the IP addr ess and the netmask. NA T Indicat es if NA T is activated f or this interf ace. Tx P ack ets Shows the to[...]

  • Página 458

    1 9.4 WLAN 1 9.4.1 WLANx In the Monitor ing -> WLAN -> WLAN menu, curr ent values and activities of the WLAN int er - f ace are display ed. The v alues for wir eless mode 802.1 1n are list ed separat ely . F ig. 192: Monitoring -> WLAN -> WLAN V alues in the WLAN list Field Description mbps Displays the possib le data rates on this wir [...]

  • Página 459

    Field Description Rx P ack ets Shows the t otal number of r eceived pack ets for the data rat e shown in mbps . Y ou can choose the Ad vanced but ton to go t o an ov er view of more details . F ig. 193: Monitoring -> WLAN -> WLAN -> Adv anced V alues in the Ad vanced list Field Description Description Displays the description of the displa[...]

  • Página 460

    Description Meaning ceived successfull y sent with a unicast address . MSDUs that could not be transmit ted Displays the n umber of MSDUs that could not be sent. F rame tr ansmissions without A CK received Displays the n umber of sent framesf or which an ackno wledge- ment frame was not r eceived. Duplicate r eceived MS- DUs Displays the n umber of[...]

  • Página 461

    Field Description ent is logged in. Tx P ack ets Shows the tot al number of pac kets sent. Rx P ack ets Shows the t otal number of pac kets receiv ed. Signal dBm (RSSI1, RSSI2, RSSI3) Shows the r eceived signal str ength in dBm. Noise dBm Sho ws the receiv ed noise strength in dBm. Data Rate mbps Shows the curr ent transmission rat e of data receiv[...]

  • Página 462

    F ig. 195: Monitoring -> WLAN -> VSS -> <connected client> -> V alues in the list <Connected Client> Field Description Client MA C Address Shows the MA C address of the associated client. IP Ad dress Shows the IP address of the client. Uptime Shows the time in hour s, minut es and seconds for which the cli- ent is logged in.[...]

  • Página 463

    Field Description wireless connection. V alues: • > 25 dB ex cellent • 15 – 25 dB good • 2 – 15 dB bor der line • 0 – 2 dB bad. Data Rate mbps Shows the curr ent transmission rat e of data receiv ed by this cli- ent in mbps. The f ollowing clock rat es are possible: IEEE 802.1 1b: 1 1, 5.5, 2 and 1 mbps; IEEE 802.1 1g/a: 54, 48, 36[...]

  • Página 464

    Field Description MA C Address Displays the MA C address being used f or this VSS. Activ e Clients Displays the number of activ e clients. 2,4/5 GHz changeov er Display s the number of clients who hav e been moved t o a dif- f erent fr equency band b y the 2,4/5 GHz changeover function. Denied Clients sof t/ hard Displays the n umber of reject ed c[...]

  • Página 465

    Field Description Mbps. Rx Data Rate mbps Shows the current cloc k rate of data r eceived on this bridge link in Mbps. Uptime Shows the time in hour s, minut es and seconds for which the bridge link in question is active. Bridge link details Y ou can use the icon to open an ov er view of fur ther details of the bridge links. F ig. 198: Monitoring -[...]

  • Página 466

    Field Description Bridge Link Descrip- tion Shows the name of the bridge link. Remot e MA C Sho ws the MA C address of the bridge link par tner . Fir st seen Displays the time of the f irst r egistered at tempt ed contact of the bridge link par tner. Last seen Displays the time of the last r egistered at tempted cont act of the bridge link par tner[...]

  • Página 467

    Field Description Uptime Shows the time in hour s, minut es and seconds for which the cli- ent link in question is active . Tx P ack ets Shows the tot al number of pac kets sent. Rx P ack ets Shows the t otal number of pac kets receiv ed. Signal dBm (RSSI1, RSSI2, RSSI3) Shows the r eceived signal str ength in dBm. Noise dBm Sho ws the receiv ed no[...]

  • Página 468

    F ig. 200: Monitoring -> WLAN -> Client Links -> V alues in the Client Links list Field Description AP MA C Address Shows the MAC addr ess of the client link par tner . Uptime Shows the time in hour s, minut es and seconds for which the cli- ent link in question is active . Signal dBm (RSSI1, RSSI2, RSSI3) Shows the r eceived signal str en[...]

  • Página 469

    Field Description P ack ets and Rx Pac kets . Tx P ack ets Shows the tot al number of pac kets sent. Rx P ack ets Shows the t otal number of pac kets receiv ed. 1 9.5 Bridges 1 9.5.1 br<x> In the Monitor ing -> Bridges -> br<x> menu, the curr ent values of the conf igured bridges are sho wn. F ig. 20 1: Monitoring -> Bridges V [...]

  • Página 470

    F ig. 202: Monitoring -> HotSpot Gatew ay -> HotSpot Gateway V alues in the HotSpot Gatew ay list Field Description User Name Display s the user's name. IP Ad dress Shows the IP address of the user . Phy sical Address Shows the ph ysical address of the user . Logon Displays the time of the notif ication. Interface Shows the int erf ace u[...]

  • Página 471

    Field Description QoS Queue Shows the QoS queue, which has been conf igured f or this inter - f ace. Send Shows the number of sent pac kets with the corresponding pac k- et class. Dropped Shows the number of r ejected pack ets with the corresponding pack et class in case of overloading. Queued Sho ws the number of waiting pac kets with the correspo[...]

  • Página 472

    Field Description ; *$ - : ;( V alues in the PIM Interfaces list Field Description Interface Displays the name of the PIM int erface. IP Ad dress Displays the primary IP address of the PIM interf ace. Designated R outer Displays the primary IP address of the designated r outer on this PIM interf[...]

  • Página 473

    F ig. 205: Monitoring -> PIM -> Not Interface-Specific Stat us V alues in the Not Interface-Specif ic Status list Field Description Vie w Select the desired vie w from the dropdo wn menu. Are av ailable:  , >VFVF:?  , >VF*?  , >F*?  and >F*F:4? [...]

  • Página 474

    Field Description Upstream J oin Timer Join/P rune Timer is used to periodicall y send Join(*,*,RP) mes- sages, and t o correct P r une(*,*,RP) messages from peer s on an Upstream LAN int erface. V alues in the (*,G) States list Field Description Multicast Group A d- dress Displays the m ulticast group addr ess. Upstream Neighbor IP Ad dress Displa[...]

  • Página 475

    Field Description entr y . This corresponds t o the status of the Upstream (S,G) Stat e Machine in the PIM-SM specification. Uptime Indicates the timespan since the entry was generat ed by the local rout er. Upstream J oin Timer Indicates the r emaining time until the local router sends out the ne xt periodic (S,G) Join message on pimSGRPFIfInde x.[...]

  • Página 476

    F ig. 206: Monitoring -> PIM -> Interface-Specific Stat es V alues in the Interface-Specif ic States list Field Description Vie w Select the desired vie w from the dropdo wn menu. Are av ailable:  , >VF*F0?  , >F*F0?  and >F*F:4?  V alues in the (*,G,I) States li[...]

  • Página 477

    Field Description Assert State Display s the (*,G) Asser t State f or this interf ace. This corr es- ponds to the st atus of the P er -Interf ace (*,G) Asser t State Ma- chinen in the PIM-SM specification. If pimStarGPimMode is 'bid- ir', this object must 'noInf o' be. Assert Winner IP A d- dress Indicates the addr ess of Asser [...]

  • Página 478

    Field Description Multicast Group A d- dress Displays the m ulticast IP address . InetAddr essT ype is defined through the object pimSG AddressT ype. Source IP A ddress Displays the sour ce IP address . InetAddr essT ype is defined through the object pimSt arGA ddressT ype. Interface Displays the name of the int erface. Uptime Indicates the timespa[...]

  • Página 479

    Glossary 2G See GSM. 3DES See DES. 3G See UMTS. 4G See L TE. 802.1 1 The 802.1 1 nor m describes wireless LAN (WLAN). Ther e are a v ar i- ety of amendments: 802.1 1a: Gross data tr ansf er rat es: 54 Mbit/s, frequenc y band: 5 GHz, 802.1 1b/g: Gr oss data transf er rates: 1 1 Mbit/s, fr equency band: 2.4 GHz, 802.1 1g: Gross data transf er rat es:[...]

  • Página 480

    ke y length is 128, 1 92 or 256 bits. AES is a very fast and secur e al- gorithm. Ag gressiv e mode When an IPSec connection is being established, agg ressiv e mode is used to implement a phase 1 e xchange . Agg ressiv e mode off ers no identity protection f or negotiating nodes, since they hav e to transmit their identity befor e they can estab li[...]

  • Página 481

    A UX A UX is a signal input f or e xternal devices , e. g. analogue or GSM modems. B channel See Basic Rate Int erf ace and P r imary Rate Interf ace. Back R oute V erify If a Bac k Rout e V erify is activated f or an interf ace, incoming data pack ets are only accept ed ov er this interface if outgoing r esponse pack ets are rout ed ov er the same[...]

  • Página 482

    and reduces the load. Broadcast In a broadcast, data pac kets ar e sent from one point to all the sub- scribers in a net work, e. g. if the r ecipient is not yet known. Ex - amples of this are the ARP and DHCP pr otocols. The communica- tion is via broadcast addr esses: MAC net works: FF:FF:FF:FF:FF:FF , IPv4 net works: 255.255.255.255, IPv6 net- w[...]

  • Página 483

    Channel bundling When channels ar e bundled, the B channels in an ISDN connection are combined t o increase data throughput. CHAP The Challenge Handshake A uthentication P rotocol (CHAP) is an au- thentication prot ocol for PPP connections. As w ell as the standard CHAP , Microsof t also has the variants MS-CHAPv1 and MS- CHAPv2. Y ou dial into a n[...]

  • Página 484

    Datagram A datagram is a self-contained dat a entity with user and control data. It generall y stands for the t erms data frame, data pac ket and data segment. DCN DCN stands for data comm unication net work. Dead P eer Detection In IPSec, Dead P eer Detection is used t o identify IKE peers that can no longer be accessed. Default gate way All the d[...]

  • Página 485

    to-point. It is used t o connect a PBX. A main phone number and a number b lock ar e issued. Each of the number s in the number b lock is called a direct dial e xception. (Ex ample: Main number 1234, n um- ber bloc k: 1 - 99, numbers of the individual e xtensions: 1 234-1, 1 234-2, 1234-3, …) Direct dialling r ang e See number bloc k in P oint-to[...]

  • Página 486

    Encryption Refer s to the encr yption of data, e.g . using MPPE. ESP Encapsulating Securit y P ayload (ESP) is a protocol f or IPSec. It uses prot ocol number 50 and suppor ts data encr yption and authen- tication. Ethernet Ether net is a specification f or cable dat a net works. Ethernet wor ks on the fir st and second layer of the OSI model. Euro[...]

  • Página 487

    G.992.1 Data transmission r ecommendation for ADSL. There ar e t wo coun- tr y -specific ver sions: G.992.1 Anne x A and G.992.1 Anne x B. D ata transf er rates: 1 2 Mbit/s (downstream), 1 .3 Mbit/s (upstream) G.992.2 Data transmission r ecommendation for ADSL (G.LITE / ADSL -Lite). There ar e t wo v ersions: G.992.2 Anne x A and G.992.2 Annex B . [...]

  • Página 488

    capsulating other prot ocols so that they can be transpor ted via the Internet P rotocol (IP) in the f or m of a tunnel (VPN). GRE uses pro- tocol n umber 47 . GSM The Global Sy stem f or Mobile Communications (GSM), also kno wn as 2G, is a mobile communications standar d. It achiev es, along with GPRS , a specified max. data tr ansmission rat e of[...]

  • Página 489

    it uses por t 80. HTTPS The HyperT e xt T ransf er P rot ocol Secure (HTTPS) is a pr otocol which prot ects against eavesdr opping when transmit ting HTML pages (web pages) bet ween server and client. HTTPS is schematic- ally identical t o HTTP . SSL / TLS is used for additional dat a encryp- tion. The standar d por t for HTTPS connections is 443. [...]

  • Página 490

    IPCP The Int er net P rotocol C ontrol P rot ocol (IPCP) is used, in a similar way t o DHCP , to configur e a host with an IP address , gat eway and DNS ser ver , when a PPP net work connection is being used. With the e xtension R obust Header C ompression ov er PPP , the header can be compressed f or fast er data transmission. Similarly , in IPv6 [...]

  • Página 491

    L2TP The Layer 2 T unneling P rotocol (L2TP) is a networ k prot ocol for en- capsulating other prot ocols so that they can be transpor ted via the Internet P rotocol (IP) in the f or m of a tunnel (VPN). By default, L2TP uses prot ocol number 170 1 . The architectur e in an L2TP net work consists of an L2TP access concentrat or (LAC) which may also[...]

  • Página 492

    Loopback In a loopback s witch the sender and recipient are identical. L TE Long T erm Evolution (L TE), also known as 4G, is a mobile comm u- nications standar d with a standardised maxim um data transmission rat e of 300 Mbit/s. MA C address The Media Access Contr ol address (MA C address) is the har dwar e address of the network adapter and is u[...]

  • Página 493

    MPPE Microsof t Point-T o-Point Encryption (MPPE) is used to encrypt data transmit ted via PPP . It was dev eloped by Microsof t and Cisco and specified as RFC 3078. MS-CHAP The Microsof t Challenge Handshake A uthentication P rot ocol (MS-CHAP) is a method of authentication. MS-CHAPv1 is intended f or authenticating DCN connections and is largel y[...]

  • Página 494

    NBNS Like DNS, NetBIOS Name Service (NBSN) is used in centralised name resolution. See also WINS and DNS . Netmask With IPv4 in connection with the IP addr ess, the netmask, also net- work mask and subnet mask, defines the net work by dividing the IP address int o net work and device parts and thus determining which addresses need t o be routed. Ex[...]

  • Página 495

    P eer A peer is the endpoint of a communication in the networ k. Phase 1/2 See IKE. PIM The P rotocol Independent Multicast (PIM) enab les the dynamic rout- ing of multicast pac kets on the Int ernet. Ping Ping is a diagnostic tool that can be used to chec k whether a par tic- ular host in an IP net work can be contacted. A measur ement is tak en o[...]

  • Página 496

    POP3 The Post Of fice P rot ocol V ersion 3 (POP3) is a transmission pr o- tocol which contr ols how a client accesses emails from an email ser ver . P or t The por t number is used t o decide the ser vice (telnet, FTP , ...) to which an incoming data pac ket should be sent. PPP The P oint-to-P oint P rotocol (PPP) is a st andardised t echnology f [...]

  • Página 497

    Pr oposal W hen an IPSec connection is being estab lished, the initiator of the connection makes pr oposals with relation to the authentication and encr yption methods to be used. Pr otocol P rot ocols regulat e the flow of a data communication on dif f erent le vels of the OSI model. P rotocols contr ol addressing , coding, au- thentication, f or [...]

  • Página 498

    Reset This returns the device t o its unconfigured stat e. RFC A Request F or Comments (RFC) is a document that describes the standar ds and guidelines for the Int er net. Rijndael See AES. RIP The Routing Inf ormation P rot ocol (RIP) is a routing prot ocol. It is re- stricted to small networks. See also OSPF . RipeMD 1 60 RA CE Integ rit y P r im[...]

  • Página 499

    RTSP The Real-Time Str eaming P rot ocol (RTSP) controls the tr ansmis- sion of audio and video data (str eams) via IP -based net wor ks. W hile the Real-T ime T ranspor t P rotocol (R TP) is used to transmit user data, the main function of R TSP lies in controlling the data streams . Rule c hain A rule chain contains a combination of dif ferent f [...]

  • Página 500

    SHA1 Secure Hash Algorithm version 1 (SHA1) is a hash function that generat es a 1 60 bit hash v alue (checksum). See also Hash. SHDSL Symmetrical High-bit-rat e Digital Subscriber Line. See DSL. Shell The shell is an input interface (e . g. command line or graphic user interf ace) bet ween computer and user . Short hold The shor t hold is the defi[...]

  • Página 501

    the Real-T ime T ranspor t P rotocol (R TP) that is encr ypted using AES. SSH Secure Shell (SSH) is a network protocol that can be used t o estab- lish an encr ypted connection t o a device's shell. SSID The Service Set Identifier (SSID) defines a wir eless net work that is based on IEEE 802.1 1 . The SSID is the net work name of the wire- les[...]

  • Página 502

    sible IP addr esses). Switc h A s witch is a net work component that connects individual net work segments to one another . On the one hand, a s witch can be oper - ated as a bridge to the dat a link layer in the OSI model. Unlik e the bridge, howe ver , a switch has mor e than one input and output. On the other hand, the s witch can be operated as[...]

  • Página 503

    an ISDN terminal. See also NT . T elnet T elecommunication Net wor k (T elnet) is a net work prot ocol. It en- ables comm unication with another , remote de vice in the net wor k, e. g. PCs , rout ers, etc. TFTP The T rivial File T ransfer P rotocol (TFTP) regulat es the transmission of files . Compar ed with FTP , there is no option to display dat[...]

  • Página 504

    control m ust take place in the application lay er . Con ver sely , UDP is f aster than connection-oriented pr otocols. ULA Unique Local Addr esses (ULA) are IPv6 addresses that ar e not rout ed. They can be used in private networks (e. g. a LAN). ULAs begin with the pref ix fd. UMTS The Universal Mobile T elecommunications Sy stem (UMTS), also kno[...]

  • Página 505

    also ref ers to a tunnel that is est ablished between the private net- works of the t wo connected parties. VPN prot ocols are IPSec , PPTP , L2TP and GRE. VSS The Virtual Ser vice Set (VSS) ref ers t o a prefix f or wireless LAN in- terf aces. W alled garden In the conte xt of hotspots, a walled g arden r ef ers t o the area of the websit e which [...]

  • Página 506

    WP A-PSK With WP A 1 / 2, WP A -PSK enables subscribers to be authenticat ed using pre-shar ed key s. The access point and the client use the same string for the k ey calculation in the WLAN. This string needs to be configur ed by the user s. X.25 X.25 is a standar dised series of protocols f or wide area net works (W ANs) via the telephone net wor[...]

  • Página 507

    Index 1 87 V endor Descr iption 375 ISDN Timeserver 63 P ower Of f Timeout 58 Sy stem Admin P assw ord 59 # #1 #2, #3 1 05 2 2,4/5 GHz changeov er 449 A Access C ontrol 1 39 , 1 7 4 Access F ilter 234 Access Le vel 97 Access F ilter 230 Access P rofiles 90 Access R ules 228 A CCESS_ACCEPT 80 A CCESS_REJECT 80 A CCESS_REQUEST 80 A CCOUNTING_ST ART 8[...]

  • Página 508

    B Back R oute V er ify 290 Back R oute V er ify 1 97 Bandwidth 124 , 1 62 Based on Ethernet Interface 1 1 3 Beacon P er iod 1 40 , 165 Blacklist b locktime 1 7 4 Block af ter connection f ailure for 269 , 27 4 , 324 , 331 Block T ime 88 , 303 bloc ked 264 BOSS 420 BOSS V ersion 54 Bridge Links 145 , 450 Bridge Link Descr iption 450 , 451 Bridge Lin[...]

  • Página 509

    Creat e NA T P olicy 268 , 273 , 322 , 330 CRLs 1 07 CS V File F ormat 385 CTS frames r eceived in r esponse to an R TS 445 Current F ile Name in Flash 420 Current Local T ime 62 Current Speed / Mode 1 1 0 Custom 1 04 Custom DHCP Options 375 Cy clic Backg round Scanning 1 65 D D Channel Mode 294 Dat a P ackets Sequence Number s 31 9 Dat a Rat e mbp[...]

  • Página 510

    Drop In Gr oups 237 Drop unt agged frames 1 1 9 Dropped 441 , 456 Dropping Algorithm 227 DSA K ey St atus 7 6 DSCP / T OS V alue 193 DSCP/T OS Filter (Lay er 3) 215 , 230 , 409 DTIM P er iod 1 40 , 165 Duplicat e receiv ed MSDUs 445 Dynamic b lacklisting 1 7 4 Dynamic RADIUS A uthentication 314 DynDNS P ro vider 368 DynDNS Updat e 366 DynDNS Client[...]

  • Página 511

    238 Group ID 397 Groups 347 , 349 , 352 H Hashing Algorithms 76 Hello Interval 259 Hello Intervall 31 9 Hello Hold Time 259 High P rior it y Class 219 Hold Down T imer 248 Host 362 Host f or multiple locations 408 Host Name 367 Hosts 397 HotSpot Gate way 404 HotSpot Gate way 402 , 455 HTTP 73 HTTPS 73 , 365 HTTPS Ser ver 365 HTTPS TCP P or t 365 I [...]

  • Página 512

    IPSec Statistics 440 IPSec T unnels 438 IPSec (Phase-2) SAs 439 IPSec Debug Le vel 313 IPSec ov er TCP 314 IPSec P eers 280 IPv4 Rout e Configuration 189 IPv4 Routing T able 1 96 ISDN Login 73 J Join/P rune Interval 259 Join/P rune State 462 , 463 , 463 Join/P rune Hold Time 259 K K eepalive P er iod 263 K ey Size 385 K ey V alue 337 L L2TP 316 LAN[...]

  • Página 513

    Max. Scan Duration 1 30 Max. T ransmission Rate 1 64 Maximum Number of Dialup R etries 269 , 27 4 Maximum R etries 319 Maximum Gr oups 255 Maximum Message Le vel of Sy slog Entries 56 Maximum Number of A ccounting Log Entries 56 Maximum Sour ces 255 Maximum E-mails per Minut e 432 Maximum Number of S yslog Entries 56 Maximum number of concurr ent c[...]

  • Página 514

    Net working 189 New Destination P or t 205 New Destination IP A ddress/Netmask 205 New F ile Name 420 New Sour ce Port 205 New Sour ce IP Address/Netmask 205 No . 197 , 437 , 442 Noise dBm 446 , 448 , 450 , 451 , 452 , 454 Not Interf ace-Specific Status 458 Number of Messages 429 Number of Spatial Streams 1 24 , 1 62 Number of Admit ted C onnection[...]

  • Página 515

    PPTP Addr ess Mode 27 4 PPTP Ethernet Interface 272 PPTP Mode 328 P recedence 262 P reshar ed K ey 1 36 , 1 42 , 145 , 1 70 , 282 P rimar y DHCP Ser ver 378 P rimar y DNS Ser ver 359 P rior itisation Algorithm 222 P rior itize TCP A CK P ackets 269 , 27 4 , 324 P rior it y 82 , 87 , 225 , 341 , 359 P rior it y Queueing 225 P ropag ate PMTU 308 P ro[...]

  • Página 516

    Retr ansmission Timer 248 Retries 84 Re ver se-P ath-F orwar ding (RPF) 460 , 461 RFC 2091 V ariable T imer 246 RFC 2453 V ariable T imer 246 RIP 241 RIP Filt er 243 RIP Interf aces 241 RIP Options 246 RIP UDP P or t 246 Roaming P rofile 130 Rob ustness 252 Rogue Clients 1 85 Rogue APs 1 84 Rogue Client MA C Address 1 85 Role 31 1 Rout e Announce 2[...]