Manual R1xxx/R3xxx/R4xxx
Contents
1. picim Operation Mode moer Band channel Antenna Diversity Enabled Transmit Power m E 7 f Performance Settings Wireless Mode 802 11 mixed b g Max Transmission Ray i Auto Y Nitro Mode a nel Mlenabled _ O wl iroa Erame compression ramo concatenation FlPiggyback Acknowledge Direct Link Advanced Settings Beacon Penaa e j 100 p g orm Period aia RTS Threshold Always off o Snort Reny Limit Ta E Long Retry Lit HA A Fragmentation Threshold a pe Bytes ED Threshold gt E cwmin onma n i Max Receive Lifetime feos Max Transmit SOU Lifetime te ms o o e _ OK Cancel Fig 75 Wireless LAN gt WLAN gt Radio Settings gt The Wireless LAN gt WLAN gt Radio Settings gt menu consists of the following fields Fields in the Radio Settings WLAN Settings menu Field Description Operation Mode Define the mode in which the wireless module of your device is to operate Possible values e off default value The radio module is switched off e Access Point Your device is used as an access point in your network e Access Client Your device serves as an Access Client in your network R1xxx R3xxx R4xxx 13 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Cl2. 2 Language English View Standard Online Heip git o z Y if E Profiles Service Categories OAM Controlling al OAM Flow Configuration y ES o ee OAM Flow Level F5 Mm Virtual Channel Connection CC PIB VCI32 Loopback Loopback End to End ClEnabled Loopback Segment DEnabted CC Activation Passive LS Continuity Check CC End to End Direction Maai Boh F TE ML Maintenance ov Continuity Check CC Segment Direction es Both E A o OK cancel Fig 108 WAN gt ATM gt OAM Controlling gt New The WAN gt ATM gt OAM Control gt ling New menu consists of the following fields Fields in the OAM Controlling OAM Flow Configuration OAM Flow Level Select the OAM flow level to be monitored Possible values e F5 virtual channel level The OAM settings are used for the virtual channel default value e F4 virtual path level The OAM settings are used for the vir R1xxx R3xxx R4xxx 15 WAN Funkwerk Enterprise Communications GmbH Field Description tual path Virtual Channel Connec Only for OAM Flow Level F5 tion VCC Select the already configured ATM connection to be monitored displayed by the combination of VPI and VCI Virtual Path Connection Only for OAM Flow Level F4 VPC Select the already configured virtual path connection to be mon itored displayed by the VPI Fields
3. PPTP Partner Parameters oss Description PPTP Mode PNs Owindows Client Mode User Name Password A eoncanos E Always on g DEnabled Connection Idle Timeout Foo Seconds Remote PPTP IP Address lt IP Mode and Routes p o E IP Address Mode Ostatic O Provide IP Address Default Route Denabled A Create NAT Policy z DEnabled Local IP Address L Route Entries Block after connection failure for Authentication MS CHAPV2 J Encryption Onone Enabled O Windows compatible LCP Alive Check enabled o 7 Faas 3 gt OSPF Mode passive O Active O Inactive Proxy ARP Mode imactive OUp or Dormant Cup only DNS Negotiation i Enabled E 7 i Proma ae Callback Enabled Fig 126 VPN gt PPTP gt PPTP Tunnels gt New The VPN gt PPTP gt PPTP Tunnels gt New menu consists of the following fields Fields in the menu PPTP Tunnels PPTP Partner Parameter Field Description Description Enter a unique name for the tunnel The first character in this field must not be a number and no special characters or umlauts must be used R1xxx R3xxx R4xxx 16 VPN Funkwerk Enterprise Communications GmbH Field Description PPTP Mode Enter the role to be assigned to the PPTP interface Possible values e PNS default value this assigns the PPTP interface the role
4. E a z y y a ADSL Configuration Automatic Refresh interval 60 Seconds __ Apply Ethernet Ports sD ror sites DH Ports ADSL Chipset Globespan Titanium Ultra Plus ADSL Modem Physical Connection Unknown m 4 Current Line Speed Downstream 0 bps Se eo Firewall u ADSL Mode Annex A Annex B AA ADSL SyncType Automode e Transmit Shaping Default Line Speed iii ES OK Cancel Fig 65 Physical Interfaces gt ADSL Modem gt ADSL Configuration The Physical Interfaces gt ADSL Modem gt ADSL Configuration menu consists of the following fields Fields in the ADSL Configuration ADSL Port Status menu Field Description ADSL Chipset Shows the key of the installed chipset Physical Connection Shows the current ADSL operation mode The value cannot be changed R1xxx R3xxx R4xxx 11 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description Possible values e Unknown The ADSL link is not active e ANSI T1 413 ansiT1dot413 e ADSL1 ADSL classic G DMT ITU G 992 1 e G Lite Splitterless ADSL ITU G 992 2 e ADSL2 G DMT Bis ITU G 992 3 e ADSL2 DELT ADSL2 Double Ended Line Test e ADSL2 Plus ADSL2 Plus ITU G 992 5 e ADSL2 Plus DELT ADSL2 Plus Double Ended Line Test READSL2 Reach Extended ADSL2 e READSL2 DELT Reach Extended ADSL2 Double Ended Line Test e ADSL2 ITU T G 992 3 Annex M ADSL BBV il iG 992 5 Annes Mi Fields in the ADSL Co
5. Choose the 3 icon to edit existing entries Choose the New button to configure other WDS links a gt one nat R1xxx R3xxx R4xxx cS ome 1 r AAA Language English Online Help Logout funk park AS A a o e Radio Settings Virtual Service Sets WDS Links bc Physicalinterfaces m Basic Parameters WDS Description Use default WDS Security Settings wan F Administration Privacy None v Routin y Remote Partner WAN a a a Remote MAC Address 00 00 00 00 00 00 t C OK C Cancel Fig 77 Wireless LAN gt WLAN gt WDS Links gt gt New The Wireless LAN gt WLAN gt WDS Links gt 5 gt New menu consists of the following fields Fields in the WDS Links Basic Parameters menu Field Description WDS Description Enter a name for the WDS link If the Use Standard option is activated the generated name of the interface is automatically used If the option is not activated you can enter a suitable name in the input field The Use Standard option is enabled by default Fields in the WDS Security Settings menu Field Description Privacy Select whether an encryption method is to be used for this WDS link and if so which one Possible values None default value Data traffic on this WDS link is not en crypted e WEP40 Data traffic on this WDS link is encrypted with WEP4O In WEP Key 1 4 enter the key f
6. WLANI vss WDS Client Links Automatic Refresh Interval 300 Secons C Apply J WDS Table MDS Description Remote MAC UpTime Tx Packets RxPackets Signal dBm RSH RSSI2 RSS Noise dBm Deta Rete mops wds1 0 00 00 00 00 00 00 0d 0h Om 4s 0 0 0 0 0 0 0 0 0 TANT IPSec _1SDIIModem Interfaces wan HotSpot Gateway 005 L Fig 205 Monitoring gt WLAN gt WDS Values in the list WDS Field Description WDS Description Shows the name of the WDS link Remote MAC Shows the MAC Address of the WDS link partner Up Time Shows the time in hours minutes and seconds for which the WDS link is active R1xxx R3xxx R4xxx Field Description Tx Packets Shows the total number of packets sent Rx Packets Shows the total number of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate mbps Shows the current transmission rate of data received on this WDS link in mbps If required the Test link can be used to start a link test The test is only available for funk werk devices and only if the WDS link is active The link test provides all the data necessary for checking the quality of the WDS link The link test also helps you to align the antennas This option is only displayed if the link state is Enabled WDS Link Details You use the e icon to open an overview of further details for the WDS links A
7. Web Fitter Wildcard DEnabled CAPI Server _ __ Scheduling oK JC Cancel Surveillance ISDH Theft Protection Funkwerk Discovery UPnP HotSpot Gateway BRRP Il Fig 153 Local Services gt DynDNS Client gt DynDNS Update gt New The Local Services gt DynDNS Client gt DynDNS Update gt New menu consists of the following fields Fields in the DynDNS Update Basic Parameters menu Field Description Host Name Enter the complete host name as registered with the DynDNS provider Interface Select the WAN interface whose IP address is to be propagated over the DynDNS service e g the interface of the Internet Ser vice Provider User Name Enter the user name as registered with the DynDNS provider Password Enter the password as registered with the DynDNS provider Provider Select the DynDNS provider with which the above data is re gistered A choice of DynDNS providers is already available in the uncon figured state and their protocols are supported R1xxx R3xxx R4xxx Field Description Other DynDNS providers can be configured in the Local Ser vices gt DynDNS Client gt DynDNS Providers menu The default value is DynDNS Enable update Select whether the DynDNS entry configured here is to be activ ated The function is activated by choosing Enabled The function is disabled by default The Advanced Settings menu consists of the following fields Fields in the m
8. oK _ Cancel Fig 61 Physical Interfaces gt Ethernet Ports gt Port Configuration The Physical Interfaces gt Ethernet Ports gt Port Configuration menu consists of the following fields Fields in the Port Configuration Switch Configuration menu R1xxx R3xxx R4xxx Field Description Switch Port Shows the respective switch port The numbering corresponds to the numbering of the Ethernet ports on the back of the device Ethernet Interface Selec Assign a logical Ethernet interface to the switch port tion You can select from five interfaces en1 0 to en1 4 In the ba sic setting switch ports 1 4 are assigned to interface en1 0 and switch port 5 is assigned to interface en1 4 Configured Speed Select the mode in which the interface is to run Mode Possible values e Full Autonegotiation default value e Auto 100 mbps only e Auto 10 mbps only e Auto 100 mbps Full Duplex e Auto 100 mbps Half Duplex e Auto 10 mbps Full Duplex e Auto 10 mbps Half Duplex e Fixed 100 mbps Full Duplex e Fixed 100 mbps Half Duplex e Fixed 10 mbps Full Duplex e Fixed 10 mbps Half Duplex e Disabled The interface is created but remains inactive Current Speed Mode Shows the actual mode and actual speed of the interface Possible values e 100 mbps Full Duplex e 100 mbps Half Duplex e 10 mbps Full Duplex e 10 mbps Half Duplex e Inactive R1xxx R3xxx R4xxx 11 3 ISDN Ports
9. priorisation algorithm Priority Queueing Traffic shaping ul Denabiea B 7 i Protocol Header Size below Layer 3 the Ethernet E Queues Policies C OK cancel Fig 98 Routing gt QoS gt QoS Interfaces Policies gt New The Routing gt QoS gt QoS Interfaces Policies gt New menu consists of the following fields Fields in the QoS Interfaces Policies Basic Parameters menu R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 14 Routing Field Description Interface Select the interface for which QoS is to be configured Priorisation algorithm Select the algorithm according to which the queues are to be processed This activates and deactivates QoS on the selected interface Possible values e Priority Queueing default value QoS is activated on the interface The available bandwidth is distributed strictly ac cording to the queue priority e Weighted Round Robin QoS is activated on the interface The available bandwidth is distributed according to the weighting weight of the queue Exception High priority pack ets are always handled with priority e Weighted Fair Queueing QoS is activated on the inter face The available bandwidth is distributed as fairly as pos sible among the automatically detected traffic flows in a queue Exception High priority packets are always handled with priority e Disabled QoS is deactivated on the
10. Additional voice service from T Com for the commercial distribution of private information services The T Com services are limited to providing the technical infrastructure and collection processing for the information providers The provided information is accessed us ing the telephone number 0190 which is uniform across Germany plus a 6 digit telephone number Information offering Entertainment weather finance sport health support and service hotlines Additional voice service from T Com Allows calls to be received via a location independent telephone number uniform across Germany starting with the numbers 0700 Free of charge routing to national fixed network Enhancement with Vanity possible Additional voice service from T Com Replaces Service 0190 Service number 0180 Additional voice service 0180call from T Com to receive calls from a Setup Tool SHA1 SHDSL Short hold Signalling Simplex operation ISDN subscribers only location dependent telephone number uniform across Germany starting with the numbers 0180 Menu driven tool for the configuration of your gateway The Setup Tool can be used as soon as the gateway has been accessed serial ISDN Login LAN See HMAC SHA Single Pair High Speed Is the defined amount of time after which a connection is cleared if no more data is transmitted Short hold can be set to static fixed amount of time or dynamic according to charging information Simult
11. Fields in the Passwords Global Password Options menu Field Value Show passwords and Define whether the passwords are to be displayed in clear text keys in clear text plain text The function is activated with Show The function is disabled by default If you activate the function all passwords and keys in all menus are displayed and can be edited in plain text The WLAN and IPSec keys are one exception here They can only be entered in plain text If you press OK or call the menu again they are displayed as asterisks 10 2 3 Date and Time You need the system time for tasks such as correct timestamps for system messages ac counting or IPSec certificates bintec R1200 Language English View Standard Online Heip System Passwords Date and Time System Licences Stet a_i Piaaccame Globali Settings T pper mer Interface Mode Bridge Time Zone 7 iT C 90 _ Ml Y Groups Current Local Time Tue Nov 14 21 43 45 2006 _ Administrative Access Time Setti Remote Authentication T gt cesos tot pp pn pa i sl tia Hour Minute y Set Time Automatic Time Settings Time Protocol ISDN Timeserver j Dienabiea First Timeserver gt SNTP Second Tiidaaier SNTP 1 Third Timeserver S 3 NTP Time Update Interval an Minutes i Time Update Policy Noma E intemal Time Server Denabiea __
12. Funkwerk Enterprise Communications GmbH 15 WAN Field Description ESTAS MS TS TAG e MPPC Microsoft Point to Point Compression Fields in the Advanced Settings IP Options menu Field Description OSPF Mode Specify whether OSPF protocol packets are sent over the inter face Possible values e passive default value OSPF is not activated for this inter face i e no OSPF protocol packets sent over this interface Networks reachable over this interface are however included when calculating the routing information and propagated over active interfaces e Active OSPF is not activated for this interface i e OSPF protocol packets sent over this interface e Inactive OSPF is disabled for this interface Proxy ARP Mode Select whether and how ARP requests are to be responded to for the specified connection partner Possible values e Inactive default value Deactivates Proxy ARP for this connection partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the connection partner is Up or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up un til someone actually wants to use the route e Up Only Your device responds to an ARP request only if the status of the connection to the connection partner is Up active i e a connection already exists to the connection partner 15 4 Real Time Jitter Control Wh
13. See EE GEER VLAN VLAN Develop Public ment ment Wireless LAN 1 Wireless LAN 2 Fig 70 VLAN segmenting VLAN for Bridging and VLAN for Routing In the LAN gt VLAN menu VLANs virtual LANs are configured with interfaces that oper ate in bridging mode Using the VLAN menu you can make all the settings needed for this and query their status R1xxx R3xxx R4xxx A R1xxx R3xxx R4xxx Caution For interfaces that operate in Routing mode you only assign a VLAN ID to the inter face You define this via the parameter Interface Mode VLAN and the VLAN ID field in the LAN gt IP Configuration gt Interfaces gt New menu 12 2 1 VLANs In this menu you can display all the VLANs already configured edit your settings and cre ate new VLANs By default the Management VLAN is available to which all interfaces are assigned 12 2 1 1 Edit New Choose the E icon to edit existing entries Choose the New button to configure other VLANs View Standard v Online Help VLANs Port Configuration Administration bintes R200 VLAN Identifier 1 F J VLAN Name Management conte tan IP Configuration WLAN Interface Egress Rule Delete VLAN Members stal 0 Untagged Mal aE 2 4 a oK A Cancel Fig 71 LAN gt VLAN gt VLANSs gt Edit New The LAN gt VLAN gt VLANs gt Edit New menu consists of the foll
14. Select an ATM profile created in the ATM gt Profiles menu in dicated by the global identifiers VPI and VCI specified by the provider Enter the user name Enter the password for the PPPoA connection Select whether the interface should always be activated The function is activated with Enabled 15 WAN Funkwerk Enterprise Communications GmbH Field Description The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Only if Always on is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Fields in the PPPoA IP Mode and Routes menu Field Description IP Address Mode Choose whether your device has a static IP address or is as signed one dynamically Possible values e Get IP Address default value Your device is dynamic ally assigned an IP address e Static You enter a static IP address Default Route Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is enabled by defau
15. DNS Server Only for Forward to DNS server Enter the IP address of the primary and Secondary DNS Server 19 1 4 Cache In the Local Services gt DNS gt Cache menu a list of all available cache entries is shown R1xxx R3xxx R4xxx Global Settings Static Hosts Domain Forwarding Automatic Refresh interval 50 Seconds Apply Yew 20 perpege lc Iron None equal 8 Select all Description IP Address Response TIL icles ins Deselect all Make static m Page 1 s l oK JC Cancel Funkwerk Discovery Fig 150 Local Services gt DNS gt Cache You can select individual entries using the checkbox in the corresponding line or select them all using the Select All button A dynamic entry can be converted to a static entry by marking the entry and confirming with Set to Static This entry then disappears from the list and is included in the list in the Stat ic Hosts menu The TTL is transferred in this operation R1xxx R3xxx R4xxx 19 1 5 Statistics bintec R1200 00 Language English Online Help Logout Global Settings Static Hosts Domain Forwarding Cache Statistics Automatic Refresh Interval 60 Seconds Apply J DNS Statistics Received DNS Packets 0 Invalid DNS Packets lo DNS Requests lo o Cache Hits o Forwarded Requests Cache Hitrate Success
16. J English View Standard gt IPSec Peers Phase 1 Profil jS Phase 2 Profiles XAUTH Profiles IP Pools Options C New Cok_ C Cancel Fig 116 VPN gt IPSec gt Phase 1 Profiles In the Standard column you can mark the profile to be used as the default profile 16 1 2 1 New Choose the New button to set up new profiles 2 al 2 a Ps Yia S ES bintec R1200 View Stender v nine He Logout IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Phase 1 IKE Parameters Description PSK Mutipropos Encryption Authentication Enabled AES MD5 Y Proposals AES F M5 g z o AES MDS _ o DH Group O 1 768 Bit 2 1024 Bit O 5 1536 Bit Lifetime 14400 seconds 0 kBytes Authentication Method Preshered Keys e E q Mode O Main Mode ID Protect Aggressive L Strict Local io Type Fully Qualified Domain Name FQDN Local ID Value 1200 Advanced Settings CO Alive Check Autodetect hd Block Time 30 Seconds NAT Traversal Y Enabled OK JC Cancel Fig 117 VPN gt IPSec gt Phase 1 Profiles gt New The VPN gt IPSec gt Phase 1 Profile gt New menu consists of the following fields Fields in the Phase 1 Profile Phase 1 IKE Parameters menu Field Des
17. Port Separation Your device makes it possible to run the switch ports as one interface or to logically separ ate these from each other and to configure them as independent Ethernet interfaces By default the same configuration applies for all switch ports During configuration please note the following The splitting of the switch ports into several Ethernet interfaces merely logically separates these from each other The available total bandwidth of 100 mbps full duplex for all resulting interfaces remains the same For ex ample if you split all the switch ports from each other each of the resulting interfaces only uses a part of the total bandwidth If you group together several switch ports into one inter face the full bandwidth of 100 mbps full duplex is available for all the ports together bintee R1200 Language English View Standard Y Online Help See Automatic Refresh interval 300 Seconds Apply _ J E o i Switch Configuration Switch Port Ethernet Interface Selection Configured Speed Mode Current Speed Mode 1 em 0 Full Autonegotiation x Down pp end Full Autonegotiation Down 8 ent 0 Full Autonegotiation 100 mbps Full Duplex El 2 bi ai 4 Lent 0 Full Autonegotiation E Down aa ames Jom Lent 4 Y Full Autonegotiation e
18. ana a 7 i gt a Fap bintec R1200 at Language En Save configuration WLAN1 VSS WDS Client Links Assistants O or Physical Interfaces Automatic Refresh Interval 300 Seconds Appl J A AP MAC Address Up Time Signal dBm RSSH RSSI2 RSSI3 Noise dBm SNR dB Data Rate mbps WirelessLAN OOO o ov 04 Oh 5m 43s 0 0 0 0 0 0 0 A TE Tx Packets Re Pockets 154 0 0 A Bo ee Be 0 o a a o a oS a 4 o 0 A f lo Extermal Report ot 6 0 o C ss o o Internal Log 2 0 o IPSec 1 0 0 ISD Modem Interfaces Total 0 a WLAN HotSpot Gateway CC Back _ QoS Fig 208 Monitoring gt WLAN gt Client Links gt 0 Values in the Client Links list Field Description AP MAC Address Shows the MAC Address of the client link partner Up Time Shows the time in hours minutes and seconds for which the cli ent link in question is active Signal dBm Shows the received signal strength in dBm R1xxx R3xxx R4xxx Field Description Noise dBm Shows the received noise strength in dBm SNR dB Shows the signal quality in dB Data Rate mbps Shows the current transmission rate of data received on this cli ent link in mbps Rate Shows separately for each of the stated data rates the values for Tx Packets and Rx Packets 22 6 Bridges 22 6 1 br lt x gt In the Monitoring gt Bridges gt br lt x gt menu the current values of the configured bridges are shown ewe DE bintee R
19. 285 289 298 310 313 316 322 332 339 344 350 354 361 369 380 381 383 383 386 388 393 398 405 408 411 413 438 450 510 511 517 519 Destination 374 Destination File Name 491 Destination Interface 242 Destination IP Address 459 511 Destination IP Address Netmask 226 249 Destination IP Address Netmask 217 Destination Port 218 Destination Port Range 383 Destination Port Range 226 249 Details 510 Detection Mode 170 Device Mode 167 DH Group 332 DHOP Broadcast flag 178 DHCP Hostname 178 300 DHCP MAC Address 178 300 DHCP Options 436 Dial Latency 414 Dialling Number 461 Direction 233 252 411 515 516 Distribution Mode 238 Distribution Policy 238 Distribution Ratio 239 DNS Hostname 422 DNS Negotiation 266 270 275 283 287 291 358 365 DNS Requests 427 DNS Server 424 DNS Server Configuration 419 DNS Test 488 Domain 424 Domain at the HotSpot Server 473 Funkwerk Enterprise Communications GmbH Domain Name 419 dormant 260 down 260 Downstream 164 Drop non members 182 Drop untagged frames 182 Dropped 514 530 Dropping algorithm 259 DSA Key Status 121 DSCP TOS Value 218 DSCP TOS filter Layer 3 249 DSP Module 100 DTIM Period 193 Duplicate received MSDUs 519 Duration 515 516 Dynamic RADIUS Authentication 347 E E mail 139 EAP Preauthentification 203 Echo Cancellation 396 403 ED Threshold 193 195
20. 4 Close the status window with OK The computer now has an IPSec configuration gt Note You can now launch Funkwerk Configuration Interface for configuration by entering the IP address of your device 192 168 0 254 in a supported browser Internet Ex plorer 6 or later Mozilla Firefox 1 2 or later and entering the pre configured login in formation User admin Password funkwerk 4 4 Modify system password All bintec devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthorised use Make sure you change the passwords to prevent unauthorised access to your device Proceed as follows a Go to System Management gt Global Settings gt Passwords b Enter a new password under System Admin Password d Click OK e Save the configuration by clicking on the Save Configuration button above the menu navigation c Enter the new password again under Confirm Admin Password Note the following rules on password use 4 Basic configuration Funkwerk Enterprise Communications GmbH e The password must not be easy to guess Names car registration numbers dates of birth etc should not be chosen as passwords e The password should contain at least one character that is not a letter special character or number e The password should be at least 8 characters long e Change your password regularly e g every 9
21. Destination IP Address Enter the destination IP address of the data packets and the Netmask corresponding netmask Destination Port Range Only if Protocol tcp or udp Enter a destination port number or a range of destination port numbers Possible values e Ali default value The destination port is not specified e Specify port Enter a destination port e Specify port range Enter a destination port range Source IP Address Net Enter the source IP address of the data packets and the corres mask ponding netmask Only if Protocol tcp or udp Source Port Range Enter a source port number or a range of source port numbers Possible values e All default value The destination port is not specified e Specify port Enter a destination port e Specify port range Enter a destination port range DSCP TOS filter Layer Specify how the priority of the IP packets is signalled 3 Possible values Field Description e Ignore default value No priority signalling is used e DSCP Binary Value Differentiated Services Code Point is used to signal the priority of IP packets indicated in binary format currently not implemented e DSCP Decimal Value Differentiated Services Code Point is used to signal the priority of IP packets indicated in decim al format possible values 0 to 63 currently not implemented e TOS Binary Value Type of Service is used to signal the priority of IP packets indicated in bi
22. Equipment dimensions without cable B x H x D 295 mm x 45 mm x 160 mm 295 mm x 45 mm x 160 mm 8 mm antenna socket 295 mm x 45 mm x 160 mm 8 mm antenna socket Weight approx 1260 g approx 1260 g approx 1260 g Transport weight incl documentation cables packaging approx 2 6 kg approx 2 6 kg approx 2 6 kg Memory 32 MB SDRAM 32 MB SDRAM 32 MB SDRAM 8 MB flash ROM 8 MB flash ROM 8 MB flash ROM LEDs 18 1x Power 1x Status 20 1x Power 1x Status 20 1x Power 1x Status 5x2 Ethernet 3x2 Func tion 5x2 Ethernet 4x2 Func tion 5x2 Ethernet 4x2 Func tion Power consumption of the device max 15 Watt normally 13 Watt max 15 Watt normally 13 Watt max 15 Watt normally 13 Watt Voltage supply 15 V AC 1 3 A EU PSU 15 V AC 1 3 A EU PSU 24 V AC 1 A EU PSU Environmental require ments Storage temperature 20 to 70 C 20 to 70 C 20 to 70 C Operating temperature 0 to 40 C 0 to 40 C 0 to 40 C Funkwerk Enterprise Communications GmbH 6 Technical data Product name bintec R1200 bintec R1200w bintec R1200wu Relative atmospheric humidity 10 to 90 non condensing in operation 5 to 95 non condensing when stored 10 to 90 non condensing in operation 5 to 95 non condensing when stored 10 to 90 non condensing in operat
23. abled the options are the same as for the configuration in Phase 1 Group PFS is used to protect the keys of a renewed phase 2 SA even if the keys of the phase 1 SA have become known Funkwerk Enterprise Communications GmbH 16 VPN Field Description The field has the following options e 1 768 Bit During the Diffie Hellman key calculation modular exponentiation at 768 bits is used to create the en cryption material e 2 1024 Bit default value During the Diffie Hellman key calculation modular exponentiation at 1024 bits is used to create the encryption material e 5 1536 Bit During the Diffie Hellman key calculation modular exponentiation at 1536 bits is used to create the en cryption material Lifetime Define how the lifetime is defined that will expire before phase 2 SAs need to be renewed The new SAs are negotiated shortly before expiry of the current SAs As for RFC 2407 the default value is eight hours which means the key must be renewed once eight hours have elapsed The following options are available for defining the lifetime Entry in Seconds Enter the lifetime for phase 2 key in seconds The value can be a whole number from 0 to 2147483647 The default value is 7200 Entry in KBytes Enter the lifetime for phase 2 keys as amount of data processed in Kbytes The value can be a whole number from 0 to 2147483647 The default value is 0 The Advanced Settings menu consists of the following fiel
24. ation Base in the form of MIB tables and MIB variables You can read and modify these directly via the SNMP browser i Caution This configuration method assumes an in depth system knowledge of Funkwerk devices Funkwerk Enterprise Communications GmbH 8 Access and configuration 8 3 2 SNMP shell SNMP Simple Network Management Protocol is a protocol that defines how you can ac cess the configuration settings All configuration settings are stored in the MIB Management Information Base in the form of MIB tables and MIB variables You can access these directly from the SNMP shell via SNMP commands This type of configuration requires a detailed knowledge of our devices 8 4 BOOTmonitor The BOOTmonitor is only available over a serial connection to the device The BOOTmonitor provides the following functions which you select by entering the cor responding number 1 Boot System reboot the system The device loads the compressed boot file from the flash memory to the working memory This happens automatically on starting 2 Software Update via TFTP The devices performs a software update via a TFTP server 3 Software Update via XMODEM The device performs a software update via a serial interface with XMODEM 4 Delete configuration The device is reset to the ex works state All configuration files are deleted and the BOOTmonitor settings are set to the default values 5 Default BOOTmonitor Parameters You can
25. listening on 0 0 0 0 port 22 Information Configuration system r1 200 started at Sat Jan 14 1 25 22 2006 Debug Ethernet ent 0 add multicast 01 00 5e 00 00 02 Dt 01 25 01 26 21 Debug Ethernet en1 0 add multicast 01 00 5e 00 00 16 01 25 21 Debug HTTP httpd 25 pem unable to read key file 01 25 21 Debug HTTP htiad 26 using default certificate Fig 40 System Management gt Status The System Management gt Status menu consists of the following fields Fields in the Status System Information menu Field Value Uptime Displays the time past since the device was rebooted System Date Displays the current system date and system time Serial Number Displays the device serial number BOSS Version Displays the currently loaded version of the system software Fields in the Status Resource Information menu Field VENTO CPU Usage Displays the CPU usage as a percentage Memory Usage Displays the usage of the working memory in MByte in relation to the available total working memory in MByte The usage is also displayed in brackets as a percentage R1xxx R3xxx R4xxx 10 System Management Funkwerk Enterprise Communications GmbH Field VENTO ISDN Usage Internal Shows the number of active B channels and the maximum num ber of available B channels for internal connections ISDN Usage External Shows the number of active B channels and the maximum num ber of available B channels for external connections
26. nical terms used in network technology The index lists all the key terms for operating the device and all Index the configuration options and gives page numbers so they can be found easily To help you locate information easily this user s guide uses the following visual aids List of visual aids Indicates practical information Indicates general and important points Indicates a warning of risk level Attention points out possible dangers that may cause damage to property if not observed Indicates a warning of risk level Warning points out possible dangers that may cause physical injury or even death if not ob served gt gt De The following typographical elements are used to help you find and interpret the informa tion in this user s guide Typographical elements Typographical element Use Indicates lists Menu gt Submenu Indicates menus and sub menus in the Funkwerk Configura 4 R1xxx R3xxx R4xxx Typographical element Use tion Interface and Windows interface File gt Open Non proportional Indicates commands that you must enter as written Courier e g ping 192 168 1 254 bold e g Windows Indicates keys key combinations and Windows terms Start menu bold e g Licence Key Indicates fields in the Funkwerk Configuration Interface italic e g none Indicates values that you enter or that can be configured Online blue and italic Indicates hyperlinks e g www funkwerk ec com
27. o 500 E mail Alert Recipient 502 SAMP 2 a A y rs a 503 SNMP Trap Options 2 2 eo 504 SNMP Trap Hosts o o o 505 Activity MoONItOR 3 acces gee io We ote Soe Seow God te at a 506 Options 3 ee ees ae a Ae ae ae TE A a 507 Monitoring 2 2 0 2 0 ee ee ee 509 Internal Log Et 45 be Ae Sek ot Wt eas ee het A tte aS 509 System Messages 2 509 PSC A A A oy eee N 510 IPSec Tunnels e e 510 IPSec Statistics 6 000 20 2 a a A A 512 ISDN Modem a 514 Current Cals rni rara a E Sh 514 Call History i 2 oa ls is Beh ete ee ale Be 516 Interfaces n attr Ae ere ty A eee Aa 517 Statistics 2 4 gk te eee a ek ee oe ee a A y 517 WEAN c Seo ye te tye gt latte We OS Aiden Rae Leslee a 518 WEAN eei eee to Alte Ras A hile Bar At ere A 518 NSS et B D pte E ote ently Se hadi iin ob pct 22 520 WDS 0 oy dd is Gate cg ith dy GD ta to hls dy Shae 523 X R1xxx R3xxx R4xxx 22 5 4 Client LINKS cc SoS ee toe a eh A ee aa 525 22 6 Bridgesia Dr e e Ge ea A Be cere ae e RA Bat ng 527 22 6 1 DOS a erg Bd ee Lb et EA A Se ea hg 527 22 6 2 SLACKS ie eh ew Ee ae el Ae ee Bae Bee kG GPE A 528 22 7 Hotspot Gateway 2 o 528 22 7 1 Hotspot Gateway 2 04 2 mo A ee aOR AD kok be es 529 22 8 QOS ed he oe ake tne Se A A 529 22 8 1 QOS 8 Al A ee ae Mbt el Ber BA ee 2 530 GlosSary ai a a siden ada 531 ING OX oo Antec de
28. o a o o e 11 Chapter 4 Basic configuration aoaaa o 12 4 1 Presettings apar d a e i AP Bele a ee A 12 4 1 1 Preconfigured data oaoa a 12 4 1 2 Software update 2 o 12 4 2 System requirements 2 ee a 13 4 3 Preparations s e soco c soca do Oe ee ee 13 4 3 1 Gathering datas xo oc oc wk Boa A aa a de 13 4 3 2 ConfiguringaPC e sorc e os oe dori osr oe torace ne d aa 16 4 4 Modify system password 2 a a a a 17 4 5 Setting up an internet connection 18 4 5 1 Internet connection over internal ADSL modem 18 4 5 2 Internet connection over UMTS 2 004 18 4 5 3 Other internet connections 0 00208 19 4 5 4 Testing the configuration 2 o oa a a a a 19 4 6 Setting up wireless LAN a a a a a 19 4 7 Software Update a oao a a 2 a 20 R1xxx R3xxx R4xxx i Chapter 5 Reset ts aro waa Shae te haat Bh 22 Chapter 6 Technical datay ca paa ale ee A 24 6 1 Scope of supply y soso SP a we i a a a ia 24 6 2 General Product Features 2 2 ee ee ee ee ee 26 6 3 WEDS es is area lB apc phe ig that ates eae he hehe 2 34 6 4 COnmeCtors E dt A NA A de 49 6 5 PiN Assign Mets ica ld a a an A da 55 6 5 1 Ethernet interface aci a ee a a es 55 6 5 2 ISDN SO ports supine Shy Ge oe ee oe ee a 56 6 5 3 ISDN PRl interface 2 o eo 57 6 5 4 CardBus interface PCMCIA 2 000034 58 6 5 5
29. 11 3 2 1 New Choose the New button to edit MSNs Basic Parameters E ISDNPot bri2 0 Senice SoNicn A CE be E ES Lett Oe to Rigt DD Bearer Service E OData Voice Opata OVoice OK A Cancel Fig 64 Physical Interfaces gt ISDN Ports gt MSN Configuration gt New The Physical Interfaces gt ISDN Ports gt MSN Configuration gt New menu consists of the following fields Fields in the MSN Configuration Basic Parameters menu R1xxx R3xxx R4xxx 11 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description ISDN Port Select the ISDN port for which the MSN is to be configured Service Select the service to which a call is to be assigned on the MSN below Possible values e ISDN Login default value Enables logging in with TSDN Login e PPP Routing Default setting for PPP routing Contains the automatic detection of the PPP connections stated below except PPP DOVB e IPSec Enables a number to be defined for IPSec callback e Other PPP Other services can be selected PPP 64k enables 64 kbps PPP data connections PPP 56k enables 56 kbps PPP data connections PPP V 110 9600 14400 19200 38400 enables PPP connections with V 110 and bit rates of 9600 bps 14400 bps 19200 bps 38400 bps PPP V 120 enables incoming PPP connections with V 120 MSN Enter the number used to
30. 123 the device dials OLA NG HS If the user wishes to call extension 111 he types in 123111 The device dials 09119673111 A period at the end of the number indicates a complete number This is dialled immediately the period is recognised If you want to use a speeddial number from this list you must dial followed by the speed dial number R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 19 Local Services Chapter 19 Local Services This menu offers services for the following application areas e Name resolution DNS e Locating of dynamic IP addresses using a DynDNS provider e Configuration of gateway as a DHCP server assignment of IP addresses e Access restriction on the Internet web filter e Assignment of incoming and outgoing data and voice calls to authorised users CAPI server e Automation of tasks according to schedule scheduling e Alive checks for hosts or interfaces ping tests e User LAN protection theft protection e Realtime video audio conferences Messenger services universal plug play e Provision of public Internet accesses hotspot 19 1 DNS Each device in a TCP IP network is usually located by its IP address Because host names are often used in networks to reach different devices it is necessary for the associated IP address to be known This task can be performed by a DNS server which resolves the host names into IP addresses Alternatively name resolution can al
31. AO E a 320 16 1 IPSEC rare a e t e a TA aa e o dea 320 16 1 1 IPSEC Peer il cose eee BO a ote ee EP ant 320 16 1 2 Phase 1 Profiles 2 2 a 330 16 1 3 Phase 2 Profiles a 338 16 1 4 XAUTHProfiles i sera fn o A ta ud ORS 342 16 1 5 IPPO Sia ARE UA ee As RA 345 16 1 6 Options occ LR A A a i bales 346 16 2 A TE E A TA 349 16 2 1 Tunnel Profiles 2 a tido e ds ido ab ced 349 16 2 2 USOS atan oa Mee tia e ME Gene at da tee Se ice de Mee nee Z 353 16 2 3 Options 00 wear a a eae Rome YF a Be 359 16 3 PRT Pn hhc Aled ts St Si hh oh at B ot ts Eas Die Mh had 360 R1xxx R3xxx R4xxx 16 3 1 PPTP Tunnel ora a oe 360 16 3 2 Options s 0er a a ee ED a A 367 16 4 OREA a AO a a 3 e a os 368 16 4 1 GRE Tunnels lt a a a a oda 368 Chapter 17 Elrewall sa eaa i anea BA A 371 171 Policies UA A A de 372 17 1 1 Fitr RUIS N ss ata rn che et Stet BA ten ee de aot ee ten Ae es 373 17 1 2 OOS 4 A AM es eile o AE eh eth as 376 17 1 3 OBUONS hr as MRS as o is o tot ND 378 172 Interfaces culto ee fn sk A A Bak ted Be 380 17 2 1 GIOUPS isa on a ao rod Rea a Ba ke ees A A 380 173 Addresses ho 3 xe A ihe aa A ae ee AA a i 381 173 1 Address iS hb xs eat a a abe te ae ear a 381 17 3 2 GOUS Agee e Shae ee a de ee IA a 382 174 Services 2 28 5 4 deb ey ad Bat Bet MMe oe Abd Ba MP Sek 383 17 4 1 Service List is fh Row b on a tee be Soh Rss bet ne ats aes 383 17 4 2 GIOUPS be
32. Add menu consists of the following fields Fields in the Options IP Pools menu Field Description IP Pool Name Enter the name of the IP pool IP Pool Range In the first field enter the first IP address of the range In the second field enter the last IP address of the range R1xxx R3xxx R4xxx 16 1 6 Options bintec R1200 Language English Online Help IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Global Options z Enable IPSec Cl Enabled Delete complete IPSec configuration mo re F PSecDebugLevel Debug Advanced Settings Send Initial Contact Message MEnabled o 7 o Sync SAs with ISP interface state ClEnabled Use Zero Cookies E Enabled i Dynamic RADIUS Authentication i Dlenabted E PKI Handling Options a i n Ignore Certificate Request Payloads DEnabled Send Certificate Request Payloads enabled Send Certificate Chains Enabled i os OO Send Key Hash Payloads 3 Enabled OK 5 7 Cancel Fig 122 VPN gt IPSec gt Options The VPN gt IPSec gt Options menu consists of the following fields Fields in the Options Global Options menu Field Description Enable IPSec Select whether you want to activate IPSec The function is activated with Enabled The function is active as soon as an IPSec Peer is configured Delete complete IPSec If you click t
33. Apply QoS 374 ARP Processing 202 Associated Line 411 ATM Interface 167 ATM PVC 273 ATM Service Category 303 Authentication 266 270 275 280 287 291 356 364 Authentication for PPP Dialin 133 Authentication ID 393 398 Authentication Method 332 511 Authentication Password 464 Authentication Type 125 130 Autoconfiguration on Bootup 153 Autosave Mode 141 AUX Port Status 147 Back Route Verify 221 325 Based on Ethernet Interface 177 Beacon Period 193 Bearer Service 161 Blacklisted 445 Block after connection failure for 266 270 275 280 287 291 356 364 Block Time 131 336 blocked 260 BOSS 491 BOSS Version 99 Bundle Type 159 Burst size 257 Bytes 511 C Funkwerk Enterprise Communications GmbH CA Certificate 137 CA Certificates 336 Cache Hitrate 427 Cache Hits 427 Cache Size 420 Call Number 283 294 Callback 366 Callback Mode 280 291 Called Address 405 408 Called Address Translation 406 407 Called Line 408 Calling Address 405 Calling Address Translation 408 Calling Line 405 408 CAPI Server TCP Port 448 Category 443 Certificate is CA Certificate 135 Certificate Request Description 137 Certificate Revocation List CRL Checking 135 Channel 187 212 515 Channel Bundling 282 Channel Selection 156 Channel Sweep 195 Charge 515 516 Class ID 252 257 Class map 252 Client Link Description 212 525 Client MAC Address 522 Client mode
34. Bottom row off Data traffic with 10 mbps ISDN 0 B D on ISDN D channel is active Top row ISDN 0 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active ISDN 1 B D on ISDN D channel is active Top row ISDN 1 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active UMTS on UMTS connection set up Top row UMTS flashing Data traffic over UMTS Bottom row R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 6 Technical data 1 D Status Information WLAN flashing Data traffic via the WLAN interface Top row WLAN slow flashing The WLAN module is active Bottom row on At least one WLAN client is connected The LEDs on bintec R3000 are arranged as follows Fig 8 LEDs on bintec R3000 In operation mode the LEDs on bintec R3000 display the following status information for your device LED status display LED Status Information Power on The power supply is connected Status Permanently on or Error off flashing The device is active ETH 1to5 on The device is connected to the Ethernet Top row flashing Data traffic via the Ethernet interface ETH 1 to5 on Data traffic with 100 mbps Bottom row off Data traffic with 10 mbps LED Status Information ISDN 0 B D on ISDN D channel is active Top row ISDN 0 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active ISDN 1 B D on ISDN D channel is active Top row
35. Field VENTO Possible options O MIDS e SHAI e RipeMD160 MD5 SHA 1 and RipeMD1 60 are enabled by default Fields in the SSH Key Status menu Field Value RSA Key Status Shows the status of the RSA key If an RSA key has not been generated yet Not Generatedis displayed in red and a link Generate is provided If you select the link the generation process is triggered and the view is up dated The status Generating is displayed in green When generation has been completed successfully the status changes from Generating to Generated If an error occurs during generated Not Generated and the Generate link are displayed again You can then repeat generation If the status Unknown is displayed generation of a key is not possible for example because there is not enough space in the FlashROM DSA Key Status Shows the status of the DSA key If a DSA key has not been generated yet Not Generatedis displayed in red and a link Generate is provided If you select the link the generation process is triggered and the view is up dated The status Generating is displayed in green When generation has been completed successfully the status changes from Generating to Generated If an error occurs during generated Not Generated and the Generate link are displayed again You can then repeat generation If the status Unknown is displayed generation of a key is not possible for example because there is not enough space in the Flas
36. Field Value Server Timeout Enter the maximum wait time between ACCESS REQUEST and response in milliseconds After timeout the request is repeated according to Retries or the next configured RADIUS server is requested Possible values are whole numbers between 50 and 50000 The default value is 1000 1 second Alive Check Here you can activate a check of the reachability of a RADIUS server in Status Down An Alive Check is carried out regularly every 20 seconds by sending an ACCESS_REQUEST to the IP address of the RADI US server If the server is reachable Status is set to alive again If the RADIUS server is only reachable over a switched line dialup connection this can cause additional costs if the server is down for a long time The function is activated by choosing Enabled The function is enabled by default Retries Enter the number of retries for cases when there is no response to a request If an answer has still not been received after these attempts the Status is set to down If the Active Check En ableayour device tries to reach the server every 20 seconds If the server answers the Status is set back to alive Possible values are whole numbers between 0 and 10 The default value is 1 To prevent Status being set to down set this value to 0 RADIUS Dialout Only for Authentication Type Authentication and IPSec Authentication Select whether your device receives requests from RADIUS server dialout
37. Funkwerk Enterprise Communications GmbH 8 Access and configuration If you want to load the archived boot configuration into your device go to Maintenance gt Software amp Configuration and select Action Restore Backup The archived backup is used as the current boot configuration The navigation bar also contains the main configuration menus and their sub menus Click the main menu you require The corresponding sub menu then opens If you click the sub menu you want the entry selected will be displayed in red All the other sub menus will be closed You can see at a glance the sub menu you are in Status page If you call the Funkwerk Configuration Interface after you log in the status page of your device is displayed The most important data of your device can be seen on this ata glance Main configuration window The sub menus generally contain several pages These are called using the buttons at the top of the main window If you click a button the window is opened with the basic paramet ers You can extend this by clicking the Advanced Settings tab which displays the addi tional options Configuration elements The various actions that you can perform when configuring your device in the Funkwerk Configuration are triggered by means of the following buttons Funkwerk Configuration Interface buttons Button Function Updates the view Apply Cancel If you do not want to save a newly configured list entry cancel
38. Online Help Logout _Add_ IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Peer Parameters gt AA Administrative Status Du OnDown Description E Pet y PeerAddress Mee P J T Fully Quelified Domain Name FQDN a A Peert Preshared Key 5 Interface Routes 3 IP Address Assignment Static Mm DefauitRoute DEnabled 4 Local IP Address gt i eers amos m Route Entries p Lo a is mel E Advanced Settings E Advanced IPSec Options z Phase 1 Profle None use default profile Y Phase 2 Profile None use default profile Y XAUTH Profle peee Select one 2 Auber of Admitted Connections PRA O mig asia Start Mode ondemand O Always up Advanced Options OO Back Route Verify Enabled Proxy ARP inactive Oup or Dormant Oup only sec Callback na ie E Mode inactive Y oK J Cancel Fig 115 VPN gt IPSec gt IPSec Peers gt New The VPN gt IPSec gt IPSec Peers gt New menu consists of the following fields Fields in the IPSec Peers Peer Parameters menu Field Description Administrative Status Select the status to which you wish to set the peer after saving the peer configuration Possible values e Up default value The peer is available for sett
39. Options menu bintes 1200 cine Basic Parameters Enable BRRP ElEnablea OK Cancel Surveillance ISDH Theft Protection IA OT Fig 180 Local Services gt BRRP gt Options The Local Services gt BRRP gt Options menu consists of the following fields Fields in the Options Basic Parameters menu R1xxx R3xxx R4xxx Field Description Enable BRRP Enable or disable the BRRP function The function is activated with Enabled The function is disabled by default R1xxx R3xxx R4xxx Chapter 20 Maintenance This menu provides you with numerous functions for maintaining your device It firstly provides a menu for testing availability within the network You can manage your system configuration files If more recent system software is available you can use this menu to in stall it If you need other languages for the configuration interface you can import these You can also trigger a system reboot in this menu 20 1 Diagnostics In the Maintenance gt Diagnostics menu you can test the accessibility of individual hosts the resolution of domain names and certain routes 20 1 1 Ping Test bintec R1200 Language English View Standard Online Help Ping Test r Test Ping Address J Output A stics tware amp Configuration Go Fig 181 Maintenance gt Diagnos
40. Osp o Registration g y Enabled Bere Time o foo sec Application Level Gateway E z Tr ll Ar Authentication ID i i E Password Protocol UDP NN o Advanced Settings _ Codec Settings ae x Codec Proposal Sequence Default Quality O Lowest O Highest tia om ula Mor alaw 76 729 J Do 720 40 1 Ore Do 26 32 0 726 24 10 726 16 CI DTMF outband Voice Quality Settings p Echo Cancellation Denabted Comfort Noise Generation CNG Enabled E Packet Size i ms C ok C Cancel _ Fig 140 VoIP gt Media Gateway gt Extensions gt Edit New The VoIP gt Media Gateway gt Extensions gt Edit New menu consists of the following fields Fields in the Extensions Basic Parameters menu Field Description Description Enter the name of the extension Extension User Name ISDN terminals Enter the subscriber number the extension SIP terminals Enter the user name A maximum of 40 characters can be entered Interface Type Select the interface type to be used The selection depends on the interfaces available Possible values e SIP a SIP terminal device is used for the call 18 VoIP Funkwerk Enterprise Communications GmbH Field Description e ISDN an ISDN terminal device is used for the call Can only be selected if ISDN interfaces configured with Euro ISDN point to multipoint NT mode are available Select ISDN
41. Remote Authentication gt RADIUS menu and selected in the RADIUS Server Group ID field e Local Authentication is carried out via a local list Name Only if Role Client Enter the authentication name of the client Password Only if Role Client Enter the authentication password RADIUS Server Group Only if Role Server ID Select the desired RADIUS group configured in System Man agement gt Remote Authentication gt RADIUS Users Only if Role Server and Mode Local If your gateway is configured as an XAuth server the clients can be authenticated via a locally configured user list Define the members of the user group of this XAUTH profile here by entering the authentication name of the client Name and the authentication password Password Add new members with Field Description Add 16 1 5 IP Pools In the IP Pools menu a list of all IP pools for your configured IPSec connections is dis played If have set IP Address Assignment IKE Config Mode Server for an IPSec peer you must define the IP pools from which the IP addresses are assigned Use the Add button to set up new IP pools Pear E view 20 per page Fiter in None v equal y Go IP Pool Name IP Pool Range 0 0 0 0 m Page tems 1 1 E gt Fa Add yo oK C_ Cancel Fig 121 VPN gt IPSec gt IP Pools gt Add The VPN gt IPSec gt IP Pools gt
42. SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Fields in the Client Link Security Settings menu Field Description Security Mode Select the security mode encryption and authentication for the wireless network Possible values e Inactive default value Neither encryption nor authentica tion e WEP 40 WEP 40 Bit e WEP 104 WEP 104 Bit e WPA None Only if Client Mode Ad Hoc WPA None e WPA PSK Only if Client Mode Infrastructure WPA Preshared Key Transmit Key Only if Security Mode WEP 40 WEP 104 Select one of the keys configured in WEP Key lt 1 4 gt as the default key The default value is Key 1 WEP Key 1 4 Only if Security Mode WEP 40 WEP 104 Enter the WEP key Enter a character string with the right number of characters for the selected WEP mode For WEP 40 you need a string of 5 characters WEP 104 13 characters For example hello for WEP 40 funkwerk wep1 for WEP 104 WPA Mode Only if Security Mode WPA PSK Select whether you want to use WPA with TKIP encryption or WPA 2 with AES encryption or both Possible values Field Description e WPA default value Only WPA is used e WPA 2 Only WPA2 is used Preshared Key Only if Security Mode WPA PSK Enter the WPA password Enter an ASCII string with 8 63 characters WPA Cipher Only for Security Mode wPA PSK and WPA Mode wPA Select which encryption method s
43. The data packet is discarded Possible values are 1 to 4294967295 The default value is 512 msec R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 13 Wireless LAN 13 1 2 Virtual Service Sets If you operate your device in access point mode Wireless LAN gt WLAN gt Wireless Module Settings pl gt Operating Mode Access Point you can set up and edit the desired wireless networks in the Wireless LAN gt WLAN gt Wireless Networks VSS gt gt New menu a Note The preset wireless network Funkwerk EC has the following security settings in the ex works state e Security Mode WPA PSK e WPA Mode WPA and WPA2 e WPA Cipher and WPA2 Cipher AES and TKIP The Preshared Key is filled with an internal system value which you must change during configuration Setting network names In contrast to a LAN set up over Ethernet a wireless LAN does not have any cables for set ting up a permanent connection between the server and clients Access violations or faults may therefore occur with directly adjacent radio networks To prevent this every radio net work has a parameter that uniquely identifies the network and is comparable with a domain name Only clients with a network configuration that matches that of your device can com municate in this WLAN The corresponding parameter is called the network name In the network environment it is sometimes also referred to as the SSID Protection of wirele
44. Wireless LAN gt WLAN gt Radio Set tings gt p gt Operating Mode Access Point you can set up and edit the desired WDS links in the Wireless LAN gt WLAN gt WDS links gt gt New menu Important The WDS link can only be configured in the 2 4 GHz band and in the 5 GHz band in door if the channel is NOT Auto The number of channels you can selected depends on the country setting Please consult the data sheet for your device WDS links WDS Wireless Distribution System are static links between access points AP which are generally used to connect clients with networks that are not directly ac cessible to them e g because the distance is too great The access point sends from one client to another access point which then forwards the data to another client Important Note that the data is transferred between the access points in unencrypted form over the WDS link in the default configuration You are therefore urgently advised to apply one of the available security methods WEP40 or WEP104 to protect data on WDS links WDS links are configured as interfaces with the prefix was They behave like VSS interface and only differ from these with respect to the predefined routing A WDS link is defined as a transit network this relates to a point to point connection or point to multipoint connection between two access points that are included in different networks 13 1 3 1 WDS Links gt New
45. bri2 1 Nat configured o Configured o m Recent System Logs Level Subsystem _ Message iik 4 Information VolP PABXD Adminstatus is disabled all PABX features will be disabled 23 Information IPSec a Information IPSec Information IPSec 3 Information NET 2 Information Configuration system 11200 started at Sat Jan 14 1 25 22 2006 init starting pote ipsecd version 3 0 Copyright 091 996 2009 by Funkwerk Enterprise Communications GmbH sshd pid 57 Ii listening on 0 0 0 0 port 22 1 Debug Ethernet ent 0 add multicast 01 o 25 21 JDabug z Ethernet en 0 add multicast 01 0 5e 00 00 lat 25 21 Debug HTTP httpd 25 pem unable to read key file 01 25 21 Debug HTTP httpdf25 using default certificate Fig 32 Funkwerk Configuration Interface nitial Screen 8 3 1 1 Calling the Funkwerk Configuration Interface 1 Check whether the device is connected and switched on and that all the necessary cables are correctly connected see Setting up and connecting on page 6 2 Check the settings of the PC from which you want to configure your device see Con figuring a PC on page 16 3 4 5 You are not in the Enter admin Open a web browser Enter http 192 168 0 254 in the address field of the web browser in the User field and funkwerk in the
46. gt New menu consists of the following fields Fields in the Service List Basic Parameters menu R1xxx R3xxx R4xxx 17 Firewall Funkwerk Enterprise Communications GmbH Field Description Description Enter an alias for the service you want to configure Protocol Select the protocol on which the service is to be based The most important protocols are available for selection Destination Port Range Only if Protocol TCP UDP TCP or UDP In the first field enter the destination port via which the service is to run If a port number range is specified in the second field enter the last port of the port range By default the field does not contain an entry If a value is displayed this means that the previously specified port number is verified If a port range is to be checked enter the upper limit here Possible values are 1to 65535 Source Port Range Only if Protocol TCP UDP TCP or UDP In the first field enter the source port to be checked if applic able If a port number range is specified in the second field enter the last port of the port range By default the field does not contain an entry If a value is displayed this means that the previously specified port number is verified If a port range is to be checked enter the upper limit here Possible values are 1to 65535 Type Only if Protocol TCMP The Type field shows the class of ICMP messages the Code field specifies the type of message in greate
47. gt this and any settings made by pressing Cancel 1 Confirms the settings of a new entry and the parameter E changes in a list z G o par Immediately starts the configured action a N ew 7 N Calls the the sub menu to create a new entry Inserts an entry in an internal list 8 Access and configuration Funkwerk Enterprise Communications GmbH Funkwerk Configuration Interface buttons for special functions Button Function Discover In the Access Point Search menu you use this button to start automatic detection of all the access points available and con nected by Ethernet in the network In the System Management gt Certificates gt Certificates and the System Management gt Certificates gt CRLs menus this button opens the sub menus for configuring the certificates or CRL imports Import In the System Management gt Certificates gt Certificates menu this button opens the sub menu for the configuration of the certificate request Request In the Surveillance gt ISDN Modem gt Current Calls menu clicking on this button ends the active calls selected in the column ial Various icons indicate the following possible actions or statuses Release Call Funkwerk Configuration Interface icons Deletes the list entry Displays the menu for changing the settings of an entry Displays the details for an entry Moves an entry A combo box opens in which you can choose the list entry that selected ent
48. m pea _ 2 None sf i 3 None vn l Options E 7 Autosave Mode Enabled A gt a 4 oK Cancel Fig 55 System Management gt Certificates gt Certificate List gt Request The System Management gt Certificates gt Certificate List gt Request menu consists of the following fields Fields in the Certificate List Certificate Request menu R1xxx R3xxx R4xxx 10 System Management Funkwerk Enterprise Communications GmbH Field Description Certificate Request De Enter a unique description for the certificate scription Mode Select the way in which you want to request the certificate Possible settings e Manual default value Your device generates a PKCS 10 for the key This file can then be uploaded directly in the browser or copied in the Edit menu using the View Details field This file must be provided to the CA and the received certificate must then be imported manually to your device e SCEP The key is requested from a CA using the Simple Cer tificate Enrolment Protocol Generate Private Key Only if Mode Manual Select an algorithm for key creation RSA default value and DSA are available Also select the length of the key to be created Possible values 512 768 1024 1536 2048 4096 Please note that a key with a length of 512 bits could be rated as unsecure whereas a key of 4096 bits not only needs a lot of time to create but also occupies a major share of the resource
49. o a occ e a e e a 169 11 6 1 Options a o a Oe 169 11 7 UM S HSDPA od a rd A e e A 172 11 71 UMTS HSDPA HSUPA o e eo 172 Chapter 12 LAN ie ab o dd A 176 12 1 IPsConfiguration s wy oss a ea PW e Fe A 176 12 1 1 Interfaces og ed Seay Be el ee ly bg 176 12 2 VIANA OR eon Oe a Ee Oe oe Ra 180 12 2 1 VEANS geht ti a ee a et a 181 12 2 2 Port Configuration ao aa a en 182 12 2 3 Administration 2 2 o eo o o o o 183 Chapter 13 Wireless LAN cepo ae a es 185 13 1 WLAN ota to do Hohe goa 185 R1xxx R3xxx R4xxx 13 1 1 Radio Settings p et ee a oe we Pe ae G 186 13 1 2 Virtual Service Sets 2 2 1 ee 199 13 1 3 WDS LINKS i oanh 6 2048 a A BS oe oe 206 13 1 4 Client ENK cas asin Cem on ro B boven Oe Ba yin ce B gated 209 13 2 Administrations o a ia ae Se ae ae SA ae 213 13 2 1 Basi Setup a Pee oe ae SORA Pee oe ea 213 Chapter 14 AQUINO 20040 a Be ae ON OS 215 14 1 AQUEST ache ee a y 215 14 1 1 IP Routes ss ee ta Ee ea a eG 215 14 1 2 Options 3 3 sh A Ase a ee MA aoe a ED oe 221 14 2 NAT os So ek Oe Oke ok Ok we Owe A 222 14 2 1 NAT Interfaces 2 2 o 222 14 2 2 NAT Configuration 2 o e 224 14 3 RIP AA AR A AA DA e AAA 229 14 3 1 RIP Interfaces a o ta A Bites 229 14 3 2 RIR Riteris ge Ae ia A A a e os 232 14 3 3 RIPZOptions moa sa eect PAPER Ste Wee ia 234 14 4 Load Balancing 2 E Sue ade eset OR Gee ea 237 14 4 1 Loa
50. short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 1 to 3600 seconds A value of 1 means that the connection is set up again immediately after disconnec tion and 0 deactivates short hold The default value is 20 Fields in the ISDN IP Mode and Routes menu Funkwerk Enterprise Communications GmbH 15 WAN Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Static default value You enter a static IP address e Provide IP Address Your device dynamically assigns an IP address to the remote terminal e Get IP Address Your device is dynamically assigned an IP address Default Route Only if IP Address Mode Static and Get IP Address Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is disabled by default Create NAT Policy Only if IP Address Mode Static and Get IP Address When you configure an ISDN Internet connection specify whether Network Address Translation NAT is to be activated The function is activated with Enabled The function is disabled by default Local IP Address Only if IP Address Mode Static Assign the IP address from your LAN to the ISDN interface which is to be used as your
51. the corresponding mask netmask of the original data packets Source Port Only for Type of traffic outgoing Source NAT NAT method symmetrisch and Service User defined Enter the source port of the original data pack ets The default setting Al 1 means that the port is not specified Source Port Range Not for Type of traffic outgoing Source NAT Enter the source port or the source port range of the original data pack ets The default setting 411 means that the port is not specified Destination IP Address Enter the destination IP address ana if required the corres Netmask ponding netmask of the original data packets Destination Port Range Only for Service User defined Enter the destination port or the destination port range of the original data packets The default setting 411 means that the port is not specified In the NAT Configuration gt Replacement Values menu you can define new address and 14 Routing Funkwerk Enterprise Communications GmbH ports depending on whether the data traffic is incoming or outgoing to which specific ad dress and ports are translated from the NAT Configuration gt Specify original traffic menu Fields in the NAT Configuration Replacement Values menu Field Description New Destination IP Ad dress Netmask New Destination Port Source IP Address Net mask New Source Port Only for Type of Traffic incoming Destination NAT Enter the destination IP ad
52. 2 Press Return at least once after the HyperTerminal window opens A window with the login prompt appears You are now in the SNMP shell of your device You can now log in on your device and start the configuration Check If the login prompt does not appear after you press Return several times the connection to your device has not been set up successfully Therefore check the COM1 or COM2 settings on your PC 1 Click on File gt Properties 2 Click Configure in the Connect to tab The following settings are necessary Bits per second 9600 Data bits 8 Parity open Stopbits 1 Flow control open 3 Enter the values and click OK 4 Make the following settings in the Settings tab Emulation V7100 5 Click OK The changes to the terminal program settings do not take effect until you disconnect the connection to your device and then make the connection again If you use HyperTerminal there may be problems with displaying umlauts and other special characters If necessary therefore set HyperTerminal to Autodetection instead of VT 100 Unix You will require a terminal program such as cu on System V tip on BSD or minicom on Linux The settings for these programs correspond to those listed above Funkwerk Enterprise Communications GmbH 8 Access and configuration Example of a command line for using cu cu s 9600 c dev ttySl Example of a command line for using tip tip 9600 dev ttySl 8 1
53. 2 mW 3 dBm e 5 mW 7 dBm e 10 mW 10 dBm e 40 mW 16 dBm Fields in the Radio Settings Performance Settings menu Field Description Wireless Mode Only for Operation Band 2 4 GHz In Outdoor Select the wireless technology that the access point is to use Possible values e 802 119 The device operates only in accordance with 802 119 802 11b clients have no access e 802 11b Your device operates only in accordance with 802 11b and forces all clients to adapt to it e 802 11 mixed b g default value 802 11 mixed short b g Your device adapts to the client technology The following applies for mixed short The data rates 5 5 and 11 mbps must be supported by all clients basic rates e 802 11 mixed long b g Your device adapts to the cli ent technology Only a data rate of 1 and 2 mbps needs to be supported by all clients basic rates This mode is also needed for Centrino clients if connection problems occur Max Transmission Rate Select the transmission speed Possible values auto default value The transmission speed is determined automatically e lt Value gt Depending on the setting for Operation Band Bandwidth Number of spatial streams and Wireless Mode different whole values in mbps will be available for se 13 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description lection Nitro Mode Activate this function to increase the transmission speed for 802 11g through frame bursting
54. 3 Access over ISDN All devices that have an ISDN interface can be accessed and configured from another device via an ISDN call Access over ISDN with ISDN Login is especially recommended if your device is to be re motely configured or maintained This is also possible even if your device is still in the ex works state Access is then obtained with the aid of a device that is already configured or a PC with an ISDN card in the remote LAN The device to be configured in your own LAN is reached via a number of the ISDN connection e g 1234 This enables the administrator in the Remote LAN to configure your device remotely for example a Note If you connect an unconfigured device to an ISDN connection in parallel to a PBX the PBX cannot take any calls until an ISDN number is configured on the device Access over ISDN costs money If your device and your computer are in the LAN it is cheaper to access your device via the LAN or via the serial interface Your device in your LAN merely needs to be connected to the ISDN connection and switched on To reach your device over ISDN Login proceed as follows 1 Connect your device to the ISDN 2 Log in as administrator on your device in the remote LAN in the usual way 3 Inthe SNMP shell type in isdnlogin lt number of the ISDN connection of your device gt g isdnlogin 1234 4 The login prompt appears You are now in the SNMP shell of your device Continue with Logging in f
55. 509 the basis of their name agreement with the telephone directory The Internet supports several databases with information on users such as e mail addresses telephone numbers and postal ad dresses You can search these databases to obtain information about individuals ITU T standards that define the format of the certificates and certific ate queries and their use Index Index 294 316 Modem Init Sequence 147 114 510 519 1 2 3 141 A Access 448 ACCESS_ACCEPT 124 ACCESS _ REJECT 124 ACCESS_ REQUEST 124 ACCOUNTING_START 124 ACCOUNTING_STOP 124 ACL Mode 205 Action 212 212 374 443 491 510 517 Action if license not registered 440 Action if server not reachable 440 Active IPSec Tunnels 99 Active Sessions SIF RTP etc 99 Additional Wire Pairs 167 Address 381 Address Mode 177 300 Address Range 381 Address Type 381 Administrative Status 322 388 398 405 406 ADSL Chipset 163 ADSL Logic 491 ADSL Mode 164 ADSL SyncType 164 Advertisement send interval 481 Alert Service 500 Alive Check 127 336 341 511 All Multicast Groups 242 Allow deleting editing all routing entries 222 Funkwerk Enterprise Communications GmbH Allowed Addresses 205 Allowed Hotspot Client 475 Always on 268 273 277 285 289 354 361 Always on 263 Answer to client request 468 Antenna Diversity 187 AP MAC Address 212 525 526 APN Access Point Name 147 173
56. Active OSPF is activated for this interface i e routes are propagated or OSPF protocol packets sent over this interface e Inactive OSPF is disabled for this interface Proxy ARP Mode Select whether and how ARP requests from your own LAN are to be responded to for the specified connection partner Possible values e Inactive default value Deactivates Proxy ARP for this connection partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the connection partner is Up or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up un til someone actually wants to use the route e Up Only Your device responds to an ARP request only if the status of the connection to the connection partner is Up active i e a connection already exists to the connection partner DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server Secondary DNS Server primary WINS and sec ondary WINS from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default 15 15 GPRS UMTS ES Note Note that the GPRS UMTS menu is only available if a UMTS modem card is inserted in the CardBus slot and is integrated in the system Not all bintec gateways have a CardBus interface Refer to the data sheet to determine whether your gateway has this interfa
57. BRI 3 J3M Internal 4 external Internal external switching BRI 4 J4M Internal a external Power supply for internal BRI 3 J3P Off On connection Power supply for internal BRI 4 J4P Off On connection 100 Ohm terminator BRI 3 J3T Off On 100 Ohm terminator BRI 4 J4T Off On Connection of BRI 3 and J3 4 Off On BRI 4 R1xxx R3xxx R4xxx Chapter 8 Access and configuration This chapter describes all the access and configuration options 8 1 Access Options The various access options are presented below Select the procedure to suit your needs There are various ways you can access your device to configure it e Via your LAN e Via the serial interface e Via an ISDN connection 8 1 1 Access via LAN Access via one of the Ethernet interfaces of your device allows you to to open the Funk werk Configuration Interface in a web browser for configuration purposes and to access your device via Telnet or SSH f Caution If you carry out the initial configuration with the Funkwerk Configuration Interface this can result in inconsistencies or malfunctions as soon as you carry out additional settings using other configuration options Therefore it is recommended that the con figuration is continued with the Funkwerk Configuration Interface If you use SNMP shell commands continue with this configuration method 8 1 1 1 HTTP HTTPS With a current web browser you can use the HTML interfaces to configure your device For this
58. Bit Rate V 3 VBR 3 Enter a value for the maximum number of bits per second by which the PCR can be exceeded briefly Possible values 0 to 100000 The default value is 0 15 2 3 OAM Controlling OAM is a service for monitoring ATM connections A total of five hierarchies flow level F1 to F5 are defined for OAM information flow The most important information flows for an ATM connection are F4 and F5 The F4 information flow concerns the virtual path VP and the F5 information flow the virtual channel VC The VP is defined by the VPI value the VC by VPI and VCI Note Generally monitoring is not carried out by the terminal but is initiated by the ISP Your device then only needs to react correctly to the signals received This is ensured without a specific OAM configuration for both flow level 4 and flow level 5 Two mechanisms are available for monitoring the ATM connection Loopback Tests and OAM Continuity Check OAM CC These can be configured independently of each other N Caution The configuration of OAM requires extensive knowledge of ATM technology and the way the bintec devices functions An incorrect configuration can cause considerable disruption during operation If applicable save the original configuration on your PC In the WAN gt ATM gt OAM Controlling menu a list of all monitored OAM flow levels is shown 15 2 3 1 New Choose the New button to set up monitoring for other flow levels sue a
59. CFRAME CardBus Cycle Frame 55 CAD17 Mpx address data 17 56 CAD19 Mpx address data 19 57 CVS2 Voltage ID 2 58 CRST Reset CardBus 59 CSERR CardBus system error 60 CREQ CardBus request 61 CCBE3 Command Byte possible 3 62 CAUDIO CardBus audio 63 CSTSCHG CardBus status change 64 CAD28 Mpx address data 28 65 CAD30 Mpx address data 30 66 CAD31 Mpx address data 31 67 CCD2 Card ID 2 68 GND Ground R1xxx R3xxx R4xxx 6 5 5 ADSL interface The ADSL interface on bintec R3000 and R3000w is connected via an RJ45 plug The cable supplied connects the RJ45 plug needed for the device to an RJ45 plug provided for Annex A The second cable supplied connected the RJ45 plug with an RJ45 plug for Annex B The following pins are used for the ADSL connection Fig 27 ADSL interface RJ45 socket The pin assignment for the ADSL interface RJ45 socket is as follows RJ45 socket for ADSL connection Not used Not used Not used Linea Line b Not used Not used N Oa A ON Not used 6 5 6 SHDSL interface The SHDSL interface on bintec R3400 is connected via an RJ45 connector The cable supplied connects the RJ45 connector needed for the device to an RJ45 connector needed for the SHDSL connection The following pins are used for the SHDSL connection R1xxx R3xxx R4xxx 6 Technical data Funkwerk Enterprise Communications GmbH Fig 28 SHDSL interface RJ45 connector bintec R3400 In 2 wire mode the wire pairs
60. Channels Select how many B channels your device should use Fields in the Advanced Settings Dial Numbers menu Field Description Entries Displays the numbers of the connection partner Add new entries with Add Edit existing entries with p Fields in the Dial Number Configuration Entry lt 1 gt only appears for Entries Add Field Description Mode Select whether Call Number is to be used for incoming or out going calls or for both Possible values Both default value For incoming and outgoing calls e Incoming For incoming calls where your connection part ner dials in to your device e Outgoing For outgoing calls where you dial your connec tion partner The calling party number of the incoming call is compared with the number entered under Call Number Call Number Enter the connection partner s number Port Usage Select which ISDN interfaces are used Fields in the Advanced Settings IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are sent Possible values e Passive default value OSPF is not activated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter 15 WAN Funkwerk Enterprise Communications GmbH Field Description face are however included when calculating the routing in formation and propagated over active interfaces e
61. Communications GmbH Field Description DH Group The Diffie Hellman group defines the parameter set used as the basis for the key calculation during phase 1 MODP as sup ported by bintec devices stands for modular exponentiation Possible values e 1 768 Bit During the Diffie Hellman key calculation modular exponentiation at 768 bits is used to create the en cryption material e 2 1024 Bit During the Diffie Hellman key calculation modular exponentiation at 1024 bits is used to create the en cryption material e 5 1536 Bit During the Diffie Hellman key calculation modular exponentiation at 1536 bits is used to create the en cryption material Lifetime Create a lifetime for phase 1 keys As for RFC 2407 the default value is eight hours which means the key must be renewed once eight hours have elapsed The following options are available for defining the lifetime Entry in Seconds Enter the lifetime for phase 1 key in seconds The value can be a whole number from 0 to 2147483647 The default value is 14400 Entry in KBytes Enter the lifetime for phase 1 keys as amount of data processed in kBytes The value can be a whole number from 0 to 2147483647 The default value is 0 The standard value as per RFC is used 0 seconds and 0 Kbytes are entered Authentication Method Select the authentication method Possible values e Preshared Keys default value If you do not use certific ates for the authenti
62. DHCP Poo 024 a dt bide a A oes Sh oy De 434 19 4 2 IP MAG Bindiig 2 ei eae eo ae a eS 437 19 4 3 DHCP Relay Settings 2 2 en 439 19 5 Web Filleh sei ge ap We Bee aie Bs FAS A id ie 440 19 5 1 Global Settings 0 440 19 5 2 EllteriLiSt 2 aig che e Be E a a aS Y 442 19 5 3 Black White List 2 2 0 eo o 444 19 5 4 HISTORY 0 00 Go ae a a E A a TA ds 446 19 6 CAPI Severo co hw be beh ee att 446 19 6 1 User i nip A Bed Bete We eet pee to a es 447 19 6 2 OPTIONS Fe nse E ies Rah eee ier oy SE Gs ta ee nde ne eter 448 19 7 Scheduling cris Be ei e Pe ae de 449 19 7 1 Schedull y agil og ed hod a a eae 4 449 19 7 2 OPtiONS x2 a he ad oh ode de hc Sy a rd wh het de tio Le 453 19 8 Surveillance 2 o 454 viii R1xxx R3xxx R4xxx R1xxx R3xxx R4xxx 19 8 1 19 8 2 19 8 3 19 9 19 9 1 19 10 19 10 1 19 10 2 19 11 19 11 1 19 11 2 19 12 19 12 1 19 13 19 13 1 19 13 2 19 13 3 Chapter 20 20 1 20 1 1 20 1 2 20 1 3 20 2 20 2 1 20 3 20 3 1 Chapter 21 A snk ES Sn Wo end Me So gt Sa EE em Gee Re end 4 454 Interfaces 2 0 veg ea A Yo ORR a A A 456 Ping Generator e 458 ISDN Theft Protection 2 a a 460 OPTIONS ia ac a ORM af De Aa Woe Ee we 460 Funkwerk Discovery 2 6 ee ee ee es 462 Device Discovery 6 a saoao osa a a a e a a 4 4 462 Options asb S gn a AA
63. Digital certificates are part of a so called Public Key Infrastructure PKI PKI refers to a system that can issue distribute and check digital certificates Certificates are issued for a specific period usually one year i e they have a limited valid ity period Your device is designed to use certificates for VPN connections and for voice connections over Voice over IP 10 6 1 Certificate List In the System Management gt Certificates gt Certificate List menu a list of all available certificates is shown 10 6 1 1 Edit Click the icon to display the content of the selected object key certificate or request a bintec R1200 ESE Certificate List CRLs Certificate Servers Edit parameters Description aw p12 Interface Mode Bridge f y Groups Certificate is CA Certificate True a Je miniriraivo Atcers Force certificate to be trusted Cte Remote Authentication _ _ View details es r certificate Bed SerialNumber 11 SubjectName 1t CN ri200 aw OU Support O Funkwerk EC ST Bavaria C DEsgt IssuerName lt CN linuxCa OU Support O Funkwerk EC ST Bavaria C DE gt Validity NotBefore 2006 Sep 15th 07 07 49 GMT 5 Notdfter 2008 Sep 14th 07 07 49 GMT PublicKeyInto Algorithm name X 509 rsaEncryption Modulus n 1024 bits 16574300073530619299711756289853 6583 6058592284552111716307381855989730994 424195975049742 634337599053 649050292954
64. Ethernet interface in ex works state The logical Ethernet interface en1 0 is assigned and is preconfigured with the IP Address 192 168 0 254 and Netmask 255 255 255 0 The logical Ethernet interface en 1 4 is assigned to the ETH5 port and is not precon figured En Note To ensure your device can be reached when splitting ports make sure that Ethernet interface en1 0 is assigned with the preconfigured IP address and netmask to a port that can be reached via Ethernet If in doubt carry out the configuration using a serial connection via the Console interface ETH1 ETH4 The interfaces can be used separately They are logically separated from each other each separated port is assigned the desired logical Ethernet interface in the Ethernet Interface Selection field of the Port Configuration menu For each assigned Ethernet interface an other interface is displayed in the list in the LAN gt IP Configuration menu and a com pletely independent configuration of the interface is possible ETH5 By default the logical Ethernet interface en 1 4 is assigned to the ETH5 port The configur ation options are the same as those for the ports ETH1 ETH4 VLANs for Routing Interfaces Configure VLANs to separate individual network segments from each other for example e g individual departments of a company or to reserve bandwidth for individual VLANs when managed switches are used with the QoS function 11 2 1 Port Configuration
65. Funkwerk Enterprise Communications GmbH Field Description Possible values e Ignore default value The type of service is ignored e DSCP Binary Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in binary format currently not implemen ted e DSCP Decimal Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in decimal format currently not implemen ted e TOS Binary Value The TOS value is specified in binary format e g 00111111 e TOS Decimal Value The TOS value is specified in decimal format e g 63 Enter the relevant value for DSCP TOS Binary Value and TOS Decimal Value Mode Select when the interface defined in Route Parameters gt In terface is to be used Possible values e Dialup and wait default value The route can be used if the interface is up If the interface is dormant then dial and wait until the interface is up e Authoritative The route can always be used e Dialup and continue The route can be used if the inter face is up If the interface is dormant then select and use the alternative route rerouting until the interface is up e Never dialup The route can be used if the interface is up e Always dialup The route can be used if the interface is up If the interface is dormant then dial and wait until the interface is
66. Hotspot Gateway gt Hotspot Gateway Bl The Local Services gt Hotspot Gateway gt Hotspot Gateway gt p menu consists of the following fields Fields in the Hotspot Gateway Basic Parameters menu Field Description Interface Choose the interface to which the Hotspot LAN or WLAN is con nected When operating over LAN enter the Ethernet interface here e g en1 0 If operating over WLAN the WLAN interface to which the access point is connected must be selected f Caution For security reasons you cannot configure your device over an interface that is configured for the Hotspot Therefore take care when selecting the interface you want to use for the Hotspot If you select the interface over which the current configura tion session is running the current connection will be lost You must then log in again over a reachable interface that R1xxx R3xxx R4xxx 19 Local Services Funkwerk Enterprise Communications GmbH Field Description is not configured for the Hotspot to configure your device Domain at the HotSpot Enter the domain name that you used when setting up the Hot Server Spot server for this customer The domain name is required so that the Hotspot server can distinguish between the different cli ents customers Walled Garden Enable this function if you want to define a limited and free area of websites intranet The function is not activated by default Walled Network Net mask Only if
67. ISDN 1 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active ADSL flashing The device synchronises with the DSLAM of the ADSL provider Top row on The device has successfully synchronised with the DSLAM of the ADSL provider ADSL flashing Data traffic via the ADSL interface Bottom row synchronous flash ADSL Handshake ing asynchronous ADSL system error flashing The LEDs on bintec R3000w are arranged as follows R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 6 Technical data Fig 9 LEDs on bintec R3000w In operation mode the LEDs on bintec R3000w display the following status information for your device LED status display 1 D Status Information Power on The power supply is connected Status Permanently on or Error off flashing The device is active ETH 1 to5 on The device is connected to the Ethernet Top row flashing Data traffic via the Ethernet interface ETH 1 to5 on Data traffic with 100 mbps Bottom row off Data traffic with 10 mbps ISDN 0 B D on ISDN D channel is active Top row ISDN 0 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active ISDN 1 B D on ISDN D channel is active Top row 6 Technical data Funkwerk Enterprise Communications GmbH LED Status Information ISDN 1 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active ADSL flashing The device synchr
68. In this menu you configure the ISDN interfaces of your device Here you enter data such as the type of ISDN connection to which your gateway is connected You can use the ISDN interfaces of your gateway for various types of use You must carry out two steps to configure the ISDN interfaces e Enter the settings for your ISDN connection Here you set the most important parameters of your ISDN connection e MSN Configuration Here you tell your device how to react to incoming calls from the WAN 11 3 1 ISDN Configuration C Note If the ISDN protocol is not detected it must be selected manually under Port Usage and ISDN Configtype The automatic D channel detection is then switched off An in correctly set ISDN protocol prevents ISDN connections being set up In the Physical Interfaces gt ISDN Ports gt ISDN Configuration menu a list of all ISDN ports and their configurations is shown 11 3 1 1 Working with p Choose the o button to edit the configuration of the ISDN port ISDN BRI interface You can use the ISDN BRI interface of your gateway for both dialup connections and leased lines over ISDN R1xxx R3xxx R4xxx 7 z z i 7 al se s bintec R1200 MESS Language English View Standerd Online Help Logout fu AEN e AE 4 ISDN Configuration MSN Configuration i Basic Parameters Aunt Port Name bri2 0 TE Ethernet Ports A TE WE i DER a ISDH Ports Autoconfiguration on Boo
69. Inactive PIO ARP Mode mactive Oup or Dormant up only DNS Negotiation Menabted C OK cancel Fig 102 WAN gt Internet Dialup gt ISDN gt New The WAN gt Internet Dialup gt ISDN gt New menu consists of the following fields Fields in the ISDN Basic Parameters menu 15 WAN Funkwerk Enterprise Communications GmbH Field Description Description Enter a name for uniquely identifying the connection partner The first character in this field must not be a number and no special characters or umlauts must be used Connection Type Select which layer 1 protocol your device should use This setting applies for outgoing connections to the connection partner and only for incoming connections from the connection partner if they could be identified on the basis of the calling party number Possible values e ISDN 64kbps For 64 kbps ISDN data connections e ISDN 56kbps For 56 kbps ISDN data connections User Name Enter your device code local PPP user name Remote User for Dialin Enter the code of the remote terminal remote PPP user name only Password Enter the password Always on Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Enter the idle time in seconds for static short hold The static
70. L2TP part ner LAN and the corresponding Metric Add new entries with Add The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Funkwerk Enterprise Communications GmbH 16 VPN Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The de fault value is 300 Authentication Select the authentication protocol for this L2TP partner Possible values PAP CHAP MS CHAP default value Primarily run CHAP on denial the authentication protocol required by the PPTP part ner MSCHAP version 1 or 2 possible e PAP Only run PAP PPP Password Authentication Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentica tion Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e MS CHAPv2 Run MS CHAP version 2 only Encryption If necessary select the type of encryption that should be used for data traffic to the L2TP partner This is only possible if STAC or MS STAC compression is not activated for the connection If Encryption is set the remote terminal must also support it oth erwise a connection cannot be set up Possible values e None MPP encryptio
71. LAC and compares them with those specified in the relevant profile The LAC does the same with the fields of the SCCRP of the LNS If this field remains empty authentication data in the tunnel setup messages are not sent and are ignored Fields in the Tunnel Profiles LAC Mode Parameters menu Field Description Remote IP Address Enter the fixed IP address of the LNS used as the destination address for connections based on this profile The destination must be a device that can behave like an LNS UDP Source Port Enter how the port number to be used as the source port for all outgoing L2TP connections based on this profile is to be be de termined By default the Fixed option is disabled which means that ports are dynamically assigned to the connections that use this pro file If you want to enter a fixed port enable the Fixed option Select this option if you encounter problems with the firewall or NAT The available values are 0 to 65535 16 VPN Funkwerk Enterprise Communications GmbH Field Description UDP Destination Port Enter the destination port number to be used for all calls based on this profile The remote LNS that receives the call must mon itor this port on L2TP connections Possible values are 0 65535 The default value is 1701 RFC 2661 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Local IP Address Enter the IP addres
72. MSDUS that could not be transmitted 0 VolP A 7 Frame transmissions without ACK received 0 LocalServices x 18 Duplicate received MSDUs 0 Mainten ot lg CTS frames received in response to an RTS 0 5 10 Received MPDUs that couldnt be decrypted 0 Exetel Repo 1 RTS fames win no CTS received 0 112 Corrupt Frames Received 0 Internal Log 3 eB Se a Back ISDN Modem Interfaces WLAN HotSpot Gateway a05 Fig 202 Monitoring gt WLAN gt WLAN1 gt Advanced Values in the list Advanced Field Description Displays the serial number of the list entry Description Displays the description of the displayed value Value Displays the statistical value Meaning of the list entries Description Meaning Unicast MSDUs trans Displays the number of MSDUs successfully sent to unicast ad mitted successfully dresses since the last reset An acknowledgement was received for each of these packets Multicast MSDUs trans Displays the number of MSDUs successfully sent to multicast mitted successfully addresses including the broadcast MAC Address Transmitted MPDUs Displays the number of MPDUs received successfully Multicast MSDUs re Displays the number of successfully received MSDUs that were ceived successfully sent with a multicast address R1xxx R3xxx R4xxx Description Meaning Unicast MPDUs re Displays the number of successfully received MSDUs that were ceived successfully sent with a unicast address MSDUs th
73. PCR 0 bps Es gt 4 Sustained Cell Rate SCR 0 bps Leased Line ____ ___ _ Real Time Jitter Control Maximum Burst Size MBS 0 bps Ss CCC Fig 107 WAN gt ATM gt Service Categories gt New R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 15 WAN The WAN gt ATM gt Service Categories gt New menu consists of the following fields Fields in the Service Categories Basic Parameters menu Field Description Virtual Channel Connec Select the already configured ATM connection displayed by the combination of VPI and VCI for which the service category is to be defined tion VCC ATM Service Category Select how the data traffic of the ATM connection is to be con trolled When you select the ATM service category a priority is implicitly assigned from CBR highest priority through VBR 1 VBR 3 to VBR lowest priority Possible settings Unspecified Bit Rate UBR default value Unspecified Bit Rate A particular data rate is not guaranteed for the connection The Peak Cell Rate PCR defines the lim it above which data is discarded This category is suitable for non critical applications Constant Bit Rate CBR Constant Bit Rate The con nection is assigned a guaranteed data rate determined by the Peak Cell Rate PCR This category is suitable for critical real time applications that require a guaranteed data rate Variable Bi
74. POP3 Timeout 501 Port 393 433 527 528 Funkwerk Enterprise Communications GmbH PortName 153 156 Port Usage 153 156 283 294 Portforwardings 223 Positive Cache 420 PPPoE Ethernet Interface 263 PPPoE Interfaces for Multilink 263 PPPoE Mode 263 PPTP Address Mode 270 PPTP Inactivity 379 PPTP Interface 268 PPTP Mode 361 PPTP Passthrough 223 Pre empt mode back into master status 481 Preferred Network Type 173 Preshared Key 203 207 210 322 Primary 419 419 Primary DHCP Server 439 Primary IP Address 477 Priorisation algorithm 254 Prioritize TCP ACK Packets 266 270 275 287 291 301 311 314 316 356 364 Priority 125 130 257 406 Priority queue 257 Privacy 207 Propagate PMTU 341 Proposals 332 339 Protocol 226 249 383 388 390 393 398 433 496 Protocol Header Size below Layer 3 254 Provider 298 431 Provider Name 433 Proxy ARP 178 325 Proxy ARP Mode 283 294 311 314 317 358 365 Proxy Interface 246 PVID 182 Q QoS Queue 530 Query Interval 244 Queued 530 Funkwerk Enterprise Communications GmbH Queues Policies 254 R RA Encrypt Certificate 137 RA Sign Certificate 137 RADIUS Dialout 127 RADIUS Secret 125 RADIUS Server Group ID 344 Rate 522 524 526 Real Time Jitter Control 254 Realm 398 Receive Version 230 Received DNS Packets 427 Received MPDUs that couldn t be de crypted 519 Recent System Logs 100 Recipient
75. Password field and click LOGIN status menu of your device s Funkwerk Configuration Interface see Status on page 98 R1xxx R3xxx R4xxx 8 3 1 2 Operating elements Funkwerk Configuration Interface window The Funkwerk Configuration Interface window is divided into three areas e The header e The navigation bar e The main configuration window Header bintes 21200 system Passwords Date and Time System Licences Navigation bar Basic Parameters a Cobol Bett System Name 200 Interface Mode Bridge m pa N Location Main configuration window Administrative Access Remote Authentication Contact FUNKWERK Maximum Number of Syslog Entries Maximum Message Level of Syslog Entries Information i Maximum Number of Accounting Log Entries 20 oK JC cancel Fig 33 Areas of the Funkwerk Configuration Interface Header http j 192 168 0 254 E bintee 21200 PA Fig 34 Funkwerk Configuration Interface header Funkwerk Configuration Interface header j Language selection From the dropdown menu select the lan Langua el English e wi guage in which the Funkwerk Configuration Interface is to be R1xxx R3xxx R4xxx displayed Here you can select the language in which you want to carry out the configuration German and English are avail able View View Select the desired view
76. Possible values e Automatic The IP address is determined automatically e Specific default value Enter the IP address in the adja cent input field e g to test a particular extended route Interval Enter the interval is seconds during which the ping is to be sent to the target IPaddress specified in Target IP Address Possible values are 1 to 65536 R1xxx R3xxx R4xxx Field Description The default value is 10 19 9 ISDN Theft Protection With the ISDN theft protection function you can prevent a thief who has stolen a gateway from gaining access to the gateway owner s LAN Without theft protection he could dial in to the LAN by ISDN if under WAN gt Internet Dialup gt ISDN gt the field Always on is enabled 19 9 1 Options All interfaces for which the theft protection is enabled are administratively set to down when the gateway boots The gateway then calls itself by ISDN and checks its location If the configured ISDN call numbers differ from the numbers dialled the interfaces remain disabled If the numbers agree the device assumes that it is at the original location and the inter faces are administratively set to up To reduce cost the function uses the ISDN D channel Cz Note Note that the ISDN theft protection function is not available for Ethernet interfaces R1xxx R3xxx R4xxx R1xxx R3xxx R4xxx Basic Parameters ISDN Theft Protection
77. Possible values are 1 to 99 The default value is 5 Fields in the OAM Control CC Activation Field Description Continuity Check CC Select whether you activate the OAM CC test for the connection End to End between the endpoints of the VCC or VPC Possible values e Passive default value OAM CC requests are responded to after CC negotiation CC activation negotiation e Active OAM CC requests are sent after CC negotiation CC activation negotiation Both OAM CC requests are sent and answered after CC ne gotiation CC activation negotiation e No negotiation Depending on the setting in the Direction field OAM CC requests are either sent and or responded to There is no CC negotiation e None The function is disabled Also select whether the test cells of the OAM CC are to be sent or received Possible values 15 WAN Funkwerk Enterprise Communications GmbH Field Description e Both default value CC data is both received and generated e Sink CC data is received e Source CC data is generated Continuity Check CC Select whether you want to activate the OAM CC test for the Segment segment connection segment connection of the local end point to the next connection point of the VCC or VPC Possible values e Passive default value OAM CC requests are responded to after CC negotiation CC activation negotiation e Active OAM CC requests are sent after CC negotiation CC activation negoti
78. R1xxx R3xxx R4xxx 22 7 1 Hotspot Gateway In the Monitoring gt Hotspot Gateway gt Hotspot Gateway menu a list of all connected hosts is shown bintec R1200 Language English View Standard Online Help Hotspot Gateway automatic Refresh interval 300 Seconds Apply J Authenticated HotSpot User User Name IP Adress Physical Address Logon terface E Fig 211 Monitoring gt Hotspot Gateway gt Hotspot Gateway Values in the list Hotspot Gateway Field Description User Name Displays the user s name IP Address Shows the IP address of the user Physical Address Shows the physical address of the user Logon Shows the login time Interface Shows the interface used 22 8 QoS In the Monitoring gt QoS menu statistics are displayed for all interfaces for which QoS has been configured R1xxx R3xxx R4xxx 22 8 1 QoS In the Monitoring gt QoS gt QoS menu a list of all interfaces is shown for which QoS has been configured bintec R1200 Language English View Standard Online Help interface Q05 Queue Send Dropped Queued HotSpot Gateway Qos Fig 212 Monitoring gt QoS gt QoS Values in the QoS list Field Description Interface Shows the interface for which QoS has been configured QoS Queue Shows the QoS Queue which has been configured for this in terface Send Shows the number of sent packets with the corr
79. Router Redundancy Protocol is a Bintec specific implementation of the VRRP Virtual Router Redundancy Protocol A router redundancy procedure is used mainly to safeguard the availability of a physical gateway in a LAN or WAN R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 19 Local Services Terms and Definitions A number of special terms are used to describe the functionality The following terms are defined in the relevant RFC and in the Internet draft BRRP terms Field Description VRRP router Virtual Router IP Address Owner Primary IP Address VRRP Advertisement Virtual Router Master Virtual Router Backup A router that uses the Virtual Router Redundancy Protocol It can be integrated into one or more virtual routers An abstract object controlled by the VRRP which is used as default router for the hosts of a LAN It comprises a Virtual Router Identifier ID of the virtual router and an IP address or a group of associated IP addresses in a common LAN A VRRP router can protect the data traffic of one or more virtual routers The VRRP router that possesses the IP address es of the vir tual router as real interface address es This is the router that if active answers packets for ICMP pings TCP connections etc to one of these IP addresses An IP address that is selected from the group of real interface addresses A possible algorithm option is the selection
80. Service Enabled Dialling Number Incoming Number Outgoing Number al Interface Monitored Interfaces k Add d E Advanced Settings Number of Dialling Retries 3 DHCP Server r WebFite Timeout 5 Seconds CAPI Server E Scheduling OK Cancel Surveillance ISDH Theft Protection Funkwerk Discovery UPnP HotSpot Gateway Fig 169 Local Services gt ISDN Theft Protection gt Options The menu Local Services gt ISDN Theft Protection gt Options consists of the following fields Fields in the Options Basic Parameters menu Field Description ISDN Theft Protection Enable or disable the ISDN theft protection function Service The function is activated with Enabled The function is disabled by default Dialling Number Only if ISDN theft protection service is enabled Enter the subscriber number that the gateway dials to call itself Incoming Number Only if ISDN theft protection service is enabled Enter the subscriber number to be compared with the current calling party number Outgoing Number Only if ISDN theft protection service is enabled Field Description Enter the subscriber number to be set as calling party number Monitored Interfaces Only if ISDN theft protection service is enabled Use Add to add a new interface to the list Select from the available interfaces those to which the ISDN theft protection fun
81. Special features connection Specify own tele phone number for next call Speeddial number SPID Splitter Spoofing Glossary side the interface is intended for connecting a PBX point to point connection and for connecting up to eight ISDN terminals point to multipoint connection Small Offices and Home Offices The SPD Security Policy Database defines the security services available for IP traffic These security services are dependent on parameters such as the source and destination of the packet etc Performance features of the T Net and T ISDN networks such as display of the caller s number callback on busy call forwarding changeable connection lock changeable telephone number lock connection without dialling and transmission of charge information Availability depends on the standard of the connected terminals T ISDN Basic Rate Interface with an extensive range of services call waiting call forwarding third party conference display of call costs at the end of a connection inquiry brokering telephone num ber transmission In the special features connection three multiple subscriber numbers are included as standard If you want to make a business call late in the evening from your private sphere say the living room for example you can define your business telephone number as the outgoing multiple subscriber number MSN for this call The advantages of this are that the costs for the connection a
82. The ports are released internally to the gateway on demand i e when an audio video transfer is started in Messenger When the application is closed the ports are immediately closed again The peer to peer communication is initiated via public SIP servers with only the information from the two clients being forwarded The clients then communicate directly with one an other For further information about UPnP see www upnp org 19 11 1 Interfaces In this menu you configure the UPnP settings individually for each interface of your gate way You can determine whether UPnP requests from clients are accepted by each interface for requests from the local network and or whether the interface can be controlled via UPnP requests bintec R1200 We Sead S Global Settings pe view 20 perpage CCl Ftern None W equal Go interface Answerto cient request Jero Ue oia jent 0 enabled DEnabled Notcontgured Eene ClEnaoes lent 4 Enabled enabled _ Not configured Enabled Dnabled Page 1 Items 1 4 C oK cancel HTTPS DynDNS Client Fig 173 Local Services gt UPnP gt Interfaces The menu Local Services gt UPnP gt Interfaces consists of the following fields Fields in the Interfaces menu Field Description Answer to client request Determine whether UPnP requests from clients are to be
83. The value can only be changed for Roaming Profile Custom Roaming The default value is 10 ms Max Time Period for Indicates the maximum time in milliseconds a frequency is act Active Scan ively scanned The value can only be changed for Roaming Profile Custom Roaming The default value is 40 ms Min Time Period for Indicates the minimum time in milliseconds a frequency is pass Passive Scan ively scanned The value can only be changed for Roaming Profile Custom Roaming The default value is 20 ms Max Time Period for Indicates the maximum time in milliseconds a frequency is act Passive Scan ively scanned Funkwerk Enterprise Communications GmbH 13 Wireless LAN Field Description The value can only be changed for Roaming Profile Custom Roaming The default value is 120 ms RTS Threshold Select how the RTS CTS mechanism is to be switched on off If you choose User Defined in the input field you can specify the data packet length threshold in bytes 1 2346 as of which the RTS CTS mechanism is to be used This makes sense if several clients that are not in each other s wireless range are run in one access point The mechanism can also be switched on off independently of the data packet length by selecting the value Always onor Always off default value Short Retry Limit Enter the maximum number of attempts to send a frame of length less than or equal to the value defined in RTS Threshold After this many failed attempts t
84. This only works in combination with clients that use Conexant radio cards By default Frame Concatenation Piggyback Acknow ledge and Direct Link are activated Funkwerk Enterprise Communications GmbH 13 Wireless LAN The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Beacon Period Only if Operation Mode Access Point or Access Client with Client Mode Ad Hoc Enter the time in milliseconds between the sending of two beacons This value is transmitted in Beacon and Probe Response Frames Possible values are 1 to 65535 The default value is 100 msec DTIM Period Only if Operation Mode Access Point or Access Client with Client Mode Ad Hoc Enter the interval for the Delivery Traffic Indication Message DTIM The DTIM field is a data field in transmitted beacons that in forms clients about the window to the next broadcast or multic ast transmission lf clients operate in power save mode they come alive at the right time and receive the data Possible values are 1 to 255 The default value is 2 RTS Threshold Here you select how the RTS CTS mechanism is to be switched on off If you choose User Defined in the input field you can specify the data packet length threshold in bytes 1 2346 as of which the RTS CTS mechanism is to be used This makes sense if several clients that are not in each other s wireless range are run in one access point
85. Time Displays the time of the record R1xxx R3xxx R4xxx Field Description Level Displays the hierarchy level of the message Subsystem Displays which subsystem of the device generated the mes sage Message Displays the message text 22 2 IPSec 22 2 1 IPSec Tunnels In the Monitoring gt IPSec gt IPSec Tunnel menu a list of all configured IPSec peers is shown 2 J Vales Ve TE bintec R1200 ia View Standard Online Help Logout 4 Y 5 IPSec Tunnels IPSec Statistics PhiysicalImerfaces Y Automatic Refresh Interval 300 Seconds Apply view feo per page LIL Fiter in None vlequal Yf Go _ Description Remote IP Remote Networks Securty Algorithm Status Action lt Peer1 Je JG A TE ERT Page 1 tems 1 1 Internal Log IPSec SD Modem _ Interfaces WLAN HotSpot Gateway QoS Fig 195 Monitoring gt IPSec gt IPSec Tunnel Values in the list IPSec Tunnels Displays the serial number of the IPSec tunnel Description Displays the name of the IPSec tunnel Remote IP Address Displays the IP address of the remote IPSec Peers Remote Networks Displays the currently negotiated subnets of the remote termin al R1xxx R3xxx R4xxx Field Description Security Algorithm Displays the encryption algorithm of the IPSec tunnel Status Displays the operating status of th
86. VPN required to set up your LAN LAN connection as a virtual private network Wireless LAN involves the set up of a network using wireless Wireless LAN technology VoIP PBX in the LAN The assistant is required e g for specific PBX in the LAN such as Hybird in order to guarantee SIP compatibility To do this external communication is carried out over a single IP address and NAT is realised as full cone NAT System Management Funkwerk Enterprise Communications GmbH 8 Access and configuration Status Global Settings Interface Mode Bridge Groups Administrative Access Remote Authentication Certificates Physical Interfaces In this menu general information on your device is displayed at a glance This information includes serial number software version cur rent memory and processor use status of the physical inter faces and the last 10 system messages In this menu you enter the basic system settings of your device such as for example system name system date system time and passwords You can also manage licences that are necessary for the use of certain functions In this menu you define the mode in which the interfaces of your device are to run routing or bridging and if necessary can define bridge groups In this menu you configure the access options for the individual interfaces In this menu you configure the authentication via a RADIUS server or TACAS server In this menu you
87. VoIP to VoIP connections there is no code translation for different VoIP terminal codecs The codecs of media gateway and VoIP terminals must there fore agree If the function is disabled RTP sessions are not terminated on the media gateway i e all RTP streams are routed by the me dia gateway without termination The RTP data packets can be routed in complex networks and thus also via other gateways The function is activated with Enabled The function is enabled by default Default Drop Extension You can specify an extension to which incoming calls are for warded if they cannot be assigned to an extension or connected PABX Dial Latency Enter the maximum delay time before the system assumes the call number entered is complete and starts the SIP dialling pro cess sends the SIP INVITE message This timeout is reset each time that a button is pressed Possible values are 0 to 15 Field Description The default value is 5 If you terminate the number entered with dialling is immedi ate Fields in the menu Advanced Settings Field Description Speed Dialing Define short sequences of numbers that can be dialled instead of the entire number Click Add to configure new speeddial numbers Enter the desired speeddial number for the user e g 123 under Shortcut Enter the subscriber number to be dialled in place of the speed dial number e g 09119673 under Replacement In the example above if a user types in
88. Walled Garden is enabled Enter the network address of the Walled Network the corres ponding Netmask of the intranet server For the address range resulting from Walled Network Net masks clients require no authentication Example Enter 192 168 0 0 255 255 255 0 if all IP addresses from 192 168 0 0 to 19 168 0 255 are free Enter 192 168 0 1 255 255 255 255 if only the IP address 192 168 0 1 is free Walled Garden URL Only if Walled Garden is enabled Enter the Walled Garden URL of the intranet server Freely ac cessible websites must be reachable over this address Terms amp amp Conditions Only if Walled Garden is enabled In the General Terms and Conditions input field enter the ad dress of the general terms and conditions on the intranet server or public server e g http www webserver de agb htm The page must lie within the address range of the walled garden net work Language for login win dow Here you can choose the language for the start login page The following languages are supported English Deutsch Italiano Fran ais Espa oland Portugu s The language can be changed on the start login page at any Field Description time The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Ticket Type Select the ticket type Possible values e Voucher Only the user name must be entered Define a de fault password in the
89. a unique description for the CRL Local Certificate De scription File Encoding Select the type of encoding so that your device can decode the CRL Possible values e auto default value Activates automatic code recognition If downloading the CRL in auto mode fails try with a certain type of encoding e Base64 e Binary Password Enter the password to be used for the import 10 6 3 Certificate Servers In the System Management gt Certificates gt Certificate Servers menu a list of all certi ficate servers is shown A certificate server provides for certificate revocation lists CRL that are used by the device to verify certificates via LDAP or HTTP 10 6 3 1 New Choose the New button to set up a certificate server R1xxx R3xxx R4xxx bintec Rt200 gt PERNT crn ep Certificate List CRLs K Basic Parameters ARRE x Description I i OK Cancel Fig 58 System Management gt Certificates gt Certificate Servers gt New The System Management gt Certificates gt Certificate Servers gt New menu consists of the following fields Fields in the Certificate Servers Basic Parameters menu Field Description Description Enter a unique description for the certificate server LDAP URL Path Enter the LDAP URL or the HTTP URL of the server R1xxx R3xxx R4xxx Chapter 11 Physical Interfaces In this menu you configure the physical interfaces th
90. a1 and b1 are used In 4 wire mode the additional wire pairs a2 and b2 are used The pin assignment for the SHDSL interface RJ45 connector is as follows RJ45 socket for SHDSL connection bintec R3400 1 Not used Not used Not used Line a1 Line b1 Not used Line a2 Line b2 aN DO oa 0 DY The SHDSL interface on bintec R3800 is connected via an RJ45 connector The cable supplied connects the RJ45 connector needed for the device to an RJ45 connector needed for the SHDSL connection The following pins are used for the SHDSL connection Fig 29 SHDSL interface RJ45 connector bintec R3800 The use of wire pairs can be configured in the Funkwerk Configuration Interface The pin assignment for the SHDSL interface RJ45 connector is as follows RJ45 socket for SHDSL connection bintec R3800 Line a4 Line b4 Line a3 Line a1 Line b1 Line b3 Line a2 Line b2 ON DO oa fF Wo NY 6 5 7 X 21 interface bintec R4300 has two X 21 interfaces The connection is made via a 26 pole mini Delta ribbon socket Fig 30 X 21 interface 26 pole mini Delta ribbon socket The 26 pole mini Delta ribbon socket has the following pin assignment Pin assignment of 26 pole mini Delta ribbon socket Shield At 1 1 1 A A 1 1 GND A 8 B B 19 19 TxD B A3 3 9 11 S T 22 24 TxD A A4 4 2 4 P R 4 6 RxD B A5 5 11 T S 24 22 RxD A A6 6 4 R P 6 4 RTS B A7 7 10 12 25 27 RTS A A 8 3 5 C D 7 9 R1xxx R3xxx R4xXxX C
91. access point Asymmetric digital subscriber line Authentication header Display unit e g for T Concept PX722 system telephone able to display letters and other characters as well as digits For the connection of analogue terminals such as telephone fax and answering machine Terminals that transmit voice and other information analogously e g telephone fax machine answering machine and modem To transmit voice via the telephone acoustic oscillations are conver ted to continuous electrical signals which are transmitted via a net work of lines digital voice transmission You configure an analogue answering machine under Terminal Type Funkwerk Enterprise Communications GmbH AOC D AOC D E AOC E ARP Assignment Asynchronous ATM Attention tone Authentication Authorisation Automatic callback Automatic callback on busy Automatic callback on busy CCBS Glossary Display during and at end of connection Advice of charge during end Display only at end of connection Address Resolution Protocol An external call can be signalled to internal subscribers The entries in the Day option and Night option can be different A method of data transmission in which the time intervals between transmitted characters can vary in length This allows computers and peripheral devices to intercommunicate without being synchron ised by clock signals The beginning and end of the transmitted characters m
92. access information lt is therefore impossible to log in with read read the password of the admin user and subsequently log in with admin and make changes to the configuration Caution All bintec devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthor ised use How to change the passwords is described in Passwords on page 103 Make sure you change the passwords to prevent unauthorised access to your device If you have forgotten your password you must reset your device to the ex works state which means your configuration will be lost 8 2 2 Logging in for Configuration Set up a connection to the device The access options are described in Access Options on page 70 Funkwerk Configuration Interface Log in via the HTML surface as follows 1 Enter your user name in the User field of the input window 2 Enter your password in the Password field of the input window and confirm with Re turn or click the Login button The status page of the Funkwerk Configuration Interface opens in the browser SNMP shell Log into the SNMP shell as follows 1 Enter your user name e g admin and confirm with Return 2 Enter your user password e g funkwerk and confirm with Return Your device logs in with the input prompt e g R100wu gt The login was successful You are now in the SNMP shell To leave the SNMP shell after completin
93. any incorrect configurations Warning symbols Icon Meaning This symbol appears in messages referring you to settings that were made with the Setup Tool 8 Access and configuration Funkwerk Enterprise Communications GmbH Icon Meaning A This symbol appears in messages referring you to the fact that values were entered or selected incorrectly Pay particular attention to the following message Warning Changes not supported by the Setup Tool If you makes these changes with the Funkwerk Configuration Interface this can cause inconsistencies or mal functions Therefore it is recommended that the configuration is continued with the Setup Tool 8 3 1 3 Funkwerk Configuration Interface menus The configuration options of your device are contained in the sub menus which are dis played in the navigation bar in the left hand part of the window ES Note Please note that not all devices have the full range of functions Check the software of your device on the corresponding product page under www funkwerk ec com The Funkwerk Configuration Interface contains the following menus Assistants In this menu you can make the basic settings that are required First steps to add your gateway to your local network LAN The wizard guides you through the individual configuration Internet access steps to connect your local network LAN to the internet In this menu you are guided through all of the settings that are
94. as a serial interface The DMZ ETH5 interface can be used to connect an optional DSL modem or a DMZ The connection is made via an RJ45 socket Fig 23 Ethernet 10 100 Base T interface RJ45 socket The pin assignment for the Ethernet 10 100 Base T interface RJ45 socket is as follows RJ45 socket for Ethernet connection 1 TD 2 TD 3 RD 4 Not used R1xxx R3xxx R4xxx 5 Not used 6 RD 7 Not used 8 Not used The Ethernet 10 100 BASE T interface does not have an Auto MDI X function The pin assignment for the Ethernet 10 100 Base T interface RJ45 socket is as follows RJ45 socket for Ethernet connection or serial interface console TD Ethernet TD Ethernet RD Ethernet RX console GND console RD Ethernet GND console ON Oa WO NY TX console The combined serial Ethernet 10 100Base T interface does not have an Auto MDI X func tion 6 5 2 ISDN SO port bintec R1200 R1200w R1200wu R3000 R3000w R3400 R3800 R4100 and R4300 have two additional ISDN SO interfaces which can be used for backup functions for ex ample The connection is made via an RJ45 socket Fig 24 ISDN SO BRI interface RJ45 socket The pin assignment for the ISDN SO BRI interface RJ45 socket is as follows R1xxx R3xxx R4xxx RJ45 socket for ISDN connection Not used Not used Transmit Receive Receive Transmit Not used ON DO oa fF WO NY Not used 6
95. as the language 4 Check the key status in the System Management gt Administrative Access gt SSH menu If both keys are available you will see the Generated value in the two RSA key Status and DSA key Status fields 5 If one or both of these fields contains the value Not Generated you must generate the relevant key To have the device generate the key click Generate The device generates the key and stores it in the FlashROM Generated indicates that generation was successful 6 Make sure that both keys have been successfully generated If necessary repeat the procedure described above Funkwerk Enterprise Communications GmbH 8 Access and configuration Login via SSH Proceed as follows to log in on your device via SSH If you have made sure that all the keys needed are available on the device you have to check whether an SSH client is installed on your PC Most UNIX and Linux distributions in stall a SSH client by default Additional software e g PUTTY usually has to be installed on a Windows PC Proceed as follows to log in on your device via SSH UNIX 1 Enterssh lt IP address of the device gt in a terminal The login prompt window appears This is located in the SNMP shell of the device 2 Continue with Logging in on page 75 Windows 1 How an SSH connection is set up very much depends on the software used Consult the documentation for the program you are using As soon as you have connected to t
96. behaviour 17 1 Policies 17 1 1 Filter Rules The default behavior with Action Access consists of two implicit filter rules If an incom ing packet can be assigned to an existing connection and if a suitable connection is expec ted e g such as an affiliated connection of an existing connection the packet is allowed The sequence of filter rules in the list is relevant The filter rules are applied to each packet in succession until a rule matches If overlapping occurs i e more than one filter rule matches a packet only the first rule is executed This means that if the first rule denies a packet whereas a later rule allows it the packet is rejected A deny rule also has no effect if a relevant packet has previously been allowed by another filter rule In the Firewall gt Policies gt Filter Rules menu a list of all configured filter rules is shown bintec R1200 Language English View Standard Online Help es 00S Options view 20 perpage lll Fiterin None Viequal f Go Order Source Destination Service Adin oy Poy active 3 Eaei Show administrative access rules New oK Cancel Fig 129 Firewall gt Policies gt Filter Rules You can use the button to insert another policy above the list entry The configuration menu for creating a new policy opens You can use the button to move the list ent
97. bundle Choose the ig button to edit the predefined SHDSL interfaces In the ex works state the logical SHDSL interfaces Shds1 0 to Shds1 3 are each preset with one pair of wires R1xxx R3xxx R4xxx bintec R3800 Langise Engin x Mew Sercord 8 Funkwerk rero Save configuration i SHDSL Configuration Physical Interfaces SHDSL Parameters AA ATM Interface fcca 3 0 Ethernet Ports gt FAA F gt i ISDN Ports Device Made Oco Central Office O CPE Customer Premises Equipment SHDSL SHDSL Type Annex A Annex B 7 Clock Rate O Fixed Adaptive meee Wire Mode 2wire o Minimum 192 a kops aie r z Line Speed Interval E Poa Maximum 5696 9 kbps pee Servic R A ok Cancel Fig 66 Physical Interfaces gt SHDSL gt SHDSL Configuration gt Fields in the SHDSL SHDSL Parameter menu Field Description ATM Interface Displays the name of the ATM interface Device Mode Define the role within the connection Possible values e CPE Customer Premises Equipment default value Mode for the user page of the SHDSL connection e CO Central Office Mode for the provider page of the SHDSL connection Note CPE on the one hand and CO on the other hand must al ways be set for each SHDSL connection SHDSL Type Define which Annex of ITU T Recommendation G 991 2 is used for the connection Possible values e Annex A For applications in North America provid
98. by entering the address to be tested in Traceroute Address and clicking on the Go button 20 2 Software amp Configuration 20 2 1 Options You can use this menu to manage the software version of your device your configuration files and the language of the Funkwerk Configuration Interface Your device contains the version of the system software available at the time of production More recent versions may have since been released You may therefore need to carry out a software update Every new system software includes new features better performance and any necessary bugfixes from the previous version You can find the current system software at www funkwerk ec com The current documentation is also available here Important If you want to update your software make sure you consider the corresponding re lease notes These describe the changes implemented in the new system software The result of an interrupted update e g power failure during the update could be that your gateway no longer boots Do not turn your device off during the update An update of BOOTmonitor and or Logic is recommended in a few cases In this case the release notes refer expressly to this fact Only update BOOTmonitor or Logic if Funkwerk Enterprise Communications GmbH explicitly recommends this Flash Your device saves its configuration in configuration files in the flash EEPROM Electrically Erasable Programmable Read Only Memory The da
99. by telephone if ne cessary e g children or grandparents As you can set up the Direct Call function for one or more telephones the receiver of the tele phone simply needs to be lifted After five seconds the PBX auto matically calls the defined direct call number if you do not start dial ling another number first You can enter up to 12 destination num bers when you configure Direct Call A direct call number can only be used by one subscriber If you want to change an entered direct call number you can simply enter the new direct call number without having to delete the old direct call number The old number is auto matically overwritten when the new configuration is transferred to the PBX Direct Inward System Access Data transfer during online connections where files are loaded from a PC or data network server to the user s own PC PBX or ter minal so that they can be used there Data is transferred between the Internet and your PBX over ISDN or T DSL The PBX determines the remote terminal to which a data packet is to be sent For a connection to be selected and set up parameters must be defined for all the required connections These parameters are stored in lists which together permit the right con nection to be set up The PBX uses the PPP Point to Point Pro tocol for ISDN access and PPPoE Point to Point Protocol over Ethernet for access over T DSL The traffic on these two Internet connections is monitored separ
100. by web filtering Maximum Number of Define the number of entries to be saved in the web filtering his History Entries tory History menu Possible values are 1 to 512 The default value is 64 URL Path Depth Select the path length to which a URL is to be checked by the Cobion Orange Filter Action if server not Select which is to be done with URL requests if the web filtering reachable server cannot be reached Possible values e Allow all default value The download is permitted e Block all The download of the requested page is blocked e Log all The download is permitted but logged Action if license not re Select what is to be done with URL requests if the licence key gistered status is Not Valid Possible values e Allow all default value The download is permitted e Block all The download of the requested page is blocked e Log all The download is permitted but logged The License Information menu consists of the following fields Fields in the Global Settings License Information menu Field Description Licence Key Enter the number of your Proventia Web Filter licence The pre set code assigned by ISS designates the device type In the ex works state you can activate a 30 day demo version of the Proventia Web Filter Click here on the link Activate 30 day demo license Licence Status Shows the result of the last validity check of the licence The validity of the licence is checked every 23 ho
101. can also be configured as the call destination for the ring button Your door intercom can have up to 4 ring buttons The door opener can be pressed during an intercom call It is not possible activate the door opener if an intercom call is not taking place Dotted Decimal The syntactic representation of a 32 bit whole number written in Notation four 8 bit numbers in decimal form and subdivided by a point It is used to represent IP addresses on the Internet e g 192 67 67 20 Downstream Data transmission rate from the ISP to the customer DSA DSS Digital Signature Algorithm Digital Signature Standard Funkwerk Enterprise Communications GmbH DSL xDSL DSS1 DSSS DTE DTMF Dynamic IP address E1 T1 ECB ECT Email Glossary Digital Subscriber Line Digital Subscriber Signalling System Direct Sequence Spread Spectrum is a wireless technology that was originally developed for the military and offers a high level of protec tion against faults because the wanted signal is spread over a wide area The signal is spread by means of a spread sequence or chip ping code consisting of 11 chips across 22 MHz Even if there is a fault on one or more of the chips during transfer the information can still be obtained reliably from the remaining chips Data Terminal Equipment Dual Tone Multi Frequency tone dialling system In contrast to a static IP address a dynamic IP address is assigned temporarily by DHCP Network comp
102. ch steak ee feet ide tn tee i Ae So eget io gh tees 385 Chapter 18 VOIP gt wae ea Pe eee ee wa ee ee eee 387 18 1 Application Level Gateway 2 2 ee ee 387 18 1 1 SIP Proxies 2 a stp e ak ee ee A es 387 18 1 2 SIP Endpoints s sa 203 284 hoe toe oe Oe Bo ah eed oe 389 18 2 Media Gateway 2 2 2 1 o 391 18 2 1 EXTENSION L Z seo BS rl Aw Sb Se He Ge ce ee aS da a ato e ia 392 18 2 2 SIP ACCOUN S s dora kod He ee Se beh he ee ce a 397 18 2 3 Gall Routing 3 woes o a ee Bete he ee 404 18 2 4 CLID Translatio an y 50S to Sn Bowe See Le ES ed 408 18 2 5 Call Translation 2 2 2 e 410 18 2 6 ISDNITTUNKS gt s 2 e sek ia e oe eck ee a eh ee aan 412 R1xxx R3xxx R4xxx 18 2 7 OPONE fee ee eit Os ER ee ee as 413 Chapter 19 Local Services ec r ra o aoe Bh Ae eh ee oe 417 19 1 DNS ie back Shiai A E A Shiela 417 19 1 1 GlobalSettingS eg 004 Soh a a Aldea aca ioe a eae 4 419 19 1 2 Static Hosts 2k soa eo a eo Re oe 422 19 1 3 Domain Forwarding 2 2 2 o o 423 19 1 4 Cach ios e ca POR a A eee S 425 19 1 5 Statistics oft bok meted dota Be ee eet Ri a 427 19 2 HET ui Ww ger ated e Buln wy a o a ee Wee 428 19 2 1 HITPS S rver sf sce Se ee Aa eo le Sb SOR a a 428 19 3 DynDNS Client 4026 2 ce a a ee 430 19 3 1 DynDNS Update 2 2 2 02 ee 430 19 3 2 DynDNS Provider 2 o oo o 432 19 4 DHGP S6IVEr a share doa Roe AACS A Se A A 434 19 4 1
103. client searches for available wireless networks as soon as the radio signal of the existing radio connection becomes unsuitable for higher data rates e Normal Roaming default value Standard roaming e Slow Roaming The WLAN client searches for available wireless networks as soon as the radio signal of the existing 13 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description radio connection becomes weaker e No Roaming The WLAN client searches for available wire less networks if it is no longer connected to a wireless net work e Custom Roaming Specify the individual roaming paramet ers Scan Threshold Indicates the value in dBm above which the system scans for available wireless networks in the background The value can only be changed for Roaming Profile Custom Roaming The default value is 70 dBm Scan Interval Indicates the interval in milliseconds after which the system scans for available wireless networks The value can only be changed for Roaming Profile Custom Roaming The default value is 5000 ms Channel Sweep Indicates how many frequencies are scanned in the back ground The value can only be changed for Roaming Profile Custom Roaming The default value is 2 The value 0 disables the scan in the background The value 1 enables the scan of all avail able frequencies Min Time Period for Act Indicates the minimum time in milliseconds a frequency is act ive Scan ively scanned
104. codecs actually used are the intersect of the codecs defined here and those signalled by the provider For outgoing calls any remaining codecs are dropped from the list that would require more than the available bandwidth Fields in the Advanced Settings Voice Quality Settings menu Field Description Echo Cancellation Select whether echo cancellation should be used Echo Cancellation is a technique to suppress echo feedback in voice communication on full duplex lines The function is activated with Enabled The function is enabled by default Comfort Noise Genera Specify whether Comfort Noise Generation should be used tion CNG For digital voice transmission this function introduces a low level of background noise to avoid the impression that during pauses at the other end the connection is lost The function is activated with Enabled The function is enabled by default Field Description Packet Size Specify how many milliseconds of voice an RTP data packet should contain Possible values are 5 to 500 The default value is 20 18 2 3 Call Routing Here you can define the conditions for the routing of calls Define a list with rules or rule chains that are used to manipulate the indicated destination numbers In the VoIP gt Media Gateway gt Call Routing menu a list of all existing entries is shown 18 2 3 1 Edit New Choose the o icon to edit existing entries Select the New button to create new en
105. connection parameters If the RADIUS server is used for accounting your device sends an accounting message at the start of the connection and a message at the end of the connection These start and end messages also contain statistical information about the connection IP address user name throughput costs RADIUS packets The following types of packets are sent between the RADIUS server and your device client Packet types Field Value ACCESS_REQUEST Client gt Server If an access request is received by your device a request is sent to the RADIUS server if no corresponding connection part ner has been found on your device ACCESS_ACCEPT Server gt Client If the RADIUS server has authenticated the information con tained in the ACCESS_REQUEST it sends an AC CESS_ACCEPT to your device together with the parameters used for setting up the connection ACCESS_REJECT Server gt Client If the information contained in the ACCESS_REQUEST does not correspond to the information in the user database of the RADIUS server it sends an ACCESS_REJECT to reject the connection ACCOUNTING_START Client gt Server If a RADIUS server is used for accounting your device sends an accounting message to the RADIUS server at the start of each connection ACCOUNTING_STOP Client gt Server Field VENTO If a RADIUS server is used for accounting your device sends an accounting message to the RADIUS server at the end of each co
106. data rate in the send direction is to be re duced This is only needed in a few cases for special DSLAMs Possible values e Default Line Speed The data rate in the send direc tion is not reduced e 128 000 bpsto 2 048 000 bps The data rate in the send direction is reduced to a maximum of 128 000 bps to 2 048 000 bps in defined steps e User Defined The data rate is reduced to the value entered in Maximum Upstream Bandwidth The default value is Default Line Speed Maximum upstream Only if Transmit Shaping User defined bandwidth uf uf Field Description Enter the maximum data rate in the send direction in bits per second 11 5 SHDSL R3400 and R3800 have an integrated SHDSL mode The devices support G SHDSL ac cording to ITU T recommendations G 991 2 Annex A and B and SHDLS bis according to G 991 2 Annex F and G Depending on the device type and configuration the gateway transmits the data over a pair of wires at up to 5696 kbps over two pairs of wires at up to 11392 kbps over three pairs of wires at up to 17088 kbps or over four pairs of wires at up to 22784 kbps 11 5 1 SHDSL Configuration In the SHDSL menu you configure the SHDSL interface of your device Note Ask your provider about any special features of your SHDSL connection Note Agree the connection conditions for back to back connections campus connect with your remote terminal The SHDSL interfaces can be configured separately or as a
107. device s internal source address Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner e Remote IP Address IP address of the destination host or LAN e Netmask Netmask of Remote IP Address 15 WAN Funkwerk Enterprise Communications GmbH Field Description e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 IP Assignment Pool Only if IP Address Mode Provide IP Address Select an IP pool configured in the WAN gt Internet Dialup gt IP Pools menu If an IP pool has not been configured here yet the message Not yet defined appears in this field The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The default value is 300 Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Usage Type If necessary select a special interface use Possible values e Standard default value No special type is selected e Dialin only The interface is used for incoming dialup connections and callbacks initiated externally e Multi User Dialin only The
108. do not enter a name the name in the User Name field is used In SIP client mode Enter a name only if this is explicitly spe cified by the provider Password In SIP client mode The VoIP provider gives you a PIN or pass word for authentication You must enter this value here In SIP server mode Define a PIN or a password Funkwerk Enterprise Communications GmbH 18 VoIP Field Description A maximum of 40 characters can be entered Registration Specify whether the registration mechanism is to be used by SIP REGISTER Normally every SIP client user sends its cur rent position to a REGISTRAR server by means of a RE GISTER message This information about the user and his cur rent address is held by the REGISTRAR server and queried by other proxies to find the user The function is activated with Enabled The function is enabled by default Apart from this standard procedure the relevant data can also be sent to a particular IP address that is already known to the correspondent Registration and authentication are not then needed and the Registration function is disabled An example of this method is Microsoft Exchange SIP Expire Time Only if Registration is enabled Enter the time in seconds after which the current registration be comes invalid and a new registration request is therefore sent Possible values are 0 to 38400 The default value is 600 In answer to a REGISTER request a server can set another Ex pi
109. do so by the connection part ner e Windows Server Mode Your device calls back after a period of time proposed by the Microsoft client NT 10 seconds new systems 12 seconds It uses the subscriber number Entries gt Number MSN with the Mode outgo ing or Both that has been entered for the other party If no number is entered the required number can be reported by the caller in a PPP negotiation This setting should be avoided where possible for security reasons Currently can 15 WAN Funkwerk Enterprise Communications GmbH Field Description not be avoided for the connection of mobile Microsoft clients via DCN e Delayed CLID only Your device calls back after ap prox four seconds if your device is requested to do so by the connection partner Only makes sense for CLID e Windows Server Mode Callback optional Like Windows Server Mode but with the option of aborting This setting should be avoided for security reasons The Mi crosoft client also has the option of aborting callback and maintaining the initial connection to your device without call back This only applies if no fixed outgoing number has been configured for the connection partner This is done by pressing CANCEL to close the dialog box that appears Fields in the Advanced Settings Dial Numbers menu Field Description Entries Add new entries with Add Fields in the Dial Number Configuration Entry lt 1 gt only appears for Entries Add Field Des
110. e Activate interface The interface defined in the Select interface field is activated e Deactivate interface The interface defined in the Se lect interface field is deactivated e Activate WLAN The WLAN interface defined in the Select R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 19 Local Services Field Description interface field is activated e Deactivate WLAN The WLAN interface defined in the Se lect interface field is deactivated e Initiate 5 GHz WLAN Bandscan The wireless module selected in Select Wireless Module is scanned in the 5 GHz frequency band During the scan all wireless connections are interrupted e Trigger software update A software update is initiated e Trigger configuration backup The backup of the device configuration to a TFTP server is initiated Select radio Only if Select action Initiate 5 GHz WLAN Bandscan Select the wireless module to be used for the scan Select interface Only if Select action Activate interface or Deactiv ate interface or if Select action Activate WLAN or Deactivate WLAN Select which interface is to be activated or deactivated Source Location Only if Select action Trigger software update Select the desired source Possible values e Current software from Funkwerk server The latest software will be downloaded from the Funkwerk server e HTTP server The latest software will be downloaded from an HTTP server that you define
111. enabled menu Field Description Selected Ports Enter the ISDN port over which callback is carried out Possible values e All Ports The callback is routed over an available ISDN port e Specify ports You can select the required ISDN port un der Specific Ports Specific Ports Only if Selected Ports Specify port can you use Add to select further ports 16 3 2 Options In this menu you can make general settings of the global PPTP profile bintec R120 orare nep ono PPTP Tunnels Options SystemManagement ov E 7 o Siobal options GRE Window Adaption 4 Enabled GRE Window Size o oK Cancel Fig 127 VPN gt PPTP gt Options The menu VPN gt PPTP gt Options consists of the following fields Fields in the Options Global Options menu Field Description GRE Window Adaption Select whether the GRE Window Adaptation is to be enabled This adaptation only becomes necessary if you have down loaded service pack 1 from the Microsoft Windows XP page and installed it Since in SP 1 Microsoft has changed the confirma tion algorithm in the GRE protocol the automatic window adapt ation for GRE must be turned off on the funkwerk side The function is activated with Enabled The function is enabled by default GRE Window Size Enter the maximum number of GRE packets that can be sent without confirmation Windows XP uses a higher initial reception window in th
112. enter the following in your web browser s address field e http 192 168 0 254 or https 192 168 0 254 R1xxx R3xxx R4xxx 8 1 1 2 Telnet Apart from configuration using a web browser with a Telnet connection you can also ac cess the SNMP shell and use other configuration options You do not need any additional software on your PC to set up a Telnet connection to your device Telnet is available on all operating systems Proceed as follows Windows 1 Click Run in the Windows Start menu 2 Entertelnet lt IP address of your device gt 3 Click OK A window with the login prompt appears You are now in the SNMP shell of your device 4 Continue with Logging in for Configuration on page 76 Unix You can also set up a Telnet connection on UNIX and Linux without any problem 1 Entertelnet lt IP address of your device gt in a terminal A window with the login prompt appears You are now in the SNMP shell of your device 2 Continue with Logging in for Configuration on page 76 8 1 1 3 SSH In addition to the unencrypted and potentially viewable Telnet session you can also con nect to your device via an SSH connection This is encrypted so all the remote mainten ance options can be carried out securely The following preconditions must be met in order to connect to the device via SSH e The encryption keys needed for the process must be available on the device e An SSH client must be installed o
113. for receiving RIP packets over the interface in receive direction Possible values None default value RIP is not enabled e RIP V1 Enables sending and receiving of version 1 RIP packets e RIP V2 Enables sending and receiving of version 2 RIP packets e RIP V1 V2 Enables sending and receiving of both version 1 and version 2 RIP packets e RIP V1 Triggered RIP V1 messages are sent received and processed as per RFC 2091 triggered RIP e RIP V2 Triggered RIP V2 messages are sent received and processed as per RFC 2091 triggered RIP Route Announce Select this option if you want to set the time at which any activ ated routing protocols e g RIP are to propagate the IP routes defined for this interface Note This setting does not affect the interface specific RIP con figuration mentioned above Possible values e Up or Dormant not for LAN interfaces interfaces in Bridge mode and interfaces for leased lines Routes are propagated if the interface status is up or ready e Up Only Routes are only propagated if the interface status is up e Always Routes are always propagated independent of oper ational status 14 3 2 RIP Filter In this menu you can specify exactly which routes are to be exported or imported You can use the following strategies for this e You explicitly deactivate the import or export of certain routes The import or export of all other routes that are not listed is still allowe
114. gather the main data for configuration with the Funkwerk Configuration Inter face quickly because you do not need any information that requires in depth knowledge of networks If necessary you can use the sample values Before you start the configuration you should gather the data for the following purposes e Basic configuration if your device is in the ex works state e Internet access optional e Wireless LAN optional only for R1200w R1200wu and R300w R1xxx R3xxx R4xxx The following table shows examples of possible values for the necessary access data You can enter your personal data in the Your values column so that you can refer to these values later when needed If you configure a new network you can use the given example values for IP addresses and netmasks In cases of doubt ask your system administrator Basic configuration For a basic configuration of your gateway you need information that relates to your net work environment Basic information Access data Example value Your values IP address of your gateway 192 1680 254 Netmask of your gateway 255 255 255 40 Internet access over ADSL If you want to set up Internet access you need an Internet Service Provider ISP You also receive your personal access data from your ISP The terms used for the required access data may vary from provider to provider However the type of information you need for dial in in is basically the same The followin
115. gt Note Note that for BRI connections the connection mode NT mode or TE mode must be set by jumper in the device In this menu the ISDN party lines bundles are defined 18 2 6 1 Edit New Choose the Fay icon to edit existing entries Select the New button to create a new party line ues J e Language English w gt onere some Extensions SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks options Basic Parameters Description A ISDN Mode Extemal Y OK C Cancel Fig 145 VoIP gt Media Gateway gt ISDN Trunks The VoIP gt Media Gateway gt ISDN Trunks menu consists of the following fields Fields in the ISDN Trunks Basic Parameters menu Field Description Description Enter the name of the party line The maximum number of characters is 40 ISDN Mode Select the mode in which the party line is to be operated Possible values e External default value Point to Point TE connection telecom party line e TrunkPoint to Point NT connection for connection of a PABX Members Select the desired ISDN interfaces to be included with this party line 18 2 7 Options In the VoIP gt Media Gateway gt Options menu you can make global settings for the me dia gateway R1xxx R3xxx R4xxx 18 VoIP Funkwerk Enterprise Communications GmbH E SA ATT PEE TT TT Language English V
116. if the status of the connection to the PPTP partner is Active i e if a connection to the PPTP partner has already been estab lished DNS Negotiation Select whether your device should obtain IP addresses for Primary DNS client Secondary DNS client from the PPTP partner or should send these to the PPTP partner The function is activated with Enabled 16 VPN Funkwerk Enterprise Communications GmbH Field Description The function is enabled by default Fields in the Advanced Settings PPTP Callback menu Field Description Callback Enables a PPTP tunnel through the Internet to be set up with a PPTP partner even if the partner is currently inaccessible As a rule the PPTP partner will be requested by means of an ISDN call to go online and set up a PPTP connection The function is activated with Enabled The function is disabled by default Note that you must activate the relevant option on the gateways of both partners An ISDN connection is usually required for this function Without ISDN callback is only to be activated in spe cial applications Incoming ISDN Number Only if Callback is enabled Enter the ISDN number from which the remote device calls the local device calling party number Outgoing ISDN Number Only if Callback is enabled Enter the ISDN number with which the local device calls the re mote device calls called party number Fields in the Advanced Settings Dial Port Selection only if callback
117. in Update URL Update URL Only if Select action Trigger software update and Source HTTP Server Enter the name of the HTTP server from which you wish to download a configuration file TFTP Server Only if Select action Trigger configuration backup 19 Local Services Funkwerk Enterprise Communications GmbH Field Description Enter the IP address of the TFTP server to which you wish to transfer a configuration file TFTP File Name Only if Select action Trigger configuration backup Enter the name with which configuration file is to be transferred to the TFTP server Fields in the Time Schedule Select time interval menu Field Description Time Condition First select the type of time entry in Condition Type Possible values e Weekday In Condition Settings select a weekday e Periods default setting In Condition Settings select a particular period e Day of Month In Condition Settings select a particular day of the month Possible values for Condition Settings with Condition Type Weekday Monday default value Sunday Possible values for Condition Settings with Condition Type Periods e Daily The initiator becomes active daily default value e Monday Friday The initiator becomes active daily from Monday to Friday e Monday Saturday The initiator becomes active daily from Monday to Saturday e Saturday Sunday The initiator becomes active on Sat urdays and Sundays Possibl
118. input field e Username Password default value User name and pass word must be entered Allowed HotSpot Client Here you can define which type of users can log in to the Hot spot Possible values e A11 All clients are approved e DHCP Client Prevents users who have not received an IP address from DHCP from logging in 19 12 1 2 Options In the Local Services gt Hotspot Gateway gt Options menu you configure general set tings for the Hotspot R1xxx R3xxx R4xxx bintec R1200 Language English View Standard Herspat careva EI Basic Parameters Host for multiple locations OK Cancel DynDNS Client DHCP Server CAPI Server Scheduling Surveillance ISDH Theft Protection E Funkwerk Discovery UPnP E HotSpot Gateway BRRP Fig 177 Local Services gt Hotspot Gateway gt Options The Local Services gt Hotspot Gateway gt Options menu consists of the following fields Fields in the Options Basic Parameters menu Field Description Host for multiple loca If several locations branches are set up on the Hotspot server tions enter the value of the NAS identifier RADIUS server parameter that has been registered for this location on the Hotspot server 19 13 BRRP In the BRRP menu you can configure the redundancy of your gateway Note You require a licence for devices in the R23x series and RS series BRRP Bintec
119. interest to companies Here multicasting makes it possible to synchronise the databases of several servers which is valuable for multinationals or even companies with just a few locations Address range for multicast For IPv4 the IP addresses 224 0 0 0 to 239 255 255 255 224 0 0 0 4 are reserved for multicast in the class D network An IP address from this range represents a multicast group to which several recipients can log in The multicast router then forwards the re quired packets to all subnets with logged in recipients Multicast basics Multicast is connectionless which means that any trouble shooting or flow control needs to be guaranteed at application level At transport level UDP is used almost exclusively as in contrast to TCP it is not based on a point to point connection At IP level the main difference is therefore that the destination address does not address a dedicated host but rather a group i e during the routing of multicast packets the decisive factor is whether a recipient is in a logged in subnet Funkwerk Enterprise Communications GmbH 14 Routing In the local network all hosts are required to accept all multicast packets For Ethernet or FDD this is based on MAC mapping where the group address is encoded into the destina tion MAC Address For routing between several networks the routers first need to make themselves known to all potential recipients in the subnet This is achieved by means of
120. is always enough spare capacity available on the hard disk of your PC Syslog Daemon All Unix operating systems support the recording of syslog messages For Windows PCs the Syslog Demon included in the DIME Tools can record the data and distribute to various files depending on the contents can be called in the download area at www funkwerk ec com 21 1 1 Syslog Servers Configure your device as a syslog server so that defined system messages can be sent to suitable hosts in the LAN In this menu you define which messages are sent to which hosts and with which condi tions In the External Reporting gt System Log gt Syslog Servers menu a list of all configured system log servers is shown 21 1 1 1 New Choose the New button to set up new syslog servers bintec R1200 Language English View Standard Online Help Syslog Servers a Basic Parameters A tres gt Level g F intormetion M Facility en j Timestamp 7 None O Time O Date amp Time Protocol upp Otcp Type of Messages o System O accounting system amp Accounting i 5 OK cancel Fig 186 External Reporting gt Syslog gt Syslog Servers gt New The External Reporting gt Syslog gt Syslog Servers gt New menu consists of the fol lowing fields Fields in the Syslog Servers Basic Parameters menu Field Description I
121. menu Field Description Description Enter the desired description of the service group Members Select the members of the group from the available service ali ases To do this activate the field in the Members column R1xxx R3xxx R4xxx Chapter 18 VoIP Voice over IP VoIP uses the IP protocol for voice and video transmission The main difference compared with conventional telephony is that the voice information is not transmitted over a switched connection in a telephone network but divided into data packets by the Internet protocol and these packets are then passed to the destination over undefined paths in a network This technology uses the existing network infrastructure for voice transmission and shares this with other communication services The Session Initiation Protocol SIP is used to establish clear and control a communica tion session 18 1 Application Level Gateway To enable IP telephones to connect by SIP to a VoIP Provider your device has an Applica tion Level Gateway ALG i e an appropriate proxy that implements the necessary NAPT and firewall releases ES Note The Application Level Gateway must always be used if NAT is enabled on the inter face that makes the connection to the Internet 18 1 1 SIP Proxies Here you can view a list of application level gateway entries that have already been con figured These entries enable the ALG Each entry defines a particular TCP or UDP destin ation port t
122. menu a list of all IP pools is displayed Your device can operate as a dynamic IP address server for PPP connections You can use this function by providing one or more pools of IP addresses These IP addresses can be assigned to dialling in connection partners for the duration of the connection Any host routes entered always have priority over IP addresses from the address pools This means if an incoming call has been authenticated your device first checks whether a host route is entered in the routing table for this caller If not your device can allocate an IP address from an address pool if available If address pools have more than one IP ad dress you cannot specify which connection partner receives which address The ad dresses are initially assigned in order If a new dial in takes place within an interval of one hour an attempt is made to allocate the same IP address assigned to this partner the last time Use the Add button to set up new IP pools e g 7 bintec R1200 20 Language English View Standard Online Help Bs PPPoE PPTP ISDN AUX IP Pools r View 20 per page Fiter in None equal xf Go IP Pool Name IP Pool Range 0 0 0 0 m Page 1 ltems 1 1 Add pa OK __Cancel__ a o z steers aT remrem Fig 105 WAN gt Internet Dialup gt IP Pools gt Add The WAN gt Internet Dialup gt IP Pools gt Add menu consists
123. messages to remote networks using information from its own current routing table The complete routing table is always exchanged in this process If triggered RIP is used in formation is only exchanged if the routing information has changed In this case only the changed information is sent Observing the information sent by other devices enables new routes and shorter paths for existing routes to be saved in the routing table As intermediate routes between networks can become unreachable RIP removes routes that are older than 5 minutes i e routes not verified in the last 300 seconds Garbage Collection Timer Route Timeout Routes learnt with triggered RIP are not deleted Your device supports both version 1 and version 2 of RIP either individually or together 14 3 1 RIP Interfaces In the Routing gt RIP gt RIP Interfaces menu a list of all RIP interfaces is shown RPneiees me Er Rie ops view 20 perpage alFiterin None equal j Go al No interface Send Version Receive Version Route announce O ent 0 None None Up only E lr lent 4 None None Up only al NEON CC None None CTO e Page 1 tems 4 3 Fig 86 Routing gt RIP gt RIP Interfaces R1xxx R3xxx R4xxx 14 3 1 1 Edit For each RIP interface you can in the menu select the options Send Version Re ceive Versionand Route Announce b
124. modem asks for it Entering a wrong PIN blocks communication with the modem until the entry in the profile is corrected Modem Escape Charac Only for AUX Port Status enabled ter The value for this field is set by default to It should only be changed if the escape character of the modem is different Modem Init Sequence Only for AUX Port Status enabled Here you can enter an initialization string for your modem The command ATX3 amp K3 V1 is the default setting the modem does not wait for a free signal before dialling You can add other AT commands by separating them with semicolons The entry is limited to 50 characters Make sure you enter the command for activating the XON XOFF software flow control This is proprietary and cannot be set automatically The command sequence can be obtained from your modem manual or the manufacturer APN Access Point Only for AUX Port Status enabled Name Funkwerk Enterprise Communications GmbH 11 Physical Interfaces Field Description If GPRS is used the so called Access Point Name of the pro vider must be entered e g internet eplus de for eplus and so on A maximum of 40 characters can be entered If no APN or an incorrect APN is entered a configured GPRS connection will not function 11 2 Ethernet Ports An Ethernet interface is a physical interface for connection to the local network or external networks The Ethernet ports ETH1 to ETH4 are assigned to a single logical
125. no address is specified The entry can also start with the wildcard e g funkwerk de R1xxx R3xxx R4xxx Field Description If a name is entered without a dot this is completed with lt Name gt after confirming with OK is added Entries with spaces are not allowed Response In this entry select the type of response to DNS requests Possible values e Negative A DNS request for Name is answered with a negative response e Positive default value A DNS request for Name is answered with the associated IP address e None A DNS request is ignored no answer is given IP Address Only if Response Positive Enter the IP address assigned to Name TTL Enter the the time for which the assignment of Name to IP Ad dress is to be valid in seconds only relevant if Response Positive that is transferred to requesting hosts The default value is 86400 24 h 19 1 3 Domain Forwarding In the Local Services gt DNS gt Domain Forwarding menu a list of all configured for warding for defined domains is shown 19 1 3 1 New Choose the New button to set up new forwardings R1xxx R3xxx R4xxx Global Settings Static Hosts Domain Forwarding Cache Statistics Forwarding Parameters E Forward Host O Domain Host JI p Forwardio Omtertace ODNS Server Interface Automatic Y OK W Cancel J DynDNS Client DHCP Server Web
126. not the limit that can be defined on the interface The function is activated with Enabled The function is disabled by default Maximum Upload Speed Only for Traffic Shaping Enabled Enter a maximum data rate for the queue in kbits Possible values are 0 to 1000000 The default value is 0 Overbooking allowed Only for Traffic Shaping Enabled Enable or disable the function The function controls the band width limit If Overbooking allows is activated the bandwidth limit set for this queue can be exceeded as long as free bandwidth exists on the interface If Overbooking allowed is deactivated the queue can never Field Description occupy bandwidth beyond the bandwidth limit that has been set The function is activated with Enabled The function is disabled by default Burst size Only for Traffic Shaping Enabled Enter the maximum number of bytes that may still be transmit ted temporarily when the data rate permitted for this queue has been reached Possible values are 0 to 64000 The default value is 0 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Dropping algorithm Choose the procedure for rejecting packets in the QoS Queue if the maximum size of the queue is exceeded Possible values e Tail Drop default value The newest packet received is dropped e Head Drop The oldest packet in the queue is dropped e Rando
127. oK C Cancel Fig 43 System Administration gt Global Settings gt Date and Time You have the following options for determining the system time local time ISDN Manual The system time is updated via ISDN i e the date and time are taken from the ISDN when the first outgoing call is made or is set manually on the device If the correct location of the device country city is set for the System Time Zone switch ing from summer time to winter time and back is automatic This is independent of the ex change time or the ntp server time Summer time starts on the last Sunday in March by switching from 2 a m to 3 a m The calendar related or schedule related switches that are scheduled for the missing hour are then carried out Winter time starts on the last Sunday in October by switching from 3 a m to 2 a m The calendar related or schedule related switches that are scheduled for the additional hour are then carried out If a value other than Universal Time Coordinated UTC option UTC x has been chosen for the System Time Zone the switch from summer to winter time must be carried out manually when required R1xxx R3xxx R4xxx 10 System Management Funkwerk Enterprise Communications GmbH Time server You can obtain the system time automatically e g using various time servers To ensure that the device uses the desired current time you should configure one or more time serv ers Switching from summer time to w
128. of the first address VRRP advertisements are always sent with the primary IP address as source of the IP packet A keepalive that sends the master to the backup gateway to in dicate his reachability The VRRP router that takes over forwarding the packets that have been sent to the IP addresses associated with the virtual router It is also responsible for answering ARP Address Res olution Protocol requests for these IP addresses The group of VRRP routers that take over responsibility for for warding the packets if the master fails In backup status these VRRP routers are inactive i e they do not respond to any ARP requests 19 Local Services Funkwerk Enterprise Communications GmbH 19 13 1 Virtual Routers When using a route redundancy protocol multiple routers are combined into a logical unit The router redundancy protocol BRRP manages the routes involved and organises these as follows It ensures that only one routers within the logical connection is active It guarantees that if the active route fails another router takes over the function of the failed device The time that each router is active is determined by the priority assigned to the router Let us take the example of a simple scenario in which gateway A provides Internet access for the hosts in a LAN If this gateway fails all hosts cannot access the Internet and their routes are configured statically To allow the hosts continued acces
129. of the certificate e g on the Internet It is sufficient to check one of the two values 10 6 1 2 Request Registration authority certificates in SCEP If SCEP Simple Certificate Enrollment Protocol is used your device also supports separ ate registration authority certificates Registration authority certificates are used by some Certificate Authorities CAs to handle certain tasks signature and encryption during SCEP communication with separate keys and to delegate the operation to separate registration authorities if applicable When a certificate is downloaded automatically i e if CA Certificates Download is selected all the certificates needed for the operation are loaded automatically If all the necessary certificates are already available in the system these can also be selec ted manually Select the Request button to request or import more certificates ECTE E 7 a 7 Certificate Request Description Made Manual SCEP __ Administrative Access o pa Generate Private Key RSA x 1024 M Bits le ES A Custom Enabled AS fa Common Name E q __ E mail 4 e Organizational Unit Organization ie Nas Locality P its E State Province P Country Advanced Settings Subject tema Names Aa Y AAA lla None mf i
130. of the following fields Fields in the Options IP Pools menu Field Description IP Pool Name Enter the name of the IP pool IP Pool Range In the first field enter the first IP address of the range In the second field enter the last IP address of the range 15 2 ATM ATM Asynchronous Transfer Mode is a data transmission procedure that was originally designed for broadband ISDN ATM is currently used in high speed networks You will need ATM for example if you want high speed access to the Internet via the integrated ADSL or SHDSL modem In an ATM network different applications such as speech video and data can be transmit ted side by side in the asynchronous time multiplex procedure Each transmitter is provided with time sections for transmitting data With asynchronous transmission unused time sec tions of a transmitter are used by another transmitter With ATM the packet switching procedure is connected based A virtual connection is used for data transmission that negotiates between the transmitter and recipient or is configured on both sides This determines the route that the data should take for example Multiple R1xxx R3xxx R4xXxx Funkwerk Enterprise Communications GmbH 15 WAN virtual connections can be set up over a single physical interface The data is transmitted in so called cells or slots of constant size Each cell consists of 48 bytes of usage data and 5 bytes of control information The control i
131. one of the DNS servers answers with non existent domain the initial request is im mediately answered accordingly and a corresponding negative entry is made in the DNS cache of your device 19 1 1 Global Settings View Standard v Online Help Basic Parameters Domain Name SS LE DNS Server Configuration Dynamic O static Primary foooo WINS Server _ __ _ _ _ Secondary 0 0 0 0 I SS rapera ij Advanced Settings Positive Cache Menabiea f Negative Cache ElEnabted Vee Cache Size fi oo Entries Maximum TTL for Positive Cache Entries esana Seconds Maximum TTL for Negative Cache Entries e6400 Seconds SAE A TR Fallback interface to get DNS server Automatic en As DHCP Server O none Own IP Address Global DNS Setting IP address to use for DNSMWINS server assignment EI ss T _ a As IPCP Server O None Own IP Address Global DNS Setting o o am ok J C cancel Fig 147 Local Services gt DNS gt Global Settings The menu Local Services gt DNS gt Global Settings consists of the following fields Fields in the Global Settings Basic Parameters menu Field Description Domain Name Enter the standard domain name of your device DNS Server Configura Select whether the addresses of the global name server on your tion device can be overwritten by transferred name server ad dresses Possible values e Dynamic def
132. pri2 4 TE Port Usage Leased Line x ISDN Switch Type Leased Line Custom Time Slots H Custom Time Slots New Bundle PPP Y Mali K Add ISDN Line Framing CRC4 Standard New Bundle j x a Description Bundle Type PPP Multilink Physical Hyperchannel If Fi ES e E JA e Timeslot Selection ORange Selection Timeslot Matrix Or 02 Ds O4 Os Do 7 Os Ds O10 O11 O12 13 O14 D15 E16 O17 O18 Timeslot Matrix X75 Layer 2 Mode oK y Cancel Fig 63 Physical Interfaces gt ISDN Ports gt ISDN Configuration gt The Physical Interfaces gt ISDN Ports gt ISDN Configuration gt g menu consists of the following fields Fields in the ISDN Configuration Basic Parameters menu Field Description Port Name Shows the name of the ISDN port Port Usage Select whether the ISDN switch type D channel detection for switched line is to be automatically identified Possible values e None default value ISDN connection is not used e EURO ISDN S2M TE EURO ISDN S2M User Profile R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 11 Physical Interfaces Field Description e EURO ISDN S2M NT EURO ISDN S2M Network Profile e Back to Back dialup Two S2M connections are linked directly e Leased Line You can select a leased line e Q SIG S2M TE EQ SIG S
133. profile marked as the default in Phase 1 Profiles None use Default Profile Phase 2 Profile For phase 2 select a profile already configured in the Phase 2 Funkwerk Enterprise Communications GmbH 16 VPN Field Description Profiles menu You can also select the profile marked as the default in Phase 2 Profiles None use Default Prot E E XAUTH Profile Select a profile created in VPN gt IPSec gt XAUTH profiles if you wish to use this IPSec peer XAuth for authentication If XAuth is used together with IKE Config Mode the transac tions for XAuth are carried out before the transactions for IKE Config Mode Number of Admitted Choose how many users can connect using this peer profile Connections Possible values e One User default value Only one peer can be connected with the data defined in this profile e Multiple Users Several peers can be connected with the data defined in this profile The peer entry is duplicated for each connection request with the data defined in this profile Start Mode Select how the peer is to be switched to the active state Possible values e On Demand default value The peer is switched to the active state by a trigger e Always up The peer is always active Fields in the Advanced Settings Advanced IP Options menu Field Description Back Route Verify Select whether a check on the back route should be activated for the interface to the connection partner The function is ac
134. routes This enables temporary interfaces to be configured automatically and your device can initiate outgoing connections that are not configured permanently The function is activated by choosing Enabled Field Value The function is disabled by default If the function is active you can enter the following options e Reload Interval Enter the time period in seconds between the update intervals The default entry here is 0 i e an automatic reload is not car ried out e Default User Password Some Radius servers require a user password for each RADIUS request Enter the password that your device sends as the default user password in the prompt for the dialout routes on the RADIUS server 10 5 2 TACACS TACACS permits access control for your device network access servers NAS and other network components via one or more central servers Like RADIUS TACACS is an AAA protocol and offers authentication authorisation and accounting services TACACS Accounting is currently not supported by bintec devices The following TACACS functions are available on your device e Authentication for login shell e Command authorisation on the shell e g telnet show TACACS uses TCP port 49 and establishes a secure and encrypted connection In the System Management gt Remote Authentication gt TACACS menu a list of all registered TACACS servers is displayed 10 5 2 1 Edit New Choose the i icon to edit existing entri
135. subscriber If one subscriber in a team has taken the receiver off the hook or is on the telephone you can de cide whether other calls are to be signalled for this team The setting for reaching a subscriber can be toggled between Standard and Busy On Busy In the basic configuration it is set to Standard If Busy on Busy is set for a team other callers hear the engaged tone DECT Digital European Cordless Telecommunication European standard for wireless telephones and wireless PBXs Internal calls can be made free of charge between several handheld units Another ad vantage is the higher degree of interception protection GAP Digital exchange Allows computer controlled crossbar switches to set up a connection quickly and special features such as inquiries call waiting three party conference and call forwarding to be activated All T Com ex changes have been digital since January 1998 Digital voice trans As a result of the internationally standardised Pulse Code Modula mission tion PCM analogue voice signals are converted to a digital pulse flow of 64 kbps Advantages Better voice quality and less suscept ibility to faults during analogue voice transmission Glossary Direct Call DISA Download DSL and ISDN con nections DSL modem DSL splitter Services Funkwerk Enterprise Communications GmbH You are not at home However there is someone at home who needs to be able to reach you quickly and easily
136. te Skis de Ante de ee dee 572 R1xxx R3xxx R4xxx R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 1 Introduction Chapter 1 Introduction The powerful devices bintec R1xxx R3xxx R4xxx have been specially developed for high speed Internet access and for VPN connections in SMEs and branch offices Safety notices The safety precautions which are supplied with your device tell you what you need to take into consideration when using your bintec gateway Installation How to connect your device is shown in Setting up and connecting on page 6 This chapter also tells you what preliminary tasks are necessary for configuration Configuration How to get your device running is explained in Basic configuration on page 12 There we show you how to start up your device from a Windows PC and how to install other useful online assistants At the end of the chapter you will be in a position to surf the Internet send or receive e mails and set up a connection to a partner network to access data at your company head office for example Password If you are already familiar with configuring bintec devices and want to get started right away all you really need to know is the factory default user name and password User Name admin Password funkwerk gt Note Remember to change the password immediately when you log in to the device for the first time All bintec devices are supplied with the same password which mean
137. ter in x lt Option gt y and entering the search word in the input field Go starts the filter operation Some lists contain configuration elements You can therefore change the configuration of the correspond ing list entry directly in the list Gummi rene interval60 Seconds __ Apply Fig 37 Configuration of the update interval View 20 _ per page le b gt iter in None iy equal leal Go Fig 38 Filter list Structure of the Funkwerk Configuration Interface configuration menus The menus of the Funkwerk Configuration Interface contain the following basic struc tures Funkwerk Configuration Interface menu structure Basic configuration When you select a menu from the navigation bar the menu of menu list basic parameters is displayed first In a sub menu containing several pages the menu containing the basic parameters is dis played on the first page The menu contains either a list of all the configured entries or the basic settings for the function concerned Sub menu The New button is available in each menu in which a list of all New the configured entries is displayed Click the button to display AS the configuration menu for creating a new list entry Sub menu Click this button to process the existing list entry You go to the ma configuration menu Menu Click this tab to display extended configuration options Advanced Settings The following options are available for the configuration Funkwerk Co
138. the wireless network Possible values e Inactive default value Neither encryption nor authentica tion e WEP 40 WEP 40 Bit e WEP 104 WEP 104 Bit WPA PSK WPA Preshared Key 13 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description e WPA Enterprise 802 11i TKIP Transmit Key Only if Security Mode WEP 40 WEP 104 Select one of the keys configured in WEP Key lt 1 4 gt as the default key The default value is Key 1 WEP Key 1 4 Only if Security Mode WEP 40 WEP 104 Enter the WEP key Enter a character string with the right number of characters for the selected WEP mode For WEP 40 you need a string of 5 characters WEP 104 13 characters For example hello for WEP 40 funkwerk wep1 for WEP 104 WPA Mode Only if Security Mode WPA PSK and WPA Enterprise Select whether you want to use WPA with TKIP encryption or WPA 2 with AES encryption or both Possible values WPA and WPA 2 default value WPA and WPA 2 can be used e WPA Only WPA is used e WPA 2 Only WPA2 is used WPA Cipher Only for Security Mode wPA PSK and WPA Enterprise and for WPA Mode WPA and WPA and WPA2 Select the type of encryption you want to apply to WPA Possible values e TKIP default value TKIP is used e AES AES is used e AES and TKIP AES or TKIP is used WPA2 Cipher Only for Security Mode wPA PSK and WPA Enterprise and for WPA Mode WPA2 and WPA and WPA2 Funkwerk Enterprise
139. the Internet or dialin connections if necessary by set ting up a WAN connection at extra cost If the DNS server can resolve the name the information is forwarded and a dynamic entry created in the cache Otherwise if global name servers are entered the Primary DNS Server then the Sec ondary DNS Server are asked If the IP address of your device or the loopback ad dress is entered for local applications these are ignored here If one of the DNS serv ers can resolve the name the information is forwarded and a dynamic entry created in the cache Otherwise if a suitable Internet or dialin connection is selected as the standard inter face the relevant DNS server is asked depending on the configuration of the Internet or dialin connections if necessary by setting up a WAN connection at extra cost If one of the DNS servers can resolve the name the information is forwarded and a dy namic entry created in the cache Otherwise if overwriting the addresses of the global name servers is allowed DNS Server Configuration Dynamic a connection is set up in some cases at extra cost that is configured to enable DNS server addresses to be requested from DNS servers DNS Negotiation Enabled if this has not been attempted previously If name server negotiation is successful these are entered as global name servers and are therefore available for further requests Otherwise the initial request is answered with a server error If
140. values are 1 to 65535 the default value is 5678 R1xxx R3xxx R4xxx 19 Local Services Funkwerk Enterprise Communications GmbH 19 12 Hotspot Gateway The bintec HotSpot Solution allows provision of public Internet accesses using WLAN or wired Ethernet The solution is adapted to setup of smaller and larger Hotspot solutions for cafes hotels companies communal residences campgrounds etc The bintec HotSpot Solution consists of a bintec gateway installed onsite with its own WLAN access point or additional connected WLAN device or wired LAN and of the Hot spot server centrally located at a computing centre The operator account is administered on the server via an administration terminal e g a hotel reception PC this includes func tions such as registration entry generating tickets statistical analysis etc Login sequence at the Hotspot server e When a new user connects with the Hotspot he she is automatically assigned an IP ad dress via DHCP e As soon as he attempts to access any Internet site with a browser the user is redirected to the home login page e After the user has entered the registration data user password these are sent to the central RADIUS server Hotspot server as RADIUS registration e Following successful registration the gateway opens Internet access e For each user the gateway sends regular additional information to the RADIUS server for recording accounting data e When the ticket
141. wishes to have on site access to the tunnel XAuth is carried out once IPSec IKE Phase 1 has been completed successfully and be fore IKE Phase 2 begins If XAuth is used together with IKE Config Mode the transactions for XAuth are carried out before the transactions for IKE Config Mode 16 1 4 1 New Choose the New button to set up new profiles IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Basic Parameters re Description i Role 1 Senet al Mode rada E RADIUS Server Group 1D No Radhus Server configured for XAUTH C OK AK Cancel Fig 120 VPN gt IPSec gt XAUTH Profiles gt New The VPN gt IPSec gt XAUTH Profiles gt New menu consists of the following fields R1xxx R3xxx R4xxx 16 VPN Funkwerk Enterprise Communications GmbH Fields in the XAUTH Profiles Basic Parameters menu Field Description Description Enter a description for this XAuth profile Role Select the role of the gateway for XAuth authentication Possible values e Server default value The gateway requires a proof of au thorisation e Client The gateway provides proof of authorisation Mode Only if Role Server Select how authentication is carried out Possible values e RADIUS default value Authentication is carried out via a Ra dius server This is configured in the System Management gt
142. without further authentication e ESMTP The server only accepts emails if the router is logged in with the correct user name and password e SMTP after POP The server requires that emails are called via POPS by the sending IP with the correct POP3 user name and password before sending an email User Name Only if SMTP Authentication ESMTP or SMTP after POP Enter the user name for the POP3 or SMTP server Password Only if SMTP Authentication ESMTP or SMTP after POP Enter the password of this user POP3 Server Only if SMTP Authentication SMTP after POP Enter the address of the server from which the e mails are to be retrieved POPS Timeout Only if SMTP Authentication SMTP after POP Enter how long the router must wait after the POP3 call before it is forced to send the alert mail Field Description The default value is 600 seconds 21 3 2 E mail Alert Recipient In the E mail Alert Recipient menu a list of syslog messages is displayed 21 3 2 1 New Choose the New button to create new e mail alert receivers ETE la Caja yers TE A bintec R1200 Language English View Standard Online Help fi TE gt gt eek a 5d E Save configuration E mail Alert Server E mail Alert Recipient Piysical interfaces var est eae Reopen MAN Recipient pS Matching String Wildcards allowed wan hee ne Severity Emergency Se veses g
143. x View Standard v Online Help Logout t RIP Interfaces RIP Filter RIP Options Global RIP Parameters RIP UDP Port zo Default Route Distribution Enabled Poisoned Reverse DEnabted RFC 2453 Variable Timer Enabled Load Balancing RFC zeae anane Timer enabled ps ie Timer for RIP V2 RFC 2453 1 Update Timer 30 Seconds eS A inna A Route Timeout 180 Seconds pa Citi Garbage Collection Timer 120 Seconds C oK X C Cancel Fig 90 Routing gt RIP gt RIP Options The Routing gt RIP gt RIP Options menu consists of the following fields Fields in the RIP Options Global RIP Parameters menu R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 14 Routing Field Description RIP UDP Port The setting option UDP Port which is used for sending and re ceiving RIP updates is only for test purposes If the setting is changed this can mean that your device sends and listens at a port that no other devices use The default value 520 should be retained Default Route Distribu Select whether the default route of your device is to be propag tion ated via RIP updates The function is activated with Enabled The function is enabled by default Poisoned Reverse Select the procedure for preventing routing loops With standard RIP the routes learnt are propagated over all in terfaces with RIP
144. you the latest news up dates and documentation 83 Note Incorrect configuration of the devices in your LAN may result in unwanted connections and increased charges Monitor your device and make sure it only sets up connections at the times you want it to Watch the LEDs on your device LED for ISDN ADSL and the Ethernet interface to which you have connected one or more WANs 4 6 Setting up wireless LAN Proceed as follows to use your device only bintec R1200w R1200wu and R3000w as an access point in WPA PSK mode 1 In Funkwerk Configuration Interface go to the Assistants gt Wireless LAN menu 2 Follow the steps shown by the wizard The wizard has its own online help which of fers all of the information you may require 3 Save the configuration by clicking on the Save Configuration button above the menu navigation 4 Basic configuration Funkwerk Enterprise Communications GmbH Configuring the WLAN Adapter under Windows XP After installing the drivers for your WLAN card Windows XP set up a new connection in the network environment Proceed as follows to configure the Wireless LAN connection 1 Right click on Start gt Settings gt Network Connections gt Wireless Network Con nections 2 Select Properties 3 Go to the Wireless networks tab 4 Click Add Proceed as follows 1 Enter a Network Name e g Client 1 2 Set Network Authentication to WPA PSK 3 Set Data Encryption to TK
145. 0 703 0 704 PPP priz4 O el Autogenerated from Serial En i escri mee Protocol Port Salus Action si4 0 None PPP Iag al Fig 109 WAN gt Leased Line gt Interfaces R1xxx R3xxx R4xxx 15 3 1 1 Edit Choose the pl button to edit the configuration of the corresponding leased line la Yai a a A io bintec R4100 Language English _ Save configuration Interfaces TC description Romina A Pre and Routes Default Route ClEnabted Internet Dialup pi T 7 Leased Line Local IP Address Real Time Jitter Control ds Remote IP Address Netmask Metric ven P _ Route Entries 13 E ee TIE TEE E S Advanced Settings BaemaiRenotma F Ae oneik a Monitoring v Prioritize TCP ACK Packets Denabled Compression None Ostac Oms stac Omppc IP Options OSPF Mode OPassive Active O Inactive Proxy ARP Mode O inactive O up or Dormant up onty OK 2 Cancel Fig 110 WAN gt Leased Line gt Interfaces gt Autogenerated from BRI ISDN SO gt The WAN gt Leased Line gt Interfaces gt Autogenerated from BRI ISDN S0 gt menu consists of the following fields Fields in the Leased Line Basic Parameters menu Field Description Description Enter the desired description for the connection Fields in the Interfaces IP Mode and Routes menu Field Description Default Rou
146. 0 days 4 5 Setting up an internet connection You can set up different types of internet connections using your device The most com mon configuration is described below The Funkwerk Configuration Interface internet wizard can be used to help configure alternative configuration types 4 5 1 Internet connection over internal ADSL modem The devices R3000 and R3000w have an integrated ADSL2 modem for establishing a fast Internet connection To make it easier to configure an ADSL internet connection the Funkwerk Configuration Interface has a wizard to guide you through the connection set up process simply and quickly A selection of preconfigured connections from leading pro viders T Home Arcor makes configuration even easier 1 In Funkwerk Configuration Interface select the menu options Assistants gt Internet access 2 Click New to create a new entry and to apply the Connection Type Internal ADSL Modem 3 Follow the steps shown by the wizard The wizard has its own online help which of fers all of the information you may require 4 Once you have exited the wizard save the configuration by clicking on the Save Con figuration button above the menu navigation 4 5 2 Internet connection over UMTS Setting up an Internet connection only for R1200wu over UMTS requires an activated SIM card for your UMTS provider 1 In Funkwerk Configuration Interface select the menu options Wizards gt Internet Access 2 Clic
147. 1200 ven Sari nie ip puertos 60 Seconds Apply 00 a0 f9 0b 08 98 Internal Log Interfaces WLAN Bridges HotSpot Gateway S Fig 209 Monitoring gt Bridge Values in the br lt x gt list Field Description MAC Address Shows the MAC addresses of the associated bridge Port Shows the port on which the bridge is active R1xxx R3xxx R4xxx 22 6 2 sta lt x gt In the Monitoring gt Bridges gt sta lt x gt menu the current values of the bridges to the con figured WLAN clients are shown bintee R1200 Language English View Standard w Online Help bro stato Automatic Refresh Interval jo Seconds C Appy jr E Current tWildeard mac Address 7 192 168 128 1192168126 192 168 125 192 168 1 2 192 1681 40 492 168 1 23 192 168 100 100 192 168 121 192 168 124 192 168 1 38 192 168 141 Internal Log ISDH Modem Interfaces Fig 210 Monitoring gt Bridge Values in the sta lt x gt list Field Description Current Wildcard MAC Shows the current configured wildcard MAC Address Address IP Address Shows the IP address of the host associated with this WLAN cli ent link MAC Address Shows the MAC Address of the host associated with this WLAN client link Port Shows the port on which the bridge is active 22 7 Hotspot Gateway
148. 187 Client Type 301 Clock Mode 156 Clock Rate 167 Code 383 Codec Proposal Sequence 395 402 Comfort Noise Generation CNG 396 403 Common Name 139 Compression 119 311 314 Configuration Encryption 491 Configuration Interface 114 Configured Speed Mode 150 Confirm Admin Password 104 Connected 212 Index Connection Idle Timeout 263 268 273 277 285 289 354 361 Connection State 249 Connection Type 170 277 354 Consider 238 Contact 102 Continuity Check CC End to End 307 Continuity Check CC Segment 307 Control Mode 254 318 Controlled Interfaces 455 Corrupt Frames Received 519 COS filter 802 1p Layer 2 249 Country 139 CPU Usage 99 Create NAT Policy 265 269 274 278 286 290 355 362 CTS frames received in response to an RTS 519 Current File Name in Flash 491 Current Local Time 106 Current Speed Mode 150 Current Wildcard MAC Address 528 Custom 139 Custom Time Slots 156 CW Max 193 CW Max 195 CW Min 193 CW Min 195 D D Channel Mode 328 Data Packets Sequence Numbers 352 Data Rate mbps 521 522 523 524 525 526 Date 509 Day 443 Default Drop Extension 414 Default Ethernet for PPPoE Interfaces 300 Default Route 265 269 274 278 286 290 310 313 316 323 355 362 369 Index Default Route Distribution 234 Delete complete IPSec configuration 346 Description 135 145 159 224 249 252 257 263 268 273 277
149. 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states 6 Technical data Funkwerk Enterprise Communications GmbH Product name bintec R3400 bintec R3800 SAFERNET TM Se curity Technology Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPOA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Software supplied Dime Manager on DVD Dime Manager on DVD Printed documentation supplied Quick Install Guide Quick Install Guide Online documentation General product features bintec R4100 bintec R4300 User s Guide Workshops Release Notes if required User s Guide Workshops Release Notes if required Product name bintec R4100 bintec R4300 Dimensions and weights Equipment dimensions without cable B x H x D 295 mm x 45 mm x 160 mm 295 mm x 45 mm x 160 mm Weight approx 1260 g approx 1260 g Transport weight incl documentation cables packaging approx 2 6 kg approx 2 6 kg Memory 32 MB SDRAM 32 MB SDRAM 8 MB flash ROM 8 MB flash ROM LEDs 20 1x Power 1x Status 5x2 Ether 20 1x Power 1x Status 5x2 Ether net 4x2 F
150. 203 210 Xx X 31 X 25 in D Channel 155 X 31 TEI Service 155 X 31 TEI Value 155 X 75 Layer 2 Mode 159 XAUTH Profile 324 Z Zero Cookie Size 347 R1xxx R3xxx R4xxx
151. 2M User Profile e Q SIG S2M NT Q SIG S2M Network Profile ISDN Line Framing Only if a Port Usage is selected Select the framing type for layer 1 Possible values e CRC4 Standard default value No CRC The default value can be left in the majority of scenarios You can use the No CRC if required e g in Sweden and France if the device is to be connected to a PABX Subscriber Number Only if Port Usage EURO ISDN S2m TE EURO ISDN S2M NT OSE S2M TH Of O SiG S2M NT Enter the call number for the connection Channel Selection Only if Port Usage EURO ISDN S2m TE EURO ISDN S2m NT Q SIG S2M TE Of Q SIG S2M NT The Channel Selection option is provided in order to guarantee the compatibility with special providers This defines how the B channel is selected for an outgoing call Possible values e Any Channel default value The device tells the PABX that all channels are available The exchange of the PABX selects the channel to be used e No channel identification The device sends no IE Information Element for channel identification The exchange selects the channel to be used 11 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description e Submit preferred channel The device selects the channel to be used and signals this to the exchange You can normally use the default value It is only necessary to change the setting in a few special cases If you enc
152. 41 VoIP gt Media Gateway gt SIP Accounts gt Edit New The VoIP gt Media Gateway gt SIP Accounts gt Edit New menu consists of the following fields Fields in the SIP Accounts Basic Parameters menu Field Description Description Enter the name of the SIP account R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 18 VoIP Field Description Administrative Status Select whether the SIP account should be enabled or disabled The function is activated with Enabled The function is enabled by default Trunk Mode Select whether and in which trunk mode the SIP account should be operated Trunk mode DDI Direct Dial In allows an incoming call to be assigned correctly to a terminal DDI For an outgoing call the caller can be indicated to the called party The setting that you can use depends on the provider Possible values e off default value Trunk mode is not used The SIP account has only one number e Client the media gateway is operated as DDI client It is as signed a DDI e Server The media gateway is operated as a DDI server so that DDI clients can connect e gw trunk the media gateway is operated as DDI client but used as a trunk This setting is used to connect a software based IP PBX from Swyx Registrar Only if Trunk Mode Off Client and gw trunk Enter the IP address or domain name FQDN of the SIP regis trar The maximum number of characters is 40 Entries with sp
153. 5 3 ISDN PRI interface Both of the ISDN PRI interfaces on bintec R4100 are connected via an RJ45 plug The cable supplied connects the RJ45 plug needed for the device to an RJ45 plug needed for the PRI connection The following pins are used for the connection Fig 25 ISDN PRI interface RJ45 socket The pin assignment for the ISDN PRI interface RJ45 socket is as follows RJ45 socket for ISDN PRI connection T T Not used R R Not used NN O Oo fF WO DY Not used R1xxx R3xxx R4xxx 8 Not used Note for NTs in Germany En Note In Germany Transmit NT gt TE is often designated S2Mab a and b on the plug and Receive TE gt NT S2Man a and b 6 5 4 CardBus interface PCMCIA The CardBus interface on bintec R1200wu allows a UMTS CardBus modem to be added to the system The modem card is inserted in the existing CardBus slot and is integrated automatically by the system You can insert the card even when the device is running hot pluggable If the card is not integrated automatically the system does not support this specific card Our support staff will be pleased to help if you have any questions Pin 35 Fig 26 68 pin CardBus slot for UMTS modem card The pin assignment is as follows Pin assignment of the CardBus slot Pin Function Description 1 GND Ground 2 CADO Mpx address data 0 3 CAD1 Mpx address data 1 4 CAD3 Mpx address data 3 5 CAD5 Mpx address data 5 6 CA
154. 502 Region 213 Registrar 398 Registration 393 398 Remote GRE IP Address 369 Remote Hostname 350 Remote ID 511 Remote IP Address 351 510 Remote MAC 523 524 Remote MAC Address 209 Remote Networks 510 Remote Number 515 516 Remote Port 390 511 Remote PPTP IP Address 270 361 Remote PPTP IP Address Hostname 361 Remote User for Dialin only 277 Requested Rate 167 Response 422 Result of Autoconfiguration 153 Retransmission Timer 236 Retries 127 RFC 2091 Variable Timer 234 RFC 2453 Variable Timer 234 RIP UDP Port 234 Roaming Profile 195 Robustness 244 Role 344 Index Route Announce 230 Route Entries 265 269 274 278 286 290 310 313 316 323 355 362 369 Route Timeout 236 Route Type 217 RSA Key Status 121 RTS frames with no CTS received 519 RTS Threshold 193 195 RTT Mode Realtime Traffic Mode 257 Rx Bytes 517 Rx Errors 517 Rx Packets 517 518 521 522 523 524 525 S Scan channels 195 Scan Interval 195 Scan Threshold 195 SCEP URL 137 Schedule Start Stop Time 443 Schedule Interval 453 Second Timeserver 107 Secondary 419 419 Secondary DHCP Server 439 Security Algorithm 510 Security Mode 203 210 Segment Pending Requests 306 Segment Send Interval 306 Select action 450 Select file 491 Select interface 450 Select ISDN interface 393 Select radio 450 Selected Ports 366 Selection 383 Send 530 Send Certificate Chains 348 Send Certificate R
155. 513 515 517 Stop Time 452 Subnet 381 Subscriber Number 153 156 401 Subsystem 503 509 Successfully Answered Queries 427 Summary 139 Sustained Cell Rate SCR 303 Switch Port 150 Sync SAs with ISP interface state 347 Synchronisation Mode 485 System Admin Password 104 System Date 99 System Logic 491 System Name 102 T TACACS Secret 130 TCP Inactivity 379 TCP Keepalives 119 TCP Port 131 TCP MSS Clamping 178 Telnet 117 Terms amp Conditions 473 TFTP File Name 450 TFTP Server 450 Third Timeserver 107 Ticket Type 475 Funkwerk Enterprise Communications GmbH Time 509 Time Condition 452 Time Update Interval 107 Time Update Policy 107 Time Zone 106 Timeout 131 462 Timeslot Matrix 159 Timeslot Range 159 Timeslot Selection 159 Timestamp 496 Total 514 Traceroute Test 488 Traffic Priority 374 Traffic shaping 254 257 377 Transfer Mode 328 Transfer own IP address over ISDN 328 Transmit Key 203 207 210 Transmit Power 187 Transmit Shaping 164 Transmitted MPDUs 519 Transparent MAC Address 116 Trials 455 Trigger 457 Trunk Line 407 Trunk Mode 398 TTL 422 Tunnel Profile 354 Tx Bytes 517 Tx Errors 517 Tx Packets 517 518 521 522 523 524 525 Type 249 298 383 405 517 Type of Endpoint 390 Type of Messages 496 Type of traffic 224 U UDP Destination Port 351 359 507 UDP Inactivity 379 UDP Port 127 UDP Source Port 351 UDP Source Port Selec
156. 8 63 characters Fields in the Remote Partner menu Field Description Remote MAC Address Enter the MAC Address of the WDS partner 13 1 4 Client Link If you operate your device in access client mode Wireless LAN gt WLAN gt Wireless Module Settings gt gt Operating Mode Access Client you can set up and edit the available Client Links in the Wireless LAN gt WLAN gt Client Links gt p gt menu Client mode can operate in infrastructure mode or in ad hoc mode In a network in infra structure mode all clients communicate with each other exclusively via access points There is no direct communication between the individual clients In ad hoc mode an access client can be used as central interface between a number of terminals In this way devices such as computers and printers can be wirelessly intercon nected 13 1 4 1 Client Link gt p Choose the pl icon to edit existing entries onina Hep bintes R1200 acto semngs ent Baste Parameters Network Name SSID Securty Settings a eae oe Security Mode Inactive oK Cancel Fig 78 Wireless LAN gt WLAN gt Client Link gt p gt The Wireless LAN gt WLAN gt Client Link gt b gt menu consists of the following fields R1xxx R3xxx R4xxx 13 Wireless LAN Funkwerk Enterprise Communications GmbH Fields in the Client Link Basic Parameters menu Field Description Network Name
157. 84509982 43 448632595011S570952551767 70116166569089632 16398179133323977323 1877712 746643 12501085550617414306630 041163485076690509068957866176972 12081811410853 590733 69329733126120426693 320106097890434357773 Exponent e 17 bits 65537 Extensions Available key usage basic constraints KeyUsage DigitalSignature NonRepudiation KeyEncipherment BasicConstraints ca FALSE El MDS Fingerprint FO 41 44 3F 6A 02 DD 12 97 2C 67 21 F7 59 80 3E ai A A ea E SHAM Fingerprint 98 5B D6 3E 4A 9B 95 8B FESFF C2 27 CF 24 42 A7 17 6F 8C 54 oK Ji Cancel Fig 54 System Management gt Certificates gt Certificate List gt g The certificates and keys themselves cannot be changed but a few external attributes can be changed depending on the type of the selected entry The System Management gt Certificates gt Certificate List gt menu consists of the following fields Fields in the menu Field Description Description Shows the name of the certificate key or request Certificate is CA Certific Mark the certificate as a certificate from a trustworthy certifica ate tion authority CA Certificates issued by this CA are accepted during authentica tion The function is activated with True The function is disabled by default R1xxx R3xxx R4xxx 10 System Management Funkwerk Enterprise Communications GmbH Field Description Cert
158. ADSL The function is activated with Enabled The function is disabled by default Fields in the PPP over ATM Settings menu only shown for Type PPP over ATM see also Field Description Client Type Select whether the PPPoA connection is to be set up perman ently or on demand Possible values e On Demand default value The PPPoA is only set up on de Field Description mand e g for Internet access 15 2 2 Service Categories In the WAN gt ATM gt Service Categories menu a list of ATM connections PVC Per manent Virtual Circuit already configured with specific assigned data traffic parameters is shown Your device supports QoS Quality of Service for ATM interfaces Caution ATM QoS should only be used if your provider specifies a list of data traffic parameters traffic contract The configuration of ATM QoS requires extensive knowledge of ATM technology and the way the bintec devices function An incorrect configuration can cause consider able disruption during operation If applicable save the original configuration on your PC 15 2 2 1 New Choose the New button to set up new categories TE bintes R3800 Ven Sees Profiles Service Categories OAM Controlling Basic Parameters 3 Virtual Channel Connection VCC VPIB VCI32 ATM Service Category Select one v L Peak Cell Rate
159. ADSLiinterfaces oa A a a eS 61 6 5 6 SHDSL interface i acc ain i Sek wD ww eo Ra apa Av wow kos 61 6 5 7 X 21 interface eee lee ok SLE cain Moe tee hd ea ie i ads ot Woe te 63 6 6 WEEE informatioN 4 amp 2 t eee SR RE De eee 4 65 Chapter 7 Variable switching of SO interfaces 66 71 Switching the SO interfaces from external to internal 66 Chapter 8 Access and configuration o o 70 8 1 Access Options a A 70 8 1 1 Access Ma LAN codos rt bp hak ad oe ea Rp eed ey 70 8 1 2 Access via the Serial Interface 0 73 8 1 3 Access OVernISDN cai A A a TA e da 75 8 2 ES bots eed oS eR dy Pat pot Mee i he ER as he 75 8 2 1 User names and passwords in ex works state 2 2 76 R1xxx R3xxx R4xxx 8 2 2 Logging in for Configuration a aoa a o o 76 8 3 Configuration options a o a o 77 8 3 1 Funkwerk Configuration Interface o 78 8 3 2 SNMPiShellt maa aaa a Be ae E A 95 8 4 BOOTmonitor ba oe e ee ee a A a a 95 Chapter 9 Assistants daca sO Geeta em al Glau me ae ata a 97 Chapter 10 System Management o 98 10 1 StatuSs ogc A a eS ee A i 98 10 2 Global Settings 2 o 101 10 2 1 Systema a eot A ln ee es BA el ta 101 10 2 2 Passwords mor oia a Gwe OE BA eS Bebe GO AE es ees 103 10 2 3 Date and Time 2 2 o o eo 105 10 2 4 System Licen
160. AST bit is set in the DHCP requests for your device Some DHCP servers that assign IP addresses by UNICAST do not respond to DHCP requests with the set BROADCAST bit In this case it is necessary to send DHCP requests in which this bit is not set In this case disable this option The function is activated by choosing Enabled The function is enabled by default Proxy ARP Select whether your device is to respond to ARP requests from its own LAN on behalf of defined remote terminals The function is activated by choosing Enabled The function is disabled by default TCP MSS Clamping Select whether your device is to apply MSS Clamping To pre vent IP packets fragmenting the MSS Maximum Segment Size is automatically decreased by the device to the value set here The function is activated by choosing Enabled The function is disabled by default Once enabled the default value 1350 is entered in the input field 12 2 VLAN By implementing VLAN segmentation in accordance with 802 1Q you can configure VLANs on your device The wireless ports of an access point in particular are able to re move the VLAN tag of a frame sent to the clients and to tag received frames with a pre defined VLAN ID This functionality makes an access point nothing less than a VLAN aware switch with the enhancement of grouping clients into VLAN groups In general VLAN segmenting can be configured with all interfaces Standard LAN VLAN Segmentation
161. AT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Software supplied Dime Manager on DVD Dime Manager on DVD Printed documentation supplied Quick Install Guide Quick Install Guide Online documentation General product features bintec R3400 bintec R3800 User s Guide Workshops Release Notes if required User s Guide Workshops Release Notes if required Product name bintec R3400 bintec R3800 Dimensions and weights Equipment dimensions without cable B x H x D 295 mm x 45 mm x 160 mm 295 mm x 45 mm x 160 mm Weight approx 1260 g approx 1260 g Transport weight incl documentation cables packaging approx 2 6 kg approx 2 6 kg Memory 32 MB SDRAM 32 MB SDRAM 8 MB flash ROM 8 MB flash ROM LEDs 18 1x Power 1x Status 5x2 Ether 20 1x Power 1x Status 5x2 Ether net 3x2 Function net 4x2 Function Power consumption of the device max 15 Watt normally 10 Watt max 15 Watt normally 12 Watt Voltage supply 15 V AC 1 3 A EU PSU 15 V AC 1 3 A EU PSU Environmental require Funkwerk Enterprise Communications GmbH 6 Technical data Product name bintec R3400 bintec R3800 ments Storage temperature 20 to 70 C 20 to 70 C Operating temperature 0 to 40 C 0 to 40 C Relative atmospheric humidity 10 to 90 non condensing in o
162. Active Sessions SIF Displays the total of all SIF TDRC and IP load balancing ses RTP etc sions Active IPSec Tunnels Displays the number of currently active IPSec tunnels in relation to the number of configured IPSec tunnels Fields in the Status Module menu Field VENTO DSP Module Shows the type of plugged DSP module if any An acquired fax licence if any can be displayed Other fields in the menu Status Field VENTO Physical Interface In The physical interfaces are listed here and their most important terface Specifics Link settings are shown The system also displays whether the inter face is connected or active Interface specifics for Ethernet interfaces e IP Address e Netmask Interface specifics for serial ISDN interfaces e Configured e Not configured Interface specifics for xDSL interfaces e Downstream Upstream Line Speed Interface Specifics for WLAN Interfaces Access Point Mode e Operation Mode Access Point or Off e The channel used on this wireless module e Number of connected clients Field Value Number of WDS links e Software version of the wireless card Access Client Mode e Operation Mode Access Client or Off e The channel used on this wireless module e Software version of the wireless card Recent System Logs Displays the last 10 system messages 10 2 Global Settings The basic system parameters are managed in the Global Settings menu 10 2 1 System The Syst
163. As a result several packets are sent one after the other without a waiting period This is par ticularly effective in 11b g mixed operation The function is activated with Enabled The function is activated by default If problems occur with older WLAN hardware this function should be deactivated Nitro XM The Nitro XM eXtreme Multimedia function can increase throughput by combining Protection avoids collisions in radio cells with 11g and 11b clients Packet Bursting sending of sev eral data packets together already implemented with the name Nitro Compression and Concatenation combines several smaller packets into one larger WLAN packet Possible values e Frame Compression If this function is activated sent data is compressed This only works in combination with clients that use Conexant radio cards The gain in transmission speed depends to a large extent on the type of transmitted data e Frame Concatenation If this function is activated several small data packets are combined to form larger ones This only works in combination with clients that use Conexant radio cards e Piggyback Acknowledge If this function is activated the confirmation for received packets ACK is combined with other sent packages This only works in combination with cli ents that use Conexant radio cards e Direct Link If Direct link is activated logged on clients can exchange data directly without routing via the access point
164. BS B CBS A RxC B RxC A Mode DCE Mode 0 DTR B DTR A DCD B DCD A DSR B DSR A TxC B TxC A Mode 1 Mode 2 TxCE B TxCE A A9 9 12 10 A10 10 5 3 D A11 11 13 14 A12 12 6 7 A13 13 8 B1 14 B B2 15 B3 16 H B4 17 B5 18 F B6 19 B7 20 E B8 21 Ww B9 22 U B10 23 B11 24 8 8 B12 25 13 AA B13 26 6 Y ASAS AA 35 36 25 35 17 19 19 29 11 31 13 30 12 23 26 R1xxx R3xxx R4xxx 6 6 WEEE information The waste container symbol with the X through it on the device indicates that the device must be disposed of separately from normal domestic waste at an appropriate waste disposal facility at the end of its useful service life Das auf dem Ger t befindliche Symbol mit dem durchgekreuzten Miillcontainer bedeutet dass das Ger t am Ende der Nutzungsdauer bei den hierf r vorgesehenen Entsorgungsstellen getrennt vom normalen Hausmiill zu entsorgen ist Le symbole se trouvant sur l appareil et qui repr sente un conteneur ordures barr signifie que l appareil une fois que sa dur e d utilisation a expir doit tre limin dans des poubelles sp cia les pr vues cet effet de mani re s par e des ordures m nag res courantes Il simbolo raffigurante il bidone della spazzatura barrato riportato sull apparecchiatura significa che alla fine della durata in vita dell apparecchiatura questa dovr essere smaltita separatamen
165. Bell Western plugs for analogue telephones have four or six contacts A graphical tool on Windows 95 98 and Millennium that uses Win32 API to view and configure the IP address configuration of com puters A group of computers wirelessly connected to each other wireless LAN Wireless multimedia Wi Fi protected access Concentrates primarily on the needs of companies and offers secure encryption and authentication Uses 802 1x and the Extensible Au thentication Protocol EAP and thus offers an effective means of user authentication Intended for private users or small businesses that do not run a central authentication server PSK stands for Pre Shared Key and means that AP and client use a fixed character string 8 to 63 char acters known to all subscribers as the basis for key calculation for wireless traffic World Wide Web The X 21 recommendation defines the physical interface between two network components in packet switched data networks e g Da tex P The X 21bis recommendation defines the DTE DCE interface to V series synchronous modems An internationally agreed standard protocol that defines the interface between network components and a packet switched data network ITU T recommendation on the integration of X 25 compatible DTEs in ISDN D channel ITU T standards that cover user directory services see LDAP Ex ample The phone book is the directory in which you find people on R1xxx R3xxx R4xxx X
166. CE ITU T recommendation for unbalanced dual current interface line ITU T recommendation for data transmission at 48kbps in the range from 60 to 108kHz Modem for V 35 Data compression procedure ITU standard for 56 kbps analogue modems In contrast to older V 34 modems data is sent in digital form to the client when the V 90 standard is used and does not need to be first converted from digital to analogue on one side of the modem provider as was the case with V 34 and earlier modems This makes higher transmission rates possible A maximum speed of 56 kbps can be achieved only under optimum conditions Letter dialling Very high bit rate digital subscriber line also called VADSL or BD SL VLAN ID Van Jacobson Header Compression Virtual LAN Voice over IP Virtual Private Network Virtual Service Set Wide Area Network WAN interface Remote station that is reached over a WAN e g ISDN Server that provides documents in HTML format for access over the Internet WWW T Online service with which e mails can be sent and received world Glossary WEP Western plug WINIPCFG WLAN WMM WPA WPA Enterprise WPA PSK WWW X 21 X 21bis X 25 X 31 X 500 Funkwerk Enterprise Communications GmbH wide on the Internet by means of a browser Wired Equivalent Privacy also known as RJ 45 plug Plug used for ISDN terminals with eight contacts Developed by the US telephone company Western
167. Communications GmbH 13 Wireless LAN Field Description Select the type of encryption you want to apply to WPA2 Possible values e AES default value AES is used e TKIP TKIP is used e AES and TKIP AES or TKIP is used Preshared Key Only if Security Mode WPA PSK Enter the WPA password Enter an ASCII string with 8 63 characters Note Change the default Preshared Key If the key has not been changed your device will not be protected against unau thorised access EAP Preauthentification Only if Security Mode WPA Enterprise Select whether the EAP preauthentification function is to be ac tivated This function tells your device that WLAN clients which are already connected to another access point can first carry out 802 1x authentication as soon as they are within range Such WLAN clients can then simply connect over the existing network connection with your device The function is activated by choosing Enabled The function is enabled by default Fields in the MAC Filter menu Field Description ACL Mode Select whether only certain clients are to be permitted for this wireless network The function is activated by choosing Enabled The function is disabled by default Allowed Addresses Use Add to make entries and enter the MAC addresses MAC Address of the clients to be permitted 13 Wireless LAN Funkwerk Enterprise Communications GmbH 13 1 3 WDS Links If you operate your device in access point mode
168. D7 Mpx address data 7 R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 6 Technical data Pin Function Description 7 CCBEO Command Byte possible 0 8 CAD9 Mpx address data 9 9 CAD11 Mpx address data 11 10 CAD12 Mpx address data 12 11 CAD14 Mpx address data 14 12 CCBE1 Command Byte possible 1 13 CPAR CardBus Parity 14 CPERR CardBus Parity error 15 CGNT CardBus Grant 16 CINT CardBus IREQ 17 VCC Card power supply 18 VPP1 Programming voltage 1 19 CCLK CardBus cycle 20 CIRDY CardBus initiator ready 21 CCBE2 Command Byte possible 2 22 CAD18 Mpx address data 18 23 CAD20 Mpx address data 20 24 CAD21 Mpx address data 21 25 CAD22 Mpx address data 22 26 CAD23 Mpx address data 23 27 CAD24 Mpx address data 24 28 CAD25 Mpx address data 25 29 CAD26 Mpx address data 26 30 CAD27 Mpx address data 27 31 CAD29 Mpx address data 29 32 RFU Reserved 33 CCLKRUN Start CardBus cycle 34 GND Ground 35 GND Ground 36 CCD1 Card ID 1 37 CAD2 Mpx address data 2 38 CAD4 Mpx address data 4 Pin Function Description 39 CAD6 Mpx address data 6 40 RFU Reserved 41 CAD8 Mpx address data 8 42 CAD10 Mpx address data 10 43 CVS1 Voltage ID 1 44 CAD13 Mpx address data 13 45 CAD15 Mpx address data 15 46 CAD16 Mpx address data 16 47 RFU Reserved 48 CBLOCK CardBus blocked 49 CSTOP CardBus stop 50 CDEVSEL CardBus device selection 51 VCC Card power supply 52 VPP2 Programming voltage 2 53 CTRDY CardBus destination ready 54
169. DN Eurofile transfer Exchange Exchange access right Extended redialling Extension Funkwerk Enterprise Communications GmbH Refers to the encryption of data e g MPPE In the ex works setting all external connections made and received via your PBX are recorded and stored in the form of connection data records Encapsulating Security Payload The Extended Service Set describes several BSS several access points that form a single logical wireless network A local network that connects all devices in the network PC print ers etc via a twisted pair or coaxial cable The 4 connections are led equally through an internal switch Net work clients can be directly connected to the connection sockets The ports are designed as 100 BaseT full duplex autosensing auto MDIX upwardly compatible to 10 Base T Up to 4 SIP telephones or IP softclients with SIP standard can be directly connected to PCs with a network card If the power supply to the PBX cuts out while new firmware is being loaded the PBX functions are deleted Harmonised ISDN standardised within Europe based on signalling protocol DSS1 the introduction of which network operators in over 20 European countries have committed to Euro ISDN has been in troduced in Germany replacing the previous national system 1 TR6 Communication protocol for the exchange of files between two PCs over ISDN using an ISDN card file transfer or telephones or PBXs configu
170. Description Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is activated with Enabled The function is enabled by default Local IP Address Only if IP Address Mode Static Enter the static IP address of the connection partner Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner Add a new entry with Add e Remote IP Address IP address of the destination host or network e Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The de fault value is 60 Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Authentication Select the authentication protocol for this connection partner Select the authentication specified by your provider Possible values 15 WAN Funkwerk Enterprise Communications GmbH Field Description e PAP default value Only run PA
171. Discovery Server Options menu Field Description Enable Discovery Server Select whether your device is to be discovered and configured by other bintec devices in the network The function is activated with Enabled The function is disabled by default R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 19 Local Services 19 11 UPnP Universal Plug and Play UPnP makes it possible to use current messenger services e g real time video audio conferencing as peer to peer communication where one of the peers lies behind a NAT enabled gateway UPnP enables mostly Windows based operating systems to take control of other devices with UPnP functionality on the local network These include gateways access points and print servers No special device drivers are needed as known common protocols are used such as TCP IP HTTP and XML Your gateway makes it possible to use the subsystem of the Internet Gateway Device IGD from the UPnP function range In a network behind a NAT enabled gateway the UPnP configured computers act as LAN UPnP clients To do this the UPnP function on the PC must be enabled The pre configured port used for UPnP communication between LAN UPnP clients and the gateway is 5678 The LAN UPnP client acts as a so called service control point i e it re cognizes and controls the UPnP devices on the network The ports assigned dynamically by for example MSN Messenger lie in the range from 5004 to 65535
172. Enable authentication 481 Enable BRRP 485 Enable Discovery Server 466 Enable IPSec 346 Enable server 448 Enable update 431 Enable VLAN 183 Encapsulation 298 Encrypted 514 Encryption 131 280 356 364 Encryption Algorithms 120 End to End Pending Requests 306 End to End Send Interval 306 Entries 283 294 Entry active 125 130 Errors 511 514 Ethernet Interface 480 Ethernet Interface Selection 150 Expire Time 393 398 Extended Route 217 Extension UserName 393 External Address 411 Funkwerk Enterprise Communications GmbH External Filename 142 143 External Port 390 F Facility 496 Fallback interface to get DNS server 420 Faxheader 448 File Encoding 142 143 Filename 491 Filter 252 Filter Rules 377 Filtered Input Interface s 440 Firewall Status 378 First Timeserver 107 Force certificate to be trusted 135 Forward 424 Forward to 424 Forwarded Requests 427 Fragmentation Threshold 193 195 Frame transmissions without ACK re ceived 519 G Garbage Collection Timer 236 Gateway 217 436 464 Generate Private Key 137 GPRS UMTS Interface 285 GRE Window Adaption 367 GRE Window Size 367 Group Description 125 238 Group ID 455 H Hashing Algorithms 120 Hello Interval 352 High Priority Class 252 Hold Down Timer 236 Host 424 Host for multiple locations 476 Host Name 431 HTTP 117 HTTPS 117 Index HTTPS TCP Port 429 l IEEE 802 11d Compliance 187 IGMP Proxy 246 IGMP State Limit 244 247 I
173. Filter CAPI Server Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP HotSpot Gateway BRRP Fig 149 Local Services gt DNS gt Domain Forwarding gt New The Local Services gt DNS gt Domain Forwarding gt New menu consists of the follow ing fields Fields in the Domain Forwarding Forwarding Parameters menu Field Description Forward Select whether a host or domain is to be forwarded Possible values e Host default value e Domain Host Only for Forward Host Enter the name of the host to be forwarded The entry can also start with the wildcard e g funkwerk com If a name is entered without a full stop once you confirm with OK lt Default Domain is added Domain Only for Forward Domain R1xxx R3xxx R4xxx Field Description Enter the name of the domain to be forwarded The entry can also start with the wildcard e g funkwerk com If a name is entered without a full stop once you confirm with OK lt Default Domain is added Forward to Select the forwarding destination requests to the name defined in Host or Domain Possible values e Interface default setting The request is forwarded to the defined Interface DNS Server The request is forwarded to the defined DNS server Interface Only for Forward to Interface Select the interface via which the requests for the defined Do main are to be received and forwarded to the DNS server
174. Firewalls Number or messages fi es Message Compression MEnable O M i K Add Syslog a IP Accounting re E mail Alert oK pri Cancel SUMP Activity Manitor ail Fig 190 External Reporting gt E mail Alert gt E mail Alert Recipient The External Reporting gt E mail Alert gt E mail Alert Recipient menu consists of the following fields Fields in the E mail Alert Recipient Add Edit E mail Alert Recipient menu Field Description Recipient Enter the E mail address of the recipient The entry is limited to 40 characters Matching String You must enter a Matching String This must occur in a syslog message as a necessary condition for triggering an alert The entry is limited to 55 characters Bear in mind that without the use of wildcards e g only those strings that correspond exactly to the entry fulfil the condition The Matching String R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 21 External Reporting Field Description entered therefore usually contains wildcards To be informed of all syslog messages of the selected level just enter Severity Select the severity at which the string configured in the Match ing String field must occur to trigger an E mail alert Possible values Emergency default value Alert Critical Error Warn ing Notice Information Debug Message Timeout Enter how long the router must wait after a relevant event be fore it is force
175. GMP Status 247 Ignore Certificate Request Payloads 348 IKE Phase1 513 IKE Phase1 SAs 511 Include certificates and keys 491 Incoming ISDN Number 328 366 Incoming Number 461 Incoming Service Type 147 173 Interface 116 118 170 182 217 221 224 233 239 244 254 318 377 424 431 435 457 464 473 515 516 529 530 Interface Action 457 Interface Description 114 Interface is UPnP controlled 468 Interface Leads 170 Interface Mode 177 Interface Type 170 393 Interfaces 252 Internal IP Address 390 Internal Port 390 Internal Timeserver 107 Interval 455 459 Intra cell Repeating 202 Invalid DNS Packets 427 IP Accounting 498 IP accounting message format 499 IP Address 233 300 301 422 438 464 480 496 506 521 522 528 529 IP Address Assignment 323 IP Address Mode 265 269 274 278 286 290 355 362 IP Address Owner 477 IP Address Range 435 IP address to use for DNS WINS server assignment 420 IP Address Netmask 177 IP Assignment Pool 278 290 323 IP Assignment Pool IPCP 355 362 IP Compression 341 IP Pool Name 296 345 IP Pool Range 296 345 IPSec Phase2 513 IPSec Phase2 SAs 511 IPSec Debug Level 346 IPSec Tunnels 513 ISDN Configuration Type 153 ISDN Line Framing 156 ISDN Login 117 ISDN Mode 413 ISDN Port 161 ISDN Switch Type 153 156 ISDN Theft Protection Service 461 ISDN Timeserver 107 ISDN Usage External 99 I
176. Global Options menu Field Description UDP Destination Port Enter the port to be monitored by the LNS on incoming L2TP tunnel connections Available values are all whole numbers from 1 to 65535 the default value is 1701 as specified in RFC 2661 UDP Source Port Selec Select whether the LNS should only use the monitored port tion UDP destination port as the local source port for the L2TP connection The function is activated with Fixed R1xxx R3xxx R4xxx Field Description The function is disabled by default 16 3 PPTP The Point to Point Tunnelling Protocol PPTP can be used to set up an encrypted PPTP tunnel to provide security for data traffic over an existing IP connection First a connection to an ISP Internet Service Provider is set up at both sites Once these connections are available a tunnel is set up to the PPTP partner over the Internet using PPTP The PPTP subsystem sets up a control connection between the endpoints of the tunnel This is used to send control data to set up keep alive and terminate the connection between the two PPTP tunnel end points As soon as this control connection is set up the PPTP transfers the traffic data packed in GRE packets GRE Generic Routing Encapsu lation 16 3 1 PPTP Tunnel In the PPTP Tunnel menu a list of all PPTP tunnels is shown R1xxx R3xxx R4xxx 16 3 1 1 New Click on New to set up further PPTP partners PPTP Tunnels Options
177. IP 4 Under Network Key and Confirm Network Key enter the configured preshared key 5 Exit each menu with OK Note Windows XP allows several menus to be modified Depending on the configuration the path to the wireless network connection you want to configure may be different to that described above 4 7 Software Update The range of functions of bintec devices is continuously being extended These extensions are made available to you by Funkwerk Enterprise Communications GmbH free of charge Checking for new software versions and the installation of updates can be carried out eas ily with the Funkwerk Configuration Interface An existing internet connection is needed for an automatic update Proceed as follows 1 In the Maintenance gt menu select Software amp Configuration 2 Under Action select Update System Software and under Source Latest Software from Funkwerk Server 3 Then click on GO Current tated Sotware B055 V T 9 Rev 5 Sec hom 20100906 00 00 00 System Loge wa A potas id Candi Cda Action Update system software Y Source Localion Current Software trom Funkwerk Server The device will now connect to the Funkwerk Enterprise Communications GmbH download server and check whether an updated version of the system software is available If so your device will be updated automatically When installation of the new software is com plete you will be invited t
178. IP ac count e Any No restriction of the entry Enter Called Line or Called Address If a value other than Any is chosen the Called Address should not be used If you set Called Line Any and Called Address is not used all calls on the Calling Line are processed Called Address Here you have the option of entering the destination address of the call Enter Called Line or Called Address If the Called Address is used Called Line Any should be set Calling Address Transla Enter the transformation rule applied to the call numbers tion Notation lt a b gt i e a is replaced by b A number of rules can be chained together using semicolons as separators e g lt a b gt lt c d gt lt e f gt After confirmation of entry the rule chain is automatically sorted by the best match method is a placeholder for an arbitrary digit Field Description Example 18 3 Example of a rule e Rule lt 49911 gt e number dialled 96731234 e manipulated number 4991196731234 18 2 5 Call Translation You can create a list for the translation of subscriber numbers i e this list associates in ternal and external numbers S Note Which number called party number or calling party number is translated depends on the direction incoming or outgoing of the call in question For incoming calls it is the called party number for outgoing calls the calling party number that is translated For example the internal num
179. LAN only bintec R1200w R1200wu and R3000w WLAN In this menu you configure your wireless modules as an access point or as an access client Administration In this menu you make the basic WLAN settings Routing Routes In this menu you enter additional routes Funkwerk Enterprise Communications GmbH 8 Access and configuration NAT RIP Load Balancing Multicast QoS WAN In this menu you configure the NAT firewall NAT Network Ad dress Translation In this menu you configure the dynamic updating of the routing table via RIP In this menu you configure application controlled bandwidth management In this menu you configure the use of multimedia streaming protocols for e g voice over IP or video and audio streaming e g IPTV or Webradio or TriplePlay voice video data In this menu you configure all the Quality of Service settings Internet Dialup ATM Leased Line Real Time Jitter Con trol In this menu you define the Internet connections for the various connection protocols or dialup connections In this menu you carry out configuration of the ATM profiles that are needed for all the ADSL connections and also connection monitoring OAM and ATM QoS In this menu the permanent connections of two communication partners are displayed In this menu you can set the upstream speed VPN IPSec L2TP PPTP GRE Firewall In this menu you configure VPN connections ove
180. Language English View Standard Online Help Automatic Refresh interval ot 300 Seconds Apply y 8 12006 11 15 22 ES 2006 11 15 22 14 35 Information Configuration boot configuration loaded Page 1 tems Te s Maximum Number of Syslog Entries 50 Maximum Message Level of Syslog Entries Information View ww 20 perp per page Fiter in I 157 rter in None equal Go No DateTime Level Subsystem Message gt ict 12008 11 16 01 29 16 Information INET APDISCD 2 access points found on interface 1000 E 2 12006 11 18 01 29 06 Information INET APDISCD discovery initiated fon interface 1000 Em 12006 41 15 22 14 40 information IPSec init starting E 4 2006 11 15 22 14 40 Information IPSec BinTec ipsecd version 3 0 Copyright 1996 2010 by Funkwerk Enterprise _ Communications GmbH 5 2006 11 15 22 14 40 Information IPSec init running a _ E 16 2006 11 15 22 40 Information INET sshd pid 57 listening on a a O o port 23 Ir 2006 11 15 22 14 38 Information Configuration system r1200 started at Wed Nov 15 22 14 38 2006 35 Information Configuration Converted time offset 0 to time zone UTC 00 Fig 194 Monitoring gt Internal Log gt System Messages Values in the list System Messages Field Description No Displays the serial number of the system message Date Displays the date of the record
181. Like Windows Server Mode but with the option of aborting This setting should be avoided for security reasons The Mi crosoft client also has the option of aborting callback and maintaining the initial connection to your device without call back This only applies if no fixed outgoing number has been configured for the connection partner This is done by pressing CANCEL to close the dialog box that appears Fields in the Advanced Settings Options for On demand Bandwidth menu Field Description Channel Bundling Select whether channel bundling is to be used for ISDN connec tions with the connection partner and if so what type Your device supports dynamic and static channel bundling for dialup connections Only one B channel is initially opened when a connection is set up Dynamic channel bundling means that your device connects other ISDN B channels to increase the throughput for connections if this is required e g for large data rates If the amount of data traffic drops the additional B channels are closed again In static channel bundling you spe cify right from the start how many B channels your device is to use regardless of the transferred data rate Possible values Funkwerk Enterprise Communications GmbH 15 WAN Field Description e None default value No channel bundling only one B chan nel is ever available for connections e Static Static channel bundling e Dynamic Dynamic channel bundling Number of B
182. MBS 303 Maximum Groups 247 Maximum Message Level of Syslog Funkwerk Enterprise Communications GmbH Entries 102 Maximum Messages per Minute 500 Maximum Number of Accounting Log Entries 102 Maximum Number of Dialup Retries 266 270 275 280 287 291 Maximum Number of History Entries 440 Maximum Number of Syslog Entries 102 Maximum Response Time 244 Maximum Retries 352 Maximum Sources 247 Maximum Time between Retries 352 Maximum TTL for Negative Cache Entries 420 Maximum TTL for Positive Cache Entries 420 Maximum Upload Speed 254 257 318 Maximum upstream bandwidth 164 mbps 518 Media Gateway Status 414 Media Stream Termination 414 Members 380 386 Memory Usage 99 Message 509 Message Compression 502 Message Timeout 502 Messages 511 Metric 217 Metric Offset for Active Interfaces 233 Metric Offset for Inactive Interfaces 233 Min queue size 259 Min Time Period for Active Scan 195 Min Time Period for Passive Scan 195 Minimum Time between Retries 352 Mobile phone providers 173 Mode 137 212 218 221 244 247 283 294 328 332 344 Mode Bridge Group 114 Modem Escape Character 147 Index Modem Init Sequence 173 Modem Status 173 Monitored Interface 457 Monitored Interfaces 461 507 Monitored IP Address 455 Monitoring Mode 484 MSDUs that could not be transmitted 519 MSN 161 MSN Recognition 161 MTU 369 511 Multicast Group Address 242 Multicast MSDUs re
183. Membership Management protocols such as IGMP for IPv4 and MLP for IPv6 Membership Management protocol In IPv4 IGMP Internet Group Management Protocol is a protocol that hosts can use to provide the router with multicast membership information IP addresses of the class D ad dress range are used for addressing An IP address in this class represents a group A sender e g Internet radio sends data to this group The addresses IP of the various senders within a group are called the source addresses Several senders with different IP addresses can therefore transmit to the same multicast group leading to a 1 to n rela tionship between groups and source addresses This information is forwarded to the router by means of reports In the case of incoming multicast data traffic a router can use this in formation to decide whether a host in its subnet wants to receive it Your device supports the current version IGMP V3 which is upwardly compatible which means that both V3 and V1 V2 hosts can be managed Your device supports the following multicast mechanisms e Forwarding This relates to static forwarding i e incoming data traffic for a group is passed in all cases This is a useful option if multicast data traffic is to be permanently passed IGMP IGMP is used to gather information about the potential recipients in a subnet In the case of a hop incoming multicast data traffic can thus be selected Tip With multicast th
184. NMP accesses Possible values e v1 SNMP Version 1 e v2c Community Based SNMP Version 2 e v3 SNMP Version 3 v1 v2c and v3 are active by default If no option is selected the function is deactivated SNMP Listen UDP Port Shows the UDP port 161 at which the device receives SNMP requests The value cannot be changed Tip If your SNMP Manager supports SNMPv3 you should if possible use this version as older versions transfer all data unencrypted 10 5 Remote Authentication This menu contains the settings for user authentication 10 5 1 RADIUS RADIUS Remote Authentication Dial In User Service is a service that enables authentica tion and configuration information to be exchanged between your device and a RADIUS server The RADIUS server administrates a database with information about user authen tication and configuration and for statistical recording of connection data RADIUS can be used for e Authentication e Accounting Exchange of configuration data For an incoming connection your device sends a request with user name and password to R1xxx R3xxx R4xxx 10 System Management Funkwerk Enterprise Communications GmbH the RADIUS server which then searches its database If the user is found and can be au thenticated the RADIUS server sends corresponding confirmation to your device This con firmation also contains parameters called RADIUS attributes which your device uses as WAN
185. Not OK Subsystem is not activated Not supported You have entered a licence for a subsystem your device does not support In addition above the list is shown the System License ID required for on line licensing C Note To restore the standard licences for a device click the Default Licences standard li cences button 10 2 4 1 Edit New Choose the o icon to edit existing entries Choose the New button to add licences bintec R1200 Language English View Standard Online Help System Passwords Date and Time System Licences Basic Settings Interface Mode Bridge Licence Serial Number oups E 1 SSP ee Licence Key Administrative Access Remote Authentication Certificates E J ok JC Cancel Fig 44 System Management gt Global Settings gt System Licenses gt New Activating extra licences You activate extra licences by adding the received licence information in the System Man R1xxx R3xxx R4xxx agement gt Global Settings gt System Licenses gt New menu The System Management gt Global Settings gt System Licences gt New menu con sists of the following fields Fields in the System Licences Basic Settings menu Field VENTO Licence Serial Number Enter the licence serial number you received when you bought the licence Licence Key Enter the licence key you received by e mail a Note If Not OKis display
186. P E HotSpot Gateway Fig 160 Local Services gt Web Filter gt Black White List gt Add The Local Services gt Web Filter gt Black White List gt Add menu consists of the fol lowing fields Fields in the Black White List menu Field Description URL IP Address You enter a URL or IP address The length of the entry is limited to 60 characters Blacklisted You can select whether a URL or IP address can always in the White List ornever in the Black List be Whitelisted downloaded Whitelisted is enabled by default Addresses listed in the White List are allowed automatically It is not necessary to configure a suitable filter R1xxx R3xxx R4xxx 19 5 4 History In the Local Services gt Web Filter gt History menu you can view the recorded history of the web filter The history logs all requests that are marked for logging by a relevant filter Action Log likewise all rejected requests Global Settings Filter List Black White List F View feo per page EE Filter in Go j No Date Time i Category Result Page 1 Fig 161 Local Services gt Web Filter gt History 19 6 CAPI Server You can use the CAPI Server function to assign user names and passwords to users of the CAPI applications on your device This makes sure that only authorised users can receive incoming calls and make outgoing calls via CAPI The CAPI se
187. P PPP Password Authentica tion Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentica tion Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Primarily run CHAP on denial then the authentication protocol required by the connection partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default LCP Alive Check Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of line faults The function is activated with Enabled The func
188. P Address Enter the IP address of the host to which syslog messages are passed Level Select the priority of the syslog messages that are to be sent to the host Possible values e Emergency highest priority e Alert e Critical PESOS R1xxx R3xxx R4xxx Field Description e Warning e Notice e Information default value e Debug lowest priority Syslog messages are only sent to the host if they have a higher or identical priority to that indicated e all messages generated are recorded at syslog level Debug Facility Enter the syslog facility on the host This is only required if the Log Host is a Unix computer Possible values loca10 7 The default value is 10ca10 Timestamp Select the format of the time stamp in the syslog Possible values e None default value No system time indicated e Time System time without date e Date amp Time System time with date Protocol Select the protocol for the transfer of syslog messages Note that the syslog server must support the protocol Possible values UDP default value TCP Type of Messages Select the message type Possible values e System amp Accounting default value e System e Accounting R1xxx R3xxx R4xxx 21 2 IP Accounting In modern networks information about the type and number of data packets sent and re ceived over the network connections is often collected for commercial reasons This inform ation is ext
189. PAS A funkwerk enterprise communications Manual R1xxx R3xxx R4xxx Reference Copyright Version 9 0 2010 Funkwerk Enterprise Communications GmbH R1xxx R3xxx R4xxx 1 Manual Funkwerk Enterprise Communications GmbH Legal Notice Aim and purpose This document is part of the user manual for the installation and configuration of funkwerk devices For the latest information and notes on the current software release please also read our release notes particularly if you are updating your software to a higher release version You will find the latest release notes under www funkwerk ec com Liability This manual has been put together with the greatest possible care However the information con tained in this manual is not a guarantee of the properties of your product Funkwerk Enterprise Com munications GmbH is only liable within the terms of its conditions of sale and supply and accepts no li ability for technical inaccuracies and or omissions The information in this manual can be changed without notice You will find additional information and also release notes for funkwerk devices under www funkwerk ec com Funkwerk devices make WAN connections as a possible function of the system configuration You must monitor the product in order to avoid unwanted charges Funkwerk Enterprise Communications GmbH accepts no responsibility for data loss unwanted connection costs and damage caused by un intended operation of the p
190. Password Es Interface Mode Bridge System Admin Password P9000000 PANPE a a Confirm Admin Password eoccccee Administrative Access SNMP Communities SNMP Read Community TITT SNMP Write Community ooncacos Global Password Options io gt Show passwords and keys in cleartext Show OK Cancel Fig 42 System Administration gt Global Settings gt Passwords R1xxx R3xxx R4xxx 10 System Management Funkwerk Enterprise Communications GmbH En Note All bintec devices are delivered with the same username and password As long as the password remains unchanged they are not protected against unauthorised use Make sure you change the passwords to prevent unauthorised access to the device If the password is not changed under System Administration gt Status appears the warning System password not changed The System Management gt Global Settings gt Passwords menu consists of the follow ing fields Fields in the Passwords System Password menu Field Value System Admin Pass Enter the password for the user name admin word This password is also used with SNMPv3 for authentication MD5 and encryption DES Confirm Admin Pass Confirm the password by entering it again word Fields in the Passwords SNMP Communities menu Field VENTO SNMP Read Community Enter the password for the user name read SNMP Write Community Enter the password for the user name write
191. R1xxx R3xxx R4xxx 5 Chapter 3 Installation A Caution Please read the safety notices carefully before installing and starting up your device These are supplied with the device 3 1 Setting up and connecting a Note All you need for this are the cables and antennas supplied with the equipment f Caution Incorrect cabling of the ISDN and ETH interfaces may also damage your device Con nect only the ETH interface of the device to the LAN interface of the computer hub or an ISDN interface of the device if any only to the ISDN connection 3 Note If you connect an unconfigured device to an ISDN connection in parallel to a PBX the PBX cannot take any calls until an ISDN number is configured on the device If no entry is specified every incoming ISDN call is accepted by the ISDN Login service 6 R1xxx R3xxx R4xxx i Serial to PC ISDN outside line DSL Splitter Switch LAN Web Server Server in Demilitarized Zone DMZ Fig 2 Connection options using the example of R3000w R1xxx R3xxx R4xxx T X 21 V 35 connection Web Server in Demilitarized Zone DMZ Fig 3 Connection options using the example of R43000 8 R1xxx R3xxx R4xxx ISDN ISDN PRI lines BRI lines I S i l eria 1 1 Power connect supply to PC ISDN BRI lines Web Server in Demilitarized Zone DMZ Fig 4 Connection options using the example of R41000 When setting up and connecting carry out t
192. R3000w 1 1 0 Mains switch 2 PWR Socket for plug in power pack 3 DMZ ETH5 Ethernet interface 4 Main and AUX RSMA connection 5 ETH2 ETH4 Ethernet interface 6 ETH1 Console Ethernet interface with serial interface function 7 ISDN 0 ISDN 1 ISDN interface 8 ADSL ADSL interface bintec R3400 has a 4 port Ethernet switch including a port with serial interface function a DMZ ETH5 interface an ISDN interface and an SHDSL interface The connections are arranged as follows R1xxx R3xxx R4xxx Fig 19 Back of bintec R3400 Back of bintec R3400 1 1 0 Mains switch PWR Socket for plug in power pack DMZ ETH5 Ethernet interface ETH2 ETH4 Ethernet interface ETH1 Console Ethernet interface with serial interface function ISDN ISDN interface Oo J O oO wo N SHDSL SHDSL interface bintec R3800 has a 4 port Ethernet switch including a port with serial interface function a DMZ ETH5 interface an ISDN interface and an SHDSL interface The connections are arranged as follows Fig 20 Back of bintec R3800 Back of bintec R3800 1 1 0 Mains switch 2 PWR Socket for plug in power pack 3 DMZ ETH5 Ethernet interface 5 ETH2 ETH4 Ethernet interface 6 ETH1 Console Ethernet interface with serial interface function R1xxx R3xxx R4xxx 7 ISDN ISDN interface 8 SHDSL SHDSL interface bintec R4100 has a 4 port Eth
193. Rx Packets 22 5 4 Client Links In the Monitoring gt WLAN gt Client Links menu the current values and activities of the client links are shown a e i EY a e 7 2 E r bintec R1200 ta Language English v View Standard i 5 Z Y ln io ln 2 o 2 5 x 5 Save configuration Automatic Refresh interval 300 Seconds C Apply J Client Link Table Client Link Description AP MAC Address Up Time _ Tx Packets Rx Packets Signal dBm RSS RSSI2 RSSI3 Noise dBm Data Rate mbps VILAN1 sta1 0 0d 0h 0m 8s 0 0 0 0 0 0 0 10 8 AN _ ISDNModem Interfaces WLAN HotSpot Gateway 00S l Fig 207 Monitoring gt WLAN gt Client Links Values in the Client Links list Field Description Client Link Description Shows the name of the client link R1xxx R3xxx R4xxx Field Description AP MAC Address Shows the MAC Address of the client link partner Up Time Shows the time in hours minutes and seconds for which the cli ent link in question is active Tx Packets Shows the total number of packets sent Rx Packets Shows the total number of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate mbps Shows the current transmission rate of data received on this cli ent link in mbps Client Link Details You can use the O icon to open a summary of further details of the client links
194. SDN Usage Internal 99 K Key Value 369 L Language for login window 473 476 Last Member Query Interval 244 Last Write Result 464 Layer 2 Mode 170 Layer 4 Protocol 218 LCP Alive Check 266 270 275 287 291 311 314 316 356 364 LDAP URL Path 145 Lease Time 436 Level 496 509 Licence Key 111 441 Licence Serial Number 111 Licence Status 441 License valid until 441 Lifetime 332 339 Line Speed 147 170 Line Speed Interval 167 Funkwerk Enterprise Communications GmbH Local Address 411 Local Certificate 332 392 429 Local Certificate Description 142 143 Local GRE IP Address 369 Local Hostname 350 LocalID 511 Local ID Type 332 Local ID Value 332 Local IP Address 217 265 269 274 278 286 290 310 313 316 323 352 355 362 369 511 Local Port 511 Local PPTP IP Address 270 Location 102 139 Logged Actions 378 Logging Level 119 Logon 529 Long Retry Limit 193 195 Loopback End to End 306 Loopback Segment 306 Low Latency Transmission 388 MAC Address 177 300 438 464 521 527 528 Mail Exchanger MX 432 Management VID 183 Master down trials 481 Matching String 502 Max Receive Lifetime 193 Max Transmit MSDU Lifetime 193 Max Clients 202 Max queue size 259 Max Receive Lifetime 195 Max Time Period for Active Scan 195 Max Time Period for Passive Scan 195 Max Transmission Rate 191 Max Transmit MSDU Lifetime 195 Maximum Burst Size
195. SEND activated With Poisoned Reverse however your device propagates over the interface over which it learnt the routes with the metric Next Hop Count 16 Network is not reachable The function is activated with Enabled The function is disabled by default RFC 2453 Variable For the timers described in RFC 2453 select whether the same Timer values that you can configure in the Timer for RIP V2 RFC 2453 menu The function is activated with Enabled The function is enabled by default If you deactivate the function the times defined in RFC are re tained for the timeouts RFC 2091 Variable For the timers described in RFC 2091 select whether the same Timer values that you can configure in the Timer for Triggered RIP RFC 2091 menu The function is activated with Enabled The function is disabled by default If the function is not activated the times defined in RFC are re 14 Routing Funkwerk Enterprise Communications GmbH Field Description tained for the timeouts Fields in the RIP Options Timer for RIP V2 RFC 2453 menu Field Description Update Timer Only for RFC 2453 Variable Timer Enabled An RIP update is sent on expiry of this period of time The default value is 30 seconds Route Timeout Only for RFC 2453 Variable Timer Enabled After the last update of a route the route time is active After timeout the route is deactivated and the Garbage Collec tion Timer is started The defa
196. Schedule Start Stop In from enter from which time the the filter is to be activated Time The time is entered in the form hh mm Enter the time at which the filter is to be deactivated after the to in the field The time is entered in the form hh mm The default value is 00 00 to 23 59 Action Select the action to be executed if the filter matches a call Possible values e Block and Log default value The call of the requested page is prevented and logged e Allow and Log The download is permitted but logged The events log can be viewed in the Local Services gt Web Filters gt Filter List menu e Allow The call is allowed and not logged 19 5 3 Black White List The menu Local Services gt Web Filter gt Black White List contains a list of URLs and IP addresses that can be downloaded even if they were blocked as a result of the filter con figuration and classification in the Proventia Web Filter no entries are contained in the de fault configuration 19 5 3 1 Add Use the Add button to add further URLs or IP addresses to the list bintec R1200 Language English Standard Online Help Global Settings Filter List Black White List History URL JIP Address Blacklisted Whitelisted o f C Add CK Cancel DHCP Server E Web Filter CAPI Server Scheduling Surveillance E ISDH Theft Protection e E Funkwerk Discovery UPn
197. Select the protocol for the ATM connection Possible values e Ethernet over ATM default value Ethernet over ATM EthoA is used for the ATM connection Permanent Virtual Circuit PVC e Routed Protocols over ATM Routed Protocols over ATM RPoA is used for the ATM connection Permanent Vir tual Circuit PVC R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 15 WAN Field Description e PPP over ATM PPP over ATM PPPoA is used for the ATM connection Permanent Virtual Circuit PVC Virtual Path Identifier Only for Provider User defined VPI Enter the VPI value of the ATM connection The VPI is the iden tification number of the virtual path to be used Note your pro vider s instructions Possible values are 0 to 255 The default value is 8 Virtual Channel Identifier Only for Provider User defined VCI Enter the VCI value of the ATM connection The VCI is the iden tification number of the virtual channel A virtual channel is the logical connection for the transport of ATM cells between two or more points Note your provider s instructions Possible values are 32 to 65535 The default value is 32 Encapsulation Only for Provider User defined Select the encapsulation to be used Note your provider s in structions Possible values in accordance with RFC 2684 e LLC Bridged no FCS default value for Ethernet over ATM Only shown for Type Ethernet over ATM B
198. TE y Ss 7 ren PO bintec R1200 A Language English View Standard Online Help Logout H Save configuration _ WLAN1 vSS WDS Client Links Automatic Refresh Interval 300 Seconds Apply _ J fi L System Mana prmsica Anteriores m PAPAS ADS Description Remote MAC Up Time Tx Packets Rx Packets Signal dBm RSSM RSSI2 RSSIS Noise dm Data Rate mbps Wireless LAN wast 0 00 00 00 00 00 00 0d0h2m7s 0 0 0 0 0 0 i To 0 ee e Tx Packets Rx Packets ACTION jo 0 ed ae a i ie ls 0 o A 2 a o pe f o 1 0 0 ME on T g a 1 AI io o A ss 0 o Internal Log 2 0 o res A i o o IsptiModem t iraina TEAT 0 0 WLAN _ HotSpot Gateway Back d Qos Fig 206 Monitoring gt WLAN gt WDS gt Values in the list WDS Field Description WDS Description Shows the name of the WDS link R1xxx R3xxx R4xxx Field Description Remote MAC Shows the MAC Address of the WDS link partner Up Time Shows the time in hours minutes and seconds for which the WDS link is active Tx Packets Shows the total number of packets sent Rx Packets Shows the total number of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate mbps Shows the current transmission rate of data received on this WDS link in mbps Rate Shows separately for each of the stated data rates the values for Tx Packets and
199. Tame Bk alee Bhp A 466 UPARA e me E Ge A ae Se A Die I a tea 467 INteMaACES mom Se AA Se Ae ele eS Fie Aad ae ola 467 Global Settings lt a lr e O ewe eh e s 468 Hotspot Gateway 2 o 470 Hotspot Gateway 2 eo 471 BRRP A a an AR A an Oe 476 Virtual Routers s co a eee e a E 478 VR Synchronisation 2 e 483 OPONE a as a at 485 Maintenance o e a 487 DIAgnNostiCS ii a tM eet eee amp te hey 487 PING TeSt ooo dk Spe tarbod hd eth cd A ead 487 DNS TESE 5 4 4 en le tg oh ee Be bce ds del 488 Traceroute Test i coto oca orara dogon dohad A 488 Software Configuration ooa a a a a 489 Options 4 2 m ET Be WO A BAL ES 489 Reboot oie tae a ee A ea oe BUG eho A ae A 494 System Reboot 2 o o 494 External Reporting 2 495 21 1 21 1 1 21 2 21 2 1 21 2 2 21 3 21 3 1 21 3 2 21 4 21 4 1 21 4 2 21 5 21 5 1 Chapter 22 22 1 22 1 1 22 2 22 2 1 22 2 2 22 3 22 3 1 22 3 2 22 4 22 4 1 22 5 22 5 1 22 5 2 22 5 3 SSI ta oh ere By a en acta r ged 495 SYSIOGISEIVE S semis ae sn vale der ee te Bahay jan hd Bae aoa notte She pe te ete 495 IP ACCOUNTIAG nb to a Bh ec ie to o eh ew OR 498 Interfaces 22 2 4 bah ee Sy A ys Ba a 498 Options 24 AU and ohn de rd de he arc a Ui 499 E mail Alert do bose fe he es ot ee te te de Jee eb at eel we 500 E mail AlertServer 2 2 2 eo
200. The function is disabled by default Control Mode Only if Real Time Jitter Control Enabled Select the mode for optimising voice transmission Possible values e All RTP Streams All RTP streams are optimised The function activates the RTP stream detection mechanism for the automatic detection of RTP streams In this mode the Real Time Jitter Control is activated as soon as an RTP stream has been detected e Inactive Voice data transmission is not optimised e Controlled RTP Streams only default value This mode is used if either the VoIP Application Layer Gateway ALG or the VoIP Media Gateway MGW is active Real Funkwerk Enterprise Communications GmbH 14 Routing Field Description Time Jitter Control is activated by the control instances ALG or MGW e Always Real Time Jitter Control is always active even if no real time data is routed Queues Policies Configure the desired QoS queues For each class created from the class plan which is associated with the selected interface a queue is generated automatically and displayed here only for outgoing classified data traffic and for data traffic classified in both directions Add a new entry with Add The Edit Queues Policies menu opens The Edit Queues Policies menu consists of the following fields Fields in the Edit queues policies menu Field Description Description Enter the name of the queue policy Shows the interface for which the QoS queues are
201. The function is enabled by default Local IP Address Only if IP Address Mode Static Enter the static IP address of the connection partner Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner 15 WAN Funkwerk Enterprise Communications GmbH Field Description Add a new entry with Add e Remote IP Address P address of the destination host or network e Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The de fault value is 60 Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Authentication Select the authentication protocol for this connection partner Select the authentication specified by your provider Possible values e PAP default value Only run PAP PPP Password Authentica tion Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic
202. The mechanism can also be switched on off independently of the data packet length by selecting the value Always onor Always off default value Short Retry Limit Enter the maximum number of attempts to send a frame of length less than or equal to the value defined in RTS 13 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description After this many failed attempts the packet is discarded Possible values are 1 to 255 The default value is 7 Long Retry Limit Enter the maximum number of attempts to send a data packet of length less than or equal to the value defined in RTS Threshold After this many failed attempts the packet is dis carded Possible values are 1 to 255 The default value is 4 Fragmentation Enter the maximum size as of which the data packets are to be Threshold fragmented i e split into smaller units A low value is recom mended for this field in areas with poor reception and in the event of radio interference Possible values are 256 to 2346 The default value is 2346 bytes ED Threshold Define the Energy Detection threshold for CCA Clear Channel Assessment Possible values are 2147483648 to 2147483647 The default value is 0 CW Min Define the maximum size of the contention window Possible values are 1 to 65535 The default value is 15 CW Max Define the minimum size of the contention window Possible values are 1 to 65535 The default value is 1023 Max Receive L
203. Ven Senses System Reboot Do you really want to reboot the system now OK Software Configuration Fig 185 Maintenance gt Reboot gt System Reboot If you want to restart your device click on the OK button The device will reboot R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 21 External Reporting Chapter 21 External Reporting In this system menu you define what system protocol messages are saved on which com puters and whether the system administrator should receive an e mail for certain events Information on IP data traffic can also be saved depending on the individual interfaces In addition SNMP traps can be sent to specific hosts in case of error Moreover you can pre pare your device for monitoring with the activity monitor 21 1 Syslog Events in various subsystems of your device e g PPP are logged in the form of syslog messages system logging messages The number of messages visible depends on the level set eight levels from Emergency and Information to Debug In addition to the data logged internally on your device all information can and should also be passed to one or more external PCs for storage and processing e g to the system ad ministrator s PC The syslog messages saved internally on your device are lost when you reboot Warning Make sure you only pass syslog messages to a safe computer Check the data regu larly and ensure that there
204. a tion Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol PAP CHAP MS CHAP Primarily run CHAP on denial then the authentication protocol required by the connection partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only Field Description e None Some providers use no authentication In this case se lect this option DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default LCP Alive Check Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of line faults The function is activated with Enabled The function is disabled by default 15 1 2 PPTP In the WAN gt Internet Dialup gt PPTP menu a list of all PPTP inter
205. ace Mode Bridge Groups gt Interfaces menu con sists of the following fields Fields in the Interfaces menu Field Description Shows the serial number of the interface Interface Description Displays the name of the interface Select whether you want to run the interface in Routing Mode Mode Bridge Group or whether you want to assign the interface to an existing bro br1 etc or new bridge group New Bridge Group If you select New Bridge Group a new bridge group is created automatically when you click OK Configuration Interface Select the interface via which the configuration is to be carried out Possible values e Select one default value Ex works setting The right con figuration interface must be selected from the other options e Ignore No interface is defined as configuration interface e lt Interface name gt Select the interface to be used for con figuration If this interface is in a bridge group it is assigned R1xxx R3xxx R4xxx Field Description the group s IP address when it is taken out of the group 10 3 1 1 lt stax x gt Edit Click the pl icon to edit additional settings for WLAN clients in bridge mode so called MAC bridge Ea Ri Interfaces Layer 2 5 Options Interface sta1 0 last m Wildcard Mode oK Cancel Fig 46 System Management gt Global Settings gt Interface Mode Bridge Groups gt Edit You c
206. aces are not allowed SIP Endpoint IP Address Only if Trunk Mode Server and Registration Disabled Enter the IP address or domain name FQDN of the SIP proxy server Outbound Proxy Only if Trunk Mode Off Client or gw trunk Enter the name or IP address of the SIP outbound proxy server A maximum of 32 characters can be entered 18 VoIP Funkwerk Enterprise Communications GmbH Field Description Here you must make an entry only if for all SIP sessions the communication is not to be direct but via a further proxy In SIP client mode Enter a name or IP address only if this is ex plicitly specified by the provider Realm Enter a new domain name or a new IP address for the SIP proxy server If you do not make an entry the entry in the Registrar field is used In SIP client mode Enter a name or IP address only if this is ex plicitly specified by the provider Protocol Select the protocol to be used for data transport Possible values UDP default value or TCP Enter the Port via which the data is to be transported The default value is 5060 In SIP client mode The ports can be provider specific User Name In SIP client mode Enter the username for authentication if your VoIP provider has assigned one for you In SIP server mode You must define the user name A maximum of 40 characters can be entered Authentication ID Enter a name that is to be used for authentication with the out bound proxy If you
207. active Interfaces A Multicast OK C Cancel Fig 89 Routing gt RIP gt RIP Filters gt New The Routing gt RIP gt RIP Filter gt New menu consists of the following fields Fields in the RIP Filter Basic Parameters menu Field Description Interface Select the interface to which the rule to be configured applies IP Address Netmask Enter the IP address and netmask to which the rule is to be ap plied This address can be in the LAN or WAN The rules for incoming and outgoing RIP packets import or ex port for the same IP address must be separately configured You can enter individual host addresses or network addresses Direction Select whether the filter applies to the export or import of routes Possible values e Import default value R1xxx R3xxx R4xxx Field Description MES PONE Metric Offset for Active Select the value to be added to the route metric if the status of Interfaces the interface is up During export the value is added to the ex ported metric if the interface status is up Possible values are 16 to 16 The default value is 0 Metric Offset for Inactive Select the value to be added to the route metric if the status of Interfaces the interface is dormant During export the value is added to the exported metric if the interface status is dormant Possible values are 16 to 16 The default value is 0 14 3 3 RIP Options Language English
208. ails are sent to the administrator as soon as relevant syslog messages occur In this menu you configure whether the device is to listen for external SNMP accesses and send SNMP traps In this menu you configure the surveillance of your device with 8 Access and configuration Funkwerk Enterprise Communications GmbH the Windows Tool Activity Monitor component of BRICKware for Windows Monitoring Internal Log In this menu the system messages are displayed IPSec In this menu the IPSec connections and connection statistics that are currently active are displayed ISDN Modem In this menu the ISDN connections are displayed Interfaces In this menu connection statistics and status of all interfaces are displayed WLAN This menu shows you the WLAN connections statistics Bridges In this menu you can view the current values of the configured bridges Hotspot Gateway This menu shows a list of all bintec Hotspot users QoS In this menu statistics are displayed for all interfaces for which QoS has been configured SNMP Browser If you select the SNMP Browser under View in the header you will see an HTML view of all internal system MIB tables and can modify the saved values This view is only provided for professional configuration and extended monitoring SNMP Simple Network Management Protocol is a protocol that allows access for config uring your device All configuration parameters are stored in the MIB Management Inform
209. al interface is activated and deactivated by assigning it to a virtual router over the Funkwerk Enterprise Communications GmbH 19 Local Services BRRP router redundancy protocol The configuration is performed in the Local Services gt BRRP gt Virtual Routers gt New gt BRRP Interface menu In this step you configure the IP address settings and assign the interface to a virtual router The properties of the virtual router e g the priority are also defined here Cz Note The system automatically assigns the MAC Address of the virtual interface according to the following model 00 00 5E 00 01 lt ID of the virtual router gt The ID of the virtual router therefore determines the MAC Address of the interface which is used to trans mit the usage data The configuration of the virtual interface MAC Address IP address and the configura tion of the virtual router priority sending interval for advertisement master down trials must be identical on all routers with the same virtual router ID within the logical group You must use different IP addresses for the advertisement interface and for the virtual interface All virtual interfaces on a physical router should normally have the same priority e Configuration of the synchronisation between the virtual router and configuration of the events which result in a switching of the operating status of the virtual router Controlling the operating status of a virtual router imp
210. all policy The option is deactivated by default 17 1 3 Options In this menu you can disable or enable the firewall and can log its activities In addition you can define after how many seconds of inactivity a session shall be ended e bintec poe Save configuration Filter Rules Qos Options PhysicalimertaceS aba feat tone ES E TAN CC Firewall Status Y Enabled WirelessLAN v Logged Actions All v Ls OMS Session Timer Mia a UDP Inactivity 180 Seconds TCP Inactivity 3600 Seconds Policies PPTP Inactivity 86400 Seconds Interfaces Addresses Other Inactivity o Seconds _ Services ps A oK C cancel Fig 132 Firewall gt Policies gt Options The Firewall gt Policies gt Options menu consists of the following fields Fields in the Options Global Firewall Options menu Field Description Firewall Status Enable or disable the firewall function The function is activated with Enabled The function is enabled by default R1xxx R3xxx R4xxx Field Description Logged Actions Select the firewall syslog level The messages are output together with messages from other subsystems Possible values e All default value All firewall activities are displayed e Deny Only reject and deny events are shown see Action e Accept Only accept events are shown e None Syslog messages are not generated Fields in the Options Session Timer menu Fie
211. ally Possible values e Get IP Address default value Your device is automatic ally assigned a temporarily valid IP address from the provider e Static You enter a static IP address Default Route Select whether the route to this connection partner is to be defined as the default route 15 WAN Funkwerk Enterprise Communications GmbH Field Description The function is activated with Enabled The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is activated with Enabled The function is enabled by default Local IP Address Only for IP Address Mode Static Assign an IP address from your LAN to the PPT interface which is to be used as your device s internal source address Route Entries Only if IP Address Mode Static Define other routing entries for this PPTP partner Add a new entry with Add e Remote IP Address IP address of the destination host or destination network Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attemp
212. alue cannot be changed Timeout Enter time in seconds for which the NAS is to wait for a re sponse from TACACS If a response is not received during the wait time the next con figured TACACS server is queried only if Policy Non authoritative and the current server is set to status Blocked The possible values are 1 to 60 the default value is 3 Block Time Enter the time in seconds for which the current server is to re main in blocked status Field Description At the end of the block time the server is set to the status spe cified in the Administrative Status field The possible values are 0 to 3600 the default value is 60 The value 0 means that the server is never set to Blocked status and thus no other servers are queried Encryption Select whether data exchange between the TACACS server and the NAS is to be encrypted with MD5 The function is activated by choosing Enabled The function is enabled by default If the function is not enabled the packets and all related inform ation are transferred unencrypted Unencrypted transfer is not recommended as a default setting and should only be used for debugging 10 5 3 Options This setting possible here causes your device to carry out authentication negotiation for in coming calls if it cannot identify the calling party number e g because the remote terminal does not signal the calling party number If the data password partner PPP ID obtained by execut
213. alup gt AUX gt New menu consists of the following fields Fields in the AUX Basic Parameters menu R1xxx R3xxx R4xxx 15 WAN Funkwerk Enterprise Communications GmbH Field Description Description Enter a name for uniquely identifying the WAN partner The first character in this field must not be a number and no special characters or umlauts must be used User Name Enter the user name Password Enter the password Always on Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Only if Always up is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 600 Fields in the AUX IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Get IP Address default value Your device is dynamic ally assigned an IP address e Static You enter a static IP address e Provide IP Address Your device dynamically assigns an IP address to the remote terminal De
214. ame has to use for identification purposes to gain access to the CAPI service Access Select whether access to the CAPI service is to be permitted or denied for the user The function is activated by choosing Enabled The function is enabled by default 19 6 2 Options bintec R1200 Language English v Online Help Basic Parameters 7 Enable server enabled CAPI Server TCP Port 262 OK C Cancel DynDNS Client DHCP Server Web Filter CAPI Server Scheduling Surveillance ISDH Theft Protection E Funkwerk Discovery UPRP HotSpot Gateway BRRP Fig 163 Local Services gt CAPI Server gt Options The Local Services gt CAPI Server gt Options menu consists of the following fields Fields in the Options Basic Parameters menu R1xxx R3xxx R4xxx Field Description Enable server Select whether your device is to be enabled as a CAPI server The function is activated by choosing Enabled The function is enabled by default Faxheader Select whether the fax header should be printed at the top of outgoing faxes The function is activated by choosing Enabled The function is disabled by default CAPI Server TCP Port The field can only be edited if Server Enable is enabled Enter the TCP port number for remote CAPI connections The default value is 2662 19 7 Scheduling Your device has a event scheduler which enables certain standard actions activa
215. amount of configuration work in your network To do this you set up a pool of IP addresses from which your device assigns IP addresses to hosts in the LAN for a defined period of time A DHCP server also transfers the addresses of the domain name server entered statically or by PPP negotiation DNS NetBIOS name server WINS and default gateway 19 4 1 DHCP Pool To activate your device as a DHCP server you must first define IP address pools from which the IP addresses are distributed to the requesting clients In the Local Services gt DHCP Server gt DHCP Pool menu a list of all configured IP ad dress pools is shown In the list for each entry you have the possibility under Pool of enabling or disabling the configured DHCP pools 19 4 1 1 New Choose the New button to set up new IP address pools Choose the o icon to edit exist ing entries View Standard Online Help Logout Basic Parameters lt Interface Select one IP Address Range Pool Usage Local x Advanced Settings Gateway Use router as gateway Lease Time 120 Minutes DHCP Options OK Cancel CAPI Server Scheduling Surveillance __ ISDH Theft Protection R Funkwerk Discovery E UPnP E HotSpot Gateway Porra Fig 155 Local Services gt DHCP Server gt DHCP Pool gt New The Local Services gt DHCP Server gt DHCP Pool gt New menu consist
216. an extension number The network address of the ISDN interface e g 4711 A router that does not have network connections but provides the same functions between PC ISDN and the Internet ISDN Basic Rate Interface This performance feature requires the installation of the T ISDN Speedmanager If you are surfing the Internet and use two B chan nels for downloading you cannot be reached by telephone from out side As a further call is signalled over the D channel your PBX can depending on the setting specifically shut down a B channel so that you can take the call Alternative name for the So bus ISDN Primary Rate Interface International Standardization Organization Internet Service Provider International Telecommunication Union Stored keys can be viewed by the government The US government in particular requires key storages to prevent crimes being covered up through data encryption Local Area Network R1xxx R3xxx R4xxx LAPB Last access Layer 1 LCD LCP LDAP Lease Time Leased Line LLC Local exchange Loudspeaker MAC Address Man in the Middle Attack MD5 MFC MIB Microphone mute Link Access Procedure Balanced The last access by T Service is stored and displayed in the configur ation Layer 1 of the ISO OSI Model the bit transfer layer Liquid Crystal Display a screen in which special liquid crystal is used to display information Link Control Protocol Lightweight Direc
217. an realise bridging for devices behind access clients with the MAC Bridge function In wildcard mode you cannot define how Unicast non IP frames or non ARP frames are pro cessed To use the MAC bridge function you must carry out configuration steps in several menus 1 Select the Funkwerk Configuration Interface menu Wireless LAN gt WLANx gt Radio Settings 2 Set Operation Mode to Access Client and save the settings with OK 3 Select the menu options System Management gt Interface Mode Bridge Groups gt Interfaces The additional interface sta1 0 is displayed 4 For interface sta1 0 select Mode Bridge Group bro and Configuration Interface en1 0 and save the settings with OK 5 Click the Save Configuration button to save all of the configuration settings You can use the MAC Bridge R1xxx R3xxx R4xxx 10 System Management Funkwerk Enterprise Communications GmbH The System Management gt Interface Mode Bridge Groups gt Edit menu consists of the following fields Fields in the lt stax x gt Layer 2 5 Option menu Field VENTO Interface Shows the interface that is being edited Wildcard Mode Select the Wildcard mode you want to use on the interface Possible values e None default value Wildcard mode is not used e Static With this setting you must enter the MAC Address of a device that is connected over IP under Wildcard MAC Address Each packet without IP and without ARP is forwa
218. ance In this menu you can configure an automatic availability check for hosts or interfaces and automatic ping tests 3 Note This function cannot be configured on your device for connections that are authentic ated via a RADIUS server 19 8 1 Hosts In the Local Services gt Surveillance gt Hosts menu a list of all monitored hosts is shown 19 8 1 1 Edit New Choose the g icon to edit existing entries Choose the New button to set up new surveil lance tasks servers R1xxx R3xxx R4xxx A a 7 ne Va bintec R1200 ES Language English g Save configuration 2 Hosts Interfaces Ping Generator PlysicalImerfaces m Host Parameters Ts roro iNew ID IE tox Rowing Ts Monitored ir address 0 000 n m ae Source IP Address Automatic ee a ut ee Tras E acetato Interface Interface Action bus y n Selectone Disable artes Controlled Interfaces le DynDNS Client C Add DHCP Server Mob Fater OK Cancel CAPI Server e Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP HotSpot Gateway BRRP Fig 166 Local Services gt Surveillance gt Hosts gt New The Local Services gt Surveillance gt Hosts gt New menu consists of the following fields Fields in the Hosts Host Parameters menu Field Description Group ID Select an ID for the group of hosts whose availability is to be monitored by your devi
219. aneous signalling All assigned terminals are called simultan eously If a telephone is busy call waiting can be used This connection can only be used for an ISDN telephone only T Concept PX722 system telephones with a simplex function If you call an ISDN telephone with a simplex function this automatically activates the Loudspeaker function so that a conversation can take place immediately Please see the information on the telephone user s guide on the simplex operation function Glossary SIP SMS SMS receipt SMS server tele phone numbers SNMP SNMP shell So bus So connection So interface Funkwerk Enterprise Communications GmbH Session Initiation Protocol Short Message Service If you have connected an SMS enabled terminal you can decide whether SMS receipt is to be permitted for the connection The ex works setting is no SMS receipt To receive an SMS with your SMS enabled terminal you must register once with the T Com SMS Ser vice One time registration is free You simply send an SMS contain ing ANMELD to the destination call number 8888 You then receive a free of charge confirmation of registration from the T Com SMS Service You can deregister your device or telephone number by sending an SMS containing ABMELD to the destination number 8888 Incoming SMS are then read out Information on which tele phones are SMS enabled can be obtained from T Punkt our cus tomer hotline 0800 330 1000 or on the Int
220. anguage English View Standard x Online Help Logout Pfunkwerk Aa ra Save configuration a Radio Settings Virtual Service Sets Plseaertaces 0 Secos TAN Network Name 881D Funkwerk 8c visible Intra cell Repeating V Enabled WAN b aain A Administration ARP Processing Enabled wun enabled A acens fe A caw Been Mes mas E A ioe EASE ee ACL Mode Enabled External Reporting NAC pers Allowed Addresses m Monitori 7 z Add i 3 OK JC Cancel Fig 76 Wireless LAN gt WLAN gt Virtual Service Sets gt p New The Wireless LAN gt WLAN gt Virtual Service Sets gt B gt New menu consists of the following fields Fields in the Virtual Service Sets Service Set Parameters menu Field Description Network Name SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Also select whether the Network Name SSID is to be trans mitted The network name is shown by choosing Visible It is visible by default Intra cell Repeating Select whether communication between the WLAN clients is to be permitted within a radio cell The function is activated by choosing Enabled The function is enabled by default ARP Processing Select whether the ARP processing function should be enabled The ARP data traffic is reduced in the network by the fact that ARP broadcast
221. another the icon appears in the Connected column The 3 icon appears in the Connected column if the connection is active The Wireless LAN gt WLAN gt Client Link gt Scan menu consists of the following fields Fields in the Client Link Scan menu Field Description Client Link Description Displays the name of the client link you configured Action Start the scan by clicking on Scan If the antennas are installed correctly on both sides and LOS is free the client finds available clients and displays them in the following list If the partner client cannot be found check the line of sight and the antenna installation Then carry out the Scan again The partner should then be found AP MAC Address Shows the MAC Address of the remote client Network Name SSID Displays the name of the remote client Channel Shows the Channel used Mode Shows the security mode encryption and authentication for the wireless network R1xxx R3xxx R4xxx Field Description Signal Displays the signal strength of the detected client link in dBm Connected Displays the status of the link on your client Action You can change the status of the client link The available ac tions are displayed in this field 13 2 Administration The Wireless LAN gt Administration menu contains basic settings for running your gate way as an access point AP 13 2 1 Basic Setup erer MG r View Standard Y Online Help Logout fil c
222. answered via the particular interface from the local network The function is activated with Enabled The function is disabled by default Interface is UPnP con Determine whether the NAT Configuration of this interface is trolled controlled by UPnP The function is activated with Enabled The function is enabled by default 19 11 2 Global Settings In this menu you make the basic UPnP settings R1xxx R3xxx R4xxx Sa EE Interfaces Global Settings Basic Parameters UPnP Status Enabled OK C cancel HTTPS DynDNS Client DHCP Server Web Filter CAPI Server Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP HotSpot Gateway BRRP Fig 174 Local Services gt UPnP gt Global Settings The menu Local Services gt UPnP gt Global Settings consists of the following fields Fields in the menu Global Settings Field Description UPnP Status Decide how the gateway processes UPnP requests from the LAN The function is activated with Enabled The gateway proceeds with UPnP releases in accordance with the parameters con tained in the request from the LAN UPnP client independently of the IP address of the requesting LAN UPnP client The function is disabled by default The gateway rejects UPnP requests NAT releases are not made UPnP TCP Port Enter the number of the port on which the gateway listens for UPnP requests The possible
223. arameters for all virtual routers identically on all devices in the group We recommend leaving the preset values The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Advertisement send in Determine how often a BRRP advertisement packet is sent if terval the virtual router is defined as master Only the current master sends via multicast BRRP advertisements which also contain 19 Local Services Funkwerk Enterprise Communications GmbH Field Description the ID and the priority of the master Possible values are whole numbers between 1 and 255 The value is indicated in seconds and the default value is 1 An advertisement timer based on the sending interval for ad vertisements runs in the router and an advertisement packet is sent when the timer expires Master down trials Define the number of BRRP advertisements that must fail be fore the backup router with the lowest priority assumes that the master is inactive and takes over the role of master A master down timer based on the Master down trials runs in the router when this timer expires the backup assumes that the master is not reachable if no advertisement has been received The effective master down interval is the time calculated from the number of expected but omitted BRRP advertisements the advertisement interval and the skew time which adds a minim um period depending on the priority The higher the pr
224. arameters if you used X 75 in layer 2 Possible values SRDCE O JDE 11 3 2 MSN Configuration In this menu you can assign the available ISDN numbers to the required services e g PPP routing ISDN login If you use the ISDN interface for outgoing and incoming dialup connections your own num bers for this interface can be entered in this menu these settings are not possible for leased lines Your device distributes the incoming calls to the internal services according to the settings in this menu Your own number is included as the calling party number for outgoing calls The device supports the following services PPP routing The PPP routing service is your device s general routing service This enables ISDN remote terminals to establish data connections with your LAN among oth er things This enables partners outside your own local network to access hosts within your LAN It is also possible to establish outgoing data connections to ISDN remote ter minals ISDN Login The ISDN login service enables both incoming data connections with access to the SNMP shell of your device and outgoing data connections to other bintec devices As a result your device can be remotely configured and administrated IPSec bintec devices support the DynDNS service to enable hosts without fixed IP ad dresses to obtain a secure connection over the Internet With the IPSec Callback function and using a direct ISDN call to an IPSec peer wi
225. ard from a defined Source Interface to a defined Destination Interface R1xxx R3xxx R4xxx Field Description Source Interface Select the interface on your device to which the selected multic ast group is sent Destination Interface Select the interface on your device to which the selected multic ast group is to be forwarded 14 5 2 IGMP IGMP Internet Group Management Protocol see RFC 3376 is used to signal the informa tion about group membership in a subnet As a result only the packets explicitly wanted by a host enter the subnet Special mechanisms ensure that the requirements of the individual clients are taken into consideration At the moment there are three versions of IGMP V1 V3 most current sys tems use V3 and less often V2 Two packet types play a central role in IGMP queries and reports Queries are only transmitted from a router If several IGMP routers exist in a network the router with the lowest IP address is the querier We differentiate here between a general query sent to 224 0 0 1 a group specific query Sent to a group address and the group and source specific query sent to a specific group address Reports are only sent by hosts to respond to queries In this menu you configure the interfaces on which IGMP is to be enabled 14 5 2 1 New Choose the New button to configure IGMP on other interfaces R1xxx R3xxx R4xxx as ts Language English View Stand
226. ard w Online Help fi Forw arding IGMP Options IGMP Settings Interface None Nel Query Interval Seconds Maximum Response Time Seconds Robustness Last Member Query Interval Seconds j IGMP State Limit Messages per Second Mode O Host only Host and Routing Advanced Settings IGMP Proxy Enabled y Proxy Interface Selectone Y OK J Cancel Fig 93 Routing gt Multicast gt IGMP gt p New The Routing gt Multicast gt IGMP gt p New menu consists of the following fields Fields in the IGMP IGMP Settings menu Field Description Interface Select the interface on which IGMP is to be enabled i e queries are sent and responses are accepted Query Interval Enter the interval in seconds in which IGMP queries are to be sent Possible values are 0 to 600 The default value is 125 Maximum Response For the sending of queries enter the time interval in seconds Time within which hosts must respond The hosts randomly select a time delay from this interval before sending the response This spreads the load in networks with several hosts improving per formance Possible values are 0 to 100 The default value is 100 Robustness Select the multiplier for controlling the timer values A higher R1xxx R3xxx R4xxx Field Description value can e g compensate for packet loss in a network suscept ible to loss I
227. ardware clock with buffer battery RTC Receiver volume Function for controlling the volume in the telephone receiver Reconnection on the For a point to multipoint connection enables the terminal connec bus parking tion to be reconnected to another ISDN socket during the telephone call Recording telephone Performance feature of an answering machine Enables a conversa calls tion to be recorded during the telephone call Remote Remote as opposed to local Remote access Opposite to local access see Remote Remote CAPI bintec s own interface for CAPI Remote diagnosis re Some terminals and PBXs are supported and maintained by T mote maintenance Service support offices over the telephone line which often means a service engineer does not have to visit the site Remote query Answering machine function Involves listening to messages re motely usually in connection with other options such as deleting messages or changing recorded messages Repeater A device that transmits electrical signals from one cable connection to another without making routing decisions or carrying out packet filtering See Bridge and Router Reset Resetting the device enables you to return your system to a pre defined initial state This may be necessary if you have made incor rect configuration settings or the device is to be reprogrammed RFC Specifications proposals ideas and guidelines relating to the Inter net are published in the form of RFCs
228. as the enrolment is completed and the certificate has been downloaded from the CA server it is automatically saved in the device configuration The function is activated with Enabled The function is enabled by default 10 6 1 3 Import Choose the Import button to import certificates R1xxx R38xxx R4xxx Import r If Tr External Filename Browse ee ee Local Certificate Description Administrative Access aap Remote Authentication File Encoding Auo y _ Certificates Bi E 7 A Zi OK yl Cancel Fig 56 System Management gt Certificates gt Certificate List gt Import The System Management gt Certificates gt Certificate List gt Import menu consists of the following fields Fields in the Certificate List Import menu Field Description External Filename Enter the file path and name of the certificate to be imported or use Browse to select it from the file browser Local Certificate De Enter a unique description for the certificate scription File Encoding Select the type of coding so that your device can decode the certificate Possible values e Auto default value Activates automatic code recognition If downloading the certificate in auto mode fails try with a cer tain type of encoding e Base64 e Binary Password You may need a password to obtain certificates for your keys R1xxx R3xxx R4xxx Field Desc
229. at could not Displays the number of MSDUs that could not be sent be transmitted Frame transmissions Displays the number of sent frames which which an acknow without ACK received ledgement frame was not received Duplicate received MS Displays the number of MSDUs received in duplicate DUs CTS frames received in Displays the number of received CTS clear to send frames response to an RTS that were received as a response to RTS request to send Received MPDUs that Displays the number of received MSDUs that could not be en couldn t be decrypted crypted One reason for this could be that a suitable key was not entered RTS frames with no CTS Displays the number of RTS frames for which no CTS was re received ceived Corrupt Frames Re Displays the number of frames received incompletely or with er ceived rors 22 5 2 VSS In the Monitoring gt WLAN gt VSS menu the current values and activities of the con figured wireless networks are shown R1xxx R3xxx R4xxx save WLANI VSS wps Client Links intec R1200 e AutomaticRefreshinterval 300 Seconds Apply Client Node Table MAC Address IP Address Up Time Tx Packets Rx Packets Funkwerk ec sst 0 E 2 zs 5 00 00 70 67 5513 0 0 0 0 0 Day s 0 0 17 3 2 44 0 0 0 92 12 Signal dBm RSSH RSSI2 RSSI3 Noise dBm Data Rate mbps Fig 203 Monitoring gt WLAN gt VSS Values in the list VSS Field Descri
230. at you have used when connecting your gateway The configuration interface only shows the interfaces that are available on your device In the System Management gt Status menu you can see a list of all physical interfaces and information on whether the interfaces are connected or active and whether they have already been configured 11 1 AUX You require a special cable for the console port of your gateway e g AUX Backup cable to connect an external analogue modem to the AUX port on a bintec gateway 11 1 1 AUX With an analogue GSM interface the gateway also supports connections for analogue and GSM modems e g as backup In principle you can use any Hayes or GSM07 07 compatible modem with a serial interface for this purpose The following mo dems have been tested successfully for bintec e US Robotics Sportster Flash analogue modem e US Robotics 56K Fax Modem analogue modem e Siemens TC35i GSM modem 9 pol Sub D male Ethernet RJ45 pl 4 RxD plug 8 TXD DSR GND DTR CTS RTS Router Modem Y 0 00AgNnN Fig 59 PIN assignment modem cable R1xxx R3xxx R4xxx eles f bint R200 tau ri Ven Sees onneen ta A AUX Basic Settings AUX Port Status Menablea ISDN Ports Line Speed a600bps p E L n Incoming Service Type i O Disabled O ISDN Login PPP Diatin A SIM Card Uses PIN E y Modem Escape Character Modena queres APN Access Point Na
231. ately by the PBX Special modem for data transmission using DSL access technology A DSL splitter is a device that splits the data or frequencies of vari ous applications that run via a subscriber line or distribution point and provides this via separate connections Euro ISDN contains service indicates with defined names Some of these have only historical meaning In general you should choose the Telephony service for real telephone calls If this selection does not work depends on network operator you can try speech audio 3k1Hz or telephony 3k1Hz The same applies for faxing Here too there is the collective term Fax plus a couple of more specific cases From a purely technical point of view the services are bits in a data word evaluated by means of a mask If you include several bits in the mask all these services are approved for activa tion while in the case of just one bit it is just the one selected ser Funkwerk Enterprise Communications GmbH Three party confer ence 10 Base 2 100Base T 10Base T 1TR6 3DES Triple DES 802 11a g 802 11 b g A subscriber a b interface AAA Access code Access list Access point Glossary vice A three way telephone call Performance feature in T Net T ISDN and your PBX Thin Ethernet connection Network connection for 10 mbps net works with BNC connector T connectors are used for the connec tion of equipment with BNC sockets Twis
232. ation e Both OAM CC requests are sent and answered after CC ne gotiation CC activation negotiation No negotiation Depending on the setting in the Direction field OAM CC requests are either sent and or responded to There is no CC negotiation None The function is disabled Also select whether the test cells of the OAM CC are to be sent or received Possible settings e Both default value CC data is both received and generated e Sink CC data is received e Source CC data is generated 15 3 Leased Line A leased line is a permanent fixed connection between two communication partners via a telecommunications network Unlike a switched line the entire transmission channels is al ways available The leased line cannot be set up by the subscriber by dialling and therefore has no call number The connection must be set up by the network operator 15 3 1 Interfaces In the WAN gt Leased Line gt Interfaces menu a list of all automatically generated leased line connections is shown Automatic generation requires the corresponding ISDN interface to be configured Autogenerated from BRI ISDN S0 _ Ci LN OE E a Description F T Protocol Pot Status Action bundle20 Leased Line B1 B2 6482 PPP wzo O En J L A lc Autogenerated from PRI ISDN S2M Description Type Protocol Port __ Status Action pri2 4 0 __ Leased Line 1 Hyperchannel
233. ault value e For Frequency Band 5 GHz Indoor Possible values are 36 40 44 48 and Auto default value e For Operation Band 5 GHz In Outdoorand 5 GHz Outdoor Only the Auto option is possible here Access Client mode In Access Client mode you can only select the required channel in Client Mode Ad Hoc Possible values e For Frequency Band 2 4 GHz In Outdoor Possible values are 1 to 13 and Auto default value e For Frequency Band 5 GHz Indoor Possible values are 36 40 44 48 and Auto default value e For Operation Band 5 GHz In Outdoorand 5 GHz Outdoor Only the Auto option is possible here Antenna Diversity Select how many and which antennas are used to send and re ceive If the function is deactivated only the main antenna sends and receives If the function is activated two antennas receive and the better signal is evaluated The function is activated with Enabled The function is activated by default Transmit Power Select the maximum value for the radiated antenna power The actually radiated antenna power may be lower than the maxim um value set depending on the data rate transmitted The maximum value for Transmit Power is country dependent Funkwerk Enterprise Communications GmbH 13 Wireless LAN Field Description Possible values e Max default value The maximum antenna power is used e User Defined Enter the required maximum value in dBm in the input field e
234. ault value The name server addresses can be automatically overwritten e Static The name server addresses are not overwritten DNS Server Only for DNS Server Configuration Static R1xxx R3xxx R4xxx 19 Local Services Funkwerk Enterprise Communications GmbH Field Description Primary Enter the IP address of the first and if necessary second global DNS server Secondary WINS Server Enter the IP address of the first and if necessary alternative i global Windows Internet Name Server WINS or NetBIOS Primary Name Server NBNS Secondary The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Positive Cache Select whether the positive dynamic cache is to be activated e successfully resolved names and IP addresses are to be stored in the cache The function is activated by choosing Enabled The function is enabled by default Negative Cache Select whether the negative dynamic cache is to be activated i e whether queried names for which a DNS server has sent a negative response are stored as negative entries in the cache The function is activated by choosing Enabled The function is enabled by default Cache Size Enter the maximum total number of static and dynamic entries Once this value is reached the dynamic entry not requested for the longest period of time is deleted when a new entry is added If the Cache Size is reduced by the use
235. being con Outgoing Interface figured Priorisation queue Select the queue priority type Possible values e Class Based default value Queue for data classified as normal e High Priority Queue for data classified as high priority e Default Queue for data that has not been classified or data of a class for which no specific queue has been configured Class ID Only if Priority Queue Class based Select the QoS packet class to which this queue is to apply To do this at least one class ID must be given in the Routing gt QoS gt QoS Classification menu Priority Only if Priority Queue Class based 14 Routing Funkwerk Enterprise Communications GmbH Field Description Choose the priority of the queue Possible values are 1 to 254 The default value is 1 RTT Mode Realtime Active or deactivate the real time transmission of the data Traffic Mode The function is activated with Enabled The function is disabled by default RTT Mode should be activated for QoS classes in which real time data has priority This mode improves latency when for warding real time datagrams It is possible to configure multiple queues when RTT Mode is enabled Queues with enabled RTT mode must always have a higher priority than queues with disabled RTT Mode Traffic Shaping Activate or deactivate data rate Traffic Shaping limiting in the send direction The data rate limit applies to the selected queue This is
236. ber 340 can be shown externally as 09119673900 or a call from outside for the number 09119673200 can be routed internally to the number 340 In the VoIP gt Media Gateway gt Call Translation menu a list of all existing translations is shown 18 2 5 1 Edit New Choose the i icon to edit existing entries Select the New button to create entries for call translation R1xxx R3xxx R4xxx e ln Application Level Gateway Medi Fig 144 VolP gt Media Gateway gt Call Translation gt Edit New Language English i 4 Basic Parameters MEN fc Firewall oOo Local Address kao 9 a Etemal Address EE o o E oK Cancel _ The VolP gt Media Gateway gt Call Translation gt Edit New menu consists of the follow ing fields Fields in the Call Translation Basic Parameters menu Field Description Description Direction Associated Line Enter the name of the call translation Select the direction for the entry Possible values Both default value For incoming and outgoing calls bidirectional e Incoming For incoming calls e Outgoing For outgoing calls Select the ISDN line or SIP account via which the calls are to be routed Possible values e pri lt Interface Index gt Restricts the call to the selected PRI interface e bri lt Interface Index gt Restricts the call to the selected BRI interface e lt SIP Acc
237. bes the time during which a data packet is sent between the individual servers before it is dis carded Twofish was a possible candidate for the AES Advanced Encryp tion Standard It is regarded as just as secure as Rijndael AES but is slower Universal Asymmetric Digital Subscriber Line User Datagram Protocol Update to a software program PBX firmware An update is the up dated version of an existing software product and is indicated by a new version number Data transfer during online connections where files are transferred from the user s PC to another PC or to a data network server Universal Plug and Play Data transmission rate from the client to the ISP Universal Uniform Resource Locator Universal Serial Bus Electronic user guidance that takes the user through the required functions of a terminal such as a telephone answering machine or fax machine step by step menu guided operation This function is only possible for system telephones and ISDN tele phones ITU T recommendation for balanced dual current interface lines up to 10 mbps R1xxx R3xxx R4xxx R1xxx R3xxx R4xxx V 24 V 28 V 35 V 36 V 42bis V 90 Vanity VDSL VID VJHC VLAN VoIP VPN VSS WAN WAN interface WAN partner Web server Webmail CCITT and ITU T recommendation that defines the interface between a PC or terminal as Data Terminal Equipment DTE and a modem as Data Circuit terminating Equipment D
238. ble values e Passive default value OSPF is not activated for this inter face i e no OSPF protocol packets sent over this interface Field Description Networks reachable over this interface are however included when calculating the routing information and propagated over active interfaces e Active OSPF is not activated for this interface i e OSPF protocol packets sent over this interface e Inactive OSPF is disabled for this interface Proxy ARP Mode Select whether and how ARP requests are to be responded to for the specified connection partner Possible values e Inactive default value Deactivates Proxy ARP for this connection partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the connection partner is Up or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up un til someone actually wants to use the route e Up Only Your device responds to an ARP request only if the status of the connection to the connection partner is Up active i e a connection already exists to the connection partner Choose the g button to edit the configuration of the corresponding leased line for a PRI interface R1xxx R3xxx R4xxx P3 rues a bintec R4100 5 Language English Save configuration y Interfaces Pc ace x Bosc ns ANA escrito Rama a ei
239. by FEC Password Individually set by FEC C Note Also refer to the WLAN Hotspot Workshop that is available to download from www funkwerk ec com 19 12 1 Hotspot Gateway In the Hotspot Gateway menu you can configure the bintec gateway installed onsite for the bintec Hotspot Solution R1xxx R3xxx R4xxx In the Local Services gt Hotspot Gateway gt Hotspot Gateway menu a list of all con figured hotspot networks is shown ps Domain TT LAN_EN1 0 hotspot domain de a m Enabled new E cance mA E ISDH Theft Protection Fig 175 Local Services gt Hotspot Gateway gt Hotspot Gateway gt You can use the Enabled option to enable or disable the corresponding entry 19 12 1 1 Edit New In the Local Services gt Hotspot Gateway gt Hotspot Gateway gt pl menu you config ure the Hotspot networks Choose the New button to set up additional Hotspot networks R1xxx R3xxx R4xxx a nae gt r gt bintec RAZdO one ep Loa HotSpot Gateway Options Basic Parameters Interface LAN_EN1 0 Y Domain at the HotSpot Server a Walled Garden DEnabled Language for login window English 2 Adva need Settings Ticket Type Username Password Allowed HotSpot Client All DynDNS Client yy 7 DHCP Server OK C Cancel b Filter CAPI Server Scheduling Fig 176 Local Services gt
240. cally deleted from the table 18 1 2 1 Edit New Choose the New button to add static entries for SIP terminals in the LAN that are to be ac cessible by terminals from the WAN across the NAPT barrier Choose the Fay icon to edit existing static entries En Note Entries created dynamically for active sessions cannot be edited These entries can only be removed resulting in the immediate termination of the corresponding SIP con nection View Standard Online Help SIP Proxies SIP Endpoints Basic Parameters 1 Type of Endpoint O client O Server Protocol E UDP y i 4 Internal IP Address MA _ Remote Port 5 extemal Port i A i OK YC cancel Fig 139 VoIP gt Application Level Gateway gt SIP Endpoints gt Edit New The VoIP gt Application Level Gateway gt SIP Endpoints gt Edit New menu consists of the following fields Fields in the SIP Endpoints Basic Parameters menu Field Description Type of Endpoint Select the role for the SIP endpoint in the LAN Possible values e Client default value The internal SIP endpoint is a SIP cli ent e g telephone e Server The internal SIP endpoint is a SIP server into which the SIP endpoint can login externally Protocol Select the protocol to be used for data transmission Possible values UDP default value or TCP If a protocol has been automatically recognised it shou
241. can generate and import keys and have them certified AUX Ethernet Ports ISDN Ports ADSL Modem You can define various settings for communication between the gateway and modem in this menu In this menu you configure the Ethernet interfaces of your device To do this you select the speed and type of interface for example In this menu you configure the ISDN interface of your device Here you enter data such as the type of ISDN connection to which your device is connected Only R3000 and R3000w 8 Access and configuration Funkwerk Enterprise Communications GmbH In this menu you configure the ADSL interface of your device Here you specify whether Annex A or Annex B is used as ADSL mode for the broadband connection SHDSL Only R3400 and R3800w In this menu you configure the SHDSL interface of your device Here you enter how many change pairs are used for the SHDSL connection Serial ports Only R4300 In this menu you can configure the serial WAN interface s for your device i e one or two integrated X 21 V 35 interfaces de pending on the licence Here you enter which clock rate is used for the connection UMTS Only R1200wu In this menu you configure the CardBus interface of your device Here you specify that UMTS is enabled r zZ IP configuration In this menu you carry out the IP configuration of the LAN inter faces for your device VLAN In this menu you configure the VLANs Wireless
242. cation you can select Preshared Keys These are configured during peer configuration in the IPSec Peers menu The preshared key is the shared password e DSA Signature Phase 1 key calculations are authenticated using the DSA algorithm Funkwerk Enterprise Communications GmbH 16 VPN Field Description e RSA Signature Phase 1 key calculations are authenticated using the RSA algorithm e RSA Encryption In RSA encryption the ID payload is also encrypted for additional security Local Certificate Only if Authentication Method DSA Signature RSA Sig nature or RSA Encryption This field enables you to select one of your own certificates for authentication It shows the index number of this certificate and the name under which it is saved This field is only shown for authentication settings based on certificates and indicates that a certificate is essential Mode Select the phase 1 mode Possible values e Aggressive default value The Aggressive Mode is neces sary if one of the peers does not have a static IP address and preshared keys are used for authentication it requires only three messages for configuring a secure channel e Main Mode ID Protect This mode also designated Main Mode requires six messages for a Diffie Hellman key calculation and thus for configuring a secure channel over which the IPSec SAs can be negotiated A condition is that both peers have static IP addresses if preshared keys are used for au
243. cations GmbH Fields in the menu Advanced Settings Field Description LCP Alive Check Select whether the reachability of the remote terminal is to be checked The function is activated with Enabled The function is disabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload The function is activated with Enabled The function is disabled by default Compression If necessary select the type of encryption that should be used for data traffic to the connection partner If encryption is set the remote terminal must also support it otherwise a connection cannot be set up Possible values e None default value Encryption is not used e STAC O MS SSIVAC e MPPC Microsoft Point to Point Compression Fields in the Advanced Settings IP Options menu Field Description OSPF Mode Specify whether OSPF protocol packets are sent over the inter face Possible values e Passive default value OSPF is not activated for this inter face i e no OSPF protocol packets sent over this interface Networks reachable over this interface are however included when calculating the routing information and propagated over active interfaces e Active OSPF is not activated for this interface i e OSPF protocol packets sent over this interface e Inactive OSPF is disabled for this interface Field Description Proxy ARP Mode Select whether and ho
244. ce The group IDs are automatically created from 0 to 255 If an entry has not yet been created a new group is created using the New ID option If entries have been created you can select one from the list of created groups Each host to be monitored must be assigned to a group The action configured in Interface Action is only executed if no other group member can be reached Fields in the Hosts Trigger menu Field Description Monitored IP Address Enter the IP address of the host to be monitored R1xxx R3xxx R4xxx 455 19 Local Services Funkwerk Enterprise Communications GmbH Field Description Source IP Address Select how the IP address is to be determined that your device uses as the source address of the packet sent to the host to be monitored Possible values e Automatic default value The IP address is determined automatically e Specific Enter the IP address in the adjacent input field Interval Enter the time interval in seconds to be used for checking the availability of hosts Possible values are 1 to 65536 The default value is 10 The smallest Interval of the group members is used within a group Trials Enter the number of pings that must remain unanswered for the host to be regarded as unavailable Possible values are 1 to 65536 The default value is 3 Controlled Interfaces Select the interface s for which the action defined in Interface Action is to be performed All physical and
245. ce type In the WAN gt Internet Dialup gt GPRS UMTS menu a list of all GPRS UMTS inter faces is shown Thanks to its CardBus interface PCCARD the bintec gateway supports the integration of a UMTS CardBus modem in the system This enables you to set up a connection to the In ternet over UMTS 15 1 5 1 New Choose the New button to set up additional connections bintes R200 scat eros ere so GERSONS aux Prat Basic Parameters Description OPRSIUNTS Interface i Usarjiama i T z Leased Line A Real Time Jitter Control Aways on 7 Uknabied 3 Connection Idle Timeout po Seconds IP Mode and Routes IP Address Mode Ostatic Get IP Address Default Route i Menablea 7 META enanos Advanced Settings Block after connection failure for eo z Seconds Maurin Number of Dialup Retries Authentication PAP i DNS Negotiation Enabled g 7 Prioritize TCP ACK Packets Enabled LoP Aive Check Denabied C oK JC Cancel Fig 103 WAN gt Internet Dialup gt GPRS UMTS gt New The WAN gt Internet Dialup gt GPRS UMTS gt New menu consists of the following fields Fields in the GPRS UMTS Basic Parameters menu Field Description Description Enter a name for uniquely identifying the internet connection The first character in this field m
246. ceived successfully 519 Multicast MSDUs transmitted success fully 519 N Name 344 NAT active 223 NAT Detection 511 NAT method 224 NAT Traversal 336 Negative Cache 420 Negotiation Type 511 Netmask 217 233 300 301 355 464 Network Name SSID 202 210 212 Network Quality 173 Network Type 217 New Destination IP Address Netmask 228 New Destination Port 228 New FileName 491 New Source Port 228 Nitro Mode 191 Nitro XM 191 No 221 509 517 Node Name 464 Noise dBm 521 522 523 524 525 526 Number of Admitted Connections 324 Number of B Channels 282 Number of Dialling Retries 462 Number of Messages 502 O OAM Flow Level 305 Operation Band 187 Operation Mode 187 Organisation 139 Organisational Unit 139 OSPF Mode 283 311 314 317 358 365 Other Inactivity 379 Outbound Line 406 Outbound Proxy 398 Outgoing Interface 257 Outgoing ISDN Number 328 366 Outgoing Number 461 Overbooking allowed 257 P Packet Size 396 403 Packets 511 Passed 514 Password 137 142 143 263 268 273 277 285 289 344 350 354 361 393 398 431 448 491 501 507 Peak Cell Rate PCR 303 Peer Address 322 Peer ID 322 Phase 1 Profile 324 Phase 2 Profile 324 Physical Address 529 Physical Connection 163 Physical Interface Interface Specifics Link 100 Ping 117 Ping Test 487 Poisoned Reverse 234 Policy 127 131 Pool Usage 435 POP3 Server 501
247. ces 2 a a 109 10 3 Interface Mode Bridge Groups o 111 10 3 1 Interfaces o o 113 10 4 Administrative Access 2 o 117 10 4 1 ACCISE A EA A a a A A 117 10 4 2 SS A a ee Bo id ii d 118 10 4 3 SNMP oie oP gS aaa aa oe 122 10 5 Remote Authentication 2 2 123 10 5 1 RADIUS a 00 E R A we EIA a bes 123 10 5 2 TACACS Ei at ae ai a E aod A 129 10 5 3 OPTIONS i ta ere as e tes IN ee a A the 132 10 6 Certificates uo soa e oao a Ge Ghee ee o ee Gok ae 134 10 6 1 Certificate List s ora gece ey eg a Bae a aa a 134 10 6 2 GRES irc ar oot nadine Oy sie Saka Ga Meine o ar a 143 10 6 3 Certificate Servers 2 1 144 R1xxx R3xxx R4xxx Chapter 11 Physical Interfaces o o 146 11 1 AUX Sede inl ip e ai ee a Gow o oa amp 146 11 1 1 AU cts nl it ah ods rhea iran E 146 11 2 Ethernet Ports lt s os scssi aou a a a ek 149 11 2 1 Port Configuration 2 2 en 150 11 3 ISDN Ports cero 2 ah aha Gow AS aaa ae ena ye 152 11 3 1 ISDN Configuration 2 0 o 152 11 3 2 MSN Configuration oa e o o o 160 11 4 ADSE Modem 20d ta a Go nh A a Se OG 163 11 4 1 ADSL Configurations 2a a ee a tag E AES 163 11 5 SHDSL ats a a o 166 11 5 1 SHDSL Configuration o 166 11 6 Serial Ports
248. ch as the Internet The devices used function here as the endpoints of the VPN tunnel IPSec involves a num ber of Internet Engineering Task Force IETF standards which specify mechanisms for the protection and authentication of IP packets IPSec offers mechanisms for encrypting and decrypting the data transferred in the IP packets The IPSec implementation can also be smoothly integrated in a Public Key Infrastructure PKI see Certificates on page 134 The funkwerk IPSec implementation achieves this firstly by using the Authentication Header AH protocol and Encapsulated Security Payload ESP protocol and secondly through the use of cryptographic key key administration mechanisms like the Internet Key Ex change IKE protocol 16 1 1 IPSec Peers An endpoint of a communication is defined as peer in a computer network Each peer of fers its services and uses the services of other peers In the VPN gt IPSec gt IPSec Peers menu a list of all configured IPSec peers is shown Peer Address A Phase 1 Profile Phase 2 Profile jsterus Tf C New J Fig 114 VPN gt IPSec gt IPSec Peers Peer Monitoring The menu for monitoring a peer is called by selecting the A button for the peer in the peer list See Values in the list IPSec Tunnels on page 511 16 1 1 1 New Choose the New button to set up more IPSec peers R1xxx R3xxx R4xxx Language English View Standard
249. change the default settings of the BOOTmonitor of the device e g the baud rate for serial connections 6 Show System Information Shows useful information about your device e g serial number MAC Address and software versions The BOOTmonitor is started as follows The devices passes through various functional states when starting e Start Mode BOOTmonitor mode e Normal mode After some self tests have been successfully carried out in the start mode your device reaches the BOOTmonitor mode The BOOTmonitor prompt is displayed if you are serially connected to your device Press lt sp gt for boot monitor or any other key to boot system R1200 Bootmonitor V 7 9 1 Rev 1 from 2009 10 19 00 00 00 Copyright c 1996 2005 by Funkwerk Enterprise Communications GmbH 1 Boot System 2 Software Update via TFTP 3 Software Update via XMODEM 4 Delete Configuration 5 Default Bootmonitor Parameters 6 Show System Information Your Choice gt _ After display of the BOOTmonitor prompt press the space bar within four seconds to use the functions of the BOOTmonitor If you do not make an entry within four seconds the device changes back to normal operating mode En Note If you change the baud rate the preset value is 9600 baud make sure the terminal program used also uses this baud rate If this is not the case you will not be able to establish a serial connection to the device R1xxx R3xxx R4xxx Chapter 9 Assis
250. check the called party number For the call to be accepted it is sufficient for the individual numbers in the entry to agree taking account of MSN Recognition MSN Recognition Select the mode your device is to use for the number comparis on for MSN with the called party number of the incoming call Possible values e Right to Left default value e Left to Right DDI Always select if your device is con nected to a point to point connection Bearer Service Select the type of incoming call service detection Possible values e Data Voice default value Both data and voice calls e Data Data call e Voice Voice call modem voice analogue fax 11 4 ADSL Modem 11 4 1 ADSL Configuration In this menu you make the basic settings for your ADSL connection R3000 and R3000w are ADSL multiprotocol routers with integrated ADSL 2 modem and automatic ISDN backup The ADSL modem on the R3000 R3000w is compatible with AN NEX A and ANNEX B standards and so can be used universally in several countries It is particularly suitable for high speed Internet access and remote access use in SMEs or re mote offices The device is supplied ex works with 10 IPSec tunnels including hardware ac celeration Up to 100 additional IPSec tunnels can also be enabled if licensed The integ rated second ISDN SO interface can also be enabled by licence if required cla E EA AA Language English Online Help
251. con sists of the following fields R1xxx R3xxx R4xxx 15 WAN Funkwerk Enterprise Communications GmbH Fields in the Interfaces Basic Parameters menu Field Description Description Enter the desired description for the connection Fields in the Interfaces IP Mode and Routes menu Field Description Default Route Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is disabled by default Local IP Address Enter the IP address you received from your network operator Route Entries Define other routing entries for this connection class Add a new entry with Add The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description LCP Alive Check Select whether the reachability of the remote terminal is to be checked The function is activated with Enabled The function is disabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload The function is activated with Enabled The function is disabled by default Compression If necessary select the type of encryption that should be used for data traffic to the connection partner If encryption is set the remote terminal must also support it otherwise a connection cannot be set up Possible values e None default value Encryption is not used
252. cribed in The settings you make with the Funkwerk Configuration Interface are applied with the OK or Apply button of the menu and you do not have to restart the device If you finish the configuration and want to save your settings so that they are loaded as the boot configuration when you reboot your device save these by clicking the Save configur ation button You can also use the Funkwerk Configuration Interface to monitor the most important function parameters of your device R1xxx R3xxx R4xxx bintec R1200 Language English Ven Sened ones Lomma Automatic Retresh interval feo Seconds Apply ka gt O warnins System Password not changed z System formation F ee Bridge Upti 2 Day s 22 Hour s 27 Minute s ime s ur s inute s Groups E pc I System Date Mon Jan 16 23 53 01 2006 a pp a Remote Authentication Serial Number R1E180006500018 a BOSS Version V 7 9 Rev 5 IPSec from 2009 11 09 00 00 00 Rebetika oak AA Resource information CPU Usage 0 a Memory Usage 22 1 31 9 MB 70 ISDN Usage External _ 0 4B Channels Ace Sessions SIF RTP etc 0 Active IPSec Tunnels 0 0 eneee Physical nlerface Interface Specifics Link pense nies Tp en1 0 192 168 0 254 255 255 255 0 E o ent 4 Not configured Not configured o ai as pk ae A WLAN of o com0 8 Not configured orizo 0 Not configured o
253. cription Description Enter a description that uniquely defines the type of rule Proposals In this field you can select any combination of encryption and message hash algorithms for IKE phase 1 on your device The combination of six encryption algorithms and four message hash algorithms gives 24 possible values in this field At least one proposal must exist Therefore the first line of the table can not be deactivated Encryption algorithms Encryption e 3DES default value 3DES is an extension of the DES al gorithm with an effective key length of 112 bits which is rated as secure It is the slowest algorithm currently supported e Twofish Twofish was a final candidate for the AES Advanced Encryption Standard It is rated as just as secure as Rijndael AES but is slower R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 16 VPN Field Description e Blowfish Blowfish is a very secure and fast algorithm Twofish can be regarded as the successor to Blowfish e CAST CAST is also a very secure algorithm marginally slower than Blowfish but faster than 3DES e DES DES is an older encryption algorithm which is rated as weak due to its small effective length of 56 bits e AES Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of security against attacks and general speed e AES 128 Rijndael has been nominated as AES due to its fast key setup low memory r
254. cription Mode Only if Entries Ada Select whether Subscriber Number MSN is to be used for in coming or outgoing calls or for both Possible values Both default value For incoming and outgoing calls e Incoming For incoming calls where your connection part ner dials in to your device e Outgoing For outgoing calls where you dial your connec tion partner The calling party number of the incoming call is compared with the number entered under Subscriber Number MSN Call Number Enter the connection partner s numbers Port Usage Select which port is used Fields in the Advanced Settings IP Options menu Field Description Proxy ARP Mode Select whether and how ARP requests from your own LAN are to be responded to for the specified connection partner Funkwerk Enterprise Communications GmbH 15 WAN Field Description Possible values e Inactive default value Deactivates Proxy ARP for this connection partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the connection partner is Up or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up un til someone actually wants to use the route e Up Only Your device responds to an ARP request only if the status of the connection to the connection partner is Up active i e a connection already exists to the connection partner 15 1 7 IP Pools In the IP Pools
255. ct this option if your gate way assigns an IP address as DHCP server for connecting cli 16 VPN Funkwerk Enterprise Communications GmbH Field Description ents This is taken from the selected IP Assignment Pool IP Assignment Pool Only if IP Address Assignment IKE Config Mode Serv er Select an IP pool configured in the VPN gt IP Pools menu If an IP pool has not been configured here yet the message Not yet defined appears in this field Default Route Only for IP Address Assignment Static Select whether the route to this IPSec peer is to be defined as the default route The function is activated with Enabled The function is disabled by default Local IP Address Only if IP Address Assignment Static and IKE Config Mode Server Enter the WAN IP address of your IPSec tunnel This can be the same IP address as the address configured on your router as the LAN IP address Route Entries Define routing entries for this connection partner e Remote IP Address IP address of the destination host or LAN e Netmask Netmask of Remote IP Address e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settings menu consists of the following fields Fields in the Advanced Settings Advanced IPSec Options menu Field Description Phase 1 Profile For phase 1 select a profile already configured in the Phase 1 Profiles menu You can also select the
256. ction is to be applied Fields in the menu Advanced Settings Field Description Number of Dialling Re Enter the number of dial attempts that the gateway is to make to tries call itself by ISDN after a reboot Possible values are 1 to 255 The default value is 3 Timeout Enter the time in seconds that the gateway is to wait before try ing again after an unsuccessful attempt to call itself Possible values are 2 to 20 The default value is 5 19 10 Funkwerk Discovery 19 10 1 Device Discovery The funkwerk Discovery protocol is used to identify and configure bintec access points that are in the same wired network as your device Once an access point has been discovered certain basic parameters node name IP address netmask and device address can be configured on the access point provided you know the administrator password 3 Note Any bintec access points that exist are determined by means of a multicast The IP address of the access point is therefore irrelevant Please note that the discovered bintec access points are not stored in the flash which R1xxx R3xxx R4xxx means discovery must be repeated after you reboot your device In the Local Services gt Funkwerk Discovery gt Device Discovery menu under Res ults a list is shown of all access points found on the network In the Interface field select the interface of your device via which access point discovery is to be carried out You use the Al1
257. d A list of all synchronisations is displayed when opening the Local Services gt BRRP gt VR Synchronisation menu You can either synchronise virtual interfaces or interfaces New synchronisations can be added in the New menu For example you can synchronise both virtual routers R1 and R2 over BRRP To do this you must create two entries For the first entry you must use R1 as the Monitoring VR Interface and R2 as the Synchronisation VR Interface For the first second you must configure R2 as the Monitoring VR Interface and R1 as the Synchronisation VR Interface 19 13 2 1 New Select the New button to create new synchronisations R1xxx R3xxx R4xxx Sars bb lt s binfec R12 Standard v Online Help Logout funkwerki S Save configuration 4 Virtual Routers VR Synchronisation Options T II besic Parameters TE estee vr iterface MielessLAN AS monitoring Mode BRAP w a a ARA Virtual Router ID Selectone Vcc Synchronisation VR Interface o Synchronisation Mode BRRP ed Virtual Router ID Selectone A AA E E DNS HTTPS d DynDNS Client DHCP Server Web Filter _ CAPI Server Scheduling Surveillance ip 25D Thott Protaci n s sai UPnP __HotSpot Gateway BRRP E Fig 179 Local Services gt BRRP gt VR Synchronisation gt New The Local Services gt BRRP gt VR Sync
258. d e Lowest the codecs are sorted by required bandwidth If pos sible the codec with the lowest bandwidth requirement is used e Highest the codecs are sorted by required bandwidth If possible the codec with the highest bandwidth requirement is used Sort Order Select the codecs to be proposed for the connection The co decs chosen here are proposed in a certain order depending on the setting in the Codec Proposal Sequence field Possible values e G 711 uLaw ISDN codec with US law e G 711 aLaw ISDN codec with EU law e GO 729 Compressed from 31 to 8 kbps good voice quality e G 726 40 Compressed from 63 to 40 kbps e G 726 32 Compressed from 55 to 32 kbps e G 726 24 Compressed from 47 to 24 kbps e G 726 16 Compressed from 39 to 16 kbps DTMF Outband DTMF Outband First the system attempts to use RFC 2833 If the remote terminal does not use this stand ard SIP Info is used e T 38 Fax Allows the transmission of fax messages over data networks G 711 uLaw G 711 aLawand G 729 are enabled by default The codecs actually used are the intersect of the codecs defined here and those signalled by the provider For outgoing calls any remaining codecs are dropped from the list that would require more than the available bandwidth Fields in the Advanced Settings Voice Quality Settings menu Field Description Echo Cancellation Select whether echo cancellation should be used Funkwerk Enterprise Communicat
259. d e You explicitly activate the import or export of certain routes In this case you must also explicitly deactivate the import or export of all other routes You can do this using a filter for IP Address no entry this corresponds to the IP address 0 0 0 0 with Netmask no entry this corresponds to the netmask 0 0 0 0 To make sure this filter is used last it must be placed at the lowest position You configure a filter for a default route with the following values e IP Address no entry this corresponds to the IP address 0 0 0 0 with Netmask 255 255 255 255 In the Routing gt RIP gt RIP Filters menu a list of all RIP filters is shown bintec R1200 Language English View Standard Online Help Fig 88 Routing gt RIP gt RIP Filters You can use the button to insert another filter above the list entry The configuration menu for creating a new window opens You can use the button to move the list entry A dialog box opens in which you can se R1xxx R3xxx R4xxx lect the position to which the filter is to be moved 14 3 2 1 New Choose the New button to set up more RIP filters RIP Interfaces RIP Filter RIP Options Basic Parameters Interface None IP Address Netmask WEE Direction Import O Export e Si Metric Offset for Active Interfaces Da Load Balancing Metric Offset for In
260. d Possible values e Indoor Outdoor default value e Indoor e Outdoor IEEE 802 11d Compli Only for Operating Mode Access Client ance Select how the country information is determined Possible values e Flexible default value The system attempts to determine the country information of the access point otherwise the system s own country information is used e None The system s own country information is used e Strict The country information of the access point is used Channel The number of channels you can selected depends on the country setting Please consult the data sheet for your device Access Point mode Configuring the network name SSID in Access Point mode means that wireless networks can be logically separated from each other but they can still physically interfere with each other if they are operating on the same or closely adjacent wireless channels So if you are operating two or more radio networks close to each other it is advisable to allocate the networks to different channels Each of these should be spaced at least four channels apart as a network also partially occupies the adjacent channels In the case of manual channel selection please make sure first that the clients actually support these channels Possible values e For Frequency Band 2 4 GHz In Outdoor 13 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Possible values are 1 to 13 and Auto def
261. d Balancing Groups 0008 237 14 5 MulticaStis ro dia 2 tes ds o a i 240 14 5 1 Forwarding 4 teles botes de we th Ge ho hae A s 241 14 5 2 IQMP s ip era Ee Bde BD ar E o eB we es 243 14 5 3 Options i eb kw a a oa a eb ed 246 14 6 DIS E A RB RA p etl Be RA al 248 14 6 1 QoS Filler a a it Bc So ee Ge a i Bs 248 14 6 2 QoS Classification 2 2 o 251 14 6 3 QoS Interfaces Policies 0 0 0 253 Chapter 15 WAN o dia i 260 R1xxx R3xxx R4xxx V 15 1 Internet DIBlUP san lt 2 Stee gn le ke pes ae Bale eet Se a ed 260 15 1 1 PPPOE 2 2 synod Soja carps hl SMe gd ae beet SE eee es 262 15 1 2 PRUP una ceed ence eS Soe tet gone Wit amp et Gok eet oi g 267 15 1 3 PPPOA 822 7 saa Soda Oe il E BA Rte ee ee a RE a 272 15 1 4 ISBN 3x eas A eee apes A a Son tr ees ef oe 276 15 1 5 GPRS UMTS soans koe a a ao wa DS He 284 15 1 6 AUX Pees EAS See See BPS uri aS 289 15 1 7 IPPO Sa A A es ek BEE e 295 15 2 E E ty wh na tated 296 15 2 1 Profiles 2 Sy tints Sick he eee hy Sete Sekt oh Sek 297 15 2 2 Service Categories o 302 15 2 3 OAM Controlling 2 o o e 304 15 3 Leased Lines aaa iet iea a des a Sek de a 308 15 3 1 Interfaces a a ie A A a 309 15 4 Real Time Jitter Control 2 2 318 15 4 1 Controlled Interfaces 2 318 Chapter 16 VPN sarees
262. d Description MTU Shows the current MTU Maximum Transfer Unit Alive Check Shows the method for checking that the peer is reachable NAT Detection Displays the NAT detection method Local Port Shows the local port Remote Port Shows the remote port Packets Shows the total number of incoming and outgoing packets Bytes Shows the total number of incoming and outgoing bytes Errors Shows the total number of errors IKE Phase 1 SAs x The parameters of the IKE Phase 1 SAs are displayed here Role Algorithm Life time remaining State IPSec Phase 2 SAs x Shows the parameters of the IPSec Phase 2 SAs Role Algorithm Local Remote Lifetime re maining State Messages The system messages for this IPSec tunnel are displayed here 22 2 2 IPSec Statistics In the Monitoring gt IPSec gt IPSec Statistics menu statistical values for all IPSec con nections are shown R1xxx R3xxx R4xxx Save configuration i IPSec Tunnels IPSec Statistics Po A E A Physical interfaces T Automatic Refresh interval 300 Seconds Apply Pad Licences In Use Maximum WirelessLAN v IPSec Tunnels 0 110 Rou Peers Up Going up Blocked Dormant Configured o o Status 0 o 0 1 4 i SAs Established Total KE Phase 1 o o Firewall Cs PSec Phase 2 0 0 Vor E Packet Statistics In Out Local Services P Total 50 112 Passed 50 112 Maintenance oo T Dropped 0 0 EA encrypted 0 o E
263. d Value SSH service active Select whether the SSH Daemon is to be enabled for the inter face The function is activated by choosing Enabled R1xxx R3xxx R4xxx 10 System Management Funkwerk Enterprise Communications GmbH Field VENTO The function is enabled by default Compression Select whether data compression should be used The function is activated by choosing Enabled The function is disabled by default TCP Keepalives Select whether the device is to send keepalive packets The function is activated by choosing Enabled The function is enabled by default Logging Level Select the syslog level for the syslog messages generated by the SSH Daemon Possible settings e Information default value Fatal and simple errors of the SSH Daemon and information messages are recorded e Fatal Only fatal errors of the SSH Daemon are recorded e Errors Fatal and simple errors of the SSH Daemon are re corded e Debug All messages are recorded Fields in the SSH Authentication and Encryption Parameters menu Field Value Encryption Algorithms Select the algorithms that are to be used to encrypt the SSH connection Possible options e 3DES e Blowfish e AES 128 e AES 256 3DES Blowfish and AES 128 and are enabled by default Hashing Algorithms Select the algorithms that are to be available for message au thentication of the SSH connection Funkwerk Enterprise Communications GmbH 10 System Management
264. d for configuration and the device 19 2 1 HTTPS server In the Local Services gt HTTPS gt HTTPS Server menu you configure the parameters of the secure configuration connection over HTTPS R1xxx R3xxx R4xxx bintec R1200 onne nep ono HTTPS Server HTTPS Parameters 443 Local Certificate Internal HTTPS TCP Port Apply J _ Cancel J DynDNS Client DHCP Server Web Filter CAPI Server Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP HotSpot Gateway BRRP Fig 152 Local Services gt HTTPS gt HTTPS Server The Local Services gt HTTPS gt HTTPS Server menu consists of the following fields Fields in the HTTPS Server HTTPS Parameters menu Field Description HTTPS TCP Port Enter the port via which the HTTPS connection is to be estab lished Possible values are 0 to 65535 The default value is 443 Local Certificate Select a certificate that you want to use for the HTTPS connec tion Possible values e Internal default value Select this option if you want to use the certificate built into the device e lt Certificate name gt Select the entered certificate under System Management gt Certificates gt Certificate List R1xxx R3xxx R4xxx 19 3 DynDNS Client The use of dynamic IP addresses has the disadvantage that a host in the network can no longer be found once its IP address has changed DynDNS ensures that your de
265. d of the corresponding address A host name consists of an ASCII string that uniquely identifies the host computer HyperText Transfer Protocol Network component used to connect several network components together to form a local network star shaped ISDN connection unit ISDN connection socket Internet Control Message Protocol Integrity Check Value You have to request this performance feature from T Com The company will provide you with further information on the procedure If you enter code 77 during a call or after the caller has ended a call you hear the engaged tone from the exchange the caller s tele phone number is stored in the exchange ISDN telephones can also use separate functions for this performance feature For more in formation on this function please see your user s guide The Institute of Electrical and Electronics Engineers IEEE A large global association of engineers which continuously works on stand ards in order to ensure different devices can work together Internet Engineering Task Force The index from 0 9 is fixed Every external multiple subscriber number entered is assigned to an index You need this index when configuring performance features using the telephone s codes e g configuring Call forwarding in the exchange or Define telephone number for the next external call A network in infrastructure mode is a network that contains at least one access point as the central point of comm
266. d the authenticate users A key pair consisting of a pub lic key and a private key is used to encrypt and decrypt the data For encryption the sender requires the public key of the recipient The recipient decrypts the data using his private key Um sicherzustellen dass der ffentlich Schl ssel der echte Schl ssel des Empf ngers und keine F lschung ist wird ein Nachweis ein sogenanntes digitales Zertifikat ben tigt Ein digitales Zertifikat best tigt u a die Echtheit und den Eigent mer eines ffentlichen Schl ssels It is similar to an official passport in that it confirms that the holder of the pass port has certain characteristics such as gender and age and that the signature on the passport is authentic As there is more than one certificate issuer e g the passport office for a passport and as such certificates can be issued by several different issuers and in varying qualities the trustworthiness of the issuer is extremely important The quality of a certificate is regulated by the German Signature Act or respective EU Directives Certification authorities that issue so called qualified certificates are organised in a hier archy with the Federal Network Agency as the higher certifying authority The structure and content of a certificate are stipulated by the standard used X 509 is the most important and the most commonly use standard for digital certificates Qualified certificates are personal and extremely trustworthy
267. d to send the alert mail Possible values are 0 to 86400 The value O disables the timeout Number of Messages Enter the number of syslog messages that must be reached be fore an E mail can be sent for this case If timeout is configured the mail is sent when this expires even if the number of mes sages has not been reached Possible values are 0 to 99 the default value is 7 Message Compression Select whether the text in the alert E mail is to be shortened The e mail then contains the syslog message only once plus the number of relevant events Enable or disable the field The function is enabled by default Fields in the E mail Alert Receiver Monitored Subsystems menu Field Description Subsystem Select the subsystems to be monitored Add a new system with Add 21 4 SNMP SNMP Simple Network Management Protocol is a protocol from the IP protocol family for transporting management information about network components Every SNMP management system contains an MIB SNMP can be used to configure con trol and administrate various network components from one system Such an SNMP tool is included on your device the Configuration Manager As SNMP is a standard protocol you can use any other SNMP managers e g HPOpenView For more information on the SNMP versions see the relevant RFCs and drafts e SNMP V 1 RFC 1157 e SNMP V 2c RFC 1901 1908 e SNMP V 3 RFC 3410 3418 21 4 1 SNMP Trap Options In t
268. de Without explicit permission NAT rejects every access from the WAN to the LAN IP Access Lists Here packets are permitted or rejected exclusively on the basis of the criteria listed above i e the state of the connection is not considered except where Services tcp SIF The SIF sorts out all packets that are not explicitly or implicitly allowed The result can be a deny in which case no error message is sent to the sender of the rejected packet or a reject where the sender is informed of the packet rejection The incoming packets are processed as follows e The SIF first checks if an incoming packet can be assigned to an existing connection If so it is forwarded If the packet cannot be assigned to an existing connection a check is made to see if a suitable connection is expected e g as affiliated connection of an exist ing connection If so the packet is also accepted e If the packet cannot be assigned to any existing or expected connection the SIF filter rules are applied If a deny rule matches the packet the packet is rejected without send ing an error message to the sender of the packet if a reject rule matches the packet is rejected and an ICMP Host Unreachable message sent to the sender of the packet The packet is only forwarded if an accept rule matches e All packets without matching rules are rejected without sending an error message to the sender when all the existing rules have been checked default
269. deactivated by default Field Description If QoS is not activated for this policy bear in mind that the data cannot be prioritised on the sender side either A policy for which QoS has been enabled is also set for the fire wall Make sure therefore that data traffic that has not been ex pressly authorised if blocked by the firewall Traffic Priority Only for Apply QoS enabled Select the priority with which the data specified by the policy is handled on the send side Possible values None default value No priority e Low Latency Low Latency Transmission LTT i e hand ling of data with the lowest possible latency e g suitable for VoIP data e High e Medium e Low 17 1 2 QoS More and more applications need increasingly larger bandwidths which are not always available Quality of Service QoS makes it possible to distribute the available bandwidths effectively and intelligently Certain applications can be given preference and bandwidth re served for them In the Firewall gt Policies gt QoS menu a list of all QoS rules is shown 17 1 2 1 New Choose the New button to set up new QoS rules R1xxx R3xxx R4xxx STE E Se gt Language English View Standard uu Filter Rules QoS Options Configure QoS Interface Interface Select one hd Traffic Shaping DEnabled t Filter Rules Source Destination Service Traffic Pr
270. ding IP address Lease Time Enter the length of time in minutes for which an address from the pool is to be assigned to a host After the Lease Time Minutes expires the address can be re assigned by the server The default value is 120 DHCP Options Specify which additional data is forwarded to the DHCP client Possible values for Option Field Description e Time Server default value Enter the IP address of the time server to be sent to the client DNS Server Enter the IP address of the DNS server to be sent to the client e DNS Domain Name Enter the DNS domain to be sent to the client WINS NBNS Server Enter the IP address of the WINS NBNS server to be sent to the client e WINS NBT Node Type Enter the type of the WINS NBT node to be sent to the client e TFTP Server Enter the IP address of the TFTP server to be sent to the client Several entries are possible Add new entries with the Add but ton 19 4 2 IP MAC Binding In the Local Services gt DHCP Server gt IP MAC Binding menu a list is shown of all cli ents that have received an IP address from your device via DHCP You can now allocate an IP address from a defined IP address pool to specific MAC ad dresses You can do this by selecting the Static Binding option in the list to convert a list entry as a fixed binding or you manually create a fixed IP MAC binding by configuring this in the New sub menu En Note You can only creat
271. dress and if required the corres ponding netmask to which the original destination IP address is to be translated Only for Type of Traffic incoming Destination NAT Leave the destination port as it appears or enter the destination port to which the original destination port is to be translated Selecting Original leaves the original destina tion port If you disable Original an input field appears in which you can enter a new destina tion port Original is active by default Only for Type of Traffic outgoing Source NAT and NAT method symmetric Enter the source IP address and if required the corresponding netmask to which the origi nal source IP address is to be trans lated Only for Type of Traffic outgoing Source NAT and NAT method symmetric Leave the source port as it appears or enter a new source port to which the original source port is to be translated Selecting Original leaves the original source port If you dis able Original an input field appears in which you can enter a new source q port Original is active by default 14 3 RIP The entries in the routing table can be defined statically or the routing table can be updated constantly by dynamic exchange of routing information between several devices This ex change is controlled by a Routing Protocol e g RIP Routing Information Protocol By de fault about every 30 seconds this value can be changed in Update Timer a device sends
272. ds Fields in the menu Advanced Settings Field Description IP Compression Select whether compression is to be activated before data en cryption If data is compressed effectively this can result in higher performance and a lower volume of data to be trans ferred In the case of fast lines or data that cannot be com pressed you are advised against using this option as the per formance can be significantly affected by the increased effort during compression 16 VPN Funkwerk Enterprise Communications GmbH Field Description The function is activated with Enabled The function is disabled by default Alive Check Select whether and how IPSec heartbeats are used A bintec IPSec heartbeat is implemented to determine whether or not a Security Association SA is still valid This function sends and receives signals every 5 seconds depending on the configuration If these signals are not received after 20 seconds the SA is discarded as invalid Possible values e Inactive Your device sends and expects no heartbeat Set this option if you use devices from other manufacturers e Heartbeats Expect only Your device expects a heartbeat from the peer but does not send one itself e Heartbeats Send only Your device expects no heart beat from the peer but sends one itself e Heartbeats send amp expect Your device expects a heartbeat from the peer and sends one itself e Autodetect Automatic detection of whethe
273. e Shows the current version of the ADSL logic loaded on your device Fields in the Options Software and Configuration Options menu Field Description Action Select the action you wish to execute After each task a window is displayed showing the other steps that are required Possible values e No Action default value R1xxx R3xxx R4xxx 20 Maintenance Funkwerk Enterprise Communications GmbH Field Description e Import configuration Under Filename select a config uration file you want to import Note Click Go to load the file under the name boot in the flash memory for the device You must restart the device to enable it Note The files to be imported must be in CSV format e Import language You can import other language versions of the Funkwerk Configuration Interface into your device You can download the files to your PC from the download area at www funkwerk ec com and from there import them to your device e Update system software you can start an update of the system software the ADSL logic and the BOOTmonitor Export configuration The configuration file Current fi lename in flash memory is transferred to your local host If you click on the Go button a dialog box is shown in which you can select the storage location on your PC and enter the desired file name e Export configuration with state information The active configuration from the RAM is transferred to your local host If you clic
274. e OSPF is disabled for this interface Proxy ARP Mode Select whether your device is to respond to ARP requests from its own LAN on behalf of the specific L2TP partner Possible values e Inactive default value Deactivates Proxy ARP for this L2TP partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the L2TP partner is Up active or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up until someone actually wants to use the route Up Only Your device responds to an ARP request only if the status of the connection to the L2TP partner is Up active i e a connection already exists to the L2TP partner DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server Secondary DNS Server primary WINS and sec Field Description ondary WINS from the L2TP partner or sends these to the L2TP partner The function is activated with Enabled The function is enabled by default 16 2 3 Options bintec R1200 a ales e gad ME A s i Language English View Standard v O Save configuration Psic cc LAN UDP Destination Port 1701 Velas Lo UDP Source Port Selection Orea e ok JC cancel IPSec L2TP PPTP GRE Fig 125 VPN gt L2TP gt Options The VPN gt L2TP gt Options menu consists of the following fields Fields in the Options
275. e provider s DynDNS service runs Update Path Enter enter the path on the provider s server that contains the script for managing the IP address of your device Ask your provider for the path to be used Port Enter the port at which your device is to reach your provider s server Ask your provider for the relevant port The default value is 80 R1xxx R3xxx R4xxx 19 Local Services Funkwerk Enterprise Communications GmbH Field Description Protocol Select one of the protocols implemented Possible values e DynDNS default value e Static DynDNS e ODS HN e DYNS e GnuDIP HTML e GnuDIP TCP e Custom DynDNS e dnsexit Update Interval Enter the minimum time in seconds that your device must wait before it is allowed to propagate its current IP address to the DynDNS provider again The default value is 300 seconds 19 4 DHCP Server You can configure your device as a DHCP Dynamic Host Configuration Protocol server Your device and each PC in your LAN requires its own IP address One option for allocat ing IP addresses in your LAN is the Dynamic Host Configuration Protocol DHCP If you configure your device as a DHCP server the device automatically assigns IP addresses to requesting PCs in the LAN from a predefined IP address pool A PC sends out an ARP re quest and in turn receives its IP address assigned by your device You therefore do not need to allocate fixed IP addresses to PCs which reduces the
276. e Communications GmbH coming external connections and all external calls you make are stored Display of caller s A suitable telephone is a prerequisite for this feature Transmission number of the telephone number must be permitted by the caller DLCI In a Frame Relay network a DLCI uniquely describes a virtual con nection Note that a DLCI is only relevant for the local end of the point to point connection DMZ Demilitarised Zone DNS Domain Name System Do not disturb Station guarding DOI Domain of Interpretation Domain A domain refers to a logical group of devices in a network On the Internet this is part of a naming hierarchy e g bintec de Door intercom Door intercom device It can be connected to various PBXs A tele phone can be used to take an intercom call and open the door Door intercom on An analogue connection can be set up for connected of function analogue connection module MO6 to connect a DoorLine intercom system Door terminal ad The function module can be installed on an analogue connection of apter your PBX If a door intercom DoorLine is connected to your PBX via a function module you can speak with a visitor at the door via every authorised telephone You can assign particular telephones to each ring button These phones then ring if the ring button is pressed On analogue telephones the signal on the telephone matches the intercom call In place of the internal telephones an ex ternal telephone
277. e DSP module is provided in the installation in structions included with the module 18 2 1 Extension Here you can configure the numbers of the terminal devices Extensions connected to the media gateway i e the numbers of the SIP terminals and the numbers of the ISDN ter minals depending on the available interfaces In the VoIP gt Media Gateway gt Extensions menu a list of all existing extensions is shown You can define for all extensions whether SIP connections are encrypted over TLS Fields in the list Extensions SIP over TLS Field Description Local Certificate Select a certificate that you want to use for the TLS connection Possible values e Internal default value Select this option if you want to use the certificate built into the device e lt Certificate name gt Select the entered certificate under System Management gt Certificates gt Certificate List 18 2 1 1 Edit New Choose the 2 icon to edit existing entries Select the New button to create new exten sions R1xxx R3xxx R4xxx R1xxx R3xxx R4xxx Language English View Standard w Online Help Logout Extensions SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks Options Basic Parameters gt Description Extension User Name i f interface Type
278. e GRE which is why the maximum send window size on the funkwerk side must be adjusted here via the value GRE Window Size R1xxx R3xxx R4xxx Field Description Possible values are 0 to 256 The default value is 0 16 4 GRE Generic Routing Encapsulation GRE is a network protocol that encapsulates other proto cols and transports them in the form of IP tunnels to the specified recipients The specification of the GRE protocol is available in two versions e GRE V 1 for use in PPTP connections RFC 2637 configuration in the PPTP menu GRE V 0 RFC 2784 for general encapsulation using GRE In this menu you can configure a virtual interface for using GRE V O The data traffic routed over this interface is then encapsulated using GRE and sent to the specified recipient 16 4 1 GRE Tunnels In the VPN gt GRE gt GRE Tunnels menu a list of all configured GRE tunnels is shown 16 4 1 1 New Choose the New button to set up new GRE tunnels bintec R1200 Language English View Standard ore Tune Basic Parameters Wegscantion A o o Local GRE IP Address i asal Remote GRE IP Address Im F o Default Route Denanied Local IP Address Route Entries a a 1 A C aaa lt MTU o Use key enables E ox Camel Fig 128 VPN gt GRE gt GRE Tunnels R1xxx R3xxx R4xxx Funkwerk Enterpr
279. e IPSec tunnel Action Enables you to change the status of the IPSec tunnel as dis played Details Opens a detailed statistics window You change the status of the IPSec tunnel by pressing the a button or button in the Action column By pressing the P button you display detailed statistics on the IPSec connection bintec R1200 pos R120 Save configuration d IPSec Tunnels IPSec Statistics 3 pino i Physical Interfaces y Automatic Refresh interval 300 Seconds Apply 7 E oea WirelessLAN v Description Peer 1 Bowing Local P Address 00 00 MON Remote ip aduress 0 0 0 0 toco Remo a Negotiation Type LocalServices Authentication Method A m MTU 1418 i OS Alive Check ExtematReporting oom A Statistics In Out Packets 0 0 Internal Log Bytes 0 fe como om Errors 0 Messages Interfaces ges 10 interfaces WLAN HotSpot Gateway QoS Fig 196 Monitoring gt IPSec gt IPSec Tunnel gt Values in the list IPSec Tunnels Field Description Description Shows the description of the peer Local IP Address Shows the WAN IP address of your device Destination IP Address Shows the WAN IP address of the connection partner Local ID Shows the ID of your device for this IPSec tunnel Remote ID Shows the ID of the peer Negotiation Type Shows the exchange type Authentication Method Shows the authentication method R1xxx R3xxx R4xxx Fiel
280. e Protocol Operation and Maintenance Without connection Connectionless operating state e g of the PCs With connection For example the state of a connection between a PC and data network or for data exchange between two PCs Term for electronic banking e g using T Online Glossary Online Pass Online services OSI model OSPF Outgoing extension number signal Outgoing telephone number Packet switching PAP Parking PBX PBX PBX PBX PBX number Funkwerk Enterprise Communications GmbH Part of the T Com certification services for the Internet Digital pass for the Internet With the Online Pass an Internet user can be au thenticated as a customer in a company Services available around the clock via communication services such as T Online and the Internet OSI Open Systems Interconnection Open Shortest Path First The outgoing extension number signal is intended for internal con nections on the point to point to which an explicit extension number was not assigned When an external call is made the extension number entered under Outgoing Extension Number Signal is also transmitted If you have not suppressed transmission of your telephone number and the telephone of the person you are calling supports the CLIP function the person you are calling can see the telephone number of the connection you are calling from on their telephone display This telephone number transmitted during an external ca
281. e connect individual work sta tions e g laptops PCs with wireless card or wireless adapter by wireless connections to your local network via WLAN Wireless LAN and let them communicate with each other The table Data for the Wireless LAN configuration shows the information required As data can be transmitted over the air in the WLAN this data can in theory be intercepted and read by any attacker with the appropriate resources Particular attention must therefore be paid to protecting the wireless connection Note the following e Follow the safety precautions when configuring your WLAN e Please also read the information on WLAN operation published by the Federal Office for Information Security see http www bsi bund de Data for the Wireless LAN configuration Access data Example value Your values Preshared Key for WPA PSK without default Access data Example value Your values Installation location of your device Germany Channel to be used for WLAN 3 Network name SSID for your without default WLAN Visibility of the network name not visible Security setting WPA PSK 4 3 2 Configuring a PC In order to reach your device via the Funkwerk Configuration Interface and to be able to carry out configuration the PC used for the configuration has to satisfy some prerequisites Make sure that the TCP IP protocol is installed on the PC e Assign fixed IP address to your PC Checking the TCP IP protocol Proceed as follo
282. e focus is on excluding data traffic from unwanted multicast groups Note that if forwarding is combined with IGMP the packets can be forwarded to the groups specified in the forwarding request 14 5 1 Forwarding In this menu you specify which multicast groups are always passed between the interfaces of your device 14 5 1 1 New Choose the New button to create forwarding rules for new multicast groups Onin Hep airs 4 bintec R1200 Language English Qz z 7 Save configwation Forwarding IGMP Options 1 E ae RAR all Multicast Groups Dnabied ca Source Interface None SH Desnaanan itara Nan al OK Cancel Fig 92 Routing gt Multicast gt Forwarding gt New The Routing gt Multicast gt Forwarding gt p New menu consists of the following fields Fields in the Forwarding Basic Parameters menu Field Description All Multicast Groups Select whether all multicast groups i e the complete multicast address range 224 0 0 0 4 are to be forwarded from the defined Source Interface to the defined Destination Interface To do this check Enabled Disable the option if you only want to forward one defined mul ticast group to a particular interface The option is deactivated by default Multicast Group Address Only for All Multicast Groups disabled Enter here the address of the multicast group you want to for w
283. e global name servers entered on your device are sent As IPCP Server Select which name server addresses are to be transmitted by your device in the event of dynamic server name negotiation if your device is used as the IPCP server for PPP connections Possible values e None No name server address is sent e Own IP Address The address of your device is transferred as the name server address e Global DNS Setting default value The addresses of the global name servers entered on your device are sent 19 1 2 Static Hosts In the Local Services gt DNS gt Static Hosts menu a list of all configured static hosts is shown 19 1 2 1 New Choose the New button to set up new static hosts pintec R120 eer WEES Global Settings Static Hosts Domain Forwarding Cache Statistics Basic Parameters DNS Hostname Response Positive IP Address 0 0 0 TIL B6400 Seconds oK BQ Cancel J Funkwerk Discovery UPnP HotSpot Gateway Fig 148 Local Services gt DNS gt Static Hosts gt New The Local Services gt DNS gt Static Hosts gt New menu consists of the following fields Fields in the Static Hosts Basic Parameters menu Field Description DNS Hostname Enter the host name to which the IP Address defined in this menu is to be assigned if a positive response is received to a DNS request If a negative response is received to a DNS re quest
284. e new static IP MAC bindings if IP address ranges have been con figured in Local Services gt DHCP Server gt DHCP Pool 19 4 2 1 New Choose the New button to set up new IP MAC bindings R1xxx R3xxx R4xxx bintec R1200 DynDNS Client DHCP Server Web Filter CAPI Server E Scheduling Surveillance ISDH Theft Protection 3 Funkwerk Discovery UPnP HotSpot Gateway E BRRP ME Language English vw Standard Basic Parameters Description IP Address MAC Address DHCP Poo IPIMIAG Binding DHCP Relay semings Fig 156 Local Services gt DHCP Server gt IP MAC Binding gt New The Local Services gt DHCP Server gt DHCP Binding gt New menu consists of the fol lowing fields Fields in the IP MAC Binding Basic Parameters menu Field Description Description IP Address MAC Address Enter the name of the host to the MAC Address of which the IP Address is to be bound A character string of up to 256 characters is possible Enter the IP address to be assigned to the MAC Address spe cified in MAC Address Enter the MAC Address to which the IP address specified in IP Address is to be assigned R1xxx R3xxx R4xxx 19 4 3 DHCP Relay Settings If your device for the local network does not distribute any IP addresses to the clients by DHCP it can still forward the DHCP requests on behalf of the local network to a remote DHCP
285. e the access passwords for your device e Change the default SSID Network Name SSID Funkwerk ec of your access point Set Visible Enabled This will exclude all WLAN clients that attempt to establish a connection with the general value for Network Name SSID Any and do not know the SSID settings e Use the available encryption methods To do this select Security Mode WEP 40 WEP 104 WPA PSK Or WPA Enterprise or both and enter the relevant key in the access point under WEP Key1 4 or Preshared Key and in the WLAN clients e The WEP key should be changed regularly To do this change the Data Transfer Key Select the longer 104 Bit WEP key e For the transfer of highly security critical informationen Security Mode wPa Enterprise should be configured with WPA Mode WPA 2 This method contains hardware based encryption and RADIUS authentication of the client In special cases combination with IPSec is possible e Restrict WLAN access to permitted clients Enter the MAC addresses of the wireless net work cards of these clients in the Permitted Addresses list in the MAC Filter menu see Fields in the MAC Filter menu on page 205 In the Wireless LAN gt WLAN gt Virtual Service Sets menu a list of all WLAN networks shown 13 1 2 1 Virtual Service Sets gt Edit New Choose the Fay icon to edit existing entries Choose the New button to configure other wire less networks TT a E AAA bintec R1200 S L
286. e user when a new software version is available firmware upgrade First level domain Flash key Follow me Fragmentation Frame Frame relay Freecall FTP Full duplex Function keys G 991 1 G 991 2 G 992 1 G 992 1 Annex A G 992 1 Annex B G SHDSL Describes the last part of a name on the Internet For www t com de the first level domain is de and in this case stands for Germany The flash key on a telephone is the R button R stands for Ruckfrage inquiry The key interrupts the line briefly to start certain functions such as inquiries via the PBX Performance feature of a PBX for diverting calls on the destination telephone Process by which an IP datagram is divided into small parts in order to meet the requirements of a physical network The reverse pro cess is known as reassembly Unit of information sent via a data connection A packet switching method that contains smaller packets and fewer error checks than traditional packet switching methods such as X 25 Because of its properties frame relay is used for fast WAN connections with a high density of traffic Telephone number Previous service 0130 These telephone num bers have been switched to freecall 0800 since January 1 1998 File Transfer Protocol Operating mode in which both communication partners can commu nicate bidirectionally at the same time Keys on the telephone that can be assigned telephone numbers or network funct
287. e values for Condition Settings with Condition Type Day of the month dl bam Sidhe Field Description Start Time Enter the time from which the initiator is to be activated Activa tion is carried on the next scheduling interval the default value of this interval is 55 seconds Stop Time Not if Select Action Reboot device Enter the time from which the initiator is to be deactivated De activation is carried on the next scheduling interval If you do not enter a Stop Time or set Stop Time Start Time the initiator is activated and deactivated after 10 seconds 19 72 Options In the Local Services gt Scheduling gt Options menu you configure the schedule inter Time Schedule Options Scheduling Options Schedule Interval Enabled Fig 165 Local Services gt Scheduling gt Options The Local Services gt Scheduling gt Options menu consists of the following fields Fields in the Options Scheduling Options menu R1xxx R3xxx R4xxx Field Description Schedule Interval Select whether the schedule interval is to be enabled for the in terface Enter the interval in seconds during which the system checks whether there are planned tasks Possible values are 0 to 65535 The value 300 is recommended 5 minute accuracy Values lower than 60 are generally pointless and are an unnecessary use of system resources The field is not activated by default 19 8 Surveill
288. ected mobile phone provider Network Quality Only for UMTS HSDPA HSUPA Status Enabled Displays the current quality of the UMTS connection The value cannot be changed Preferred Network Type Select the networkt type to be used as preference Possible values e Automatic default value GPRS or UMTS are used for the connection depending on the network type that is locally available e GPRS only Only GPRS is used if GPRS is not available no connection can be established e UMTS only Only UMTS is used if UMTS is not available no connection can be established e GPRS preferred GPRS is preferred if GPRS is not avail able UMTS is used e UMTS preferred UMTS is preferred if UMTS is not avail able GPRS is used Incoming Service Type Only for UMTS HSDPA HSUPA Status Enabled Here you select the gateway subsystem to which an incoming call over the modem is to be assigned Possible values e ISDN Login default value The call is assigned to the ISDN Login subsystem e PPP Dialin The call is assigned to the PPP subsystem e Disabled No call is accepted SIM Card Uses PIN Only for UMTS HSDPA HSUPA Status Init Sequence En abled Enter the PIN for your UMTS modem card Field Description Note Entering a wrong PIN blocks communication until the entry is corrected Modem Init Sequence Only for UMTS HSDPA HSUPA Status Enabled Here you can enter an initialization string for your modem You can add o
289. ective 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states SAFERNET TM Se curity Technology Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP 6 Technical data Funkwerk Enterprise Communications GmbH Product name bintec R1200 bintec R1200w bintec R1200wu PPPoE PPPOA Call back Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec PPPoE PPPOA Call back Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec PPPoE PPPoA Call back Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Software supplied Dime Manager on DVD Dime Manager on DVD Dime Manager on DVD Printed documentation supplied Quick Install Guide Quick Install Guide Quick Install Guide Online documentation User s Guide Workshops Release Notes if re quired User s Guide Workshops Release Notes if re quired General product features bintec R3000 bintec R3000w User s Guide Workshops Release Notes if re quired Product name bintec R3000 bintec R3000w Dimensions and weig
290. ed as the status e Enter the licence data again e Check your hardware serial number If Not Supported is displayed as the status you have entered a license for a sub system that your device does not support This means you cannot use the functions of this licence Deactivating a licence Proceed as follows to deactivate a licence 1 Goto System Management gt Global Settings gt System Licenses 2 Press the icon in the line containing the licence you want to delete 3 Confirm with OK The licence is deactivated You can reactivate your additional licence at any time by enter ing the valid licence key and licence serial number 10 3 Interface Mode Bridge Groups In this menu you define the operation mode for your device s interfaces Routing versus bridging Bridging connects networks of the same type In contrast to routing bridges operate at lay er 2 of the OSI model data link layer are independent of higher level protocols and trans mit data packets using MAC addresses Data transmission is transparent which means the R1xxx R3xxx R4xxx information contained in the data packets is not interpreted With routing different networks are connected at layer 3 network layer of the OSI model and information is routed from one network to the other Conventions for port interface names If your device has a radio port it receives the interface name WLAN If there are several ra dio modules the nam
291. ed by default 15 1 4 ISDN In the WAN gt Internet Dialup gt ISDN menu a list of all ISDN interfaces is shown In this menu you configure the following ISDN connections e Internet access over ISDN LAN to LAN connection over ISDN e Remote Mobile Dialin e Use of the ISDN Callback function 15 1 4 1 New Choose the New button to set up new ISDN interfaces _Language English 4 peros ere GAif aux 1P Poote Basic Parameters Description A Connection Type ISDN 64 kbps User Name PEA T Remote User for Dialin only it Password eses s CS Always on EDenabiea Connection Idle Timeout f ja y Seconds IP Made and Routes IP Address Mode Ostatic O Provide IP Address Get IP Address Default Route O Enabled pr NAT Policy O Enabled Local IP Address Remote Adaress 7 E Metric Route Entries a AAA 18 J Add Advanced Settings Block after connection failure for pa Seconds Maximum Number of Dialup Retries 2 Usage Type O standard Dialin onty Multi User Dialin only Authentication PAP CHAP MS CHAP Callback Mode Onone O Active O Passive Bendtwith on Demand Options Channel Bundling fone E Dial Numbers 4 Hie pus Add J F Options OSPF Mode Passive O Active O
292. ed via your device when the conncted terminal does not have its own power supply The respective link plugs must be moved to do this In addition you can switch the 100 Ohm terminators on off for each interface via additional link plugs You require terminators e if you connect an external connection directly with the external NTBA e for a point to point connection e if the bus starts directly with the connection of your device You can also connect the interfaces BRI 3 and BRI 4 to each other This can guarantee the power supply for a terminal on an BRI interface switched to internal mode in the event that your device is switched off or the power supply fails For example an external SO can be placed on an internal SO In this case an idle relay loops through from external SO to in ternal SO and so creates an emergency supply for the internal SO bus telephone Warning Always remove the power cord before opening the device This is the only way of en suring that the internal mains unit is completely dead If you do not remove the power cord there is a risk of injury or death Note that the device should only be opened by trained service personnel R1xxx R3xxx R4xxx To carry out the switch proceed as follows Unscrew the two screws on the back of the device and slide the cover upwards The link plugs for the BRI 1 and BRI 2 interfaces can be found on all devices on the main PCB behind the terminal block Inser
293. efine the PVID and processing rules PVID Assign the selected port the required PVID Port VLAN Identifi R1xxx R3xxx R4xxx Field Description er If a packet without a VLAN tag reaches this port it is assigned this PVID Drop untagged frames If this option is enabled untagged frames are discarded If the option is disabled untagged frames are tagged with the PVID defined in this menu Drop non members If this option is enabled all tagged frames that are tagged with a VLAN ID to which the selected port does not belong are dis carded 12 2 3 Administration In this menu you make general settings for a VLAN The options must be configured sep arately for each bridge group e p Zz oe a ru bntsero PA 7 o o e Save configuration ai z ECHA Admini T Physicalitertoces Z Brage Group 0 VLAN Ortons Enable VLAN Enabled IP Configuratio n oS eanaderieitio 1 Management LIS 96 Cancel Fig 73 LAN gt VLAN gt Administration The LAN gt VLAN gt Administration menu consists of the following fields Fields in the Administration Bridge Group br lt ID gt VLAN Options menu Field Description Enable VLAN Enable or disable the specified bridge group for VLAN R1xxx R3xxx R4xxx Field Description The function is activated with Enabled The function is not activated by default Management VID Enter the VLAN ID of the VLAN in whic
294. el to assign data packets to specific classes The class ID defines the priority Possible values are whole numbers between 1 and 254 Interfaces Only if Class map New When creating a new class plan select the interfaces to which you want to link the class plan A class plan can be assigned to multiple interfaces 14 6 3 QoS Interfaces Policies You can define the priority in the Routing gt QoS gt QoS Interfaces Policies menu Eg Note Data can only be prioritized in the outgoing direction Packets in the high priority class always take priority over data with class IDs 1 254 It is possible to assign or guarantee each queue and thus each data class a certain part of the total bandwidth of the interface In addition you can optimise the transmission of voice data real time data Depending on the respective interface a queue is created automatically for each class but only for data traffic classified as outgoing and for data traffic classified in both directions A priority is assigned to these automatic queues The value of the priority is equal to the value of the class ID You can change the default priority of a queue If you add new queues you can also use classes in other class plans via the class IDs 14 6 3 1 New Choose the New button to set up other priorities bintec R3000 Jen Sua S InterfacesiPolicies nbartaces MEA Interface Fendi
295. em Management gt Global Settings gt System menu is used for entering the basic system data of your device System Passwords Date and Time System Licences Basic Parameters System Name fa 200 Location Contact FUNKWERK Maximum Number of Syslog Entries 50 Maximum Message Level of Syslog Entries Information Maximum Number of Accounting Log Entries 20 oK HA Cancel Fig 41 System Management gt Global Settings gt System The System Management gt Global Settings gt System menu consists of the following R1xxx R3xxx R4xxx 10 System Management fields Funkwerk Enterprise Communications GmbH Fields in the System Basic Parameters menu Field VENTO System Name Location Contact Maximum Number of Syslog Entries Maximum Message Level of Syslog Entries Enter the system name of your device This is also used as the PPP host name A character string of up to 255 characters is possible The device type is entered as the default value Enter the location of your device Enter the relevant contact person Here you can enter the e mail address of the system administrator for example A character string of up to 255 characters is possible The default value is FUNKWERK Enter the maximum number of syslog messages that are stored internally in the device Possible values are 0 to 1000 The default value
296. en telephoning over the Internet voice data packets normally have the highest priority Nevertheless if the upstream bandwidth is low noticeable delays in voice transmission can occur when other packets are routed at the same time The real time jitter control function solves this problem So that the line is not blocked for too long for the voice data packets the size of the other packets can be reduced if re quired during a telephone call 15 4 1 Controlled Interfaces In the WAN gt Real Time Jitter Control gt Controlled Interfaces menu a list of all inter faces is shown for which the real time jitter control has been configured 15 4 1 1 New Click o the New button to set up port forwarding for other interfaces bintec R1200 Language English View Standard Online Help c F Basic Settings Interface None Control Mode Controlled RTP Streams only ses L 2 Maximum Upload Speed fo kbps OK gt C Cancel _ Fig 113 WAN gt Real Time Jitter Control gt Controlled Interfaces gt New The WAN gt Real Time Jitter Control gt Controlled Interfaces gt New menu consists of the following fields Fields in the Controlled Interfaces Basic Settings menu R1xxx R3xxx R4xxx Field Description Interface Define for which interfaces voice transmission is to be optim ised Control Mode Select the mode for the optim
297. ent fields and options are available All the config uration options are listed below The default setting for all existing interfaces of your device is routing mode The interface en1 0 is pre configured with IP address 192 168 0 254 and netmask 255 255 255 0 Example of subnets If your device is connected to a LAN that consists of two subnets you should enter a second IP Address Netmask The first subnet has two hosts with the IP addresses 192 168 42 1 and 192 168 42 2 for example and the second subnet has two hosts with the IP addresses 192 168 46 1 and 192 168 46 2 To be able to exchange data packets with the first subnet your device uses the IP address 192 168 42 3 for example and 192 168 46 3 for the second subnet The netmasks for both subnets must also be indicated 12 1 1 1 Edit New Choose the eo icon to edit existing entries Choose the New button to create virtual inter faces bintec R1200 onne nep ono Interfaces Basic Parameters Based on Ethernet Interface Selectone Address Mode Ostatic O DHCP A te a P Address Netmask IP Address Netmask e s Kad 7 Interface Mode O untagged Tagged VLAN MAC Address otaota Muse built in J Soe LAAN VLAN ID 2 Advanced Settings Proxy ARP C Enabled TCP MSS Clamping Enabled L a OK O cancel gt Fig 69 LAN gt IP Configuration gt Interfaces g
298. ent is valid for bintec devices with system software as of software version 7 9 5 The Reference which you have in front of you contains the following chapters User s Guide Reference Chapter Description Introduction You see an overview of the the device About this guide We explain the various components of this manual and how to use it Installation This contains instructions for how to set up and connect your device Basic configuration This chapter provides a step by step guide to the basic func tions on your device Reset This chapter explains how to reset your device to the ex works state Technical data This section contains a description of all the device s technical properties Variable switching of S0 This section describes how to switch the SO interfaces from ex interfaces ternal to internal Access and configura This includes explanations about the different access and con tion figuration methods Assistants These chapters describe all configuration options of the Funk werk Configuration Interface The individual menus are de System management scribed in the order of navigation Physical Interfaces The individual chapters also contain more detailed explanations LAN on the subsystem in question Wireless LAN Routing WAN VPN Chapter Description Firewall VoIP Local Services Maintenance External reporting Monitoring Glossary The glossary contains a reference to the most important tech
299. ent mode e Trunk For calls forwarded by the media gateway to a PBX or an ISDN TE connector or a SIP DDI client For this the follow ing can be used PRI interfaces in NT mode BRI interfaces in NT mode SIP accounts in trunk mode server mode e Deny For calls that are not to be routed to be blocked Calling Line You can restrict the application of the entry to the line on which the call comes in The selection depends on the interfaces available and on the SIP accounts that have been created Possible values e pri lt Interface Index gt restricts the routing entry to the selected PRI interface e bri lt Interface Index gt restricts the routing entry to the selected BRI interface e lt SIP Account gt restricts the routing entry to the selected SIP account e Any No restriction of the entry Calling Address You can restrict the application of the entry to a particular caller To do this you must specify the subscriber number exactly no wildcards 18 VoIP Funkwerk Enterprise Communications GmbH Field Description Called Address Enter the called address to which the rule is to be applied To do this enter an address numerically e g a subscriber num ber or alphanumerically e g for a trunk that is to be compared with a dialled address The following wildcards can be used e means that at the end of a character string any number of characters may follow e is a placeholder for an arbitrar
300. enu Advanced Settings Field Description Mail Exchanger MX Enter the full host name of a mail server to which e mails are to be forwarded if the host currently configured is not to receive mail Ask your provider about this forwarding service and make sure e mails can be received from the host entered as MX Wildcard Select whether the forwarding of all subdomains of the Host Name are to be enabled for the current IP address of the Inter face advanced name resolution The function is activated by choosing Enabled The function is disabled by default 19 3 2 DynDNS Provider In the Local Services gt DynDNS Client gt DynDNS Provider menu a list of all con figured DynDNS providers is shown 19 3 2 1 New Choose the New button to set up new DynDNS providers R1xxx R3xxx R4xxx bintec R1200 View Standard Online Help Logout DynDNS Update DynDNS Provider Basic Parameters t Provider Name Pa Server o Update Path ii Por o Protocol TDS a g pa interval Boo 5 cos OK cancel Fig 154 Local Services gt DynDNS Client gt DynDNS Provider gt New The Local Services gt DynDNS Client gt DynDNS Provider gt New menu consists of the following fields Fields in the DynDNS Provider Basic Parameters menu Field Description Provider Name Enter a name for this entry Server Enter the host name or IP address of the server on which th
301. equest Payloads 348 SendCRLs 348 Send information to 507 Index Send Initial Contact Message 347 Send Key Hash Payloads 348 Send Version 230 Sender E Mail Address 500 Serial Number 99 Server 433 Server Failures 427 Server IP Address 125 130 Server Timeout 127 Service 161 226 374 515 516 Session Border Controller Mode 414 Session Timeout 388 Set Date 106 Set Time 106 Severity 502 SHDSL Logic 491 SHDSL Type 167 Short Retry Limit 193 195 Show passwords and keys in clear text 104 Signal 212 Signal dBm 521 522 523 524 525 526 Silent Deny 223 SIM Card Uses PIN 147 173 SIP Endpoint IP Address 393 398 SIP Header Field s for Caller Address 401 SMTP Authentication 501 SMTP Server 501 SNMP 117 SNMP Listen UDP Port 122 SNMP Read Community 104 SNMP Trap Broadcasting 504 SNMP Trap Community 504 SNMP Trap UDP Port 504 SNMP Version 122 SNMP Write Community 104 SNRdB 522 526 Sort Order 395 402 Source 374 Source File Name 491 Source Interface 218 242 Source IP Address 455 459 Funkwerk Enterprise Communications GmbH Source IP Address Netmask 226 228 249 Source IP Address Netmask 218 Source Location 450 491 Source Port 218 226 Source Port Range 383 Source Port Range 226 249 Specific Ports 366 Specify bandwidth 377 Speed Dialing 416 SSH 117 SSH service active 119 Stack 515 Start Mode 324 Start Time 452 516 State Province 139 Status 510
302. equirements high level of secur ity against attacks and general speed Here it is used with a key length of 128 bits e AES 192 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 192 bits e AES 256 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 256 bits Hash algorithms Authentication e MD5 default value MD 5 Message Digest 5 is an older hash algorithm It is used with a 96 bit digest length for IPSec e SHA1 SHA1 Secure Hash Algorithm 1 is a hash algorithm developed by the NSA United States National Security Asso ciation It is rated as secure but is slower than MD5 It is used with a 96 bit digest length for IPSec e RipeMD 160 RipeMD 160 is a 160 bit hash algorithm It is used as a secure replacement for MD5 and RipeMD e Tiger1 92 Tiger 192 is a relatively new and very fast al gorithm Please note that the description of the encryption and authentic ation or the hash algorithms is based on the author s knowledge and opinion at the time of creating this User Guide In particular the quality of the algorithms is subject to relative aspects and may change due to mathematical or cryptographic develop ments 16 VPN Funkwerk Enterprise
303. er Call Routing Note that the call routing is handled by the media gateway if the provider is not available backup e Off Call routing is handled exclusively by the media gateway in accordance with the entries configured under Call Routing and the local extensions For calls that are to be routed via a particular provider SIP account you must configure a cor Funkwerk Enterprise Communications GmbH 18 VoIP Field Description responding call routing entry Internal calls from internal ex tension to internal extension that are only to be routed intern ally do not require an additional call routing entry e lt SIP Trunk gt Select a SIP trunk account configured under VoIP gt Media Gateway gt SIP Accounts In this case the call routing for all extensions is handled by the session border controller all SIP messages are forwarded to the session bor der controller Note that the call routing is handled by the me dia gateway if the provider is not available backup Note Entries in Call Routing have priority ahead of the session border controller configuration Media Stream Termina Choose how RTP sessions are controlled by the system Es If the function is enabled RTP sessions are terminated on the media gateway i e all RTP streams are controlled by the media gateway and routed via the media gateway The participating terminal devices e g SIP telephones are not connected dir ectly with one another Note that for
304. er dependent for example e Annex B default value For applications in Europe provider dependent for example Clock Rate Define whether the clock rate should be negotiated R1xxx R3xxx R4xxx 11 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description Possible values e Fixed The clock rate is predefined e Adaptive default value The clock rate is negotiated de pending on the line quality Wire Mode Define the number and combination of wires depending on the device type used for the SHDSL connection Only R3400 Possible values e 2 wire default value Two wires are used with m pair bond ing for a clock rate of 192 kbps to 5696 kbps e 4 wire Four wires are used with m pair bonding for a clock rate of 384 kbps to 11392 kbps This option supports 4 wire mode under G991 2 and Globespan Enhanced Mode Only R3800 e 2 wire Two wires are used with m pair bonding for a clock rate of 192 kbps to 5696 kbps e 4 wire Four wires are used with m pair bonding for a clock rate of 384 kbps to 11392 kbps This option supports 4 wire mode under G991 2 and Globespan Enhanced Mode e 4 wire standard Four wires are used for m pair bonding with a clock rate of 384 kbps to 11392 kbps This option sup ports 4 wire mode under G991 2 but not Globespan En hanced Mode e 4 wire IMA Four wires are used with IMA for a clock rate of 384 kbps to 11392 kbps e 6 wire Six wires are used with m pa
305. er several default routes on your device but only one default route can be active at any one time If you enter several default routes you should make sure the values for Metric are different 14 1 1 IP Routes In the Routing gt Routes gt IP Routes menu a list of all configured routes is shown 14 1 1 1 Edit New Choose the o icon to edit existing entries Choose the New button to create routes R1xxx R3xxx R4xxx rn os Options Route Class Extended Route Olenabiea Route Parameters Route Type Network Route Y Destination IP Address Netmask 1 Interface None y Network Type Direct Local IP Address foooo HL Metric 1 Ml 4 Ook _ cancel _ Fig 81 Routing gt Routes gt IP Routes gt New with Extended Route Not activated If the Extended Route option is selected for Route Class an extra configuration section opens bintes R1200 E Route Class Extended Route enabled Route Parameters Route Type Network Route Y Destination IP Address Netmask Lesl iee F None X Network Type Direct Local IP Address paso Metric 1 Ml Extended F Route Parameters Source Interface None Y Source IP Addres
306. ernet at ht tp www t com de You can connect SMS enabled telephones to your PBX and thus use the SMS performance feature in the T Com fixed network SMSs are forwarded to the recipient via the T Com SMS server To send an SMS with an SMS enabled terminal the telephone number 0193010 of the SMS server must be prefixed to the recipient num ber This telephone number is already stored in your PBX so manu al input of the server telephone is not necessary and does not need to be sent from the telephone To receive an SMS with your SMS enabled fixed network telephone you must register once with the Deutsche Telekom SMS Service Charges are made for sending SMSs There are no costs for receiving SMSs Simple Network Management Protocol Input level for SNMP commands All ISDN sockets and the NTBA of an ISDN point to multipoint con nection All So buses consist of a four wire cable The lines transmit digital ISDN signals The So bus is terminated with a terminating resistor after the last ISDN socket The So bus starts at the NTBA and can be up to 150 m long Any ISDN devices can be operated on this bus However only two devices can use the So bus at any one time as only two B channels are available See ISDN Basic Rate Interface Internationally standardised interface for ISDN systems This inter face is provided on the network side by the NTBA On the user Funkwerk Enterprise Communications GmbH SOHO SPD Special features
307. ernet switch including a port with serial interface function a DMZ ETH5 interface four ISDN interfaces and two ISDN PRI interfaces The connections are arranged as follows 2 3 5 7 7 Fig 21 Back of bintec R4100 Back of bintec R4100 1 1 0 Mains switch 2 PWR Socket for plug in power pack 3 DMZ ETH5 Ethernet interface 5 ETH2 ETH4 Ethernet interface 6 ETH1 Console Ethernet interface with serial interface function 7 ISDN 0 ISDN 3 ISDN interface 9 PRI 0 PRI 1 ISDN PRI interface bintec R4300 has a 4 port Ethernet switch including a port with serial interface function a DMZ ETH5 interface two ISDN interfaces and two X 21 interfaces The connections are arranged as follows Fig 22 Back of bintec R4300 R1xxx R3xxx R4xxx Back of bintec R4300 1 1 0 Mains switch 2 PWR Socket for plug in power pack 3 DMZ ETH5 Ethernet interface 5 ETH2 ETH4 Ethernet interface 6 ETH1 Console Ethernet interface with serial interface function 7 ISDN 0 ISDN 1 ISDN interface 10 X 21 V 35 X 21 interface 6 5 Pin Assignments 6 5 1 Ethernet interface bintec R1200 bintec R1200w R1200wu R3000 R3000w R3400 R3800 R4100 and R4300 have an Ethernet interface with integrated 4 port switch ETH1 ETH4 and a sep arate Ethernet interface DMZ ETH5 The 4 port switch is used to connect individual PCs or other switches The ETH1 Console interface can also be used
308. es Choose the New button to add TACACS serv ers R1xxx R3xxx R4xxx 7 m F ag rs bintec R1200 Language English View Standard Logout Save configuration _ RADIUS TACACS Options Status Basic Parameters _ Global Settings Interface Mode Bridge Authentication Type J Lagi Auchenticena shi Server IP Address Administrative Access _ Remote Authentication TACACS Secret sesenene Certificates Plusicallmertaces a PNY us ie re EDIC a 09 Advanced Settings ee Poly Non euthortative QU A tcp ron gt O 5 eat IA Tie PY secs ee Ereto Enabled OK C Cancel Fig 52 System Management gt Remote Authentication gt TACACS gt New The System Management gt Remote Authentication gt TACACS gt New menu con sists of the following fields Fields in the TACACS Basic Parameters menu Field Description Authentication Type Displays which TACACS function is to be used The value cannot be changed Possible values e Login Authentication Here you can define whether the current TACACS server is to be used for login authentication to your device Server IP Address Enter the IP address of the TACACS server that is to be re quested for login authentication TACACS Secret Enter the password to be used to authenticate and if applic able encrypt data exchange between the TACACS serve
309. es terminal adapters or ISDN telephones SIP extensions can be configured in the VolP gt Extensions menu In the VoIP gt Media Gateway gt SIP Accounts menu a list of all existing SIP accounts SIP client mode and SIP server mode is shown 18 2 2 1 Edit New Select the New button to create new SIP accounts Choose the icon to edit existing entries In this menu SIP accounts are configured in SIP client mode as well as in SIP serv er mode iS Extensions SIP Basic Parameters eee Description Administrative Status L Menabied i Trunk Mode Soft Octient O Server O gw runk Registrar LKK K EEAAS Outbound Proxy E 1 Application Level Gateway f z o TT a Realm Protocol UDP Port 5060 Ee in Authentication ID o 7 Password 5 i ecccccce Registration 7 E Enabled Expire Time 600 ia Advanced Settings Codec Settings 6 gt E Esdocrrob salBequ nca Defaut O Quality Low Bandwidth O High Bandwidth EEES A een 1 ula Mem ale El 0 729 6 726 40 Erare Ho 726 32 6 726 24 6 726 16 L DTMF Outband Voice Quality Settings J Bi Echo Cancellation vi Enabled comfort Noise Generation CNO Enabled 4 Packet Size 20 ms C OK Cancel Fig 1
310. es are 1 to 8192 The default value is 1500 Use key Enable the key input for the GRE connection which makes it Field Description possible to distinguish between several parallel GRE connec tions between two GRE partners see RFC 1701 The key is activated with Enable The function is disabled by default Key Value Only if Use key is enabled Enter the GRE connection key Possible values are 0 to 2147483647 The default value is 0 R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 17 Firewall Chapter 17 Firewall The Stateful Inspection Firewall SIF provided for bintec gateways is a powerful security feature The SIF with dynamic packet filtering has a decisive advantage over static packet filtering The decision whether or not to send a packet cannot be made solely on the basis of source and destination addresses or ports but also using dynamic packet filtering based on the state of the connection to a partner This means packets that belong to an already active connection can also be forwarded The SIF also accepts packets that belong to an affiliated connection The negotiation of an FTP connection takes place over port 21 for example but the actual data exchange can take place over a completely different port SIF and other security features bintec s Stateful Inspection Firewall fits into the existing security architecture of bintec device very well due to its simple configuration The conf
311. es can manage several telephone num bers so you can set up a central telephone in your household for example to allow you to react to calls to all ISDN telephone num bers with this telephone The fax and telephone in your home office can also each be assigned a number as can your son or daughter s phone As a result each family member can be contacted with a separate number helping to eliminate day to day friction And as far as the costs are concerned on request you can have your bill broken down to show which units have been charged for the indi vidual ISDN telephone numbers The digital telephone network of T Com for connecting analogue ter minals The answering machine in T Net and T ISDN The T NetBox can store up to 30 messages Enter the current T NetBox telephone number here if it differs from the 08003302424 entered ex works As soon as your T NetBox re ceives a voice or fax message notification is sent to your PBX Umbrella term the T Com online platform Offers services such as e mail and Internet access T Com software decoder for all conventional computer systems that enables access to T Online Supports all functions such as KIT e mail and the Internet with a browser T Online users receive this software free of charge T Service carries out all installation work and configurations for the PBX at the customer s request The service ensures optimum voice and data transmission at all times thanks to mainte
312. es of wireless ports in the user interface of your device are made up of the following parts a WLAN b Number of the physical port 1 or 2 Example wLAN1 The name of the Ethernet port is made up of the following parts a ETH where en stands for Ethernet b Number of the port Example ETH1 The names of the interfaces connected to an Ethernet port are made up of the following parts a Abbreviation for interface type b Number of the Ethernet port c Number of the interface Example en1 0 first interface on the first Ethernet port The name of the bridge group is made up of the following parts a Abbreviation for interface type b Number of the bridge group Example bro first bridge group The name of the wireless network is made up of the following parts a Abbreviation for interface type b Number of the wireless module c Number of the interface Example vss1 0 first wireless network on the first wireless module R1xxx R3xxx R4xxx The name of the WDS link or bridge link is made up of the following parts a Abbreviation for interface type b Number of the wireless module on which the WDS link or bridge link is configured c Number of the WDS link or bridge link Example wds1 0 first WDS link or bridge link on the first wireless module The name of the client link is made up of the following parts a Abbreviation for interface type b Number of the wireless module on which the cl
313. esponding pack et class Dropped Shows the number of rejected packets with the corresponding packet class in case of overloading Queued Shows the number of waiting packets with the corresponding packet class in case of overloading R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH Glossary Glossary Announcement If you want to call your employees or family members to a meeting or the dinner table you could call each one of them individually or simply use the announcement function With just one call you reach all the announcement enabled telephones without the subscribers having to pick up the receiver Announcement func Performance feature of a PBX On suitable telephones e g system tion telephones announcements can be made as on an intercom Bit Binary digit Smallest unit of information in computer technology Signals are represented in the logical states 0 and 1 Bundle The external connections of larger PBXs can be grouped into bundles When an external call is initiated by the exchange code or in the event of automatic external line access a bundle released for this subscriber is used to establish the connection If a subscriber has authorisation for several bundles the connection is established using the first released bundle If one bundle is occupied the next released bundle is used If all the released bundles are occupied the subscriber hears the engaged tone Busy On Busy Call to engaged team
314. ess associated with the interface For virtual interfaces you can use the MAC Address of the physical inter face under which the virtual interface was created but this is not necessary You can also allocate a virtual MAC Address The first 6 characters of the MAC are preset but can be changed VLAN ID Only if Interface Mode Tagged VLAN This option only applies for routing interfaces Assign the inter face to a VLAN by entering the VLAN ID of the relevant VLAN Possible values are 1 default value to 4094 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description DHCP MAC Address Only if Address Mode DHCP If Use Built In is activated default setting the hardware MAC Address of the Ethernet interface is used In the case of physic Funkwerk Enterprise Communications GmbH 12 LAN Field Description al interfaces the current MAC Address is entered by default If you disable Use Built In you enter a MAC Address for the virtual interface e g 00 e1 f9 06 bf 03 Some providers use hardware independent MAC addresses to allocate their clients IP addresses dynamically If your provider has assigned you a MAC Address enter this here DHCP Hostname Only if Address Mode DHCP Enter the host name requested by the provider The maximum length of the entry is 45 characters DHCP Broadcast flag Only if Address Mode DHCP Choose whether or not the BROADC
315. expires the user is automatically logged off and again redirected to the home login page Requirements To operate a Hotspot the customer requires e A bintec device as a Hotspot gateway with an active internet access and configured Hot spot server Entries for login and accounting see menu System Management gt Re mote Authentication gt RADIUS gt New with Group Description Standard Group 0 e bintec Hotspot hosting article number 5510000198 e Access data e Documentation e Software licensing Please note that you must first activate the licence Go to www funkwerk ec com then Service Support gt Services gt Online Services Enter the required data please note the relevant explanations on the license sheet and follow the instructions of the online licensing You then receive the Hotspot server s login data Cz Note Activation may require 2 3 business days Access data for gateway configuration RADIUS Server IP 62 245 165 180 RADIUS Server Password Set by Funkwerk Enterprise Communications GmbH Domain Individually set for customers by customer dealer Walled Garden Network Individually set for customers by customer dealer Walled Garden Server URL Individually set for customers by customer dealer Terms amp Conditions URL Individually set for customers by customer dealer Access data for configuration of the Hotspot server Admin URL https hotspot funkwerk ec com Username Individually set
316. f the value is too high however the time between logging off and stopping of the data traffic can be increased leave latency Possible values are 2 to 8 The default value is 2 Last Member Query In Define the time after a query for which the router waits for an terval answer If you shorten the interval it will be more quickly detected that the last member has left a group so that no more packets for this group should be forwarded to this interface Possible values are 0 to 255 The default value is 10 IGMP State Limit Limit the number of reports queries per second for the selected interface Mode Specify whether the interface defined here only works in host mode or in both host mode and routing mode Possible values e Routing default value The interface is operated in routing mode and in host mode e Host The interface is only operated in host mode IGMP Proxy IGMP Proxy enables you to simulate several locally connected interfaces as a subnet to an adjacent router Queries coming in to the IGMP Proxy interface are forwarded to the local subnets Local reports are forwarded on the IPGM Proxy interface R1xxx R3xxx R4xxx bintec r1200w bintec 11200w Multicast Receiver fice IGMP Proxy Interface Multicast Receiver Fig 94 IGMP Proxy The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description IGMP Proxy Select whether you
317. faces is shown In this menu you configure an Internet connection that uses the Point Tunnelling Protocol PPTP to set up a connection e g required in Austria 15 1 2 1 New Choose the New button to set up new PPTP interfaces R1xxx R3xxx R4xxx bine 1200 Wo Sion PPPoE PPTP ISDN AUX IP Pools Basic Parameters E Description lanaa PPTP Interface i Belea one User Name leme TZ E Password Leased Line Real Time Jitter Control Always on DEnabtea JN a Connection Idle Timeout po Seconds IP Mode and Routes n pl A IP Address Mode Ostatic Get IP Address Defautt Route o R Enabled A Create NAT Policy enabled EZH Advanced Settings Block after connection failure for fo sSeconas Maximum Number of Dialup Retries 5 authentication PAP a DNS Negotiation mabe Prioritize TCP ACK Packets Eltnabied PPTP Address Mode Static Local PPTP IP Address foom Remote PPTP IP Address 0 0013 ooo LCP Alive Check Plenabied i OK __ canei D Fig 100 WAN gt Internet Dialup gt PPTP gt New The WAN gt Internet Dialup gt PPTP gt New menu consists of the following fields Fields in the PPTP Basic Parameters menu Field Description Description Enter a name for uniquely identifying the internet connection The first character in this field must not be a numbe
318. fault Route Select whether the route to this connection partner is to be Funkwerk Enterprise Communications GmbH 15 WAN Field Description defined as the default route The function is activated with Enabled The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is activated with Enabled The function is enabled by default Local IP Address Only if IP Address Mode Static Enter the static IP address of the connection partner Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner Add a new entry with Add e Remote IP Address IP address of the destination host or network e Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 IP Assignment Pool Only if IP Address Mode Provide IP Address Select an IP pool configured in the WAN gt Internet Dialup gt IP Pools menu If an IP pool has not been configured here yet the message Not yet defined appears in this field The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connectio
319. fied in an IP network e g 192 168 1 254 See also netmask IP payload compression A tool used on Windows computers to check or change its own IP settings IP over ATM Integrated Services Digital Network The address of an ISDN device that consists of an ISDN number fol lowed by further numbers that relate to a specific terminal e g 47117 R1xxx R3xxx R4xxx Glossary ISDN Basic Rate In terface ISDN card ISDN Login ISDN number ISDN router ISDN BRI ISDN Dynamic ISDN Intern al External ISDN PRI ISO ISP ITU Key Escrow LAN Funkwerk Enterprise Communications GmbH ISDN subscriber connection The Basic Rate Interface consists of two B channels and one D channel In addition to the Basic Rate In terface there is the Primary Rate Interface The interface to the sub scriber is provided by an So bus Adapter for connecting a PC to the ISDN Basic Rate Interface From a technical perspective we differentiate between active and passive cards Active ISDN cards have their own processor which handles communication operations independently of the PC processor and therefore does not require any resources A passive ISDN card on the other hand uses the PC s resources Function of your gateway Your gateway can be configured and ad ministrated remotely using ISDN Login ISDN Login operates on gateways in the ex works state as soon they are connected to an ISDN connection and therefore reachable via
320. for a UMTS CardBus mo dem 11 7 1 1 Edit Choose the icon to edit the UMTS CardBus modem R1xxx R3xxx R4xxx e lus 7 hh ap bintee R1200 0 Language English View Standard v HR s gurati k l UMTS HSDPA HSUPA Basic Settings UMTS HSDPA HSUPA Status Z Enabled Modem Status SIM insert required Network Quality 0 dBm Preferred Network Type Automatic y Incoming Service Type O Disabled ISDN Login PPP Dialin SIM Card Uses PIN Modem Init Sequence APN Access Point Name L _ OK Cancel Fig 68 Physical Interfaces gt UMTS HSDPA gt UMTS HSDPA HSUPA gt Edit The Physical Interfaces gt UMTS HSDPA gt UMTS HSDPA HSUPA gt Edit menu consists of the following fields Fields in the UMTS HSDPA HSUPA Basic Settings menu Field Description UMTS HSDPA HSUPA Select whether or not UMTS HSDPA HSUPA is to be enabled Status on your device The function is activated with Enabled The function is disabled by default Modem Status Shows the status of the UMTS HSDPA HSUPA modem Possible values e Active e Inactive O Jase o Cal Lecl o Calio l COMECE e SIM insert required e PIN input required R1xxx R3xxx R4xxx 11 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description Fr rors e Disconnected Mobile phone providers Shows the conn
321. forwardings Shows the number of portforwarding rules configured in Rout ing gt NAT gt NAT Configuration 14 2 2 NAT Configuration In the Routing gt NAT gt NAT Configuration menu you can exclude data from NAT ina simple and convenient manner You can configure var ious NAT methods You can de termine how an external host establishes a con nection to an internal host refer to RFC 3489 14 2 2 1 New Choose the New button to set up NAT View Standard Online Help Logout NAT Interfaces NAT Configuration 15 7 Yale bintee R1200 Basic Parameters Description Interface Aay F Type of traffic incoming Destination NAT Y Specify original trafic Serice User defined Protocol j Any E o a Source IP AddressiNet mask if Any x AAA Source Por Range Alle aa v ea Destination IP Address Netmask Any Y ica a Destination Por Range All F Doo d O ME x gt Maintenance New Destination IP Address Netmask Host Y a A ar New Destination Port Original Y OK 2 Cancel Fig 85 Routing gt NAT gt NAT Configuration gt New The Routing gt NAT gt NAT Configuration gt New menu consists of the following fields Fields in the NAT Configuration Basic Parameters menu Field Description Description Enter a description for the NAT Configuration Interface Select the interface for which NAT is
322. from the dropdown menu Stand ard and SNMP browsers can be selected Ohiine Help Online Help Click this button if you want help with the menu now active The description of the sub menu where you are now is displayed Fa Logout If you want to end the configuration click this button to Logout log out of your device A window is opened offering you the fol lowing options Save configuration backup previous boot configuration then exit e Save configuration then exit e Exit without saving Navigation bar 4 Save configuration J Fig 35 Save Configuration button R1xxx R3xxx R4xxx bintec RS232bw Save configuration Interface Mode Bridge Groups Administrative Access Remote Authentication Fig 36 Menus The Save Configuration button is found in the navigation bar If you save a current configuration you can save this as the boot configuration or you can also archive the previous boot configuration as a backup If you click the Save configuration button in the FCI you will be asked Do you really want to save the current configuration as a boot configuration You have the following two options e Save configuration i e save the current configuration as the boot configuration e Save configuration and backup previous boot configuration i e save the current configuration as the boot configuration and also archive the previous boot configuration as a backup R1xxx R3xxx R4xxx
323. fully Answered Queries Server Failures Fig 151 Local Services gt DNS gt Statistics In the menu Local Services gt DNS gt Statistics the following statistical values are shown Fields in the Statistics DNS Statistics menu Field Description Received DNS Packets Shows the number of received DNS packets addressed direct to your device including the response packets for forwarded re quests Invalid DNS Packets Shows the number of invalid DNS packets received and ad dressed direct to your device DNS Requests Shows the number of valid DNS requests received and ad dressed direct to your device Cache Hits Shows the number of requests that were answered with static or dynamic entries from the cache Forwarded Requests Shows the number of requests forwarded to other name serv ers R1xxx R3xxx R4xxx Field Description Cache Hitrate 9 Displays the number of Cache Hits per DNS Request in Successfully Answered Shows the number of successfully answered requests positive Queries and negative Server Failures Shows the number of requests that were not answered by any name server either positively or negatively 19 2 HTTPS You can operate the user interface of your device from any PC with an up to date Web browser via an HTTPS connection HTTPS HyperText Transfer Protocol Secure is the procedure used to establish an en crypted and authenticated connection by SSL between the browser use
324. g ISDN calls and if necessary initiates setting up an IPSec tunnel to the peer No ISDN calls are sent to the remote device to cause this to set up an IPSec tunnel e Active The local device sends an ISDN call to the remote device to cause this to set up an IPSec tunnel The device does not react to incoming ISDN calls e Both Your device can react to incoming ISDN calls and send ISDN calls to the remote device The setting up of an IPSec tunnel is executed after an incoming ISDN call and initiated by an outgoing ISDN call Incoming ISDN Number Only for Mode Passive or Both Enter the ISDN number from which the remote device calls the local device calling party number Wildcards may also be used Outgoing ISDN Number Only for Mode Active or Both Enter the ISDN number with which the local device calls the re mote device calls called party number Wildcards may also be used Transfer own IP address Select whether the IP address of your own device is to be trans over ISDN ferred over ISDN for IPSec callback The function is activated with Enabled The function is disabled by default Transfer Mode Only if Transfer Own IP Address over ISDN activated Select the mode in which your device is to attempt to transfer its IP address to the peer Possible values e Autodetect best mode Your device automatically de 16 VPN Funkwerk Enterprise Communications GmbH Field Description termines the most favou
325. g table lists the access data that your device also needs for a DSL connection to the Internet Data for internet access over ADSL Access data Example value Your values Provider name GoInternet Protocol PPP over Ethernet PPPoE Encapsulation bridged no fcs VPI Virtual Path Identifier 1 VCI Virtual Circuit Identifier 32 Your user name MyName Password TopSecret Some Internet Service Providers such as T Online require additional information Additional information for T Online 14 R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 4 Basic configuration Access data Example value Your values User account 12 digits 000123456789 T Online number usually 12 digits 06112345678 Joint user account 0001 83 Note To configure T Online Internet access in the Username field enter the following suc cession of numbers without intervening spaces User account 12 digits T Online number usually 12 digits co user number for the main user always 0001 If your T Online number is less than 12 digits long a character is required between the T Online number and the co user number If you use T DSL you must add the character string t online de at the end of this string of numbers You username could for example look like this 00012345678906112345678 0001 t online de Wireless LAN only for bintec R1200w bintec R1200wu and bintec R3000w You can operate your device as an access point and therefor
326. g the configuration enter exit and press Return 8 3 Configuration options This chapter first offers an overview of the various tools you can use for configuration of your device You can configure your device in the following ways e Funkwerk Configuration Interface e Assistant e SNMP shell commands The configuration options available to you depend on the type of connection to your device Types of connections and configurations Type of connection Possible types of configuration LAN Assistant Funkwerk Configuration Interface shell commands Serial connection Shell command Therefore several types of configuration are available for each type of connection R1xxx R3xxx R4xxx En Note To change the device configuration you must log in with the user name admin If you do not know the password you cannot make any configuration settings This applies to all types of configuration 8 3 1 Funkwerk Configuration Interface The Funkwerk Configuration Interface is a web based graphic user surface that you can use from any PC with an up to date web browser via an HTTP or HTTPS connection You can use the Funkwerk Configuration Interface to carry out all configuration tasks easily It is integrated in your device and is available in English If required other languages can be downloaded from the download area Software Configuration on page 489 of www funkwerk ec com and installed on your device To do this proceed as des
327. g to make sure that intruders cannot change transmitted messages High Level Data Link Control High Bit Rate DSL High Bit Rate DSL version 2 Combination of headphones and microphone as a useful aid for anyone who makes a lot of telephone calls and wants to keep hands free for making notes Hashed Message Authentication Code Hashed Message Authentication Code uses Message Digest Al gorithm Version 5 Hashed Message Authentication Code uses Secure Hash Al gorithm Version 1 A telephone call is put on hold without breaking the connection inquiry brokering Both B channels of the ISDN connection are needed for the per formance features Call another person during a call and Speak al ternately with two people brokering As a result you cannot be reached from outside or make external calls via your PBX s second Glossary Hook flash Host name HTTP Hub IAE ICMP ICV Identify malicious callers intercept IEEE IETF Index Infrastructure mode Funkwerk Enterprise Communications GmbH B channel With this setting an external caller put on hold hears the PBX s on hold music The use of the inquiry brokerage and three party conference spe cial features in T Net and certain performance features of some PBXs is only possible with the hook flash function long flash of the signal key on the telephone On modern telephones this key is in dicated with an R A name used in IP networks instea
328. gged cable Both of these parameters can also be set manually You can purchase a suitable cable from your dealer Choose the jg button to edit the configuration of the serial port R1xxx R3xxx R4xxx Y bintec R4300 Save configuration Language English l nepo fers TT er View Standard Online Help funk Options Serial Parameters Interface Serial0 ISDN Ports Detection Mode Interface and Connector _ Serial Ports Interface Type Unknown Autodetected Connector Type Unknown Autodetected Layer 2 Mode ODTE ODCE Automatic Interface Leads Enabled OK JU Cancel Ll Fig 67 Physical Interfaces gt Serial Ports gt Options gt The Physical Interfaces gt Serial Ports gt Options gt p menu consists of the following fields Fields in the Options Serial Parameters menu Field Description Interface Displays the name of the serial interface Detection Mode Define whether the interface and connector types used are to be detected automatically autodetected or set manually Possible values e Interface and Connector default value The interface and connector types are detected automatically e Interface Only the interface type is detected automatically The connector type must be set manually e Connector Only the connector type is detected automatic ally The interface type must be se
329. h your device is to oper ate R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 13 Wireless LAN Chapter 13 Wireless LAN In the case of wireless LAN WLAN Wireless Local Area Network this relates to the cre ation of a network using wireless technology Network functions Like a wired network a WLAN offers all the main network functions Access to servers files printers and the e mail system is just as reliable as company wide Internet access Because the devices do not require any cables the great advantage of WLAN is that there are no building related restrictions i e the device location does not depend on the position and number of connections Currently applicable standard IEEE 802 11 In the case of 802 11 WLANs all the functions of a wired network are possible WLAN transmits inside and outside buildings with a maximum of 100 mW IEEE 802 11g is currently the most widespread standard for wireless LANs and offers a maximum data transmission rate of 54 mbps This procedure operates in the radio fre quency range of 2 4 GHz which ensures that parts of the building are penetrated as effect ively as possible with a low transmission power that poses no health risks A 802 11g compatible standard is 802 11b which operates in the 2 4 GHz range 2400 MHz 2485 MHz and offers a maximum data transmission rate of 11 mbps 802 11b and 802 11g WLAN systems involve no charge or login With 802 11a bandwidths of
330. hROM 10 4 3 SNMP SNMP Simple Network Management Protocol is a network protocol used to monitor and control network elements e g routers servers switches printers computers etc from a central station SNMP controls communication between the monitored devices and monit oring station The protocol describes the structure of the data packets that can be transmit ted as well as the communication process The data objects queried via SNMP are structured in tables and variables and defined in the MIB Management Information Base This contains all the configuration and status variables of the device SNMP can be used to perform the following network management tasks e Surveillance of network components e Remote controlling and configuration of network components e Error detection and notification You use this menu to configure the use of SNMP bintec R1200 Language English View Standard Online Help Access SSH SAMP Base Stas lt J Interface Mode Bridge SNMP Version vi vz v3 SNMP Listen UDP Port fier OK Cancel _ Fig 50 System Management gt Administrative Access gt SNMP The Administrative Access gt Administrative Access gt SNMP menu consists of the fol lowing fields Fields in the SNMP Basic Settings menu R1xxx R3xxx R4xxx Field Value SNMP Version Select the SNMP version your device is to use to listen for ex ternal S
331. hanumeric dis play Analogue connec tions Analogue terminals Analogue voice transmission Answering machine Funkwerk Enterprise Communications GmbH optionally also of wired parts Several WLAN clients terminals can log in to an access point AP and communicate via the AP data If the optional wired Ethernet is connected the signals between the two physical media the wireless interface and wired interface are bridged bridging Filters can be used to prevent external persons from accessing the data on the computers in your LAN These filters are a basic func tion of a firewall Recording of connection data e g date time connection duration charging information and number of data packets transferred Active probing takes advantage of the fact that as standard access points are to respond to client requests Clients therefore send probe requests on all channels and wait for responses from an ac cess point in the vicinity The response packet then contains the SSID of the wireless LAN and information on whether WEP encryp tion is used An ad hoc network refers to a number of computers that form an in dependent 802 11 WLAN each with a wireless adapter Ad hoc net works work independently without an access point on a peer to peer basis Ad hoc mode is also known as IBSS mode Independent Ba sic Service Set and makes sense for the smallest networks e g if two notebooks are to be linked to each other without an
332. hapter summarises all the hardware properties of the R1200 R1200w R1200wu R3000 R3000w R3400 R3800 R4100 and R4300 devices 6 1 Scope of supply Your device is supplied with the following parts Cable sets mains unit other Software Documentation R1200 Ethernet cable ISDN cable Serial connecting cable Mains unit Companion DVD Quick Install Guide printed User s Guide on DVD Release Notes if required Safety notices R1200w Ethernet cable ISDN cable Serial connecting cable Mains unit 2 standard antennas Companion DVD Quick Install Guide printed User s Guide on DVD Release Notes if required Safety notices R1200wu Ethernet cable ISDN cable Serial connecting cable Mains unit 2 standard antennas Companion DVD Quick Install Guide printed User s Guide on DVD Release Notes if required Safety notices R3000 Ethernet cable ISDN cable Serial connecting cable Mains unit 2 DSL cables for Annex A and for Annex B Companion DVD Quick Install Guide printed User s Guide on DVD Release Notes if required Safety notices R1xxx R3xxx R4xxx Cable sets mains unit other Software Documentation R3000w Ethernet cable ISDN cable Serial connecting cable Mains unit 2 DSL cables for Annex A and for Annex B 2 standard antennas Companion DVD Quick Install Guide printed User s Guide on DVD Release N
333. has suc cessfully synchronized with the DSLAM of the Top row SHDSL provider flashing Data traffic over the SHDSL wire pair 7 8 SHDSL 4 3 on The wire pair 3 6 on the SHDSL line has suc cessfully synchronized with the DSLAM of the Top row SHDSL provider flashing Data traffic over the SHDSL wire pair 3 6 SHDSL 4 3 on The wire pair 1 2 on the SHDSL line has suc cessfully synchronized with the DSLAM of the Top row SHDSL provider flashing Data traffic over the SHDSL wire pair 1 2 The LEDs on bintec R4100 are arranged as follows 6 Technical data Funkwerk Enterprise Communications GmbH Fig 12 LEDs on bintec R4100 In operation mode the LEDs on bintec R4100 display the following status information for your device LED status display LED Status Information Power on The power supply is connected Status Permanently on or Error off flashing The device is active ETH 1 to5 on The device is connected to the Ethernet Top row flashing Data traffic via the Ethernet interface ETH 1 to5 on Data traffic with 100 mbps Bottom row off Data traffic with 10 mbps ISDN 1 0 on ISDN 0 ISDN D channel is active Top row flashing ISDN 0 At least one ISDN B channel is active ISDN 1 0 on ISDN 1 ISDN D channel is active Bottom row flashing ISDN 1 At least one ISDN B channel is active Funkwerk Enterprise Communications GmbH 6 Technical data LED Status Information ISDN 3 2 on ISDN 2 ISDN D channel is active Top row flashi
334. hat is to be supervised by the ALG In the ex works state there are two entries configured for the SIP Ports TCP 5060 and UDP 5060 in accordance with the IANA defini tion R1xxx R3xxx R4xxx 18 1 1 1 Edit New Choose the eo icon to edit existing entries Choose the Newbutton to create application level gateway entries cla E e Language English Standard has Online Help SIP Proxies Sl oi Basic Parameters Description Administrative Status 7 Enabled Protocol UDP v Destination Pono _ A 4 Session Timeout 7200 sec Low Latency Transmission Denabled oK JC Cancel _ Fig 138 VoIP gt Application Level Gateway gt SIP Proxies gt Edit New The VoIP gt Application Level Gateway gt SIP Proxies gt Edit New menu consists of the following fields Fields in the SIP Proxies Basic Parameters menu Field Description Description Enter the name of the application level gateway Administrative Status Select whether the SIP proxy should be enabled or disabled The function is activated by choosing Enabled The function is enabled by default Protocol Select the protocol to be used Possible values UDP default value or TCP Under Destination Port enter the port to be supervised by the proxy or each destination port to which VoIP clients from the LAN can connect you must configure a proxy The p
335. he device the login prompt window will appear You are now in the SNMP shell of your gateway 2 Continue with Logging in on page 75 a Note PuTTY requires certain settings for a connection to a bintec device The support pages of http www funkwerk ec com include FAQs which list the required settings 8 1 2 Access via the Serial Interface Each bintec gateway has a serial interface with which a PC can be connected directly The following chapter describes what you have to remember when setting up a serial con nection and what you can do to configure your device in this way Access via the serial interface is ideal if you are setting up an initial configuration of your device and a LAN access is not possible via the pre configured IP address 192 168 0 254 255 255 255 0 Windows If you are using a Windows PC you need a terminal program for the serial connection e g HyperTerminal Make sure that HyperTerminal was also installed on the PC with the Win 8 Access and configuration Funkwerk Enterprise Communications GmbH dows installation However you can also use any other terminal program that can be set to the corresponding parameters see below Proceed as follows to access your device via the serial interface 1 In the Windows Start menu click Programs gt Accessories gt Communication gt HyperTerminal gt Device on COM1 or Device on COM2 if you use the COM2 port of your PC to start HyperTerminal
336. he event of errors a message known as a trap packet is sent unrequested to monitor the system In the External Reporting gt SNMP gt SNMP Trap Options menu you can configure the sending of traps bintec R1200 Language English View Standard Online Help 5 SNMP Trap Hosts Basic Parameters SNMP Trap Broadcasting DEnabled OK Cancel J Fig 191 External Reporting gt SNMP gt SNMP Trap Options The External Reporting gt SNMP gt SNMP Trap Options menu consists of the following fields Fields in the SNMP Trap Options Basic Parameters menu R1xxx R3xxx R4xxx Field Description SNMP Trap Broadcast Select whether the transfer of SNMP traps is to be activated ing Your device then sends SNMP traps to the LAN s broadcast ad dress The function is activated by choosing Enabled The function is disabled by default SNMP Trap UDP Port Only if SNMP Trap Broadcasting is enabled Enter the number of the UDP port to which your device is to send SNMP traps Any whole number is possible The default value is 162 SNMP Trap Community Only if SNMP Trap Broadcasting is enabled Enter a new SNMP code This must be sent by the SNMP Man ager with every SNMP request so that this is accepted by your device A character string of between 0 and 255 characters is possible here The default value is SNMP Trap 21 4 2 SNMP Trap Hosts In
337. he group interfaces according to the percentage assignment of sessions to the interfaces The number of sessions is decisive e Load dependent Bandwidth A newly added session is assigned to one of the group interfaces according to the share of the total data rate handled by the interfaces The current data rate based on the data traffic is decisive in both the send and receive direction Only for Load Balancing Policy Bandwidth load dependent R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 14 Routing Field Description Choose the direction in which the current data rate is to be con sidered Options e Download Only the data rate in the receive direction is con sidered e Upload Only the data rate in the send direction is con sidered The Download and Upload are deactivated by default Distribution Mode Select the state the interfaces in the group may have if they are to be included in load balancing Possible values e Always default value Also includes idle interfaces e Only use active interfaces Only interfaces in the up state are included In the Interface Selection for Distribution area you add and configure interfaces that match the current group context You can also delete interfaces Use Add to create entries Fields in the Load Balancing Groups Interface Selection for Distribution menu Field Description Interface Select the interfaces that are to belong to the group fro
338. he icon delete the complete IPSec configuration configuration of your device This cancels all settings made during the IPSec configuration Once the configuration is deleted you can start with a com pletely new IPSec configuration You can only delete the configuration if Enable IPSec Not activated R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 16 VPN Field Description IPSec Debug Level Select the priority of the syslog messages of the IPSec subsys tem to be recorded internally Possible values e Emergency highest priority e Alert O Cres eal Gul Error e Warning e Notice e Information e Debug default value lowest priority Syslog messages are only recorded internally if they have a higher or identical priority to that indicated e all messages generated are recorded at syslog level debug The Advanced Settings menu is for adapting certain functions and features to the special requirements of your environment i e mostly interoperability flags are set The default val ues are globally valid and enable your system to work correctly to other bintec devices so that you only need to change these values if the remote terminal is a third party product or you know special settings are necessary These may be needed for example if the remote end operates with older IPSec implementations The Advanced Settings menu consists of the following fields Fields in the Options Advanced Setting
339. he packet is dis carded Possible values are 1 to 255 The default value is 7 Long Retry Limit Enter the maximum number of attempts to send a data packet of length less than or equal to the value defined in RTS Threshold After this many failed attempts the packet is dis carded Possible values are 1 to 255 The default value is 4 Fragmentation Enter the maximum size as of which the data packets are to be Threshold fragmented i e split into smaller units A low value is recom mended for this field in areas with poor reception and in the event of radio interference Possible values are 256 to 2346 The default value is 2346 bytes ED Threshold Define the Energy Detection threshold for CCA Clear Channel Assessment Possible values are 2147483648 to 2147483647 Field Description The default value is 0 CW Min Define the maximum size of the contention window Possible values are 1 to 65535 The default value is 15 CW Max Define the minimum size of the contention window Possible values are 1 to 65535 The default value is 1023 Max Receive Lifetime Enter the time from receipt of the first fragment of a data packet as of which no further attempts are made The data packet is discarded Possible values are 1 to 4294967295 The default value is 512 msec Max Transmit MSDU Enter the time from sending of the first fragment of a data pack Lifetime et as of which no further send attempts are made
340. he saved boot configura tion Proceed as follows if you also want to reset all the user passwords to the ex works state and delete stored configurations when resetting the device e Set up a serial connection to your device Reboot your device and monitor the boot se quence Read the message Press lt sp gt for boot monitor or any other key to boot system Start the BOOTmonitor choose 4 Delete configuration and follow the instructions or e Carry out the reset procedure described above by switching on and off Next establish a serial connection or a Telnet connection Telnet Use the IP address of the ex works standard settings for your device At the login prompt enter erase bootconfigas the Login in the command line Leave the password empty and press the Return key The device runs through the boot sequence again Gay Ep Note The device is also reset to ex works state including all user passwords if you switch the device on and off five times instead of three times when the device is off Note If you delete the boot configuration using the Funkwerk Configuration Interface menu Maintenance gt Software amp Configuration all passwords will also be reset and the current boot configuration deleted The next time the device will boot with the standard ex works settings You can now configure your device again as described from Basic configuration on page 12 R1xxx R3xxx R4xxx Chapter 6 Technical data This c
341. he steps in the following sequence refer to the connection diagrams for the individual devices in chapter Technical data on page 24 1 Antennas only R1200w R1200wu and R3000w Screw the external standard anten nas provided to their RSMA connections Main and AUX and align the antennas 2 Place your device on a solid level base 3 LAN For the standard configuration of your device via Ethernet connect the first switch port ETH1 of your device to your LAN using the Ethernet cable supplied The device automatically detects whether it is connected to a switch or directly to a PC 4 ADSL only R3000 and R3000w Connect the ADSL interface ADSL of your device to the DSL output of the splitter using the DSL cable supplied 5 SHDSL only R3400 and R3800 R1xxx R3xxx R4xxx 9 3 Installation Funkwerk Enterprise Communications GmbH Connect the SHDSL interface SHDSL of your device to the SHDSL connection us ing the DSL cable supplied 6 Mains connection Connect the device to a mains socket using the mains adaptor supplied Optional connections ISDN Connect the ISDN interface ISDN or ISDN x of the device to your ISDN socket using the ISDN cable provided Other LANs WANs Connect any other terminals in your network to the remaining switch ports ETH2 ETH3 or ETH4 of your device using other Ethernet cables Serial connection For alternative configuration options connect the serial interface of your PC with the
342. he time is only determined over ISDN until a successful update is received from this time server Updating over ISDN is deactivated for the period in which the time is de termined by means of a time server The function is activated with Enabled The function is disabled by default Enter the primary time server using either a domain name or an IP address In addition select the protocol for the time server request Possible values e SNTP default value This server uses the simple network time protocol with UDP port 123 e Time Service UDP This server uses the Time service with UDP port 37 e Time Service TCP This server uses the Time service with TCP port 37 e None This time server is not currently used for the time re quest Enter the secondary time server using either a domain name or an IP address In addition select the protocol for the time server request Possible values e SNTP default value This server uses the simple network time protocol with UDP port 123 e Time Service UDP This server uses the Time service 10 System Management Funkwerk Enterprise Communications GmbH Field Description with UDP port 37 e Time Service TCP This server uses the Time service with TCP port 37 e None This time server is not currently used for the time re quest Third Timeserver Enter the tertiary time server using either a domain name or an IP address In addition select the protocol f
343. hould be used Possible values e TKIP default value Temporal Key Integrity Protocol e AES Advanced Encryption Standard TAES and TKIR Both encryption methods are rated as secure with AES offering better performance WPA2 Cipher Only for Security Mode wPA PSK and WPA Mode wPaA2 Select which encryption method should be used Possible values e TKIP default value Temporal Key Integrity Protocol e AES Advanced Encryption Standard O AS cuna ML Both encryption methods are rated as secure with AES offering better performance 13 1 4 2 Client Link Scan After the desired Client Links have been configured the en icon is shown in the list You use this icon to open the Scan menu R1xxx R3xxx R4xxx e i a A bintec R1200 lt Save configuration ah Radio Settings Client Link A i mal Physical Interfaces y alin ces Scan A Client Link Description sta1 0 Wire L a Action Scan a AP MAC Address Network Name SSID Channel Mode m Signal __ Connected Action Administration D0 a0 19 09 68 b7 Funkwerk ec 11 Access Point WPA and WPA 2 PSK 64 dim Select i way EE VoIP n aa lt Fig 79 Wireless LAN gt WLAN gt Client Link gt Scan After successful scanning a selection of potential scan partners is displayed in the scan list In the Action column click Select to connect the local clients with this client If the partners are connected with one
344. hronisation gt New menu consists of the follow ing fields Fields in the VR Synchronisation Monitoring VR Interface menu Field Description Monitoring Mode Shows which mechanism is used for monitoring a virtual router Possible values BRRP The BRRP specific state advertisements are used for determining the state of the master The master sends ad vertisements according to its configuration in the Local Ser vices gt BRRP gt Virtual Router gt New gt Advanced Set tings menu Virtual Router ID Select a virtual router using the Virtual Router ID and define which interface is to be checked You can choose previously defined IDs see Virtual Router ID in the Local Services gt BRRP gt Virtual Routers gt New gt Monitored BRRP Inter face menu The watchdog daemon requests the detailed in formation entered in the Virtual Router R1xxx R3xxx R4xxx Fields in the VR Synchronisation Synchronisation VR Interface menu Field Description Synchronisation Mode Indicates the mechanism with which virtual routers or interfaces are synchronised Possible values BRRP BRRP is used to synchronise the virtual router Virtual Router ID Select the ID of the virtual router to be synchronised Synchron ising the virtual router implicitly synchronises the virtual inter face associated with the virtual router 19 13 3 Options You can enable or disable the BRRP function in the Local Services gt BRRP gt
345. hts Equipment dimensions without cable B x H x D 295 mm x 45 mm x 160 mm 295 mm x 45 mm x 160 mm 8 mm antenna socket Weight approx 1260 g approx 1260 g Transport weight incl documentation cables packaging approx 2 6 kg approx 2 6 kg Memory 32 MB SDRAM 32 MB SDRAM 8 MB flash ROM 8 MB flash ROM LEDs 18 1x Power 1x Status 5x2 Ether 20 1x Power 1x Status 5x2 Ether net 3x2 Function net 4x2 Function Power consumption of the device max 15 Watt normally 13 Watt max 15 Watt normally 13 Watt Voltage supply 15 V AC 1 3 A EU PSU 15 V AC 1 3 A EU PSU Funkwerk Enterprise Communications GmbH 6 Technical data Product name bintec R3000 bintec R3000w Environmental require ments Storage temperature 20 to 70 C 20 to 70 C Operating temperature 0 to 40 C 0 to 40 C Relative atmospheric humidity 10 to 90 non condensing in op eration 5 to 95 non condensing when stored 10 to 90 non condensing in op eration 5 to 95 non condensing when stored Room classification Only use in dry rooms Only use in dry rooms Available interfaces ADSL interface Internal ADSL modem for Annex A and Annex B Internal ADSL modem for Annex A and Annex B Ethernet IEEE 802 3 LAN 4 port switch a port with serial inter face function Permanently insta
346. ibed in Modify system password on page 17 4 1 2 Software update Your device contains the version of the system software available at the time of production More recent versions may have since been released You can easily perform an update with the Funkwerk Configuration Interface using the Maintenance gt Software amp Con figuration menu R1xxx R3xxx R4xxx For a description of the update procedure see Software Update on page 20 4 2 System requirements For configuration of the device your PC must meet the following system requirements e Microsoft Windows operating system Windows 2000 or higher e Internet Explorer 6 or 7 Mozilla Firefox Version 1 2 or higher e Installed network card Ethernet e DVD drive e TCP IP protocol installed see Configuring a PC on page 16 e High colour display more than 256 colours for correct representation of the graphics 4 3 Preparations To prepare for configuration you need to e have the data for the basic configuration and the Internet connection to hand and also gather the data needed for connecting the required WLAN clients e Check whether the PC from which you want to perform the configuration meets the ne cessary requirements You can also e install the Dime Managersoftware which provides more tools for working with your device This installation is optional and not essential for the configuration or operation of the device 4 3 1 Gathering data You can
347. ic Parameters Interface MAC Address Node Name IP Address Netmask Gateway Authentication Password Last Write Result Device Discovery Options en1 0 00 01 cd 06 76fa wi2040n 182 166 0 253 255 255 255 0 0 0 0 gt No error C OK Cancel Fig 171 Local Services gt Funkwerk Discovery gt Device Discovery gt The Local Services gt Funkwerk Discovery gt Device Discovery gt g menu consists of the following fields Fields in the Funkwerk Discovery Basic Parameters menu Field Description Interface MAC Address Node Name IP Address Netmask The value of this field can only be read Shows the interface of your device on which discovery is carried out The value of this field can only be read Shows the MAC Address of the discovered access point You can change the name of the discovered access point You can change the IP address of the discovered access point You can change the related netmask R1xxx R3xxx R4xxx Field Description Gateway You can change the gateway address of the discovered access point Authentication Password You must enter the administrator password for the access point otherwise you cannot carry out the configuration operation Last Write Result The value of this field can only be read Displays the result of the last configuration operation Possible values e No Error The acce
348. idged by a stop code Syslog is used as the de facto standard for transmitting log mes sages in an IP network Syslog messages are sent as unencrypted text messages over the UDP port 514 and collected centrally They are usually used to monitor computer systems Telephone that belongs to a modern PBX which depending on the PBX has a number of special features and keys e g the T Concept PX722 Product name used by Deutsche Telekom AG for its DSL services and products Product name for T Com fax machines Telephony faxing data transfer and online services from one net work and a single connection T ISDN offers exciting services with numerous benefits for example a point to multipoint connection the ideal solution for families or small businesses This connection option which can be used with the existing telephone cable costs less than two telephone connections but offers far greater quality and ease of use Two independent lines so that you can still make a Glossary T Net T NetBox T NetBox telephone number T Online T Online software T Service T Service access TA TAPI Funkwerk Enterprise Communications GmbH phone call receive a fax or surf the Internet when another family member is making a long call on the other line Three or more tele phone numbers which you can assign individually to your devices and distribute differently if needed through simple programming steps Most ISDN telephon
349. ield Description Description Enter the desired description of the interface group Members Select the members of the group from the available interfaces To do this activate the field in the Members column R1xxx R3xxx R4xxx 17 3 Addresses 17 3 1 Address List In the Firewall gt Addresses gt Address List menu a list of all configured addresses is shown 17 3 1 1 New Choose the New button to set up new addresses bintee R1200 u aaron EE croup EES sees 5 E Description Address Type address Subnet Address Range in Address Subnet I li C oK JC Cancel __ Fig 134 Firewall gt Addresses gt Address List gt New The Firewall gt Addresses gt Address List gt New menu consists of the following fields Fields in the Address List Basic Parameters menu Field Description Description Enter the desired description of the address Address Type Select the type of address you want to specify Possible values e Address Subnet default value Enter an IP address with subnet mask R1xxx R3xxx R4xxx Field Description e Address Range Enter an IP address range with a start and end address Address Subnet Only if Address Type Address Subnet Enter the IP address of the host or a network address and the related netmask The default value is 0 0 0 0 Address Range Only if Address Type Address Range E
350. ient An L2TP tunnel profile must be created on each of the two sides LAC and LNS The corresponding L2TP tunnel profile is used on the initiator side LAC to set up the connection The L2TP tunnel profile is needed on the responder side LNS to accept the connection 16 2 1 Tunnel Profiles In the VPN gt L2TP gt Tunnel Profiles menu a list of all configured tunnel profiles is shown 16 2 1 1 New Choose the New button to set up new tunnel profiles R1xxx R3xxx R4xxx 4 lt Ea z e Sed Language English View Standard Online Help Tunnel Profiles Users Options Basic Parameters Description A Local Hisar OT a Remote Hostname N Password eecccece LAC Mode Parameters o s Remote Ip address e UDP Source Port i Fixed UDP Destination Port mo Advanced Settings Local IP Address Ow 7 Hello Intervall fd seconds Bi Minimum Time between Retries R seconds 7 g Maximum Time between Retries he seconds 7 maximum Retiies E Data Packets Sequence Numbers Enabled ae E fi OK JC Cancel Fig 123 VPN gt L2TP gt Tunnel Profiles gt New The VPN gt L2TP gt Tunnel Profiles gt New menu consists of the following fields Fields in the Tunnel Profiles Basic Parameters menu Field Description Description Enter a description for the current profile The device automatically names the prof
351. ient link is configured c Number of the client link Example sta1 0 first client link on the first wireless module The names of the virtual interfaces connected to an Ethernet port are made up of the fol lowing parts a Abbreviation for interface type b Number of the Ethernet port c Number of the interface connected to the Ethernet port d Number of the virtual interface Example en1 0 1 first virtual interface based on the first interface on the first Ethernet port 10 3 1 Interfaces You define separately whether each interface is to operate in routing or bridging mode If you want to set bridging mode you can either use existing bridge groups or create a new bridge group The default setting for all existing interfaces is routing mode On selecting the New Bridge Group option for Mode Bridge Group a bridge group i e brO bri etc is automatic ally created and the interface is run in bridging mode R1xxx R3xxx R4xxx bintec R1200 Save configuration 14 Interfaces Status interface Description Mode Bridge Group Global Settings Ph ent 0 Routing Mode Interface Mode Bridge 1 L Ga 2 jent 4 Routing Mode x Administrative Access Configuration Interface Selectone Remote Authentication Certificates x gt J oK J Cancel Fig 45 System Management gt Interface Mode Bridge Groups gt Interfaces The System Management gt Interf
352. ient mode Only for Operating Mode Access Client Select the client connection mode to the access point Possible values e Infrastructure default value In a network in infrastruc ture mode all clients communicate with each other via ac cess points only There is no direct communication between the individual clients e Ad Hoc In ad hoc mode an access client can be used as central interface between a number of terminals In this way devices such as computers and printers can be wirelessly in terconnected Select the channel to be used Operation Band Select the operation band and usage area of the wireless mod ule For Operation Mode Access Point Possible values e 2 4 GHz In Outdoor default value our device is oper ated at 2 4 GHz mode 802 11b and mode 802 11g inside or outside buildings e 5 GHz Indoor Your device is run with 5 GHz Mode 802 11a h inside buildings 5 GHz Outdoor Your device is run with 5 GHz Mode 802 11a h outside buildings e 5 GHz In Outdoor Your device is run with 5 GHz Mode 802 11a h inside or outside buildings For Operation Mode Access Client Possible values e 2 4 and 5 GHz e 2 4 GHz default value eo GHz Usage Area Only for Operation Mode Access Client Client Mode Funkwerk Enterprise Communications GmbH 13 Wireless LAN Field Description Infrastructure and Operation Band 2 4 and 5 GHzor SNGHz Choose the location at which the device is operate
353. iew Standard v Online Help Logout h mmm e bintec R4100 Save configuration Extensions SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks Options PysicalImeniaces Base Parameters e Media Gateway Status JEnabled po IP Session Border Controller Mode Auto po POS Media Stream Termination Y Enabled fi ii j Default Drop Extension Dial Latency 5 Seconds Application Level Gateway Media Gateway Advanced Settings A Shortcut Replacement Speed Dialing E 7 F Add OK Cancel Fig 146 VoIP gt Media Gateway gt Options The VoIP gt Media Gateway gt Options menu consists of the following fields Fields in the Options Basic Parameters menu Field Description Media Gateway Status Select whether the media gateway function should be enabled The function is activated with Enabled The function is disabled by default Session Border Control Specify how the media gateway should behave in conjunction ler Mode with a session border controller mode Possible values e Auto default value for all extensions that exactly agree with an existing SIP account the call routing is handled by the ses sion border controller i e all SIP messages configured for the corresponding SIP account are forwarded to the session bor der controller For all other extensions the call routing is handled by the media gateway in accordance with the entries configured und
354. ifetime 7200 Seconds 0 kBytes Advanced Settings IP Compression DEnabied Alive Check Autodetect Propagate PMTU Enabled OK J C cancel Fig 119 VPN gt IPSec gt Phase 2 Profiles gt New The VPN gt IPSec gt Phase 2 Profiles gt New menu consists of the following fields Fields in the Phase 2 Profiles Phase 2 IPSEC Parameters menu Field Description Description Enter a description that uniquely identifies the profile The maximum length of the entry is 255 characters Proposals In this field you can select any combination of encryption and message hash algorithms for IKE phase 2 on your default The combination of six encryption algorithms and two message hash algorithms gives 12 possible values in this field Encryption algorithms Encryption e 3DES default value 3DES is an extension of the DES al gorithm with an effective key length of 112 bits which is rated as secure lt is the slowest algorithm currently supported e ALL All options can be used e AES 128 Rijndael has been nominated as AES due to its R1xxx R3xxx R4xxx 16 VPN Funkwerk Enterprise Communications GmbH Field Description fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 128 bits e AES 192 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and gene
355. ifetime Enter the time from receipt of the first fragment of a data packet as of which no further attempts are made The data packet is discarded Funkwerk Enterprise Communications GmbH 13 Wireless LAN Field Description Possible values are 1 to 4294967295 The default value is 512 msec Max Transmit MSDU Enter the time from sending of the first fragment of a data pack Lifetime et as of which no further send attempts are made The data packet is discarded Possible values are 1 to 4294967295 The default value is 512 msec If Access Client has been selected for the Operation Mode with Client Mode Infra structure the following parameters will also be available under Advanced Settings Fields in the Advanced Settings Access Client Mode menu Field Description Scan channels Only for Operation Mode Access Client Client Mode Infrastructure and Operation Band 2 4 GHz Choose the channels which the WLAN client automatically scans for available wireless networks The function is enabled by default All channels are scanned If the function is disabled you can define the required channels under Selected Channels User Defined Channel Only for Scan channels User defined Plan Define the channels which the WLAN client automatically scans for available wireless networks Roaming Profile Select the roaming profile The options available include typical roaming functions Possible values e Fast Roaming The WLAN
356. ificate Revocation Only for Certificate is a CA certificate True List CRL Checking Define the extent to which certificate revocation lists CRLs are to be included in the validation of certificates issued by the own er of this certificate Possible settings e Disabled No checking of CRLs e Always CRLs are always checked O Oily ii a CRE Dilsicsllomuicaora Rolne ius Present default value If the CA certificate contains a CRL Distribu tion Point CDP this one is to be checked additionally to the revocation lists globally configured on the device Under View Details in the certificate content you can check wheth er the CA certificate contains a CDP e Use Settings from superior certificate The set tings of the higher level certificate are used if one exists It is does not the same procedure is used as that described under Only if a CRL Distribution Point is present Force certificate to be Define that this certificate is to be accepted as the user certific trusted ate without further checks during authentication The function is activated with True The function is disabled by default fl Caution It is extremely important for VPN security that the integrity of all certificates manually marked as trustworthy certification authority and user certificates is ensured The dis played fingerprints can be used to check this integrity Compare the displayed values with the fingerprints specified by the issuer
357. ifying the L2TP partner The first character in this field must not be a number and no special characters or umlauts must be used The maximum length of the entry is 25 characters Connection Type Select whether the L2TP partner is to take on the role of the L2TP network server LNS or the functions of a L2TP access concentrator client LAC client R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 16 VPN Field Description Possible values e LNS default value If you select this option the L2TP partner is configured so that it accepts L2TP tunnels and restores the encapsulated PPP traffic flow e LAC If you select this option the L2TP partner is configured so that it encapsulates a PPP traffic flow in L2TP and sets up a L2TP tunnel to a remote LNS Tunnel Profile Only for Connection Type LAC Select a profile created in the Tunnel Profiles menu for the connection to this L2TP partner User Name Enter the code of your device Password Enter the password Always on Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Connection Idle Timeout Only if Always on is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivate
358. iguration work for the SIF is com paratively straightforward with systems like Network Address Translation NAT and IP Ac cess Lists IPAL As SIF NAT and IPAL are active in the system simultaneously attention must be given to possible interaction If any packet is rejected by one of the security instances this is done immediately This is irrelevant whether another instance would accept it or not Your need for security features should therefore be accurately analysed The essential difference between SIF and NAT IPAL is that the rules for the SIF are gener ally applied globally i e not restricted to one interface In principle the same filter criteria are applied to the data traffic as those used in NAT and IPAL e Source and destination address of the packet with an associated netmask e Service preconfigured e g Echo FTP HTTP e Protocol e Port number s To illustrate the differences in packet filtering a list of the individual security instances and their method of operation is given below 17 Firewall Funkwerk Enterprise Communications GmbH NAT One of the basic functions of NAT is the translation of the local IP addresses of your LAN into the global IP addresses you are assigned by your ISP and vice versa All connections initiated externally are first blocked i e every packet your device cannot assign to an exist ing connection is rejected This means that a connection can only be set up from inside to outsi
359. iles L2 TP and numbers them but the value can be changed Enter the host name for LNS or LAC Local Hostname e LAC The Local Hostname is used in outgoing tunnel setup messages to identify this device and is associated with the Remote Hostname of a tunnel profile configured on the LNS These tunnel setup messages are SCCRQs Start Control Connection Request sent from the LAC and SCCRPs Start Control Connection Reply sent from the LNS e LNS Is the same as the value for Remote Hostname of the incoming tunnel setup message from the LAC R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 16 VPN Field Description Enter the host name of the LNS or LAC Remote Hostname e LAC Defines the value for Local Host Name of the LNS contained in the SCCRQs received from the LNS and the SCCRPs received from the LAC The Local Hostname con figured in the LAC must match the Remote Hostname con figured for the intended profile in the LNS and vice versa e LNS Defines the Local Host Name of the LAC If the Re mote Hostname field remains empty on the LNS the related profile qualifies as the standard entry and is used for all in coming calls for which a profile with a matching Remote Hostname can be found Password Enter the password to be used for tunnel authentication Au thentication between LAC and LNS takes place in both direc tions i e the LNS checks the Local Hostname and the Pass word contained in the SCCRQ of the
360. ill find the RFCs on the relevant pages of the IETF www iett org rfc htm 15 2 1 1 New Choose the New button to set up new ATM profiles View Standard Online Help Profiles service Categories OAM Controlling me 4 bintes ado ATM Profiles Parameter Provider a User defined i Description Internet Dialup ATM Interface L feca 3 0 ATM Tyee Ethernet over ATM AAA _ 1 Real Time Jitter Control Time Jitter Control Virtual Path Identifier VPI l f _ 5 Virtual Channel Identifier VCI az Encapsulation LLC Bridged no FCS Ethernet over ATM Settings _ g lt Default Ethernet for PPPoE Interfaces Clenabtea Address Mode static O DHCP IP Address Netmask 1 IP Address Netmask gt Cada a MAC Address Vluse built in oK J Cancel Fig 106 WAN gt ATM gt Profiles gt New The WAN gt ATM gt Profiles gt New menu consists of the following fields Fields in the Profiles ATM Profiles Parameter menu Field Description Provider Select one of the preconfigured ATM profiles for your provider from the list or manually define the profile using User Specified Description Only for Provider User defined Enter the desired description for the connection Type Only for Provider User defined
361. in the OAM Control Loopback Field Description Loopback End to End Select whether you activate the loopback test for the connection between the endpoints of the VCC or VPC The function is activated with Enabled The function is disabled by default End to End Send Inter Only if Loopback End to End is enabled val Enter the time in seconds after which a loopback cell is to be sent Possible values are 0 to 999 The default value is 5 End to End Pending Re Only if Loopback End to End is enabled quests Enter the number of directly consecutive loopback cells that may fail to materialise before the connection is regarded as in terrupted down Possible values are 1 to 99 The default value is 5 Loopback Segment Select whether you want to activate the loopback test for the segment connection segment connection of the local end point to the next connection point of the VCC or VPC The function is activated with Enabled Funkwerk Enterprise Communications GmbH 15 WAN Field Description The function is disabled by default Segment Send Interval Only if Loopback Segment is enabled Enter the time in seconds after which a loopback cell is sent Possible values are 0 to 999 The default value is 5 Segment Pending Re Only if Loopback Segment is enabled quests Enter the number of directly consecutive loopback cells that may fail to materialise before the connection is regarded as in terrupted down
362. ing Port POTS PPP PPP authentication PPPoA PPPoE PRI Primary Rate Inter face PRI Protocol Proxy ARP PSN PSTN PVID R key RADIUS RADSL RAS Point to point Fax machine function that fetches documents provided by other fax machines or fax databases Input output Plain Old Telephone System Point to Point Protocol Security mechanism A method of authentication using passwords in PPP Point to Point Protocol over ATM Point to Point Protocol over Ethernet Primary Rate Interface ISDN subscriber connection The PRI consists of one D channel and 30 B channels in Europe In America 23 B channels and one D channel There is also the ISDN Basic Rate Interface Protocols are used to define the manner and means of information exchange between two systems Protocols control and rule the course of data communication at various levels decoding address ing network routing control procedures etc ARP Address Resolution Protocol Packet Switched Network Public Switched Telephone Network Port VLAN ID Telephones that have a R key inquiry key can also be connected to a PBX In modern telephones the R key triggers the hook flash function This is required for use of performance features in T Net such as inquiry brokering and three party conference Remote Authentication Dial In User Service Rate Adaptive Digital Subscriber Line Remote access service R1xxx R3xxx R4xxx Real Time Clock H
363. ing IKE phase 1 are to be ignored The function is activated with Enabled The function is disabled by default Send Certificate Re Select whether certificate requests are to be sent during IKE quest Payloads phase 1 The function is activated with Enabled The function is enabled by default Send Certificate Chains Select whether complete certificate chains are to be sent during IKE phase 1 The function is activated with Enabled Field Description The function is enabled by default Deactivate this function if you do not wish to send the peer the certificates of all levels from your level to the CA level Send CRLs Select whether CRLs are to be sent during IKE phase 1 The function is activated with Enabled The function is disabled by default Send Key Hash Pay Select whether key hash payloads are to be sent during IKE loads phase 1 In the default setting the public key hash of the remote end is sent together with the other authentication data Only applies for RSA encryption activate this function with Enabled to sup press this behaviour 16 2 L2TP The layer 2 tunnel protocol L2TP enables PPP connections to be tunnelled via a UDP connection Your bintec device supports the following two modes e L2TP LNS Mode L2TP Network Server for incoming connections only e L2TP LAC Mode L2TP Access Concentrator for outgoing connections only Note the following when configuring the server and cl
364. ing the authentication protocol is the same as the data of a listed remote terminal or RADIUS user your device accepts the incoming call R1xxx R3xxx R4xxx Language English View Standard Online Help Logout RADIUS TACACS Options Global RADIUS Options a terface Mode Bridge Authentication for PPP Dialin rad Hie Outband CLID ministrative Access OK C Cancel _ Fig 53 System Administration gt Remote Authentication gt Options The System Management gt Remote Authentication gt Options menu consists of the following fields Fields in the Options Global RADIUS Options menu Field Description Authentication for PPP By default the following authentication sequence is used for in Dialin coming calls with RADIUS First CLID then PPP and then PPP with RADIUS Options e Inband Only inband RADIUS requests PAP CHAP MS CHAP V1 amp V2 i e PPP requests without CLID are sent to the RADIUS server defined in Server IP Address e Outband CLID Only outband RADIUS requests i e re quests for calling line identification CLID are sent to the RA DIUS server Inband is activated by default R1xxx R3xxx R4xxx 10 System Management Funkwerk Enterprise Communications GmbH 10 6 Certificates An asymmetric cryptosystem is used to encrypt data to be transported in a network to gen erate or check digital signatures an
365. ing up a tunnel immediately after saving the configuration e Down The peer is initially not available after the configuration has been saved R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 16 VPN Field Description Description Enter a description of the peer that identifies it The maximum length of the entry is 255 characters Peer Address Enter the official IP address of the peer or its resolvable host name The entry can be omitted in certain configurations whereby your device then cannot initiate an IPSec connection Peer ID Select the ID type and enter the peer ID This entry is not necessary in certain configurations The maximum length of the entry is 255 characters Possible ID types e Fully Qualified Domain Name FQDN e E mail Address e IPV4 Address e ASN 1 DN Distinguished Name On the peer device this ID corresponds to the parameter Local ID Value Preshared Key Enter the password agreed with the peer The maximum length of the entry is 50 characters All charac ters are possible except for 0x at the start of the entry Fields in the IPSec Peers Interface Routes menu Field Description IP Address Assignment Select the configuration mode of the interface Possible values e Static default value Enter a static IP address e IKE Config Mode Client Select this option if your gate way receives an IP address from the server as IPSec client e IKE Config Mode Server Sele
366. ins the De scription the User Name the Authentication and the current Status The Status field can take the following values Possible values for Status Field Description o connected Ez not connected dialup connection connection setup possible G not connected e g because of an error during setup of an out going connection a renewed attempt is only possible after a specified number of seconds R1xxx R3xxx R4xxx Field Description o administratively set to down deactivated connection setup not possible for leased lines Default Route With a default route all data is automatically forwarded to one connection if no other suit able route is available Access to the Internet should always be set up as the default route to the Internet Service Provider ISP Further information on possible route types can be found under Routing gt Routes Activating NAT With Network Address Translation NAT you conceal your whole network to the outside world behind one IP address You should certainly do this for your connection to the Inter net Service Provider ISP Only outgoing sessions are allowed initially if NAT is activated To allow certain connec tions from outside to hosts within the LAN these must be explicitly defined and admitted Connection Idle Timeout The connection idle timeout is determined in order to clear the connection automatically if it is not being used i e if data is no longer being sen
367. intec R1200 Language English Online Help RIP Interfaces RIP Filter RIP Options U RP Parameters for enf 0 Send Version None bo l Receive Version None Mm Route Announce Up only OK JC Cancel _ Fig 87 Routing gt RIP gt RIP Interfaces gt The Routing gt RIP gt RIP Interfaces gt menu consists of the following fields Fields in the RIP Parameters for lt Interface gt menu Field Description Send Version Decide whether routes are to be propagated via RIP and if so select the RIP version for sending RIP packets over the inter face in send direction Possible values e None default value RIP is not enabled e RIP V1 Enables sending and receiving of version 1 RIP packets e RIP V2 Enables sending and receiving of version 2 RIP packets e RIP V1 V2 Enables sending and receiving of both version 1 and version 2 RIP packets R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 14 Routing Field Description e RIP V2 Multicast For sending RIP V2 messages over the multicast address 224 0 0 9 e RIP V1 Triggered RIP V1 messages are sent received and processed as per RFC 2091 triggered RIP e RIP V2 Triggered RIP V2 messages are sent received and processed as per RFC 2091 triggered RIP Receive Version Decide whether routes are to be imported via RIP and if so se lect the RIP version
368. inter time and back must be carried out manually if the time is derived using this method by changing the value in the System Time Zone field with an option UTC or UTC Note If a method for automatically deriving the time is defined on the device the values ob tained in this way automatically have higher priority A manually entered system time is therefore overwritten The System Management gt Global Settings gt Date and Time menu consists of the fol lowing fields Fields in the Date and Time Basic Settings menu Field Description Time Zone Select the time zone in which your device is installed You can select Universal Time Coordinated UTC plus or minus the deviation in hours or a predefined location e g Europe Berlin Current Local Time The current date and current system time are shown here The entry cannot be changed Fields in the Date and Time Manual Time Settings menu Field Description Set Date Enter a new date Format e Day dd e Month mm e Year yyyy Set Time Enter a new time Format Funkwerk Enterprise Communications GmbH 10 System Management Field Description e Hour hh e Minute mm Fields in the Date and Time Automatic Time Settings Time Protocol menu Field Description ISDN Timeserver First Timeserver Second Timeserver Define whether the time information received at an incoming ISDN connection is used to update the system time If a time server is configured t
369. interface The existing configuration is not deleted but can be activated again if re quired Traffic shaping Activate or deactivate data rate limiting in the send direction The function is activated with Enabled The function is disabled by default Maximum Upload Speed Only enabled for Traffic shaping Enter a maximum data rate for the interfaces in the send direc tion in kbits Possible values are 1 to 1000000 The default value is 0 i e no limits are set the queue can oc cupy the maximum bandwidth Protocol Header Size Choose the interface type to include the size of the respective below Layer 3 overheads of a datagram when calculating the bandwidth 14 Routing Funkwerk Enterprise Communications GmbH Field Description Possible values e Custom value in Byte possible values are 0 to 100 e Ethernet default value e Ethernet and VLAN O IP ito SPERRER o IPSee o MRSE O HPSS e IPSec and VLAN over Ethernet over Ethernet and VLAN via PPP over Ethernet via PPPoE and VLAN Real Time Jitter Control Only enabled for Transmit Shaping Real Time Jitter Control optimises latency when forwarding real time datagrams The function ensures that large data packets are fragmented according to the available upload bandwidth Real Time Jitter Control is useful for small upload bandwidths lt 800 kbps Activate or deactivate Real Time Jitter Control The function is activated with Enabled
370. interface Only for Interface Type ISDN Select an ISDN interface The ISDN interfaces you can select depends on the device used Registration Only for Interface Type SIP Specify whether the registration mechanism is to be used by SIP REGISTER Normally every SIP client user sends its cur rent position to a REGISTRAR server by means of a RE GISTER message This information about the user and his cur rent address is held by the REGISTRAR server and queried by other proxies to find the user The function is activated with Enabled The function is enabled by default Apart from this standard procedure the relevant data can also be sent to a particular IP address that is already known to the correspondent Registration and authentication are not then needed and the Registration function is disabled An example of this method is Microsoft Exchange SIP Expire Time Only if Registration is enabled Enter the time in seconds after which the current registration be comes invalid and a new registration request is therefore sent For clients the external port is recognised automatically and should not be changed Possible values are 0 to 3600 The default value is 60 SIP Endpoint IP Address Only if Registration is disabled For configurations with no registration e g connection to a Mi crosoft Exchange Communication Server the connection can be set up as a static host This requires you to specify the static Funkwer
371. interface is defined as multi user connection partner i e several clients dial in with the same user name and password Authentication Select the authentication protocol for this PPTP partner Possible values PAP CHAP MS CHAP default value Primarily run CHAP on denial the authentication protocol required by the PPTP part ner MSCHAP version 1 or 2 possible Funkwerk Enterprise Communications GmbH 15 WAN Field Description e PAP Only run PAP PPP Password Authentication Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentica tion Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option Encryption Only if Authentication MS CHAPv2 If necessary select the type of encryption that should be used for data traffic to the connection partner This is only possible if STAC or MS STAC compression is not activated for the con nection If Encryption is set the remote terminal must also sup port it otherwise a connection cannot be set up Possible values None default value MPP encryption is not used e Enabled MPP encryption V2 with 128 bit is used to RFC 3078 e Windows c
372. ion 5 to 95 non condensing when stored Room classification Only use in dry rooms Only use in dry rooms Only use in dry rooms Available interfaces Ethernet IEEE 802 3 LAN 4 port switch a port with serial inter face function Permanently installed twisted pair only 10 100 mbps auto sensing MDIX supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Permanently installed twisted pair only 10 100 mbps auto sensing MDIX supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Permanently installed twisted pair only 10 100 mbps auto sensing MDIX supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud ISDN WAN SO 2 Permanently installed Permanently installed Permanently installed DMZ ETH5 Additional Ethernet Additional Ethernet Additional Ethernet switch port switch port switch port WLAN interface 802 11b 802 11g and 802 11b 802 11g and antennas 802 11a with Antenna 802 11a with Antenna Diversity Diversity CardBus interface Interface for integrating a PCMCIA UMTS modem card Available sockets Serial interface V 24 RJ45 socket RJ45 socket RJ45 socket Ethernet interface RJ45 socket RJ45 socket RJ45 socket ISDN interface RJ45 socket RJ45 socket RJ45 socket CardBus interface 68 pole PCMCIA socket Standards amp Guidelines R amp TTE Dir
373. ion DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the connection partner or sends these to the connection partner The function is activated with Enabled Funkwerk Enterprise Communications GmbH 15 WAN Field Description The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default LCP Alive Check Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of line faults The function is activated with Enabled The function is disabled by default Callback Mode Select the Callback Mode function Possible values e None default value Your device does not call back e Active Select one of the following options e No PPP negotiation Your device calls the connection partner to request a callback e Windows Client Mode Your device calls the connection partner to request a callback via CBCP Callback Control Protocol Needed for Windows clients e Passive Select one of the following options e PPP Negotiation or CLID Your device calls back im mediately when requested to
374. ion in WAN gt ATM gt Profiles gt New with Client Type On Demand 15 1 3 1 New Choose the New button to set up new PPPoA interfaces R1xxx R3xxx R4xxx bintec R3800 e oY Roam OO Internet Dialup ATM _ Leased Line Real Time Jitter Control ara View Standard Language English oiea Basic Parameters 2 Description atm we o Select one Y User Name C i pasowdd ecccccee Aways on EEnabiea Connection Idle Timeout oo Seconds IP Mode and Roues IP Address Mode O Static Get IP Address Default Route ElEnabied i Create NAT Policy Enabtea i Advanced Settings Block after connection failure for feo Seconds E mum Number ofDialup Retries T 5 J Authentication e a 4 DNs Negotiation enabled 5 i Prioritize Top ACK Packets enabled y LCP Alive Check DEnabied o 4 oK 1 Cancel Fig 101 WAN gt Internet Dialup gt PPPoA gt New The WAN gt Internet Dialup gt PPPoA gt New menu consists of the following fields Fields in the PPPoA Basic Parameters menu Field Description Description ATM PVC User Name Password Always on R1xxx R3xxx R4xxx Enter a name for uniquely identifying the connection partner The first character in this field must not be a number and no special characters or umlauts must be used
375. ions Data transmission recommendation for HDSL Data transmission recommendation for SHDSL Data transmission recommendation for ADSL See also G 992 1 An nex A and G 992 1 Annex B Data transmission recommendation for ADSL ITU T G 992 1 Annex A Data transmission recommendation for ADSL ITU T G 992 1 Annex B See G 991 2 R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH Gateway Half duplex Handheld unit Hands free Hashing HDLC HDSL HDSL2 Headset HMAC HMAC MD5 HMAC SHA1 Holding a call Holding in the PBX Glossary Entrance and exit transition point Bidirectional communication method in which it is only possible to either send or receive at a particular point in time Also known as Simplex Mobile component of wireless telephone units In the event of digital transmission it is also possible to make telephone calls between the handheld units DECT If the telephone has a microphone and speaker installed you can conduct a call without using your hands As a result other people in the room can also participate in the call The process of deriving a number hash from a character string A hash is generally far shorter than the text flow it was derived from The hashing algorithm is designed so that there is a relatively low probability of generating a hash that is the same as another hash generated from a text sequence with a different meaning Encryption methods use hashin
376. ions GmbH 18 VoIP Field Description Echo Cancellation is a technique to suppress echo feedback in voice communication on full duplex lines The function is activated with Enabled The function is enabled by default Comfort Noise Genera Specify whether Comfort Noise Generation should be used tion CNG For digital voice transmission this function introduces a low level of background noise to avoid the impression that during pauses at the other end the connection is lost The function is activated with Enabled The function is enabled by default Packet Size Specify how many milliseconds of voice an RTP data packet should contain Possible values are 5 to 500 The default value is 20 18 2 2 SIP Accounts If your want your device to connect to other SIP servers e g servers of Internet SIP Ser vice providers you can configure the necessary entries here In this case the media gate way acts as a SIP client Furthermore you can configure the entries for SIP trunking scenarios here In this case the media gateway acts as a SIP server for other SIP servers An example for this is the connection of a SIP PBX e g Asterisk to the media gateway This means that not only all SIP provider accounts are configured here but also direct dial in PBXs connected with the media gateway IEn Note In no case should you use this menu to configure SIP extensions i e for SIP clients or PSTN clients such as SIP telephon
377. iority the shorter the time added Consequently a backup router with a higher priority responds more quickly than a router with lower priority Possible values are whole numbers between 1 and 255 and the default value is 10 Pre empt mode back in Define whether a backup router with higher priority has priority to master status over a master router with low priority Pre empt mode is used to prevent unnecessary switching This means An active backup router with low priority does not give up its role if the master router becomes reachable again The function is activated with Enabled The function is enabled by default Note the following exception If Virtual Router Priority 255 is selected the gateway with this priority takes over the master role in all cases i e the setting in Pre empt Mode is not con sidered You should therefore select a Virtual Router Priority lower than 255 if you wish to use pre empt mode Field Description Enable authentication Enable or disable authentication The function is activated with Enabled If the function is active an input field is displayed Enter the au thentication key here Note Note that the authentication key must be the same for all virtual routers in the group The function is disabled by default 19 13 2 VR Synchronisation The watchdog daemon is configured in the Local Services gt BRRP gt VR Synchronisa tion menu i e you define how state changes are handle
378. iority Use Bandwidth Bit s Bounded OK Cancel __ Fig 131 Firewall gt Policies gt QoS gt New The Firewall gt Policies gt QoS gt New menu consists of the following fields Fields in the QoS Configure QoS Interface menu Field Description Interface Select the interface on which bandwidth management is to be carried out Traffic Shaping Select whether you want to activate bandwidth management for the selected interface The function is activated with Enabled The function is disabled by default Specify bandwidth Only for Traffic Shaping Enabled Enter the maximum available bandwidth in kbps for the selected interface Filter Rules This field contains a list of all configured firewall policies for which QoS was enabled Apply QoS Enabled The follow ing options are available for each list entry e Use Select whether this entry should be assigned to the QoS interface The option is deactivated by default e Bandwidth Enter the maximum available bandwidth in Bps R1xxx R3xxx R4xxx Field Description for the service specified under Services 0 is entered by de fault e Fixed Select whether the bandwidth defined in Bandwidth can be exceeded in the longer term By activating this field you specify that it cannot be exceeded If the option is deac tivated the bandwidth can be exceeded and the excess data rate is handled in accordance with the priority defined in the firew
379. ir bonding for a clock rate of 576 kbps to 17088 kbps e 6 wire IMA Six wires are used with IMA for a clock rate of 576 kbps to 17088 kbps e 8 wire Eight wires are used with m pair bonding for a clock rate of 768 kbps to 22784 kbps e 8 wire IMA Eight wires are used with IMA for a clock rate of 768 kbps to 22784 kbps Field Description Additional Wire Pairs Only for Wire Mode 4 wire 4 wire standard 4 wire IMA 6 wire 6 wire IMA For Wire Mode 4 wire 4 wire standardor 4 wire IMA the second pair of wires is defined here For Wire Mode 6 wireor 6 wire IMAthe second and third pairs of wires are defined here Wire pairs already used in defined connections are not available for selection If these continue to be used for this SHDSL con nection the existing connection must first be terminated Requested Rate Only for Clock Rate Fixed Select which speed should be used Line Speed Interval Only for Clock Rate Adaptive Under Minimum select the minimum clock rate and under Max imum select the maximum clock rate for the connection 11 6 Serial Ports 11 6 1 Options In the Serial Ports menu configure the serial WAN interface of your gateway Your gateway offers an integrated X 21 V 35 interface The interface can be operated in accordance with various electrical standards X 21 V 35 The electrical standard used and the layer 1 operation mode DTE or DCE can be de tected automatically from the plu
380. is 50 You can view the stored messages in Monitoring gt Internal Log Select the priority of system messages above which a log should be created System messages are only recorded internally if they have a higher or identical priority to that indicated i e all messages generated are recorded at syslog level debug Possible values Emergency Only messages with emergency priority are re corded e Alert Messages with emergency and alert priority are recor ded e Critical Messages with emergency alert and critical prior ity are recorded e Errors Messages with emergency alert critical and error Field Value priority are recorded e Warning Messages with emergency alert critical error and warning priority are recorded e Notice Messages with emergency alert critical error warning and notice priority are recorded e Information default value Messages with emergency alert critical error warning notice and information priority are recorded e Debug All messages are recorded Maximum Number of Ac Enter the maximum number of accounting entries that are counting Log Entries stored internally in the device Possible values are 0 to 1000 The default value is 20 10 2 2 Passwords Setting the passwords is another basic system setting i Language English View Standard Online Heip Logout System Passwords Date and Time System Licences e IE System
381. is re commended for leased lines PPTP and L2TP connections Funkwerk Enterprise Communications GmbH 16 VPN Field Description The function is activated with Enabled The function is enabled by default Fields in the Advanced Settings IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are to be sent Possible values e Passive default value OSPF is not activated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter face are however included when calculating the routing in formation and propagated over active interfaces e Active OSPF is activated for this interface i e routes are propagated or OSPF protocol packets sent over this interface e Inactive OSPF is disabled for this interface Proxy ARP Mode Select whether your device is to answer APR requests from your LAN on behalf of the specific PPTP partner Possible values e Inactive default value Disables Proxy ARP Address Resolution Protocol for this PPTP partner e Up or Dormant Your device answers an APR request only if the status of the connection to the PPTP partner is Up or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up until someone actually wants to use the route e Up Only Your device answers an APR request only
382. isation Possible values e Only Controlled RTP Streams default value By means of the data routed via the media gateway the system detects voice data traffic and optimises the voice transmis sion e All RTP Streams All RTP streams are optimised e Inactive Voice data transmission is not optimised e Always Voice data transmission is always optimised Maximum Upload Speed Enter the maximum available upstream bandwidth in kbps for the selected interface R1xxx R3xxx R4xxx 16 VPN Funkwerk Enterprise Communications GmbH Chapter 16 VPN A connection that uses the Internet as a transport medium but is not publicly accessible is referred to as a VPN Virtual Private Network Only authorised users have access to such a VPN which is seemingly also referred to as a VPN tunnel Normally the data transported over a VPN is encrypted A VPN allows field staff or staff working from home offices to access data on the company s network Subsidiaries can also connect to head office over VPN Various protocols are available for creating a VPN tunnel e g IPSec or PPTP The connection partner is authenticated with a password using preshared keys or certific ates With IPSec the data is encrypted using AES or 3DES for example with PPTP you can use MPPE 16 1 IPSec IPSec enables secure connections to be set up between two locations VPN This enables sensitive business data to be transferred via an unsecure medium su
383. ise Communications GmbH 16 VPN The VPN gt GRE gt GRE Tunnels menu consists of the following fields Fields in the GRE Tunnels Basic Parameters menu Field Description Description Enter a description for the GRE tunnel Local GRE IP Address Enter the source IP address of the GRE packets to the GRE partner If no IP address is given this corresponds to IP address 0 0 0 0 the source IP address of the GRE packets is selected automatically from one of the addresses of the interface via which the GRE partner is reached Remote GRE IP Ad Specify the destination IP address of the host or network to dress which the packets are to be sent through the GRE tunnel Default Route If you enable the Default Route all data is automatically routed to one connection The function is disabled by default Local IP Address Enter the IP address to be used as the source address for this GRE connection Route Entries Define other routing entries for this connection partner Add a new entry with Add e Remote IP Address IP address of the destination host or network e Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 MTU Enter the maximum packet size Maximum Transfer Unit MTU in bytes that is allowed for the GRE connection between the partners Possible valu
384. ive Access gt SSH menu and have access to the options for configuration of the SSH login R1xxx R3xxx R4xxx Online Help Logout Access SSH SNMP e s bintec R150 EE SSH Secure Shell Parameters SSH service active Y Enabled Comprez lon Enabled TCP Keepalives enabled igasi evel infomation al Authentication and Encryption Parameters Skee Encryption Algorithms Mapes Miplowtish AES 128 C AES 256 E Hashing Algorithms ws FISHA 1 VIRipemD 160 RSA Key Status Generated i DSA Key Status Not generated Generate o xT OK pri Cancel Fig 49 System Management gt Administrative Access gt SSH You need an SSH client application e g PuTTY to be able to reach the SSH Daemon If you wish to use SSH Login together with the PuTTY client you may need to comply with some special configuration requirements for which we have prepared FAQs You will find these in the Service Support section at www funkwerk ec com To be able to reach the shell of your device via an SSH client make sure the settings for the SSH Daemon and SSH client are the same C Note If configuration of an SSH connection is not possible restart the device to initialise the SSH Daemon correctly The System Management gt Administrative Access gt SSH menu consists of the follow ing fields Fields in the SSH SSH Secure Shell Parameters menu Fiel
385. k werk Enterprise Communications GmbH Support Centre can be reached Monday to Friday between the hours of 8 00 am and 5 pm They can be contacted as follows Email hotline Ofunkwerk ec com International Support Coordina Telephone 49 911 9673 1550 tion Fax 49 911 9673 1599 End customer Hotline 0900 1 38 65 93 1 10 min on land lines in Germany For detailed information on our support services contact www funkwerk ec com R1xxx R3xxx R4xxx Chapter 4 Basic configuration You configure your device using the Funkwerk Configuration Interface The way to obtain the basic configuration is explained below step by step Detailed know ledge of networks is not necessary A detailed online help system gives you extra support The Companion DVD also supplied includes all the tools that you need for the configura tion and management of your device 4 1 Presettings 4 1 1 Preconfigured data Your device is shipped with a pre defined IP configuration e IP Address 192 168 0 254 e Netmask 255 255 255 0 Use the following access data to configure your device in an ex works state e User Name admin e Password funkwerk 3 Note All bintec devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthor ised use Make sure you change the passwords to prevent unauthorised access to your device How to change the passwords is descr
386. k Enterprise Communications GmbH 18 VoIP Field Description IP address of the terminal Only for Interface Type SIP Authentication ID Enter a name that is to be used for authentication A maximum of 20 characters can be entered The name given here must also be entered on the SIP tele phone If you do not enter a name the name in the Extension User Name field is used Only for Interface Type SIP Password Enter a password here A maximum of 20 characters can be entered The password given here must also be entered on the SIP tele phone Protocol Select the protocol to be used for data transmission Possible values UDP default value TCP or TLS If a protocol has been automatically recognised it should not be changed Port Enter the number of the UDP TCP or TLS port to be used for the connection to the server or proxy Possible values are 0 to 65535 The default value is 5060 Fields in the Advanced Settings Codec Settings menu Field Description Codec Proposal Se Choose the order in which the codecs are offered for use by the quence media gateway If the first codec cannot be used the second is tried and so on Possible values e Standard default value the codec in the first position in 18 VoIP Funkwerk Enterprise Communications GmbH Field Description the menu will be used if possible e Quality the codecs are sorted by quality If possible the codec with the best quality is use
387. k New to create a new entry and choose the Connection Type UMTS 3 Follow the steps shown by the wizard The wizard has its own online help which of fers all of the information you may require 4 Once you have exited the wizard save the configuration by clicking on the Save Con Funkwerk Enterprise Communications GmbH 4 Basic configuration figuration button above the menu navigation 4 5 3 Other internet connections In addition to an ADSL connection over the internal ADSL2 modem you can connect your device over other connection types with the internet or over an external modem e g a cable modem or an external gateway The corresponding wizard in Funkwerk Configura tion Interface provides support for configurations of this type You can find the internet wizards and other wizards for easy configuration of various applications at the top of the menu tree under Wizards 4 5 4 Testing the configuration Once you have completed the configuration of your device you can test the connection in your LAN and to the Internet Carry out the following steps to test your device 1 Test the connection to your device Click Run in the Start menu and enter ping fol lowed by a space and the IP address of your system e g 192 168 0 254 A win dow appears with the response Reply from 2 Test Internet access by entering www funkwerk ec com in the Internet browser Funk werk Enterprise Communications GmbH s Internet site offers
388. k on the Go button a dialog box is shown in which you can select the storage location on your PC and enter the desired file name e Copy The configuration file in the Source File Name field is saved as Destination file name e Rename The configuration file in the Select file field is re named as New Filename Delete configuration The configuration file in the Se lect file field is deleted e Delete file The file in the Select file field is deleted Configuration Encryption Only for Action Import configuration Export con figuration Export configuration with state in formation Define whether the data of the selected Action are to be encrypted The function is activated by choosing Enabled The function is disabled by default If the function is active you can enter the Password in the text Funkwerk Enterprise Communications GmbH 20 Maintenance Field Description field Filename Only for Action Import configuration Import lan guage Update system software Enter the path and name of the file or select the file with Browse via the explorer finder Source Location Only for Action Update system software Select the source for the update Possible values e Local File default value The system software file is stored locally on your PC e HTTP server The file is stored on a remote server specified in the URL e Current software from Funkwerk server The file is on the official Funkwe
389. kets Serial interface V 24 RJ45 socket RJ45 socket Ethernet interface RJ45 socket RJ45 socket ISDN interface RJ45 socket RJ45 socket ISDN PRI interface RJ45 socket X 21 interface RJ45 socket Standards Guidelines R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states SAFERNET TM Se curity Technology Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPOA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN 6 Technical data Funkwerk Enterprise Communications GmbH Product name bintec R4100 bintec R4300 with PPTP or IPSec with PPTP or IPSec Dime Manager on DVD Dime Manager on DVD Software supplied Printed documentation Quick Install Guide Quick Install Guide supplied Online documentation User s Guide User s Guide Workshops Workshops Release Notes if required Release Notes if required Note Antenna Diversity The two antennas do not have equality of access One is used both to transmit and re ceive marked as main primary or 1 the antenna next to the power switch the other is only used to receive During reception the AP Access Point checks which antenna is recei
390. l be too short to make further changes R1xxx R3xxx R4xxx bintec R1200 gt m _Save configuration Automatic Refresh interval 60 Seconds Apply Satus Warning System Password not changed l Global Settings System Information imerteco Mode ridge Uptime 2 Days 22 Hour s 27 Minute s Groups LS o Le os e en Administrative Access System Date Mon Jan 16 23 53 01 2006 Remote Authentication Serial Number R1E180006500018 Certificates A ez a PRR BOSS Version V 7 9 Rev 5 IPSec from 2009 1109 00 00 00 AS erroneo q Weee CPU Usage 0 Wireless LAN Memory Usage 22 1 31 9 MB 70 gt E ISDN Usage External 0 48 Channels VO iia Active Sessions SIF RTP etc o A uM Active IPSec Tunnels 0 0 AA sia erae Interface Specifics Link BR 192168 0 254 255 255 2550 Me Local Services ent 4 Not configured Not configured o P a WLAN Off E o 0 lt i com0 8 Not configured o AS bri2 0 Not configured a Monitoring oz Not configured o Configured C Recent System Logs Time Level Subsystem Message 01 25 24 Information VolP PABXD Adminstatus is disabled all PABX features will be disabled 01 23 Information IPSec init starting a 4 01 25 23 Information IPSec BinTec ipsecd version 3 0 Copyright c 1996 2009 by Funkwerk Enterprise Communications GmbH 01 26 23 Information IPSec init running a 01 25 23 Information INET sshd pid 57
391. ld Description First select the port number range Possible values Any default value The route is valid for all port numbers Single Enables the entry of a port number Range Enables the entry of a range of port numbers Privileged Entry of privileged port numbers 0 1023 Server Entry of server port numbers 5000 32767 Clients 1 Entry of client port numbers 1024 4999 Clients 2 Entry of client port numbers 32768 65535 Not privileged Entry of unprivileged port numbers 1024 65535 Enter the appropriate values for the indivividual port or start port of a range in Port and for a range the end port in to Port Destination Port Only if Layer 4 Protocol TCP or UDP Enter the destination port First select the port number range Possible values Any default value The route is valid for all port numbers Single Enables the entry of a port number Range Enables the entry of a range of port numbers Privileged Entry of privileged port numbers 0 1023 Server Entry of server port numbers 5000 32767 Clients 1 Entry of client port numbers 1024 4999 Clients 2 Entry of client port numbers 32768 65535 Not privileged Entry of unprivileged port numbers 1024 65535 Enter the appropriate values for the indivividual port or start port of a range in Port and for a range the end port in to Port DSCP TOS Value Select the Type of Service TOS 14 Routing
392. ld Description UDP Inactivity Enter the inactivity time after which a UDP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 180 TCP Inactivity Enter the inactivity time after which a TCP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 3600 PPTP Inactivity Enter the inactivity time after which a PPTP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 86400 Other Inactivity Enter the inactivity time after which a session of another type is to be regarded as expired in seconds Possible values are 30 to 86400 The default value is 30 R1xxx R3xxx R4xxx 17 2 Interfaces 172 1 Groups In the Firewall gt Interfaces gt Groups menu a list of all configured interface groups is shown You can group together the interfaces of your device This makes it easier to configure fire wall rules 17 2 1 1 New Choose the New button to set up new interface groups bintec R1200 Language English View Standard Basic Parameters Description Members oK J _ Cancel Fig 133 Firewall gt Interfaces gt Groups gt New The Firewall gt Interfaces gt Groups gt New menu consists of the following fields Fields in the Groups Basic Parameters menu F
393. ld not be changed R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 18 VoIP Field Description Internal IP Address Specify the IP address for the internal SIP endpoint in the LAN Remote Port Only for Type of Endpoint Client Enter the port of the removed SIP terminal in the WAN Internal Port Only for Type of Endpoint Server Enter the port for the internal SIP endpoint in the LAN External Port Specify the port on the WAN site of the gateway that is used for access through the NAPT barriers to a SIP endpoint in the LAN For clients the external port is recognised automatically and should not be changed 18 2 Media Gateway A media gateway serves as a translation instance between different telecommunications networks e g between the plain old phone network and the next generation networks IP networks With the Funkwerk Media Gateway a company equipped with an automatic PBX on a wired telephone network can be connected to a SIP Trunking Service Provider on the Inter net in order to use IP telephony The Funkwerk Media Gateway supports the binding of several SIP Provider Accounts With this gateway you can set up extensions create an extension number plan and configure exchange functions and optimise voice data transmission for low bandwidth of the upload connection IEn Note Your device must be fitted with a DSP module to be able to use the media gateway functions Information on building in th
394. led Enter the name according to CA E mail Only for Custom disabled Enter the e mail address according to CA Organisational Unit Only for Custom disabled Enter the organisational unit according to CA Organisation Only for Custom disabled Enter the organisation according to CA Location Only for Custom disabled Enter the location according to CA State Province Only for Custom disabled Enter the state province according to CA Country Only for Custom disabled Field Description Enter the country according to CA The Advanced Settings menu consists of the following fields Fields in the Advanced Settings Alternative Subject Name menu Field Description 1 2 3 For each entry define the type of name and enter additional subject names Possible values e None default value No additional name is entered e IP An IP address is entered DNS A DNS name is entered e Email An e mail address is entered e URI A uniform resource identifier is entered e DN A distinguished name DN name is entered e RID A registered identity RID is entered Field in the Advanced Settings Options menu Field Description Autosave Mode Select whether your device automatically stores the various steps of the enrolment internally This is an advantage if enrol ment cannot be concluded immediately If the status has not been saved the incomplete registration cannot be completed As soon
395. legraphy and Telephony The forwarding of calls This performance feature enables you to forward a call without having to take it yourself If you forward a call to an external subscriber you bear any connection costs from your connection to the destination of the forwarded call This feature can therefore be used by system telephones and ISDN telephones that support this function see user s guide for terminals For more in formation on using this performance feature with the telephone please see the user s guide Performance feature of a PBX Telephone numbers are stored ina PBX and can be called from every connected telephone using a key combination Certificate Channel bundling Challenge Handshake Authentication Protocol Frame Check Sequence FCS Calling Line Identification Funkwerk Enterprise Communications GmbH Client CLIP CLIR COLR Combination device Conference call Configuration Man ager Configuration of the PBX with the PC Configuration of the PBX with the tele phone Connection of ana logue terminals Glossary A client uses the services provided by a server Clients are usually workstations Abbreviation for Calling Line Identification Presentation Telephone number display of calling party Abbreviation for Calling Line Identification Restriction Temporary suppression of the transmission of the calling party s telephone number Connected Line Identification Restriction suppres
396. lephone procedures described in the user s guide Please read the information on the described functions in the user s guide A device that connects different networks at layer 3 of the OSI mod el and routes information from one network to the other The RSA algorithm named after its inventors Rivest Shamir Adle man is based on the problem of factoring large integers It therefore takes a large amount of data processing capacity and time to derive a RSA key Real Time Streaming Protocol See Primary Rate Interface The SAD Security Association Database contains information on security agreements such as AH or ESP algorithms and keys se quence numbers protocol modes and SA life For outgoing IPSec connections an SPD entry refers to an entry in the SAD i e the SPD defines which SA is to be applied For incoming IPSec connec tions the SAD is queried to determine how the packet is to be pro cessed Symmetric Digital Subscriber Line A server offers services used by clients Often refers to a certain computer in the LAN e g DHCP server Funkwerk Enterprise Communications GmbH ServerPass Service 0190 Service 0700 Service 0900 Glossary Part of the T Com certification services for the Internet Digital pass for a company With the ServerPass T Com confirms that a server on the Internet belongs to a particular company and that this was verified through the presentation of an excerpt from the business re gister
397. les already configured is shown Click Add to configure new channel bundles You can use the Add button under Custom Time Slots to configure further bundles Cr Note This function is only available for leased lines Fields in the ISDN Configuration New Bundle menu Field Description Description Enter the name of the channel bundle Bundle Type Displays the type of channel bundle Possible values e PPP Multilink The channels are bundled as PPP Multilink channels e Physical Hyperchannel The channels are bundled as physical hyperchannels Timeslot Selection Choose between Range Selectionand Timeslot Matrix Timeslot Range Only if Timeslot Selection Range Selection Shows the logical channels timeslots combined to form this channel bundle e From Shows the first of the channels used for this channel bundle Possible values 1 to 31 e to Shows the last of the channels used for this channel bundle Possible values 1 to 31 Timeslot Matrix Only if Timeslot Selection Timeslot Matrix Shows alist of all channels in detail If you do not wish to use all the chan nels between a certain start and end channel for a channel bundle you can make a selective assignment here 11 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description X 75 Layer 2 Mode Here you define how the interface created by this channel bundle is to behave during connection setup You only need to configure these p
398. licitly also controls the operating status of the interface to which the virtual router is linked If an error occurs all interfaces on a device have to be deactivated Consequently the operating status of all interfaces on a device must be synchronised This synchronisation is required if multiple interfaces are monitored on a single device This configuration is performed in the Local Services gt BRRP gt VR Synchronisation gt New menu e Switching on the redundancy procedure This configuration is performed in the Local Services gt BRRP gt Options menu You configure the advertisement interface and the virtual interface s in the Local Services gt BRRP gt Virtual Routers gt New menu You must configure the same virtual routers with the same interfaces on all physical routers involved in the redundancy procedure However the virtual routers have different priorities on the various physical routers 19 13 1 1 New Choose the Newbutton to configure other virtual routers epu A Si gt CA IEA Language English Y View Standard Online Help Virtual Routers VR Syn ichronisation Options ERP Advertisement Interface Ethernet Interface Selectone Y IP Address IP Adress Netmask BRRP Monitored interface sa 7 Virtual Router Interface Advertisement interface not selected IP Address Netma
399. line banking Glossary mits the use of the ISDN controller as a WAN card The NDIS WAN driver enables the use of a DCN network on Windows NDIS is the abbreviation for Network Device Interface Specification and is a standard for the connection of network cards hardware to network protocols software A journey of discovery for interesting information in wide ranging data networks such as T Online Known mainly from the Internet Network Basic Input Output System The second part of an address in an IP network used for identifica tion of a device e g 255 255 255 0 See also IP address Your PBX has a DSL router so that one or more PCs can surf the In ternet and download information A network address designates the address of a complete local net work In telecommunications the network termination is the point at which access to a communication network is provided to the terminal You can use the Netz Direkt keypad function automatic external line access to enter a key sequence from your ISDN or analogue telephone to use current T ISDN functions For more information on this consult your T Com client advisor and request the necessary codes e g call forwarding in the exchange Network Management Station During a telephone call a telephone number can be entered in the telephone s buffer so that it can be dialled at a later point in time Network Termination Network Termination for Basic Access Network Tim
400. ling Surveillance E ISDH Theft Protection Fig 159 Local Services gt Web Filter gt Filter List gt New The Local Services gt Web Filter gt Filter List gt New menu consists of the following fields Fields in the Filter List Filter Parameters menu Field Description Category Select which category of addresses URLs the filter is to be used on The options are first the standard categories of the Proventia Web Filter default value Anonymous Proxies Actions can also be defined for the following special cases e g e Default behaviour This category applies to all Internet addresses e Other Category Some addresses are already known to the Proventia Web Filter but not yet classified The action as sociated with this category is used for such addresses R1xxx R3xxx R4xxx 19 Local Services Funkwerk Enterprise Communications GmbH Field Description e Unknown URL lf an address is not known to the Proventia Web Filter the action associated with this category is used Day Select the days on which the filter is to be active Possible settings e Everyday default value The filter is used every day of the week e lt Weekday gt The filter is used on a certain day of the week Only one day can be selected per filter several filters must be configured if several individual days are to be covered e Monday Friday The filter is used from Monday to Friday The default value is Daily
401. list of all NAT interfaces is shown R1xxx R3xxx R4xxx vee i e J lud y bites rzdo EES NAT Interfaces Portforwarding view 20 EEE L Fiter in None equal f Go Interface NAT active Silent Deny PPTP Passthrough Portforwardings LAN_BRO la 0 LAN_ENT O Te oO Ter wae E LAN_ENT 4 la lo o Page 1 tems 1 3 oK JC Cance Fig 84 Routing gt NAT gt NAT Interfaces For each NAT interface you can select the options NAT Active Silent Deny and PPTP Passthrough In addition Port forwardings displays how many port forwarding rules were configured for this interface Options in the menu NAT Interfaces Field Description NAT active Select whether NAT is to be activated for the interface The function is disabled by default Silent Deny Select whether IP packets are to be silently denied by NAT If this function is deactivated the sender of the denied IP packet is informed by means of an ICMP or TCP RST message The function is disabled by default PPTP Passthrough Select whether the setup and operation of several simultan eous outgoing PPTP connections from hosts in the network are also to be permitted if NAT is activated The function is disabled by default lf PPTP Passthrough is enabled the device itself cannot be configured as a tunnel endpoint R1xxx R3xxx R4xxx Field Description Port
402. ll is called the outgoing telephone number Packet switching Password Authentication Protocol The call is held temporarily in the exchange The main difference to on hold The call is interrupted the receiver can be replaced Can be used for brokering Possible in T Net T ISDN and PBXs The ter minal must have MFC and the R key Private Branch Exchange The features offered by a PBX are manufacturer specific and enable operation of exchanges free internal calls callback on busy and conference calls among other things PBXs are used e g for office communication voice text and data transfer Private Branch Exchange PBX Private Automatic Branch Exchange A point to point ISDN access includes a PBX number and an exten sion numbers range The PBX number is used to reach the PBX A certain terminal of the PBX is then dialled via one of the extension Funkwerk Enterprise Communications GmbH PCMCIA PDM PGP PH Phone book PIN Ping PKCS Point to multipoint Point to multipoint Point to multipoint Point to multipoint connection for the PBX Point to point Glossary numbers of the extension numbers range The PCMCIA Personal Computer Memory Card International Asso ciation is an industry association founded in 1989 that represents credit card sized I O cards such as WLAN cards Abbreviation for pulse dialling method Conventional dialling proced ure in the telephone network Dialled numbers are re
403. lled twisted pair only 10 100 mbps autosensing MDIX supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Permanently installed twisted pair only 10 100 mbps autosensing MDIX supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud ISDN WAN SO 2 Permanently installed Permanently installed DMZ ETH5 Additional Ethernet switch port Additional Ethernet switch port WLAN interface 802 11b 802 11g and 802 11a with antennas Antenna Diversity Data rates 1 2 5 5 6 9 11 12 18 24 36 48 54 mbps 1 2 5 5 6 9 11 12 18 24 36 48 54 mbps Available sockets Serial interface V 24 RJ45 socket RJ45 socket Ethernet interface RJ45 socket RJ45 socket ISDN interface RJ45 socket RJ45 socket ADSL interface RJ45 socket RJ45 socket Standards Guidelines R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states 6 Technical data Funkwerk Enterprise Communications GmbH Product name bintec R3000 bintec R3000w SAFERNET TM Se curity Technology Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPOA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Callback Access Control Lists CLID N
404. llowing fields bintec R1200 Language English View Standard Ea _ E mail Alert Server E mail Alert Recipient Basic Parameters n Alen Senice p Benable Sender E Mail Address IT 7 gt Maximum Messages per Minute iG y SMTP Settings gt 5 SMTP Server SMTP Authentication none OEsMTP O sup after POP 3 4 OK Ny 4 Cancel J Fig 189 External Reporting gt E mail Alert gt E mail Alert Server The External Reporting gt E mail Alert gt E mail Alert Server menu consists of the fol lowing fields Fields in the E mail Alert Server Basic Parameters menu R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 21 External Reporting Field Description Alert Service Enable or disable the function Sender E Mail Address Enter the mail address to be entered in the sender field of the E mail Maximum Messages per Minute Limit the number of outgoing mails per minute Possible values are 1 to 15 the default value is 6 Fields in the E mail Alert Server SMTP Settings menu Field Description SMTP Server Enter the address IP address or valid DNS name of the mail server to be used for sending the mails The entry is limited to 40 characters SMTP Authentication Authentication expected by the SMTP server Possible values e None default value The server accepts and send emails
405. lt Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is activated with Enabled The function is enabled by default Funkwerk Enterprise Communications GmbH 15 WAN Field Description Local IP Address Only for IP Address Mode Static Enter the static IP address you received from your provider Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner Add a new entry with Add e Remote IP Address IP address of the destination host or LAN e Netmask Netmask of Remote IP Address e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The de fault value is 60 Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Authentication Select the authentication protocol for this Internet connection Select the authentication specified by your provider Possible values e PAP default value Only run PAP PPP Password Authentica tion Protocol the password is t
406. m Drop A randomly selected packet is dropped from the queue Min queue size Enter the minimum size of the queue in bytes Possible values are 0 to 16384 The default value is 0 Max queue size Enter the maximum size of the queue in bytes Possible values are 0 to 16384 The default value is 16384 R1xxx R3xxx R4xxx Chapter 15 WAN This menu offers various options for configuring accesses or connections from your LAN to the WAN You can also optimise voice transmission here for telephone calls over the Inter net 15 1 Internet Dialup In this menu you can set up Internet access or dialup connections To enable your device to set up connections to networks or hosts outside your LAN you must configure the partners you want to connect to on your device This applies to outgoing connections your device dials its WAN partner and incoming connections a remote part ner dials the number of your device If you want to set up Internet access you must set up a connection to your Internet Service Provider ISP For broadband Internet access your device provides the PPP over Ethernet PPPoE PPP over PPTP and PPP over ATM PPPoA protocols You can also configure Internet access over ISDN 3 Note Note your provider s instructions Dialin connections over ISDN are used to establish a connection to networks or hosts out side your LANs All the entered connections are displayed in the corresponding list which conta
407. m the available interfaces Distribution Ratio Enter the percentage of the data traffic to be assigned to an in terface The meaning differs according to the Distribution Policy used e Based on the number of sessions to be distributed for Ses sion Round Robin e For Bandwidth Load Dependent the data rate is the de cisive factor 14 Routing Funkwerk Enterprise Communications GmbH 14 5 Multicast What is multicasting Many new communication technologies are based on communication from one sender to several recipients Therefore modern telecommunication systems such as voice over IP or video and audio streaming e g IPTV or Webradio focus on reducing data traffic e g by offering TriplePlay voice video data Multicast is a cost effective solution for effective use of bandwidth because the sender of the data packet which can be received by several re cipients only needs to send the packet once The packet is sent to a virtual address defined as a multicast group Interested recipients log in to these groups Other areas of use One classic area in which multicast is used is for conferences audio video with several re cipients The most well known are probably the MBone Multimedia Audio Tool VAT Video Conferencing Tool VIC and Whiteboard WB VAT can be used to hold audio con ferences All subscribers are displayed in a window and the speaker s are indicated by a black box Other areas of use are of particular
408. management frames and fragmented MSDUs Microsoft Point to Point Compression Microsoft Point to Point Encryption MAC Service Data Unit a data packet that ignores fragmentation in the WLAN Multiple subscriber number See SSID Maximum Transmission Unit A specific form of broadcast in which a message is simultaneously transmitted to a defined user group Multiple subscriber number A gateway that can route several protocols e g IP X 25 etc Music on hold MoH Your PBX has two internal music on hold melodies On delivery in ternal melody 1 is active You can choose between melody 1 or 2 or deactivate the music on hold Music on hold MoH Performance feature of a PBX During an inquiry or call forwarding MWI NAT NDIS WAN a melody is played that the waiting subscriber hears On your PBX you can choose between two internal melodies Transmission of a voice message from a mailbox e g T NetBox or MailBox to a terminal The receipt of the message on the terminal is signalled e g by a LED Network Address Translation NDIS WAN is a Microsoft enhancement of this standards in relation to wide area networking WAN The NDIS WAN CAPI driver per R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH Net surfing NetBIOS Netmask Network Network address Network termination NTBA Neiz Direkt keypad functions NMS Notebook function NT NTBA NTP OAM Offline Online On
409. me OK JC Cancel Fig 60 Physical Interfaces gt AUX gt AUX The Physical Interfaces gt AUX gt AUX menu consists of the following fields Fields in the AUX Basic Parameters menu Field Description AUX Port Status Select whether the AUX port should be enabled or disabled The port is enabled by choosing Enabled The port is disabled by default Line Speed Only for AUX Port Status enabled Here you select the speed at which the gateway addresses the modem in bps Possible values Default The Baud rate of the serial terminal connection is retained 9600 in ex works state All other values mean that the modem is addressed at the cor responding speed in bps e 9600 bps default value e 19200 bps e 38400 bps e 57600 bps Recommended for communication with a GSM modem R1xxx R3xxx R4xxx 11 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description e 115200 bps Recommended for communication with an ana logue modem Incoming Service Type Only for AUX Port Status enabled Here you select the gateway subsystem to which an incoming call over the modem is to be assigned Possible values e Disabled No call is accepted e ISDN Login The call is assigned to the ISDN Login subsys tem e PPP Dialin default value The call is assigned to the PPP subsystem SIM Card Uses PIN Only for AUX Port Status enabled Here you enter the PIN of your GSM modem if your
410. me dependent standard actions of your devices In this menu you configure the surveillance of interfaces or hosts in the network Funkwerk Enterprise Communications GmbH 8 Access and configuration ISDN Theft Protection Funkwerk Discovery UPnP Hotspot Gateway BRRP Maintenance In this menu you can configure the ISDN theft protection func tion for each interface In this menu you can configure management functions for bintec Access Point In this menu you configure the UPnP settings individually for each interface of your gateway In this menu you configure the bintec Hotspot Gateway In this menu you can configure a redundant network environ ment Diagnostics Software amp Configura tion Reboot External Reporting In this menu you can test the accessibility of hosts DNS servers or routing In this menu you can manage your device s configuration files You can save them either locally on your device or on your computer for example You can also start an update of the system software In this menu you can initiate the rebooting of the device Syslog IP Accounting E mail Alert SNMP Activity Monitor In this menu you configure the host to which the data logged in ternally on the device is forwarded for saving and further pro cessing In this menu you decide for which interfaces accounting mes sages are to be generated Depending on the configuration in this menu e m
411. n has failed The default value is 50 15 WAN Funkwerk Enterprise Communications GmbH Field Description Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Usage Type If necessary select a special interface use Possible values e Standard default value No special type is selected e Dialin only The interface is used for incoming dialup connections and callbacks initiated externally e Multi User Dialin only The interface is defined as multi user connection partner i e several clients dial in with the same user name and password Authentication Select the authentication protocol for this PPTP partner Possible values e PAP CHAP MS CHAP Primarily run CHAP on denial the au thentication protocol required by the PPTP partner MSCHAP version 1 or 2 possible e PAP default value Only run PAP PPP Password Authentica tion Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentica tion Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this opt
412. n is not used e Enabled default value MPP encryption V2 with 128 bit is used to RFC 3078 e Windows compatible MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco LCP Alive Check Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This is re commended for leased lines PPTP and L2TP connections The function is activated with Enabled The function is disabled by default 16 VPN Funkwerk Enterprise Communications GmbH Field Description Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default Fields in the Advanced Settings IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are to be sent Possible values e Passive default value OSPF is not activated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter face are however included when calculating the routing in formation and propagated over active interfaces e Active OSPF is activated for this interface i e routes are propagated or OSPF protocol packets sent over this interface e Inactiv
413. n the Call Routing Routing Rules menu only if Type Trunk Field Description Trunk Line Select the line to be used for the outgoing call Called Address Transla Enter how the subscriber number is manipulated before it is tion used for dialling Notation lt a b gt i e a is replaced by b A number of rules can be chained together using semicolons as separators e g lt a b gt lt c d gt lt e f gt After confirmation of entry the rule chain is automatically sorted by the best match method Numerical and alphanumerical values are permissible is a placeholder for an arbitrary character Example 18 2 Example of a rule e Rule lt 49911 gt e number dialled 96731234 e manipulated number 4991196731234 R1xxx R8xxx R4xxx 18 2 4 CLID Translation Here you define the processing of the calling party number for incoming calls You can for example add a prefix to a received call number in order to route corresponding outgoing calls via a particular SIP account In the VoIP gt Media Gateway gt CLID Translation menu a list of all existing entries is shown on which the received number is edited 18 2 4 1 Edit New Choose the o icon to edit existing entries Select the New button to create entries for CLID translation uke G Language English View Standard w Online Help Logout T 7 Extensions SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks Opti
414. n your PC Encryption keys First of all make sure that the keys for encrypting the connection are available on your device 1 Log in to one of the types already available on your device e g via Telnet for login R1xxx R3xxx R4xxx 8 Access and configuration Funkwerk Enterprise Communications GmbH see Logging in on page 75 2 Enter update i for the input prompt You are now in the Flash Management shell 3 Call up a list of all the files saved on the device 1s al If you see a display like the one below the keys needed are already there and you can connect to the device via SSH Flash Sh gt ls al Flags Version Length Date Name Vr xpbc B 7 1 04 2994754 2004 09 02 14 11 48 box150 srel ppc860 Vrw pl1 f 0 0 350 2004 09 07 10 44 14 sshd host _rsa key pub Vrw p1 f 0 0 1011 2004 09 07 10 44 12 sshd host_rsa_key Vrw pl1 f 0 0 01 730 2004 09 07 10 42 17 sshd host _dsa key pub Vrw pl f 0 0 01 796 2004 09 07 10 42 16 sshd host_dsa key Flash Sh gt ES Note The device generates a key pair for each of the algorithms RSA and DSA i e two files must be stored in the flash for each algorithm see example at above If no keys are available you have to generate these first Proceed as follows 1 Leave the Flash Management shell with exit 2 Call the Funkwerk Configuration Interface and log on to your device see Calling the Funkwerk Configuration Interface on page 79 3 Make sure that English is selected
415. name Password Enter the password Always on Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Only if Always on is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass Funkwerk Enterprise Communications GmbH 15 WAN Field Description between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Fields in the PPPoEIP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Get IP Address default value Your device is dynamic ally assigned an IP address e Static You enter a static IP address Default Route Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is activated with Enabled
416. nance work T Service access enables you to have your PBX configured by T Service Give T Service a call Get advice and provide information on your configuration requirements T Service will then configure your PBX remotely without you having to do anything Terminal Adapter Telephony Application Program Interface Funkwerk Enterprise Communications GmbH TAPI configuration TCP TCP IP TCU TE TEI Telefax Telematics Telnet Terminal adapter TFTP Tiger 192 TLS Tone dialling Transfer internal code Glossary You can use the TAPI configuration to modify the TAPI driver in line with the program that uses this driver You can check which MSN is to be assigned to a terminal define a line name and configure the dialling parameters First configure your PBX You must then config ure the TAPI interface Use the TAPI Configuration program Transmission Control Protocol Transmission Control Protocol Internet Protocol Telecommunication connection unit Terminal equipment Terminal Endpoint Identifier Term that describes the remote copying for transmitting texts graphics and documents true to the original over the telephone net work Telematics is a combination of telecommunication and computer technology and describes data communication between systems and devices Protocol from the TCP IP protocol family Telnet enables communic ation with a remote device in the network Device for interface adaptati
417. nary format e TOS Decimal Value Type of Service is used to signal the priority of IP packets indicated in decimal format possible values 0 to 255 COS filter 802 1p Layer Enter the service class of the IP packets Class of service 2 CoS Possible values 0 and 7 The default value is 0 14 6 2 QoS Classification The data traffic is classified in the Routing gt QoS gt QoS Classification menu i e the data traffic is associated using class IDs of various classes To do this create class plans for classifying IP packets based on pre defined IP filters Each class plan is associated to at least one interface via its first filter 14 6 2 1 New Choose the New button to set up other data classes R1xxx R3xxx R4xxx bintec R3000 ee Eds Taj Language English View Standard Online Help Qos Filter QoS Classification Qos Interfaces Policies Pac balaa Class map Ra Deserition j _ a x Filter E Select one se Direction Outgoing High Priority Class o jti ClassID o _ Interfaces Sy Add E OK 7 Cancel Fig 97 Routing gt QoS gt QoS Classification gt New The Routing gt QoS gt QoS Classification gt New menu consists of the following fields Fields in the QoS Classification Basic Parameters menu Field Description Class map Descripti
418. necessary enter the interface to be used for this route Network Type Not for Route Type Standard Route Also select the network type Possible values e Direct default value e in the LAN You define another IP address for the interface Field Description e in the WAN You define a route without a transit network e Indirect e in the LAN You define a gateway route e in the WAN You define a route with a transit network Local IP Address Only for Network Type Direct Enter the IP address of the gateway to which your device is to forward the IP packets Gateway Only for Network Type Indirect Enter the IP address of the host to which your device is to for ward the IP packets Metric Select the priority of the route The lower the value the higher the priority of the route Value range from 0 to 15 The default value is 7 Fields in the IP Routes Extended Route Parameters menu Field Description Source Interface Select the interface over which the data packets are to reach the device The default value is None Source IP Address Net Enter the IP address and netmask of the source host or source mask network Layer 4 Protocol Select a protocol Possible values ICMP TCP UDP GRE ESP AH OSPF L2TP Any The default value is Any Source Port Only if Layer 4 Protocol TCP or UDP Enter the source port R1xxx R8xxx R4xxx Funkwerk Enterprise Communications GmbH 14 Routing Fie
419. network Default gateway Describes the address of the gateway to which all traffic not destined for its own network is sent Denial Of Service At A Denial of Service DoS attack is an attempt to flood a gateway or tack host in a LAN with fake requests so that it is completely overloaded This means the system or a certain service can no longer be run DES Data Encryption Standard Destination number Speeddial memory memory DHCP Dynamic Host Configuration Protocol Dial preparation On some telephones with a display you can first enter a telephone check it first and then dial it Dial in parameters Define the dial in parameters i e you enter the provider s dial in number and specify Dialling control In the configuration for certain terminals you can define restrictions for external dialling Dialup connection A connection is set up when required by dialling an extension num ber in contrast to a leased line DIME Desktop Internetworking Management Environment DIME Browser Old name for Configuration Manager Direct dial in Performance feature of larger PBXs at the point to point connection The extensions can be called directly from outside Direct dialling range See Extension numbers range Display and output In the configuration it is possible to define storage of data records of connection data for specific terminals or all terminals In the ex works setting all in R1xxx R3xxx R4xxx Glossary Funkwerk Enterpris
420. nfiguration Current Line Speed menu Field Description Downstream Displays the data rate in the receive direction direction from CO DSLAM to CPE router in bits per second The value cannot be changed Upstream Displays the data rate in the send direction direction from CPE router to CO DSLAM in bits per second The value cannot be changed Fields in the ADSL Configuration ADSL Parameters menu Field Description ADSL Mode Define which Annex of ITU T Recommendation G 991 2 is used for the connection Possible values e Annex A For applications in North America provider dependent for example e Annex B default value For applications in Europe Funkwerk Enterprise Communications GmbH 11 Physical Interfaces Field Description provider dependent for example ADSL SyncType Select the ADSL synchronization type Possible values e Automatic Mode default value The ADSL mode is auto matically adapted for the remote terminal e ADSL1 ADSL1 G DMT is used e ADSL2 ADSL2 G 992 3 is used e ADSL2 Plus ADSL2 Plus G 992 5 is used e Down The ADSL interface is not active Only for ADSL Mode Annex A e Automatic Mode Annex M The ADSL mode is auto matically adapted to the other end with reference to G 992 3 Annex M e ADSL2 Plus Annex M ADSL2 Plus G 992 3 Annex M is used e ANSI T1 413 ansil1dot413 Only for ADSL Mode Annex B e ETSI T1 413 ETSIT1 413 Transmit Shaping Select whether the
421. nfiguration Interface configuration elements Input fields e g empty text field Text field with hidden input ce Enter the data Radio buttons e g R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 8 Access and configuration Checkboxes Dropdown menus Internal lists Address Mode Static DHCP Select the corresponding option e g activation by selecting checkbox Enabled Selection of several possible options Encryption Algorithms 13DES Blowfish L AES 128 _ AES 256 Hashing Algorithms IMDS 141 SHA 1 IVI RipeMD160 e g Contigured Speed Mode Full Autonegotiation im Full Autonegotiation SA Full Autonegotiation 16 Click the arrow to open the list Select the required option using the mouse e g Remote IP Address Netmask 255 255 255 0 m Add Click ada A new list entry is created Enter the correspond ing data If list input fields remain empty these are not saved when you confirm with OK Delete the entries by clicking the icon Display of options that are not available Options that are not available because they depend on the selection of other options are generally hidden If the display of these options could be helpful for a configuration de cision they are instead greyed out and cannot be selected Important Please look at the messages displayed in the sub menus These provide information on
422. nformation Power on The power supply is connected Status Permanently on or Error off flashing The device is active ETH 1 to5 on The device is connected to the Ethernet Top row flashing Data traffic via the Ethernet interface ETH 1 to5 on Data traffic with 100 mbps Bottom row off Data traffic with 10 mbps ISDN 0 B D on ISDN D channel is active Top row ISDN 0 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active Funkwerk Enterprise Communications GmbH 6 Technical data LED Status Information ISDN 1 B D on ISDN D channel is active Top row ISDN 1 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active MA HA flashing BRRP packets are received Top row MA HA on A user is logged in to the system e g over Tel net Bottom row WLAN on The WLAN module is active Top row WLAN flashing Data traffic via the WLAN interface Bottom row The LEDs on bintec R1200wu are arranged as follows Fig 7 LEDs on bintec R1200wu In operation mode the LEDs on bintec R1200wu display the following status information for your device LED status display LED Status Information Power on The power supply is connected LED Status Information Status Permanently on or Error off flashing The device is active ETH 1 to5 on The device is connected to the Ethernet Top row flashing Data traffic via the Ethernet interface ETH 1to5 on Data traffic with 100 mbps
423. nformation contains amongst other things the ATM address which is similar to the Internet address The ATM address is made up of the Virtual Path Identifier VPI and the Virtual Connection Identifier VCI this identifies the virtual connection Various types of traffic flows are transported over ATM To take account of the various de mands of these traffic flows on the networks e g in terms of cell loss and delay time suit able values can be defined using the service categories Uncompressed video data for ex ample requires different parameters to time uncritical data In ATM networks Quality of Service QoS is available i e the size of various network para meters such as bit rate delay and jitter can be guaranteed OAM Operation Administration and Maintenance is used to monitor the data transmission in ATM OAM includes configuration management error management and performance measurement 15 2 1 Profiles In the WAN gt ATM gt Profiles menu a list of all ATM profiles is shown If the connection for your Internet access is set up using the internal modem the ATM con nection parameters must be set for this An ATM profile combines a set of parameters for a specific provider By default an ATM profile with the description AUTO CREATED is preconfigured Its values VPI 1 and VCI 32 are suitable for a Telekom ATM connection for example C Note The ATM encapsulations are described in RFCs 1483 and 2684 You w
424. ng ISDN 2 At least one ISDN B channel is active ISDN 3 2 on ISDN 3 ISDN D channel is active Bottom row flashing ISDN 3 At least one ISDN B channel is active PRI 1 0 on PRI 0 ISDN D channel is active Top row flashing PRI 0 At least one ISDN B channel is active PRI 1 0 on PRI 1 ISDN D channel is active Bottom row flashing PRI 1 At least one ISDN B channel is active MA HA flashing BRRP packets are received Top row MA HA on A user is logged in to the system e g over Tel net Bottom row The LEDs on bintec R4300 are arranged as follows Fig 13 LEDs on bintec R4300 In operation mode the LEDs on bintec R4300 display the following status information for your device LED status display 1 D Status Information Power on The power supply is connected Status Permanently on or Error off flashing The device is active ETH 1to5 on The device is connected to the Ethernet Top row flashing Data traffic via the Ethernet interface ETH 1 to5 on Data traffic with 100 mbps Bottom row off Data traffic with 10 mbps ISDN 0 B D on ISDN D channel is active Top row ISDN 0 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active ISDN 1 B D on ISDN D channel is active Top row ISDN 1 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active X 21 2 1 on X 21 1 Connection is set up Top row R1xxx R3xxx R4xxx 1 D Status Information flashi
425. ng X 21 1 Data traffic X 21 2 1 on X 21 2 Connection is set up Bottom row flashing X 21 2 Data traffic MA HA flashing BRRP packets are received Top row MA HA on A user is logged in to the system e g over Tel net Bottom row 6 4 Connectors All the connections are located on the back of the device bintec R1200 has a 4 port Ethernet switch including a port with serial interface function a DMZ ETH5 interface and two ISDN interfaces The connections are arranged as follows 1 2 3 5 7 7 Fig 14 Back of bintec R1200 Back of bintec R1200 1 1 0 Mains switch 2 PWR Socket for plug in power pack 3 DMZ ETH5 Ethernet interface 5 ETH2 ETH4 Ethernet interface R1xxx R3xxx R4xxx 6 ETH1 Console Ethernet interface with serial interface function 7 ISDN O ISDN 1 ISDN interface bintec R1200w has a 4 port Ethernet switch including a port with serial interface function a DMZ ETHS5 interface and two ISDN interfaces The connections are arranged as follows Fig 15 Back of bintec R1200w Back of bintec R1200w 1 1 0 Mains switch 2 PWR Socket for plug in power pack 3 DMZ ETH5 Ethernet interface 4 Main and AUX RSMA connection 5 ETH2 ETH4 Ethernet interface 6 ETH1 Console Ethernet interface with serial interface function 7 ISDN 0 ISDN 1 ISDN interface bintec R1200wu has a 4 port Ethernet switch including a port with serial interface func
426. ng back Your device can answer an incoming call with a callback or re quest a callback from a connection partner Identification can be based on the calling party number or PAP CHAP MS CHAP authentication Identification is made in the former case without call acceptance as the calling party number is transferred over the ISDN D channel and in the latter case with call acceptance Channel Bundling Your device supports dynamic and static channel bundling for dialup connections Channel bundling can only be used for ISDN connections for a bandwidth increase or as a backup Only one B channel is initially opened when a connection is set up Dynamic Dynamic channel bundling means that your device connects other ISDN B channels to in crease the throughput for connections if this is required e g for large data rates If the amount of data traffic drops the additional B channels are closed again If devices from other manufacturers are to be used at the far end ensure that these sup port dynamic channel bundling for a bandwidth increase or as a backup Static In static channel bundling you specify right from the start how many B channels your device is to use for connections regardless of the transferred data rate 15 1 1 PPPoE In the WAN gt Internet Dialup gt PPPoE menu a list of all PPPoE interfaces is shown PPP over Ethernet PPPoE is the use of the Point to Point Protocol PPP network pro tocol over an Ethernet c
427. nications GmbH Field Description Select the protocol that you want to use for the ISDN port Possible values e Not used The ISDN connection is not used e Dialup Euro ISDN e Leased Line e Q SIG z l Only if Autoconfig on Bootup is disabled and if Port Usage ISDN Configuration Dialup Euro ISDN or Q SIG Type Select the ISDN connection type Possible values e Point to Multipoint default value Point to multipoint connection e Point to Point Point to Point ISDN access ISDN Switch Type Only if Port Usage Leased Line Select the ISDN protocol supplied by your provider Possible values e Leased Line B1 64S Leased line over B channel 1 64 kbps e Leased Line B1 B2 6452 Leased line over both B chan nels 128 kbps e Leased Line D B1 B2 TS02 Leased line over D channel and both B channels 144 kbps e Leased Line B1 B2 Different Endpoints Leased line to two different endpoints e Leased Line B1 D TS01 Leased line over B channel 1 and D channel 80 kbps e Leased Line B2 D TSO01 Leased line over B channel 2 and D channel 80 kbps e Leased Line B2 645 Leased line over B channel 2 64 kbps Subscriber Number Only if Port Usage Dialup Euro ISDN and ISDN Con Funkwerk Enterprise Communications GmbH 11 Physical Interfaces Field Description figtype Point to Point and for Port Usage 0 SIG Enter the call number for the connection The Advanced Settings menu consists of the following field
428. nnection In the System Management gt Remote Authentication gt RADIUS menu a list of all re gistered RADIUS servers is displayed 10 5 1 1 Edit New Choose the E icon to edit existing entries Choose the New button to add RADIUS serv be wa S View Standard Online Help Logout RADIUS TACACS Options Basic Parameters A f interface Mode Bridge Authentication Type Authentication p erous ServeriP Address B Administrative Access Remote Authentication RADIUS Secret ecccccce Certificates A Priority o Enty active Zenabled Sda Dazhai Default Group 0 Advanced Settings Policy Authoritative UDP Port ie p Server Timeout OO Cts cons alive Check Elenaa 8 Reties j Enabled lt RADIUS Dialout Ralbadiineryal tc Seconds Default User Password eoceccee OK Cancel Fig 51 System Administration gt Remote Authentication gt RADIUS gt New The System Administration gt Remote Authentication gt RADIUS gt New menu con sists of the following fields Fields in the RADIUS Basic Parameters menu Field VENTO Authentication Type Select what the RADIUS server is to be used for R1xxx R3xxx R4xxx 10 System Management Funkwerk Enterprise Communications GmbH Field Value Possible values e Authentication default value The RADIUS server is used for c
429. nnection failure for Authentication Encryption LCP Alive Check Enter the wait time in seconds before the device should try again after an attempt to set up a connection has failed The default value is 300 Select the authentication protocol for this PPTP partner Possible values e PAP Only run PAP PPP Password Authentication Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentica tion Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Give priority to CHAP if refused use the authentication protocol requested by the PPTP partner MSCHAP version 1 or 2 possible e MS CHAPv2 default value Run MS CHAP version 2 only If necessary select the type of encryption that should be used for data traffic to the connection partner If Encryption is set the remote terminal must also support it otherwise a connection cannot be set up Possible values e None MPP encryption is not used e Enabled default value MPP encryption V2 with 128 bit is used to RFC 3078 e Windows compatible MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This
430. nt The cost limit is to be activated so that units can be booked Once the units have been used up no further external calls are possible In ternal calls can still be made at any time The units are booked to the account each time a call is ended Also known as call forwarding An incoming call is diverted to a spe cified telephone Internet or wireless connection Performance feature e g of the T Concept PX722 system tele phone special feature telephones or answering machines The call is only signalled in the case of certain previously defined telephone numbers You can only use the options of call forwarding in the exchange via the keypad if certain services are activated for your connection You can receive more information on this from your T Com advisor The exchange connects the calling subscriber with an external sub scriber you have specified Funkwerk Enterprise Communications GmbH Call forwarding in the PBX Glossary The call forwarding CF performance feature of the PBX enables you to be reached even if you are not in the vicinity of your tele phone You achieve this by automatically forwarding your calls to the required internal or external telephone number You can use the configuration program to define whether call forwarding should be carried out in the PBX or the exchange You should use call for warding in the exchange if certain services are activated for your connection You can receive more informati
431. nter the start and end IP address of the range 173 2 Groups In the Firewall gt Addresses gt Groups menu a list of all configured address groups is shown You can group together addresses This makes it easier to configure firewall rules 17 3 2 1 New Choose the New button to set up new address groups bintec R1200 Language English View Standard Online Help Basic Parameters Description Selection Fig 135 Firewall gt Addresses gt Groups gt New R1xxx R3xxx R4xxx The Firewall gt Addresses gt Groups gt New menu consists of the following fields Fields in the Groups Basic Parameters menu Field Description Description Enter the desired description of the address group Selection Select the members of the group from the available Addresses To do this enable the field in the Selection column 17 4 Services 17 4 1 Service List In the Firewall gt Services gt Service List menu a list of all available services is shown 17 4 1 1 New Choose the New button to set up new services bintec R1200 Language English View Standard Online Help SEIT E Basic Parameters a Description Protocol Any Ei C oK Cancel __ Policies Fig 136 Firewall gt Services gt Service List gt New The Firewall gt Services gt Service List
432. ntication Method DSA Signature RSA Sig nature or RSA Encryption If you enable the Trust the following CA certificates option you can select up to three additional CA certificates that are ac cepted for this profile This option can only be configured if certificates are loaded 16 1 3 Phase 2 Profiles You can define profiles for phase 2 of the tunnel setup just as for phase 1 In the VPN gt IPSec gt Phase 2 Profiles menu a list of all configured IPSec phase 2 pro files is shown bintec R1200 Language English _ View Standard Online Help IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options view 20 Gree gt Fiter in None vi equal xj Go Default a Description E Proposals _ PFS Group R Lifetime New piod OK C cancel Fig 118 VPN gt IPSec gt Phase 2 Profiles In the Standard column you can mark the profile to be used as the default profile R1xxx R3xxx R4xxx 16 1 3 1 New Choose the New button to set up new profiles bintec R1200 ME Language English View Standard w Online Help Logout IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Phase 2 IPSEC Parameters Description Multi Proposal Proposals Use PFS Group A bea O 1768 Bit 2 1024 Bit O 511536 Bit L
433. o prevent this happening In the Alive Check field you can specify whether a method should be used to check the availability of a peer Two methods are available Heartbeats and Dead Peer Detection The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Alive Check Select the method to be used to check the functionality of the IPSec connection In addition to the default method Dead Peer Detection DPD the proprietary Heartbeat method is implemented This sends and receives signals every 5 seconds depending on the config uration If these signals are not received after 20 seconds the SA is discarded as invalid Possible values e Autodetect default value Your device detects and uses Funkwerk Enterprise Communications GmbH 16 VPN Field Description the mode supported by the remote terminal e Inactive Your device sends and expects no heartbeat Set this option if you use devices from other manufacturers e Heartbeats Expect only Your device expects a heartbeat from the peer but does not send one itself e Heartbeats Send only Your device expects no heart beat from the peer but sends one itself e Heartbeats send amp expect Your device expects a heartbeat from the peer and sends one itself Dead Peer Detection Use DPD dead peer detection in accordance with RFC 3706 DPD uses a request reply pro tocol to check the availability of the
434. o restart the device i Caution Once you have clicked on GO the update cannot be cancelled interrupted If an error occurs during the update do not re start the device and contact support R1xxx R3xxx R4xxx 5 Reset Funkwerk Enterprise Communications GmbH Chapter 5 Reset If the configuration is incorrect or if your device cannot be accessed you can reset the device to the ex works standard settings using a special reset procedure Practically al existing configuration data will then be ignored only the current user pass words are retained Configurations stored in the device are not deleted and can if required be reloaded when the device is rebooted Proceed as follows 1 If your device is in operation switch it off and then on again The device runs through the boot sequence 2 Observe the LEDs on the front of your device After the device runs through the start mode the yellow LEDs on the right block light at the same 3 Switch off the device while the LEDs light on the right block You have about four seconds for this 4 Repeat the on off operation twice Your router has now been switched on and off three times altogether 5 Switch on your router for the fourth time If you do not interrupt the boot sequence this time the router starts in the factory reset state This state is indicated by the LEDs on the right block flashing three times If you switch the equipment off and on again it starts with t
435. od nara Default Route Enabled Internet Dialup Leased Line Local IP Address RealTime Jitter Control Remote IP Address Netmask Metric A Route Entries a Firewall OOOO al k E Add y po IO gt ES sce Advanced Settings el LCP Alive Check Enabled Monitoring Prioritize TCP ACK Packets Enabled f Compression Onone Ostac Oms stac Omppc j IP Options OSPF Mode OPassive O Active O Inactive l Proxy ARP Mode Oinactive O Up or Dormant O Up only i bicis decida Arcanos 4 OK Cancel Fig 111 WAN gt Leased Line gt Interfaces gt Autogenerated from PRI ISDN S2M gt The WAN gt Leased Line gt Interfaces gt Autogenerated from PRI ISDN S2M gt pl menu consists of the following fields Fields in the Interfaces Basic Parameters menu Field Description Description Enter the desired description for the connection Fields in the Interfaces IP Mode and Routes menu Field Description Default Route Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is disabled by default Local IP Address Enter the IP address you received from your network operator Route Entries Define other routing entries for this connection class Add a new entry with Add The Advanced Settings menu consists of the following fields R1xxx R3xxx R4xxx 313 15 WAN Funkwerk Enterprise Communi
436. of PPTP server e Windows Client Mode this assigns the PPTP interface the role of PPTP client User Name Enter the user name Password Enter the password Always on Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Connection Idle Timeout Only if Always on is disabled Enter the idle interval in seconds This determines how many seconds should pass between sending the last traffic data pack et and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the timeout The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Remote PPTP IP Ad Only for PPTP Mode PNsEnter the IP address of the PPTP dress partner Remote PPTP IP Ad Only for PPTP Mode Windows Client ModeEnter the IP dress Hostname address of the PPTP partner Fields in the PPTP Tunnel IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values Funkwerk Enterprise Communications GmbH 16 VPN Field Description e Static default value You enter a static IP address e Provide IP Address Only if PPTP Mode PNSYour device dynamically assigns an IP address to the remote ter minal e Get IP Address Only if PPTP Mode Windows Client ModeYo
437. ompatible MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco Callback Mode Select the Callback Mode function Possible values None default value Your device does not call back e Active Select one of the following options e No PPP negotiation Your device calls the connection partner to request a callback e Windows Client Mode Your device calls the connection partner to request a callback via CBCP Callback Control Protocol Needed for Windows clients e Passive Select one of the following options 15 WAN Funkwerk Enterprise Communications GmbH Field Description e Enabled Your device calls back immediately when re quested to do so by the connection partner e Windows Server Mode Your device calls back after a period of time proposed by the Microsoft client NT 10 seconds new systems 12 seconds It uses the subscriber number Entries gt Number MSN with the Mode outgo ing or Both that has been entered for the other party If no number is entered the required number can be reported by the caller in a PPP negotiation This setting should be avoided where possible for security reasons Currently can not be avoided for the connection of mobile Microsoft clients via DCN e Delayed CLID only Your device calls back after ap prox four seconds if your device is requested to do so by the connection partner Only makes sense for CLID e Windows Server Mode Callback optional
438. on Filter Choose the class plan you want to create or edit Possible values e New default value You can create a new class plan with this setting e lt Name of class plan gt Shows a class plan that has already been created which you can select and edit Only if Class map New Enter the name of the class plan Select an IP filter If the class plan is new select the filter to be set at the first point of the class plan If the class plan already exists select the filter to be attached to the class plan R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 14 Routing Field Description To select a filter at least one filter must be configured in the Routing gt QoS gt QoS Filter menu Direction Select the direction of the data packets to be classified Possible values e Incoming Incoming data packets are to be classified e Outgoing default value Outgoing data packets are to be classified e Both Incoming and outgoing data packets are to be classi fied High Priority Class Enable or disable the high priority class If the high priority class is active the data packets are associated with the class with the highest priority and priority O is set automatically The function is activated with Enabled The function is disabled by default Class ID Only if High Priority Class is inactive Choose a number which assigns the data packets to a class Note The class ID is a lab
439. on nection contains three multiple subscriber numbers A fixed IP address in contrast to a dynamic IP address Deactivation of acoustic call signalling do not disturb In addition to the transmission of ISDN telephone numbers addition al information in the form of a subaddress can be transmitted from the caller to the called party over the D channel when the connec tion is set up Addressing that goes beyond the pure MSN which can be used e g specifically to locate several ISDN terminals that can be reached on one telephone number for a particular service In the called terminal e g a PC various applications can also be ad dressed and in some cases executed Costs are charged for the performance feature and it must be requested separately from the network operator A network scheme that divides individual logical networks into smal ler physical units to simplify routing A method of splitting several IP networks into a series of subgroups or subnetworks The mask is a binary pattern that must match the IP addresses in the network 255 255 255 0 is the default subnet mask In this case 254 different IP addresses can occur in a subnet from X X X 1 tO X X X 254 To distinguish between connections more easily you can assign a subscriber name for each internal subscriber CLIP CLIR Calling line identification presentation calling line identi fication restriction COLP COLR Connected line identification presentation connec
440. on It enables different equipment to be connected to T ISDN The terminal adapter a b is used to connect analogue terminals to the So interface of the ISDN Basic Rate Inter face Existing analogue terminals can still be operated with tone di alling Trivial File Transfer Protocol Tiger 192 is a relatively new and very fast hash algorithm Transport Layer Security Multifrequency code method MFC If you receive an internal call e g from the subscriber with internal telephone number 22 while you are away this subscriber s internal telephone number is stored in your telephone s caller list However because your connection is automatically set to Automatic Outside Line as a result of the ex works settings you would first have to dial for a callback in order to obtain the internal dialling tone and then Transmission speed TSD TTL Twofish U ADSL UDP Update Upload UPnP Upstream URL USB User guidance UUS1 User to User Signalling 1 V 11 22 If Transfer Internal Code is active is placed before the 22 and the callback can be made directly from the caller list The number of bits per second transmitted in T Net or T ISDN from the PC or fax machine Fax machines achieve up to 14 4 kbps mo dems 56 kbps In the ISDN data and fax exchange with 64 kbps is possible With T DSL up to 8 mbps can be received and up to 768 kbps sent Terminal Selection Digit TTL stands for Time to Live and descri
441. on Various modes are available for transferring your own IP address to the peer The address can be transferred free in the D channel or in the B channel but here the call must be accepted by the remote station and therefore incurs costs If a peer whose IP address has been assigned dynamically wants to arrange for another peer to set up an IPSec tunnel it can transfer its own IP address as per the settings described in Fields in the Advanced Settings IPSec Callback menu on page 328 Not all transfer modes are supported by all telephone companies If you are not sure automatic selection by the device can be used to ensure that all the available possibilities can be used 16 VPN Funkwerk Enterprise Communications GmbH En Note The callback configuration on the two devices should be the same so your device of the called peer can identify the IP address information The following roles are possible e One side takes on the active role the other the passive role e Both sides can take on both roles both The IP address transfer and the start of IKE phase 1 negotiation take place in the following steps 1 Peer A the callback initiator sets up a connection to the Internet in order to be as signed a dynamic IP address and be reachable for peer B over the Internet 2 Your device creates a token with a limited validity and saves it together with the cur rent IP address in the MIB entry belonging to peer B 3 Your device send
442. on on this from your T Com advisor Call option day night Option of changing the call allocation on a PBX using a calendar Call pickup Call pickup Call Relay on Busy Call Through Call to engaged sub scriber Call waiting Call waiting protec tion Callback on Busy Calls received after office hours are forwarded to a telephone still manned or to the answering machine or fax Performance feature of a PBX Calls can be received on an internal terminal that is not part of active call allocation An external call is only signalled for your colleague As you belong to several different teams this is not surprising You can now form various groups of subscribers in which call pickup is possible A call can only be picked up by subscribers terminals in the same pickup group The assignment of subscribers in pickup groups is not de pendent on the settings in the Day and Night team call assignment Reject Call Through is a dial in via an external connection to the PBX with the call put through from the PBX via another external connection Busy on busy The Call Waiting performance feature means that other people can contact you during a telephone call If another subscriber calls while you are on the telephone you hear your telephone s call waiting tone You can then decide whether to continue with your first call or speak to the person whose call is waiting If you do not want to use the call waiting feature you
443. onents such as the web server or printer usually have static IP address while clients such as note books or workstations usually have dynamic IP addresses E1 European variant of the 2 048 mbps ISDN Primary Rate Inter face which is also called the E1 system Electronic Code Book mode Explicit Call Transfer This performance feature allows two external connections to be transferred without blocking the two B channels of the exchange connection Electronic mail Emergency numbers You urgently need to contact the policy fire brigade or another tele Encapsulation phone number To make things worse all the connections are busy However you have informed your PBX of the telephone numbers that need to be contactable in an emergency If you now dial one of these numbers it is recognised by the PBX and a B channel of the T ISDN is automatically freed up for your emergency call Emer gency calls are not subject to configuration restrictions If Calling with prefix plus code number is set for a a connection the internal connection is busy To make an external call first dial O and then the required emergency number Encapsulation of data packets in a certain protocol for transmitting the packets over a network that the original protocol does not dir ectly support e g NetBIOS over TCP IP Glossary Encryption Entry of external connection data ESP ESS Ethernet Ethernet connec tions Eumex Recovery Euro IS
444. onises with the DSLAM of the ADSL provider Top row on The device has successfully synchronised with the DSLAM of the ADSL provider ADSL flashing Data traffic via the ADSL interface Bottom row synchronous flash ADSL Handshake ing asynchronous ADSL system error flashing WLAN flashing Data traffic via the WLAN interface Top row WLAN slow flashing The WLAN module is active Bottom row on At least one WLAN client is connected The LEDs on bintec R3400 are arranged as follows Fig 10 LEDs on bintec R3400 In operation mode the LEDs on bintec R3400 display the following status information for your device LED status display LED Power Status ETH 1 to5 Top row ETH 1 to5 Bottom row ISDN 0 B D Top row ISDN 0 B D Bottom row MA HA Top row MA HA Bottom row SHDSL 2 1 Top row Status Information on The power supply is connected Permanently on or Error off flashing The device is active on The device is connected to the Ethernet flashing Data traffic via the Ethernet interface on Data traffic with 100 mbps off Data traffic with 10 mbps on ISDN D channel is active on One ISDN B channel is active flashing Both ISDN B channels are active flashing BRRP packets are received on A user is logged in to the system e g over Tel net on The wire pair 4 5 on the SHDSL line has suc cessfully synchronized with the DSLAM of the SHDSL provider R1xx
445. only data from the initial destination port are allowed e symmetric default value any protocol In outgoing direc tion an external valid source address and an external valid source port are administratively set In incoming direc tion only response packets within the es tablished connection are permitted In the NAT Configuration gt Specify original traffic menu you can configure for which data traffic NAT is to be used Fields in the NAT Configuration Specify original traffic menu Field Description Service Protocol Not for Type of traffic outgoing Source NAT and NAT method full cone restricted cone Or port restricted cone Select one of the preconfigured services Possible values e User defined default value e lt Service name gt For certain services only Not for Type of traffic outgoing Source NAT and NAT method full cone restricted cone Or port restricted cone In this case UDP is selected automatic ally Select a protocol Depending on the selected service different protocolls are available Possible values e Any default value e HMP TEME e igmp TGE O WER R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 14 Routing Field Description OTAN O IIPS OA alia 12 AS OS e Kryptolan SETANE POS BE SPEUR ARDE SERS WAP O Sana O SHC O SFL SI O iD AVR ESSE Source IP Address Net Enter the source IP address and if required
446. onnec tion ShortHold Automatic outside line Automatic redialling B channel B channel BACP BAP Base station Basic Rate Interface Funkwerk Enterprise Communications GmbH Busy is deleted after a period specified by the exchange approx 45 minutes Manual deletion before this period has elapsed is also possible You urgently need to contact a business partner or internal sub scriber When you call them you always hear the ringing tone but your business partner is not close to the telephone and does not pick up With Callback on no reply you can reach the subscriber as soon as they have completed a call or lifted and replaced the re ceiver of their telephone Your telephone rings When you lift the re ceiver a connection to the required subscriber is established auto matically You can activate ShortHold When you do so you define the time after which an existing connection is cleared if data transfer is no longer taking place If you enter a time of 0 ShortHold is deactiv ated After the receiver of a telephone is lifted the telephone number of the external subscriber can be dialled immediately Performance feature of a terminal If the line is busy several redial attempts are made Corresponds to a telephone line in T Net In T ISDN the basic con nection contains two B channels each with a data transmission rate of 64 kbps Bearer channel of an ISDN Basic Rate Interface or a Primary Rate Inte
447. onnection Today PPPoE is used for ADSL connections in Ger many In Austria the Point To Point Tunnelling Protocol PPTP was originally used for AD SL access However PPPoE is now offered here too by some providers 15 1 1 1 New Choose the New button to set up new PPPoE interfaces PoE ere son aux iP Pools Basic Parameters Description i a k PPPOE Mode standard O mutitink o PPPoE Ethernet Interface Selectone Y User Name Real Time Jitter Control Password eecccese Always on Enabled Connection Idle Timeout foo FF Seconds IP Mode and Routes z 7 IP Address Mode Ostatic Get IP Address Default Route emana Create NAT Policy Blenapied Advanced Settings Block after connection failure for eo Seconds E Maximum Number ofDialupReties Bo Authentication PAP DNS Negotiation Enabled Pronto ToP ack Paciets emos LCP Alive Check Clenabiea C OK __Cancel__ Fig 99 WAN gt Internet Dialup gt PPPoE gt New The WAN gt Internet Dialup gt PPPoE gt New menu consists of the following fields Fields in the PPPoE Basic Parameters menu Field Description Description Enter a name to uniquely identify the PPPoE partner The first character in this field must not be a number and no special characters or umlauts must be used PPPoE Mode Select whether you want to use a standard Inte
448. ons Basic Parameters Description aa Z calimgline o be pore Called Line ary E rewal oor Called Address YAA wr Caling Address Translation VA je J k OK Cancel __ Fig 143 VolP gt Media Gateway gt CLID Translation gt Edit New The VoIP gt Media Gateway gt CLID Translation gt Edit New menu consists of the follow ing fields Fields in the CLID Translation Basic Parameters menu Field Description Description Enter the name of the entry Calling Line Select the ISDN line or SIP account from which the call comes The selection depends on the interfaces available and on the SIP accounts that have been created Possible values R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 18 VoIP Field Description e pri lt Interface Index gt Restricts the entry to the selec ted PRI interface e bri lt Interface Index gt Restricts the entry to the selec ted BRI interface e lt SIP Account gt restricts the entry to the selected SIP ac count e A11 No restriction of the entry Here you have the option of entering the destination line of the Called Line call Possible values e pri lt Interface Index gt Restricts the entry to the selec ted PRI interface e bri lt Interface Index gt Restricts the entry to the selec ted BRI interface e lt SIP Account restricts the entry to the selected S
449. ontrolling access to a network e Accounting The RADIUS server is used for recording stat istical call data e Login Authentication The RADIUS server is used for controlling access to the SNMP shell of your device e IPSec Authentication The RADIUS server is used for sending configuration data for IPSec peers to your device e WLAN 802 1x The RADIUS server is used for controlling access to a wireless network e XAUTH The RADIUS server is used for authenticating IPSec peers via XAuth Vendor Mode Only for Authentication Type Accounting In hotspot applications select the mode define by the provider In standard application leave the default value Standard Possible values for hotspot applications e France Telecom For France Telecom hotspot applications e bintec HotSpot Server For bintec hotspot applications Server IP Address Enter the IP address of the RADIUS server RADIUS Secret Enter the shared password used for communication between the RADIUS server and your device Priority If a number of RADIUS server entries were created the server with the highest priority is used first If this server does not an swer the server with the next highest priority is used Possible values from 0 highest priority to 7 lowest priority The default value is 0 See also Policy in the Advanced Settings Entry active Select whether the RADIUS server configured in this entry is to be used Funkwerk Enterprise Communica
450. option to query all interfaces The current discovery status is displayed for each individual interface under Discovery Status None means that discovery is not active Discovery is displayed when discovery is currently being carried out This discovery function also enables your device to be discovered and configured by other access points with a discovery function You configure this in the Options sub menu 19 10 1 1 Discover Choose the Discover button to start bintec access point discovery bintec R1200 ce Discovery Options Automatic Refresh Interval feo Seconds Apply J Discovery Status 7 leni 0 Discovery A Initiate Funkwerk Discovery PAI 7 Interface Al w Results e 4 A IA lo i Ml tae IZ lent 0 wi2040n 10 0 0 232 255 255 255 0 No error a feni o w1002n 10 0 0 1 255 255 255 0 No error la L_ Discover Fig 170 Local Services gt Funkwerk Discovery gt Device Discovery If access points were discovered in the network they are displayed in the list You use the o button to go to the configuration menu for the access point R1xxx R3xxx R4xxx bintee R1 200 DHCP Server Web Filter CAPI Server Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP HotSpot Gateway e Language English View Standard Online Help Logout Bas
451. or Configuration on page 76 8 2 Logging in With certain access data you can log in on your device and carry out different actions The extent of the actions available depend on the authorisations of the user concerned 8 Access and configuration Funkwerk Enterprise Communications GmbH A login prompt appears first regardless of how you access your device You cannot view any information on the device or change the configuration without authentication 8 2 1 User names and passwords in ex works state In its ex works state your device is provided with the following user names and passwords User names and passwords in ex works state User Name Password Authorisations admin funkwerk Read and change system variables store configurations use Funkwerk Configuration Interface write public Read and write system variables except passwords changes are lost when you switch off your device read public Read system variables except passwords It is only possible to change and save configurations if you log in with the user name ad min Access information user names and passwords can also only be changed if you log in with the user name admin For security reasons passwords are normally shown nat in plain text but only as asterisks The user names on the other hand are displayed as plain text The security concept of your device enables you to read all the other configuration settings with the user name read but not the
452. or the time server request Possible values e SNTP default value This server uses the simple network time protocol with UDP port 123 e Time Service UDP This server uses the Time service with UDP port 37 e Time Service TCP This server uses the Time service with TCP port 37 e None This time server is not currently used for the time re quest Time Update Interval Enter the time interval in minutes at which the time is automatic ally updated The default value is 1440 Time Update Policy Enter the time period after which the system attempts to contact the time server again following a failed time update Possible values e Normal default value The system attempts to contact the time server after 1 2 4 8 and 16 minutes e Aggressive For ten minutes the system attempts to con tact the time server after 1 2 4 8 seconds and then every 10 seconds Endless For an unlimited period the system attempts to contact the time server after 1 2 4 8 seconds and then every 10 seconds If certificates are used to encrypt data traffic in a VPN it is ex Funkwerk Enterprise Communications GmbH 10 System Management Field Description tremely important that the correct time is set on the device To ensure this is the case for Time Update Policy select the value Endless Internal Timeserver Select whether the internal timeserver is to be used The function is activated by choosing Enabled Time reques
453. or this WDS link 13 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description and in Transmission Key select the default key WEP104 Data traffic on this WDS link is encrypted with WEP104 In WEP Key 1 4 enter the key for this WDS link and in Transmission Key select the default key e WPA Data traffic on this WDS link is encrypted with WPA Enter the key for this WDS link in Preshared Key e WPA 2 Data traffic on this WDS link is encrypted with WPA Enter the key for this WDS link in Preshared Key Transmit Key Only if Privacy WE P40 WEP104 Select one of the keys configured in WEP Key lt 1 4 gt as the default key The default value is Key 1 WEP Key 1 4 Only if Privacy WEP40 WEP104 Enter the WEP key There are two ways of entering a WEP key e Direct entry in hexadecimal form If the entry starts with 0x the generator is deactivated Enter a hexadecimal string with exactly the right number of charac ters for the selected WEP mode 10 characters for WEP40 or 26 characters for WEP104 e g WEP40 0xA0B23574C5 WEP104 0x81DC9BDB52D04DC20036DBD831 e Direct entry of ASCII characters Enter a character string with the right number of characters for the selected WEP mode For WEP40 you need a string of 5 characters WEP104 13 characters For example helio for WEP40 funkwerk wep1 for WEP104 Preshared Key Only if Privacy WPA WPA 2 Enter the WPA password Enter an ASCII string with
454. orts can be provider specific R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 18 VoIP Field Description Session Timeout Enter the time in seconds for which a session stays up if no data packets are sent or received This value must be greater than the SIP Expire Time of the con nected SIP client SIP telephone terminal adapter etc The default value is 1800 Low Latency Transmis Specify whether a mechanism should be used to minimise the sion transit time of VoIP data packets between two subscribers This guarantees good voice quality with high line load Note that low latency transmission only has to be enabled for calls that are not established via the connections configured in VoIP gt Media Gateway The function is activated by choosing Enabled The function is disabled by default 18 1 2 SIP Endpoints Shows the sessions that are currently being managed by ALG This includes static entries to make internal SIP servers proxies e g internal Asterisk serv er accessible from the WAN Internet by NAPT In addition internal SIP clients without re gistration can be made accessible using a static entry All active SIP sessions that have been initiated from internal SIP terminals are recognised dynamically and listed here These are only displayed for monitoring and administration and cannot be edited 3 Note All automatically created entries that are not used for longer than 24 hours are auto mati
455. otes if required Safety notices R3400 Ethernet cable ISDN cable Serial connecting cable Mains unit DSL cable Companion DVD Quick Install Guide printed User s Guide on DVD Release Notes if required Safety notices R3800 Ethernet cable ISDN cable Serial connecting cable Mains unit DSL cable Splitter Y adapter Companion DVD Quick Install Guide printed User s Guide on DVD Release Notes if required Safety notices R4100 Ethernet cable ISDN cable Serial connecting cable Mains unit Splitter Y adapter Companion DVD Quick Install Guide printed User s Guide on DVD Release Notes if required Safety notices R4300 Ethernet cable ISDN cable Serial connecting cable Mains unit X 21 DTE optional Companion DVD Quick Install Guide printed User s Guide on DVD Release Notes if required Safety notices R1xxx R3xxx R4xxx 6 Technical data Funkwerk Enterprise Communications GmbH other Cable sets mains unit Software Documentation X 21 DCE optional V 35 DTE optional 6 2 General Product Features The general product features cover performance features and the technical prerequisites for installation and operation of your device General product features bintec R1200 bintec R1200w bintec R1200wu Product name bintec R1200 bintec R1200w bintec R1200wu Dimensions and weights
456. ou configure general settings for IP Accounting bintec R1200 View Standard Online Help Interfaces Options INET d t a c i r t gt ARA p 0 P 0 s Log Format oK JC Cancel Fig 188 External Reporting gt IP Accounting gt Options In the External Reporting gt IP Accounting gt Options menu you can set the Log Format of the IP accounting messages The messages can contain character strings in any order sequences separated by a slash e g t or 1n or defined tags Possible format tags Format tags for IP accounting messages Field Description d Date of the session start in the format DD MM YY t Time of the session start in the format HH MM SS a Duration of the session in seconds oC Protocol i Source IP Address r Source Port f Source interface index l Destination IP Address R Destination Port SF Destination interface index R1xxx R3xxx R4xxx Field Description p Packets sent O Octets sent P Packets received O Octets received S Serial Number for accounting message A By default the following format instructions are entered in the Log Format field INET sdsttastcsi tr 3f gt 1 3R 3F3p30 P30 s 21 3 E mail Alert Depending on the configuration E mails are sent to the administrator as soon as relevant syslog messages occur 21 3 1 E mail Alert Server The E mail Alert Server menu consists of the fo
457. ount gt restricts the call to the selected SIP ac count R1xxx R3xxx R4xxx 18 VoIP Funkwerk Enterprise Communications GmbH Field Description Local Address Enter the internal number e g extension or PABX number For incoming calls the signalled Called Party Number corresponds in the menu to the External Address field is translated to the Local Address For outgoing calls the signalled Calling Party Number corresponds in the menu to the Local Address field is translated to the External Address Numerical and alphanumerical characters are permissible is a placeholder for an arbitrary digit Note Local Address and External Address must contain the same number of wildcards External Address Enter the external number e g ISDN MSN or SIP account sub scriber number For incoming calls the signalled Called Party Number corresponds in the menu to the External Address field is translated to the Local Address For outgoing calls the signalled Calling Party Number corresponds in the menu to the Local Address field is translated to the External Address The External Address is not shown if the field Associated Line lt SIP Account gt In this case theUser Name of the se lected SIP account is used as the External Address 18 2 6 ISDN Trunks The ISDN Trunks menu is only displayed if you device has at least two ISDN connections in point to point mode BRI or PRI which are configured as TE party line or NT
458. ounter problems with outgoing calls ask your provider whether a special value has to be set Clock Mode Only if Port Usage Back to Back dialup Defines which connection partner sends the clock signal for synchronization between the sender and the recipient If the clock signal is not sent by the exchange itself one of the con nection partners must sent the signal Possible values e External The device receives the clock signal e Internal The device sends the clock signal ISDN Switch Type Only if Port Usage Leased LineSelect the ISDN connection type Possible values e Leased Line Custom Time Slots Up to 31 PPP in terfaces can be configured for leased lines to different destin ations e Leased Line 1 Hyperchannel G 703 G 704 1984 kbps structured e Leased Line Unstructured G 703 2048 kbps unstruc tured Custom Time Slots Only if Port Usage Leased Line and ISDN Switch Type Leased Line Custom Time Slots You have the option to bundle any channels on the physical lay er as so called hyper channels You can also group together channels as PPP multilink channel bundles Timeslots divide the available 2 Mbps bandwidth of an S2M connection into logical channels No distinction is made below Funkwerk Enterprise Communications GmbH 11 Physical Interfaces Field Description between timeslots and channels as the difference is immaterial for configuration purposes A list of the channel bund
459. owing fields Fields in the VLANs Configure VLAN menu Field Description VLAN Identifier Enter the number that identifies the VLAN In the Edit menu you can no longer change this value Field Description Possible values are 1 to 4094 VLAN Name Enter a unique name for the VLAN A character string of up to 32 characters is possible VLAN Members Select the ports that are to belong to this VLAN You can use the Add button to add members For each entry also select whether the frames to be transmitted from this port are to be transmitted Tagged i e with VLAN in formation or Untagged i e without VLAN information 12 2 2 Port Configuration In this menu you can define and view the rules for receiving frames at the VLAN ports _ ETTR Pees ae bintec R1200 e 5 Language English View Standard w Online Help i T ae gt Save configuration d VLANs Port Configuration Administration Physicalinterfaces 7 view 20 perpage Fiterin None eqgua Go Interface PVID Drop untagged frames Drop non members IP Configuration sta1 0 1 Management al MLAN Page 1 tems 1 1 Routing z OK gt __Cancel__J Fig 72 LAN gt VLAN gt Port Configuration The LAN gt VLAN gt Port Configuration menu consists of the following fields Fields in menu Port Configuration Field Description Interface Shows the port for which you d
460. p eration 5 to 95 non condensing when stored 10 to 90 non condensing in op eration 5 to 95 non condensing when stored Room classification Only use in dry rooms Only use in dry rooms Available interfaces SHDSL interface Internal SHDSL 4 wire modem for An nex A and Annex B Bonding technology with 2 wire 4 wire as an inverse multiplexer performed over IMA in accordance with the ATM forum Internal SHDSL 8 wire modem for An nex A and Annex B Bonding technology with 2 wire 4 wire 6 wire 8 wire as an in verse multiplexer performed over IMA in accordance with the ATM for um Ethernet IEEE 802 3 LAN 4 port switch a port with serial inter face function Permanently installed twisted pair only 10 100 mbps autosensing MDIX supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Permanently installed twisted pair only 10 100 mbps autosensing MDIX supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud ISDN WAN SO 2 Permanently installed Permanently installed DMZ ETH5 Additional Ethernet switch port Additional Ethernet switch port Available sockets Serial interface V 24 RJ45 socket RJ45 socket Ethernet interface RJ45 socket RJ45 socket ISDN interface RJ45 socket RJ45 socket SHDSL interface RJ45 socket RJ45 socket Standards Guidelines R amp TTE Directive
461. p het apparaat betekent dat het apparaat op het einde van zijn levensduur niet bij het normale huisvuil mag worden verwijderd Het moet bij een erkend inzamelpunt worden ingeleverd O s mbolo com um caixote de lixo riscado que se encontra no aparelho significa que o aparelho no fim da sua vida til deve ser eliminado separadamente do lixo dom stico nos centros de recol ha adequados Db be Ba Be Babs Da Be Be Be De Be R1xxx R3xxx R4xxx 7 Variable switching of SO interfaces Funkwerk Enterprise Communications GmbH Chapter 7 Variable switching of SO interfaces 7 1 Switching the SO interfaces from external to in ternal The devices bintec R1200 bintec R3000 and bintec R4100 have two or four BRI connec tions All BRI connections can be operated as internal or as external SO connections The external SO connections are used for connection to the network operator s ISDN network The internal SO connections are provided for connecting various ISDN terminals telephone PC etc In the ex works state the BRI connections are configured as external connections The two SO interfaces BRI 1 and BRI 2 can be switch from external ex works state to in ternal via a link plug field on the PCB for the device Additional interfaces BRI 3 and BRI 4 can be switched via the link plugs on the side of the ISDN L module If you use a SO interface as an internal connection you can specify for each interface whether or not the connection is power
462. parent which means the information contained in the data packets is not inter Glossary Broadcast Brokering Browser Bus CA Calendar Call allocation Call costs account Call diversion Call filter Call forwarding in the exchange Funkwerk Enterprise Communications GmbH preted Broadcasts data packages are sent to all devices in a network in order to exchange information Generally there is a certain address broadcast address in the network that allows all devices to inter pret a message as a broadcast Brokering makes it possible to switch between two external or in ternal subscribers without the waiting subscriber being able to hear the other conversation Program for displaying content on the Internet or World Wide Web A data transmission medium for use by all the devices connected to a network Data is forwarded over the entire bus and received by all devices on the bus Certificate Authority By allocating a calendar you switch between Day and Night call as signment For each day of the week you can select any day night switching time A calendar has four switch times which can be spe cifically assigned to each individual day of the week In a PBX calls can be assigned to certain terminals You can set up a call costs account for a subscriber here The maximum available number of units in the form of a limit can be as signed to each subscriber on their personal call costs accou
463. ples of this technique include STAC VJHC and MPPC DLL A data packet is used for information transfer Each data packet contains a prescribed number of characters information and control characters The data transmission rate specifies the number of information units for each time interval transferred between sender and recipient A self contained data packet that is forwarded in the network with minimum protocol overhead and without an acknowledgement mechanism Abbreviation for Data Exchange Jedermann the T Online access platform Local dial in node in every local network Some German cities offer additional high speed access over T Net T Net ISDN If you want to transfer important calls made after office hours to your home office to an answering machine so that you are not disturbed you can use call assignment You can allocate each subscriber two different call allocations call assignment Day and call assignment Night With call assignments it is also possible to forward the call to an external subscriber so that you can be contacted at all times With call assignment Day Night therefore you define which internal terminals are to ring in the event of an external call Call assignment Day Night is achieved using a table in which all the incoming calls are assigned to internal subscribers Day Night Calendar You define switching of call variant Day Night DCE Data Circuit Terminating Equipment DCN Data communications
464. presented by a defined number of dc impulses The pulse dialling method is being replaced by the multifrequency code method MFC Pretty Good Privacy Packet handler The PBX has an internal phone book You can store up to 300 tele phone numbers and the associated names You can access the PBX s phone book with the funkwerk devices for example CS 410 You add entries to the phone book using the configuration interface Personal identification number Packet Internet Groper Public Key Cryptography Standards Point to multipoint connection Basic connection in T ISDN with three telephone numbers and two lines as standard The ISDN terminals are connected directly on the network termination NTBA or ISDN internet connection of a PBX Point to multipoint You enter the multiple subscriber numbers received from T Com with the order confirmation in the table fields defined for them in the configuration As a rule you receive three multiple subscriber num bers but can apply for up to 10 telephone numbers for each con nection When you enter the telephone numbers they are assigned to an index and also to a team Note that initially all telephone numbers are assigned to team 00 The internal telephone numbers 10 11 and 20 are entered in team 00 ex works External calls are therefore signalled with the internal telephone numbers 10 11 and 20 for the connections entered in team 00 Point to point Point to point ISDN access Poll
465. ption MAC Address Shows the MAC Address of the associated client IP Address Shows the IP address of the client Up Time Shows the time in hours minutes and seconds for which the cli ent is logged in Tx Packets Shows the total number of packets sent Rx Packets Shows the total number of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate mbps Shows the current transmission rate of data received by this cli ent in mbps The following clock rates are possible IEEE 802 11b 11 5 5 2 and 1 mbps IEEE 802 119 a 54 48 36 24 18 12 9 6 mbps If the 5 GHz frequency band is used the indication of 11 5 5 2 and 1 mbps is suppressed for IEEE 802 11b VSS Details for Connected Clients R1xxx R3xxx R4xxx In the Monitoring gt WLAN gt VSS gt lt Connected client gt gt 0 menu the current values and activities of a connected client are shown Automatic Refresh Interval oo 154 136 118 Client MAC Address P Address UpTime eae en Noise dim SNRdB Data Rate mbps 00 00 10 67 65 13 0 0 0 0 0 Day s 0 1 13 44 0 0 0 92 148 12 Rate Tx Packets Rx Packets x 3 lO o as f i 7 oO 0 24 0 o T AAA Be Oo o l2 2 11 lo o lo 0 0 0 o 0 Ti o y oO Total 3 2 Back Fig 204 Monitoring gt WLAN gt VSS gt lt Connected client gt g
466. r ded to this device This occurs even when the device is no longer connected First lf you choose this setting the MAC Address of the first non IP unicast frame or non ARP unicast frame which occurs on any of the Ethernet interfaces is used as the wildcard MAC address This wildcard MAC Address can only be reset by rebooting the device or by selecting another wildcard mode e Last If you choose this setting the internal WLAN MAC Ad dress is used to establish a connection to the access point As soon as a non IP unicast frame or non ARP unicast frame ap pears it is forwarded to the MAC Address from which the last non IP unicast frame or non ARP unicast frame was received on the Ethernet interface of the device This wildcard MAC Address is renewed with each non IP unicast frame or non ARP unicast frame Wildcard MAC Address Only for Wildcard Mode Static Enter the MAC Address of a device that is connected over IP Transparent MAC Ad Only for Wildcard Mode Static First dress Choose whether or not the Wildcard MAC Address is used in addition to the WLAN MAC Address to establish the connection to the access point The function is activated with Enabled Field Value The function is disabled by default 10 4 Administrative Access In this menu you can configure the administrative access to the device 10 4 1 Access In the Administrative Access gt Access menu a list of all IP configurable interfaces is sho
467. r dynamic entries are deleted if necessary Static entries are not deleted Cache Size cannot be set to smaller than the current number of static entries Possible values 0 1000 The default value is 100 Maximum TTL for Posit Enter the value to which the TTL is to be set for a positive dy Funkwerk Enterprise Communications GmbH 19 Local Services Field Description ive Cache Entries namic DNS entry in the cache if its TTL 0 is or its TTL exceeds the value for Maximum TTL for Positive Cache Entries The default value is 86400 Maximum TTL for Neg Enter the value set to which the TTL is to be set in the case of a ative Cache Entries negative dynamic entry in the cache The default value is 86400 Fallback interface to get Only if DNS Server Configuration Dynami cSelect the inter DNS server face to which a connection is set up for name server negotiation if other name resolution attempts were not successful The default value is Automatic i e a one time connection is set up to the first suitable connection partner configured in the system IP address to use for As DHCP Server DNS WINS server as signment Select which name server addresses are sent to the DHCP cli ent if your device is used as DHCP server Possible values e None No name server address is sent e Own IP Address default value The address of your device is transferred as the name server address e Global DNS Setting The addresses of th
468. r IPSec In this menu you configure the use of L2TP Layer 2 Tunnelling Protocol In this menu you configure the an encrypted PPTP tunnel This menu shows a list of all configured GRE tunnels 8 Access and configuration Funkwerk Enterprise Communications GmbH Policies Interfaces Addresses Services VoIP In this menu you configure the filter rules for the firewall In this menu you can group together the interfaces to be filtered In this menu you can create the address aliases to be filtered In this menu you can create the service aliases to be filtered Application Level Gateway Media Gateway Local Services In this menu you configure a proxy for IP telephony which im plements the necessary NAT and firewall releases for connec tion to the VoIP provider In this menu you configure a network transition between vari ous telecommunication networks DNS HTTPS DynDNS Client DHCP Server Web Filter CAPI Server Scheduling Surveillance In this menu you configure the name resolution In this menu you configure the port and certificate for a config uration session over HTTPS In this menu you configure the dynamic name resolution In this menu you configure your device as a DHCP server In this menu you configure the use of the URL based Proventia Web Filter from ISS www iss net In this menu you configure your device as a CAPI server In this menu you configure ti
469. r and the network access server your device The maximum length of the entry is 32 characters Priority Assign a priority to the current TACACS server The server with the lowest value is the one used first for TACACS login authentication If this does not respond or access is denied only if Policy Non authoritative the entry with the R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 10 System Management Field Description next highest priority is used The available values are 0 to 9 the default value is 0 Entry active Select whether this server is to be used for login authentication The function is activated by choosing Enabled The function is enabled by default The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Policy Select the interpretation of the TACACS response Possible values e Non authoritative default value The TACACS serv ers are queried in order of their priority see Priority until a positive response is received or a negative response is re ceived from an authoritative server e Authoritative A negative response to a request is ac cepted i e a request is not sent to another TACACS server The device s internal user administration is is not turned off by TACACS It is checked after all TACACS servers have been queried TCP Port Shows the default TCP port 49 used for the TACACS pro tocol The v
470. r and no special characters or umlauts must be used PPTP Interface Select the IP interface over which packets are to be transported to the remote PPTP terminal If you want to use an external DSL modem select the Ethernet port to which the modem is connected When using the internal DSL modem select here the EthoA in terface e g ethoa50 0 configured for this connection in R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 15 WAN Field Description Physical Interfaces gt ATM gt Profiles gt New The default value is Not specified User Name Enter the user name Password Enter the password Always on Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Only if Always on is disabled Enter the idle interval in seconds This determines how many seconds should pass between sending the last traffic data pack et and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the timeout The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Fields in the PPTP IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamic
471. r detail Possible values e Any default value e Echo Replay e Destination Unreachable Sot cenguencla e Redirect Field Description PECHO e Time Exceeded e Parameter Problem e Timestamp e Timestamp Reply e Information Request e Information Reply e Address Mask Request e Address Mask Reply Code ICMP code options can only be selected if Type Destina tion Unreachable Possible values e Any default value e Net Unreachable e Host Unreachable e Protocol Unreachable e Port Unreachable e Fragmentation Needed e Communication with Destination Network is Ad ministratively Prohibited e Communication with Destination Host is Admin istratively Prohibited 174 2 Groups In the Firewall gt Services gt Groups menu a list of all configured service groups is shown You can group together services This makes it easier to configure firewall rules 17 4 2 1 New Choose the New button to set up new service groups R1xxx R3xxx R4xxx bintec R1200 Language English View Standard Basic Parameters o i Description Members S OK J Cancel J Fig 137 Firewall gt Services gt Groups gt New The Firewall gt Services gt Groups gt New menu consists of the following fields Fields in the Groups Basic Parameters
472. r device is to forward the hosts IGMP mes sages in the subnet via its defined Proxy Interface Proxy Interface Select the interface on your device via which queries are to be received and collected 14 5 3 Options In this menu you can enable and disable IGMP on your system You can also define whether IGMP is to be used in compatibility mode or only IGMP V3 hosts are to be accep ted R1xxx R3xxx R4xxx ape Langual 4 y ge English View Standard Y bintec R1200 te f Online Help Forwarding IGMP Options Basic Settings IGMP Status Mode Compatibility Maximum Groups Maximum Sources IGMP State Limit Oup ODown auto Mode Oversion 3 only 164 a jo Messages per Second C oK XL Cancel Fig 95 Routing gt Multicast gt Options The Routing gt Multicast gt Options menu consists of the following fields Fields in the Options Basic Settings menu Field Description auto default value Multicast is activated automatically for hosts if the hosts open applications that use multicast Active or Auto IGMP Status Select the IGMP status Possible values e Active Multicast is always on e Down Multicast is always off Mode Only for IGMP Status Select Multicast Mode Possible values MP version 3 If it not Compatibility Mode default value The router uses IG ices a lower version in the network i
473. r signing SCEP communication The default value is Use CA Certificate i e the CA cer tificate is used Only if Mode SCEP Only if RA Sign Certificate is not Use CA Certificate If you use one of your own certificates to sign communication with the RA you can select another one here to encrypt com munication The default value is Use RA Sign Certificate i e the same certificate is used as for signing Only if Mode SCEP You may need a password from the certification authority to ob tain certificates for your keys Enter the password you received from the certification authority here Fields in the Certificate List Subject Name menu 10 System Management Funkwerk Enterprise Communications GmbH Field Description Custom Select whether you want to enter the name components of the subject name individually as specified by the CA or want to enter a special subject name If Enabled is selected a subject name can be given in Sum mary with attributes that are not offered in the list Example CN VPNServer DC mydomain DC com c DE If the field is not marked enter the name components in Com mon name E mail Organizational Unit Organization Loc ality State Province and Country The function is disabled by default Summary Only for Custom enabled Enter a subject name with attributes not offered in the list Example CN VPNServer DC mydomain DC com c DE Common Name Only for Custom disab
474. r the Internet If the called peer currently has no connection to the Internet the ISDN call causes a connec tion to be set up This ISDN call costs nothing depending on country as it does not have to be accepted by your device The identification of the caller from his or her ISDN number is enough information to initiate setting up a tunnel Before you can configure this service you must first configure a number for IPSec callback on the passive page in the Physical Interfaces gt ISDN Ports gt MSN Configuration gt New menu The value IPSec is available for this purpose in the Service field This entry ensures that incoming calls for this number are routed to the IPSec service If callback is active the peer is caused to initiate setting up an IPSec tunnel by an ISDN call as soon as this tunnel is required With passive callback the set up of a tunnel to the peer is always initiated if an ISDN call to the corresponding number MSN in the Physical Interfaces gt ISDN Ports gt MSN Configuration gt New for Service IPSec menu is re ceived This ensures that both peers are reachable and that the connection can be set up over the Internet The only case in which callback is not executed is if SAs Security Asso ciations already exist i e the tunnel to the peer already exists Funkwerk Enterprise Communications GmbH 16 VPN En Note If a tunnel is to be set up to a peer the interface over which the tunnel is to be imple men
475. r the remote ter minal is a bintec device If it is Heartbeat Both for a remote terminal with bintec or None for a remote terminal without bintec is set Propagate PMTU Select whether the PMTU Path Maximum Transfer Unit is to be propagated during phase 2 The function is activated with Enabled The function is enabled by default 16 1 4 XAUTH Profiles In the XAUTH Profiles menu a list of all XAuth users is displayed Extended Authentication for IPSec XAuth is an additional authentication method for IPSec tunnel users The gateway can take on two different roles when using XAuth as it can act as a server or as a client e Asa server the gateway requires a proof of authorisation e Asa client the gateway provides proof of authorisation In server mode multiple users can obtain authentication via XAuth e g users of Apple iPhones Authorisation is verified either on the basis of a list or via a Radius Server If using a one time password OTP the password check can be carried out by a token server e g SecOVID from Kobil which is installed behind the Radius Server If a company s headquarters is connected to several branches via IPSec several peers can be configured A specific user can then use the IPSec tunnel over various peers depending on the assign ment of various profiles This is useful for example if an employee works alternately in dif ferent branches if each peer represents a branch and if the employee
476. rable mode It first tries all D channel modes before switching to the B channel Costs are incurred for using the B channel e Autodetect only D Channel Modes Your device auto matically determines the most favourable D channel mode The use of the B channel is excluded e Use specific D Channel Mode Your device tries to transfer the IP address in the mode set in the D Channel Mode field e Try specific D Channel Mode fall back to B Channel Your device tries to transfer the IP address in the mode set in the D Channel Mode field If this does not suc ceed the IP address is transferred in the B channel This in curs costs e Use only B Channel Mode Your device transfers the IP address in the B channel This incurs costs D Channel Mode Only if Transfer Mode Use specific D Channel Mode or Try specific D Channel Mode Fallback to B Channel Select the D channel mode in which your device tries to transfer the IP address Possible values e LLC default value The IP address is transferred in the LLC information elements of the D channel e SUBADDR The IP address is transferred in the subaddress in formation elements of the D channel e LLC and SUBADDR The IP address is transferred in both the LLC and subaddress information elements 16 1 2 Phase 1 Profiles In the VPN gt IPSec gt Phase 1 Profiles menu a list of all configured IPSec phase 1 pro files is shown R1xxx R3xxx R4xxx
477. ral speed Here it is used with a key length of 192 bits e AES 256 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 256 bits e Twofish Twofish was a final candidate for the AES Advanced Encryption Standard It is rated as just as secure as Rijndael AES but is slower e Blowfish Blowfish is a very secure and fast algorithm Twofish can be regarded as the successor to Blowfish e CAST CAST is also a very secure algorithm marginally slower than Blowfish but faster than 3DES e DES DES is an older encryption algorithm which is rated as weak due to its small effective length of 56 bits Hash algorithms Authentication e MD 5 default value MD 5 Message Digest 5 is an older hash algorithm It is used with a 96 bit digest length for IPSec e ALL All options can be used e SHA 1 SHA1 Secure Hash Algorithm 1 is a hash al gorithm developed by the NSA United States National Secur ity Association It is rated as secure but is slower than MD5 It is used with a 96 bit digest length for IPSec Note that RipeMD 160 and Tiger 192 are not available for mes sage hashing in phase 2 Use PFS Group As PFS Perfect Forward Secrecy requires another Diffie Hellman key calculation to create new encryption material you must select the exponentiation features If you enable PFS En
478. ransferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentica tion Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP 15 WAN Funkwerk Enterprise Communications GmbH Field Description e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Primarily run CHAP on denial the au thentication protocol required by the PPTP partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option DNS Negotiation Select whether your device receives IP addresses for primary domain name server and secondary domain name server from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default LCP Alive Check Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This is re commended for leased lines PPTP and L2TP connections The function is activated with Enabled The function is disabl
479. re Time which overwrites the setting here Fields in the SIP Accounts Trunk Settings menu Field Description SIP Header Field s for Only if Trunk Mode Client Server or gw trunk Caller Address Select the position of the sender ID e g subscriber number in the SIP header for outgoing calls For incoming calls the sub scriber number is taken automatically from the SIP header Possible values e Disabled default value the sender ID is not sent e Display and User Name the sender ID is placed in both Display and User fields of the SIP header 18 VoIP Funkwerk Enterprise Communications GmbH Field Description Subscriber Number e Display only the sender ID is placed in the Display field of the SIP header e User only the sender ID is placed in the User field of the SIP header e P Preferred The so called p preferred identity field is ad ded to the SIP header and contains the sender ID e P Asserted The so called p asserted identity field is ad ded to the SIP header and contains the sender ID Only for Trunk Mode Server You can set a number that is added as a prefix for outgoing calls to the sender s number and is removed from the destina tion number for incoming calls This corresponds to the trunk exchange number of an exchange Fields in the Advanced Settings Codec Settings menu Field Description Codec Proposal Se quence Sort Order Choose the order in which the codec
480. re recorded for the selected MSN and the per son you are calling can identify you by the transferred MSN Before you call an external number you can define which of your telephone numbers is to be sent to the exchange and called party You make the selection using the telephone number index A speeddial index 000 299 can be assigned to each of the 300 telephone numbers in the telephone book You then dial this speed dial index instead of the long telephone number Note that telephone numbers dialled using the speeddial function must also comply with the dialrule Service Profile Identifier The splitter separates data and voice signals on the DSL connec tion Technique for reducing data traffic and thus saving costs espe cially in WANs Glossary SSID SSL STAC Funkwerk Enterprise Communications GmbH The Service Set Identifier SSID or Network Name refers to the wireless network code based on IEEE 802 11 Secure Sockets Layer A technology now standard developed by Netscape which is generally used to secure HTTP traffic between a web browser and a web server Data compression procedure Standard connection T ISDN Basic Rate Interface with the performance features Inquiry Static IP address Station guarding Subaddressing Subnet Subnet mask Subscriber Name Suppress A telephone number CLIR Suppress B tele phone number COLR Brokering and Telephone Number Transmission The standard c
481. red for this Node in the public telecommunication network We differentiate between local exchanges and remote exchanges PBXs differentiate between the following exchange access rights These can be set up differently for each subscriber in the configura tion A selected telephone number is parked in the telephone s memory It can be redialled later even if you have called other numbers in the meantime For PBXs describes the terminal e g telephone connected to the exchange Each extension can access PBX services and commu nicate with other extensions Funkwerk Enterprise Communications GmbH Extension number Extension numbers range Fall Back Priority of the Internet provider entries Fax FHSS Frequency Hopping Spread Spectrum File transfer Filter Firewall Firmware Glossary An extension is an internal number for a terminal or subsystem In point to point ISDN accesses the extension is usually a number from the extension numbers range assigned by the telephone pro vider In point to multipoint connections it can be the MSN or a part of the MSN direct dialling range The priority of the Internet provider entries is defined by the se quence in which they are entered in the list The first entry of a DSL connection is the standard access If a connection cannot be set up via the standard access after a predefined number of attempts setup is attempted using the second entry then subsequen
482. remely important for Internet Service Providers that bill their customers by data volume However there are also non commercial reasons for detailed network accounting If for example you manage a server that provides different kinds of network services it is useful for you to know how much data is generated by the individual services Your device contains the IP Accounting function which enables you to collect a lot of useful information about the IP network traffic each individual IP session 21 2 1 Interfaces In this menu you can configure the IP Accounting function individually for each interface bintec R1200 Language English View Standard Online Help Intrtces opens mew 20 per page Cll Ften None Im equal xj Go E 7 Accounting E Interface all all pomo la 2 jent 4 o 1 L OK J _ Cancel _ Fig 187 External Reporting gt IP Accounting gt Interfaces In the External Reporting gt IP Accounting gt Interfaces menu a list of all interfaces configured on your device is shown For each entry you can activate IP Accounting by set ting the checkmark In the IP Accounting column you do not need to click each entry indi vidually Using the options Select All and Disable All you can enable or disable the IP ac counting function for all interfaces simultaneously R1xxx R3xxx R4xxx 21 2 2 Options In this menu y
483. remote terminal and can be configured independently on both sides This option only checks the availability of the peer if data is to be sent to it e Dead Peer Detection Idle Use DPD dead peer de tection in accordance with RFC 3706 DPD uses a request reply protocol to check the availability of the remote terminal and can be configured independently on both sides This op tion is used to carry out a check at certain intervals depending on forthcoming data transfers Block Time Define how long a peer is blocked for tunnel setups after a phase 1 tunnel setup has failed This only affects locally initiated setup attempts Possible values are 1 to 86400 seconds 1 means the value in the default profile is used and 0 means that the peer is never blocked The default value is 30 NAT Traversal NAT Traversal NAT T also enables IPSec tunnels to be opened via one or more devices on which network address translation NAT is activated Without NAT T incompatibilities may arise between IPSec and NAT see RFC 3715 section 2 These primarily prevent the setup of an IPSec tunnel from a host within a LANs and behind a NAT device to another host or device NAT T enables these kinds of tunnels without conflicts with NAT device activated NAT is automatically detected by the IPSec Daemon and NAT T Field Description is used The function is activated with Enabled The function is enabled by default CA Certificates Only if Authe
484. request for comments Rijndael AES Rijndael AES was selected as AES due to its fast key generation low memory requirements and high level of security against attacks For more information on AES see ht tp csrc nist gov encryption aes RIP Routing Information Protocol RipeMD 160 RipeMD 160 is a cryptographic hash function with 160 bits It is re garded as a secure replacement for MD5 and RipeMD R1xxx R3xxx R4xxx Glossary RJ45 Roaming Room monitoring acoustic Room monitoring from external tele phones Room monitoring from internal tele phones Router RSA RTSP S2M interface SAD SDSL Server Funkwerk Enterprise Communications GmbH Plug or socket for maximum eight wires Connection for digital ter minals In a multicell WLAN clients can move freely and log off from one ac cess point and log on to another when moving through cells without the user noticing this This is known as roaming To use the Room Monitoring performance feature the telephone must be activated in the room to be monitored by means of a code and the receiver must be lifted or Hands free switched on If you replace the telephone receiver or turn off Hands free room mon itored ends and the performance feature is switched off This function can be used to monitor rooms from an external tele phone You can acoustically monitor a room from an internal telephone in your PBX This is set up using the te
485. restrictions you can also program your PBX using the telephone For information on programming your PBX using the tele phone please see the accompanying user s guide The performance features for analogue terminals can only be used with terminals that use the MFC dialling method and that have an R Glossary Connection of ISDN terminals CRC CTI D channel Data compression Data Link Layer Data packet Data transmission rate Datagram Datex J Day Night option Funkwerk Enterprise Communications GmbH or flash key The internal telephone number of the connection and not the ex ternal number multiple subscriber number must be entered as the MSN in the ISDN terminal connected to the internal ISDN bus See the user s guide for the ISDN terminals Enter MSN Please note that not all the ISDN terminals available on the market can use the performance features provided by the PBX via their key interface Cyclic Redundancy Check Computer Telephony Integration Term for connection between a PBX and server CTI enables PBX functions to be controlled and evaluated by a PC Control and signalling channel of an ISDN Basic Rate Interface or Primary Rate Interface The D channel has a data transmission rate of 16 kbps In addition to the D channel each ISDN BRI has two B channels A process for reducing the amount of data transmitted This enables higher throughput to be achieved in the same transmission time Ex am
486. rface for the transmission of traffic voice data An ISDN Basic Rate Interface consists of two B channels and one D channel AB channel has a data transmission rate of 64 kbps The data transmis sion rate of an ISDN Basic Rate Interface with your gateway can be increased to up to 128 kbps using channel bundling Bandwidth Allocation Control Protocols BACP BAP in accordance with RFC 2125 Central unit of wireless telephone devices There are two different types The simple base station is used to charge the handheld unit For special feature telephones the base station can also be used as a telephone the handheld unit is charged using separate charging stations ISDN connection that includes two basic channels B channels each with 64 kbps and one control and signalling channel D chan Funkwerk Enterprise Communications GmbH Blacklist dialling ranges Block Cipher Modes Blowfish Bluetooth BOD BootP Bps Break in BRI Bridge Glossary nel with 16 kbps The two basic channels can be used independ ently of each other for each service offered in the T ISDN You can therefore telephone and fax at the same time T Com offers the Ba sic Rate Interface as a point to multipoint or point to point connec tion You can define a restriction on external dialling for individual sub scribers The telephone numbers entered in the blacklist table can not be called by the terminals subject to dialling control e g ent
487. rface is based if a new virtual interface is created The name of the vir tual interface is assigned automatically when it is created Shows the name of the virtual interface if a virtual interface that has already been created is edited Virtual Router Interface Virtual Router IP Ad Enter the IP address and the netmask of the virtual router Here dress enter the IP address that you want to use in the local network as the actual gateway IP address Note The IP address for advertisements and the Virtual Router IP Address must be different These IP addresses can originate from the same network optional Virtual Router ID Select the ID of the virtual router This ID identifies the virtual router in the LAN and is part of every BRRP advertisement packet that is sent by the current master Possible values are whole numbers between 1 and 255 Virtual Router Priority Define the logical priority of the virtual router Possible values are between 1 and 255 The higher the value the higher the priority The value 255 defines that this virtual router always functions as master as soon as it is active The default value is 100 The virtual router with the highest priority normally takes over the master role After a backup scenario the further master slave role casting is determined by the parameters Virtual router priority and Pre empt Mode back to master status In the Advanced Settings menu you must configure all of the p
488. ridged Ethernet with LLC SNAP encapsulation without Frame Check Sequence checksums e LLC Bridged FCS Only shown for Type Ethernet over ATM Bridged Ethernet with LLC SNAP encapsulation with Frame Check Sequence checksums non ISO default value for Routed Protocols over ATM Only shown for Type Routed Protocols over ATM Encapsulation with LLC SNAP header suitable for IP routing 15 WAN Funkwerk Enterprise Communications GmbH Field Description e LLC Only shown for Type PPP over ATM Encapsulation with LLC header e VC Multiplexing default value for PPP over ATM Bridged Ethernet without additional encapsulation Null En capsulation with Frame Check Sequence checksums Fields in the Settings for Ethernet over ATM menu only shown for Type Ethernet over ATM Field Description Default Ethernet for Only for Type Ethernet over ATM PPPoE Interfaces Select whether this Ethernet over ATM interface is to be used for all PPPoE connections The function is activated with Enabled The function is disabled by default Address Mode Only for Type Ethernet over ATM Select how an IP address is to be assigned to the interface Possible values e Static default value A static IP address is assigned to the interface in IP Address Netmask e DHCP An IP address is assigned to the interface dynamically via DHCP IP Address Netmask Only if Address Mode Static Enter the IP addresses IP Addre
489. ription Enter the password here 10 6 2 CRLs In the System Management gt Certificates gt CRLs menu a list of all CRLs is shown If a key is no longer to be used e g because it has fallen into the wrong hands or has been lost the corresponding certificate is declared invalid The certification authority revokes the certificate and publishes it on a certificate blacklist so called CRL Certificate users should always check against these lists to ensure that the certificate used is currently valid This check can be automated via a browser The Simple Certificate Enrollment Protocol SCEP supports the issue and revocation of certificates in networks 10 6 2 1 Import Choose the Import button to import CRLs CRL Import T Interface Mode Bridge External Filename Browse aa a 4 Gr pape Local Certificate TER FA TF 7 Remote Authentication Fie Encoding Auto y ae Certificates pen 4 oK Cancel N ca O T Fig 57 System Management gt Certificates gt CRLs gt Import The System Management gt Certificates gt CRLs gt Import menu consists of the follow ing fields Fields in the CRLs CRL Import menu R1xxx R3xxx R4xxx Field Description External Filename Enter the file path and name of the CRL to be imported or use Browse to select it from the file browser Enter
490. rk update server URL Only for Source HTTP server Enter the URL of the update server from which the system soft ware file is loaded Current File Name in Flash For Action Export configuration Choose the configura tion file to be exported Include certificates and keys For Action Export configuration Export configur ation with state information select whether the selec ted Action is also to apply for certificates and keys The function is activated by choosing Enabled The function is enabled by default Source File Name Only for Action CopySelect the source file to be copied Destination File Name Only for Action CopyEnter the name of the copy Select file Only if Action Rename Delete configuration or De lete fileChoose the file or configuration to be renamed or deleted New File Name Only for Action RenameEnter the new name of the configura Field Description tion file 20 3 Reboot 20 3 1 System Reboot In this menu you can trigger an immediate reboot of your device Once your system has restarted you must call the Funkwerk Configuration Interface again and log in Pay attention to the LEDs on your device For information on the meaning of the LEDs see the Technical Data chapter of the manual 3 Note Before a reboot make sure you confirm your configuration changes by clicking the Save Configuration button so that these are not lost when you reboot bintes 1200
491. rnet connection over PPPoE Standard or your Internet access is to be set up over several interfaces Multilink If you choose Mul tilink you can connect several DSL connections from a pro vider over PPP as a static bundle in order to obtain more band width Each of these DSL connections should use a separate R1xxx R3xxx R4xxx 15 WAN Funkwerk Enterprise Communications GmbH Field Description Ethernet connection for this At the moment many providers are still in the process of preparing the PPPoE Multilink function For PPPoE Multilink we recommend using your device s Ether net switch in Split Port mode and to use a separate Ethernet in terface e g en1 1 en1 2 for each PPPoE connection If you also want to use an external modem for PPPoE Multilink you must run your device s Ethernet switch in Split Port mode PPPoE Ethernet Inter Only if PPPoE Mode Standard face Select the Ethernet interface specified for a standard PPPoE connection If you want to use an external DSL modem select the Ethernet port to which the modem is connected When using the internal DSL modem select here the EthoA in terface configured in Physical Interfaces gt ATM gt Profiles gt New The default value is Not specified PPPoE Interfaces for Only if PPPoE Mode Multilink Multilink Select the interfaces you want to use for your Internet connec tion Click the Add button to create new entries User Name Enter the user
492. roduct Trademarks funkwerk trademarks and the funkwerk logo bintec trademarks and the bintec logo artem trademarks and the artem logo elmeg trademarks and the elmeg logo are registered trademarks of Funkwerk En terprise Communications GmbH Company and product names mentioned are usually trademarks of the companies or manufacturers concerned Copyright All rights reserved No part of this manual may be reproduced or further processed in any way without the written consent of Funkwerk Enterprise Communications GmbH The documentation may not be processed and in particular translated without the consent of Funkwerk Enterprise Communications GmbH You will find information on guidelines and standards in the declarations of conformity under www funkwerk ec com How to reach Funkwerk Enterprise Communications GmbH Funkwerk Enterprise Communications GmbH Stidwestpark 94 D 90449 Nuremberg Germany Phone 49 911 9673 0 Fax 49 911 688 07 25 Funkwerk Enterprise Communications France S A S 6 8 Avenue de la Grande Lande F 33174 Gradignan France Phone 33 5 57 35 63 00 Fax 33 5 56 89 14 05 Internet www funkwerk ec com Table of Contents Chapter 1 INtPOGUCHION wae eae eb eG ee ee HE ee 1 Chapter 2 About this guide 0 o e 3 Chapter 3 Installation o o o o ee 6 3 1 Setting Up andconnecting 2 2 o 6 3 2 Cleaning se ei eke Se Re a a Pe a 11 3 3 Support information
493. rotected fully if required You can save or import files with the actions Export configuration Export configuration with state information and Load configuration If you want to save a configuration file with the action Export configuration or Export configuration with state information you can choose whether the configuration file is saved encrypted or without encryption Caution If you have saved a configuration file in an old format via the SNMP shell with the put command there is no guarantee that it can be reloaded to the device As a result the old format is no longer recommended rae P E A E bintec R1200 Language English View Standard y 3 lt gt 4 See configuration _ Options Piysicalmterfaces F Curenty stated Software AN pected Boss V 7 9 Rev 5 IPSec from 2010 09 20 00 00 00 SC Sete 2re ond Confowation Options WAN A Seeds Action No Action m Firewall a Go c a EN Diagnostics Software amp Configuration Reboot Fig 184 Maintenance gt Software amp Configuration gt Options The Maintenance gt Software amp Configuration gt Options menu consists of the follow ing fields Fields in the menu Options Currently installed Software Field Description BOSS Shows the current software version loaded on your device Shows the current system logic loaded on your device Shows the current version of the SHDSL logic loaded on your devic
494. rrors 0 0 _ Interfaces WLAN _ HotSpot Gateway E J Fig 197 Monitoring gt IPSec gt IPSec Statistics The Monitoring gt IPSec gt IPSec Statistics menu consists of the following fields Field in the IPSec Statistics Licenses menu Field Description IPSec Tunnels Shows the IPSec licenses currently in use In use and the maximum number of licenses usable Maximum Field in the IPSec Statistics Peers menu Field Description Status Displays the number of IPSec tunnels by their current status e Active Currently active IPSec tunnels e Enable IPSec tunnels currently in the tunnel setup phase e Blocked IPSec tunnels that are blocked e Dormant Currently inactive IPSec tunnels e Configured Configured IPSec tunnels Field in the IPSec Statistics SAs menu Field Description IKE Phase1 Shows the number of active phase 1 SAs Established from the total number of phase 1 SAs Total IPSec Phase2 Shows the number of active phase 2 SAs Established from R1xxx R3xxx R4xxx Field Description the total number of phase 2 SAs Total Field in the IPSec Statistics Packet Statistics menu Field Description Total Shows the number of all processed incoming Incoming or outgoing Outgoing packets Passed Shows the number of incoming Incoming or outgoing Outgo ing packets forwarded in plain text Dropped Shows the number of rejected incoming Incoming or outgoing Outgoing packets Encryp
495. rvice allows connection of incoming and outgoing data and voice calls to com munications applications on hosts in the LAN that access the Remote CAPI interface of your device This enables for example hosts connected to your device to receive and send faxes R1xxx R3xxx R4xxx En Note In the ex works state a user with the user name default and no password is always entered for the CAPI subsystem All calls to the CAPI are offered to all CAPI applica tions in the LAN Use the Settings menu to distribute incoming calls for the CAPI subsystem to defined users with password You should then delete the user default without password 19 6 1 User In the Local Services gt CAPI Server gt User menu a list of all configured CAPI users is shown 19 6 1 1 New Choose the New button to set up new CAPI users Basic Parameters 25 3 ER User Name Password eoccccee Access HEnabled ok 60C Cancel DynDNS Client DHCP Server ISDH Theft Protection Funkwerk Discovery Fig 162 Local Services gt CAPI Server gt User gt New The Local Services gt CAPI Server gt User gt New menu consists of the following fields R1xxx R3xxx R4xxx Fields in the User Basic Parameters menu Field Description User Name Enter the user name for which access to the CAPI service is to be allowed or denied Password Enter the password with which the user User N
496. ry 0190 would block all connections to expensive service providers Block based encryption algorithm An algorithm developed by Bruce Schneier It relates to a block cipher with a block size of 64 bit and a key of variable length up to 448 bits Bluetooth is a wireless transfer technology that can connect up dif ferent devices Bluetooth replaces cables to connect various devices e g Notebook PC PDA etc Thanks to Bluetooth these devices can exchange data with each other without a fixed connection For example PCs notebooks or a PDA can access the Internet or a loc al network The appointments on a PDA can be synchronised with the appointments on the PC without the need for a cable connec tion Because of the many different application areas for the Bluetooth technology the different types of connections between the devices are divided into profiles A profile determines the service function that the individual Bluetooth clients can use among each other Bandwidth on Demand Bootstrap protocol Bits per second A unit of measure for the transmission rate In a PBX the option of breaking in to an existing call This is sig nalled acoustically by an attention tone Basic Rate Interface Network component for connecting homogeneous networks As op posed to a gateway bridges operate at layer 2 of the OSI model are independent of higher level protocols and transmit data packets using MAC addresses Data transmission is trans
497. ry A dialog box opens in which you can se lect the position to which the policy is to be moved Moreover the overview provides the option to show the firewall rules of the underlying set tings made in the System Management gt Administrative Access gt Access menu To do this enable the Show administrative access rules option R1xxx R3xxx R4xxx 17 1 1 1 New Choose the New button to set up new parameters al i e Yer m gt eus E bintes r120 E EE osos funi Save configuration Filter Rules 0S Options po A cell Source INTERFACE ALIASES A Destination INTERFACE ALIASES A Ens a o ven gt Action Access Y a Apply QoS Enabled Policies a Interfaces oK C cancel Addresses Services Fig 130 Firewall gt Policies gt Filter Rules gt New The Firewall gt Policies gt Filter Rules gt New menu consists of the following fields Fields in the Policies Basic Parameters menu Field Description Source Select one of the preconfigured aliases for the source of the packet The list includes all WAN LAN interfaces interface groups see Firewall gt Interfaces gt Groups addresses see Firewall gt Addresses gt Address List and address groups see Firewall gt Addresses gt Groups for selection The value ANY means that neither the source interface nor the source address is checked Destina
498. ry is to be be placed in front of after Creates another list entry first and opens the configuration menu Sets the status of the entry to Inactive Sets the status of the entry to Active Indicates Dormant status for an interface or connection Indicates Up status for an interface or connection Indicates Down status for an interface or connection Indicates Blocked status for an interface or connection 2006p M E dl El E Funkwerk Enterprise Communications GmbH 8 Access and configuration x u E O Em e Indicates Going up status for an interface or connection Indicates that data traffic is encrypted Triggers a WLAN bandscan Displays the next page in a list Displays the previous page in a list You can select the following operating functions in the list view Funkwerk Configuration Interface list options Update Interval Filter Configuration elements Here you can set the interval in which the view is to be updated To do this enter a period in seconds in the input field and con You can have the list entries filtered and displayed according to certain criteria You can determine the number of entries displayed per page by entering the required number in View x per Page Use the and buttons to scroll one page forward and one page back You can filter according to certain keywords within the configur ation parameters by selecting the filter rule you want under Fil
499. rypt data WPA WPA Wi Fi Protected Access offers additional privacy by means of dynamic keys based on the Temporal Key Integrity Protocol TKIP and offers PSK preshared keys or Extens ible Authentication Protocol EAP via 802 1x e g RADIUS for user authentication Authentication using EAP is usually used in large wireless LAN installations as an authen tication instance in the form of a server e g a RADIUS server is used in these cases PSK preshared keys are usually used in smaller networks such as those seen in SoHo Small office Home office Therefore all the wireless LAN subscribers must know the PSK be cause it is used to generate the session key WPA2 WPA2 is the enhancement of WPA In WPA2 the 802 11i standard is not only implemen ted for the first time in full but another encryption algorithm AES Advanced Encryption Standard is also used Access control You can control which clients can access your wireless LAN via your device by creating an Access control list ACL Mode or MAC Filter In the Access Control List you enter the MAC addresses of the clients that may access your wireless LAN All other clients have no access Security measures To protect the data transferred on the WLAN you may need to carry out the following con figuration steps in the Wireless LAN gt WLAN gt Wireless Networks VSS gt New gt menu Funkwerk Enterprise Communications GmbH 13 Wireless LAN e Chang
500. s Fields in the menu Advanced Settings Field Description X 31 X 25 in D Chan Select whether you want to use X 31 X 25 in the D channel nel e g for CAPI applications The function is activated with Enabled The function is disabled by default X 31 TEI Value Only if X 31 X 25 in D channel is enabled With the ISDN autoconfiguration the X 31 TEl is detected auto matically If the autoconfiguration has not detected TEl you can manually enter the value assigned by the exchange Possible values are 0 to 63 The default value is 1 for automatic detection X 31 TEI Service Only if X 31 X 25 in D channel is enabled Select the service for which you want to use X 31 TEI Possible values e CAPI e Default CART e Packet Switch default value CAPI and Default CAPI are for using X 31 TEI for CAPI ap plications For CAPI the TEI value set in the CAPI application is used For Default CAPI the value of the CAPI application is ignored and the default value set here is always used Set Packet Switch if you wish to use X 31 TEI for the X 25 device ISDN PRI interface For a Primary Rate Interface PRI or S2M the channels are transmitted in series in so called time slots Choose the button to edit the configuration of the ISDN port Language English View Standard w Online Help Logout Basic Parameters ee ae Port Name
501. s during IPSec processing A value of 768 or more is however recommended and the default value is 1024 bits SCEP URL Only if Mode SCEP Enter the URL of the SCEP server e g ht tp scep funkwerk de 8080 scep scep dll Your CA administrator can provide you with the necessary data CA Certificate Only if Mode SCEP Select the CA certificate e Download In CA Name enter the name of the CA certific ate of the certification authority CA from which you wish to Funkwerk Enterprise Communications GmbH 10 System Management Field Description RA Sign Certificate RA Encrypt Certificate Password request your certificate e g cawindows Your CA adminis trator can provide you with the necessary data If no CA certificates are available the device will first down load the CA certificate of the relevant CA It then continues with the enrolment process provided no more important para meters are missing In this case it returns to the Generate Certificate Request menu Ifthe CA certificate does not contain a CRL distribution point Certificate Revocation List CRL and a certificate server is not configured on the device the validity of certificates from this CA is not checked e lt name of an existing certificate gt If all the necessary certific ates are already available in the system you select these manually Only if Mode SCEP Only if CA Certificates is not Download Select a certificate fo
502. s B telephone number This performance feature permits or suppresses the dis play of the called subscriber s telephone number If display of the B telephone number is suppressed your telephone number is not transmitted to the caller when you take a call Example You have set up call diversion to another terminal If this terminal has activ ated suppression of the B telephone number the calling party does not see a telephone number on the terminal display If an analogue terminal connection of the PBX is set up as a multi functional port for combination devices all calls are received re gardless of the service In the case of trunk prefixes using codes the service ID Analogue Telephony or Telefax Group 3 can also be transmitted regardless of the configuration of the analogue con nection If 0 is dialled the service ID Analogue Telephony is also transmitted Performance feature of a PBX Several internal subscribers can telephone simultaneously Three party conferences are also pos sible with external subscribers Windows application similar to the Windows Explorer which uses SNMP commands to request and carry out the settings of your gate way The application was called the DIME Browser before BRICK ware version 5 1 3 One important prerequisite for the transfer of your configuration to the PBX is that you have set up a connection between the PC and PBX You can do this using the LAN Ethernet connection With some
503. s are offered for use by the media gateway If the first codec cannot be used the second is tried and so on Possible values e Standard default value the codec in the first position in the menu will be used if possible e Quality the codecs are sorted by quality If possible the codec with the best quality is used e Low Bandwidth the codecs are sorted by required band width If possible the codec with the lowest bandwidth re quirement is used e High Bandwidth the codecs are sorted by required band width If possible the codec with the highest bandwidth re quirement is used Select the codecs to be proposed for the connection The co decs chosen here are proposed in a certain order depending on the setting in the Codec Proposal Sequence field Possible values Funkwerk Enterprise Communications GmbH 18 VoIP Field Description e G 711 uLaw ISDN codec with US law e G 711 aLaw ISDN codec with EU law e G0 729 Compressed from 31 to 8 kbps good voice quality e G 726 40 Compressed from 63 to 40 kbps e G 726 32 Compressed from 55 to 32 kbps e G 726 24 Compressed from 47 to 24 kbps e G 726 16 Compressed from 39 to 16 kbps e DTMF Outband DTMF Outband First the system attempts to use RFC 2833 If the remote terminal does not use this stand ard SIP Info is used e T 38 Fax Allows the transmission of fax messages over data networks G 711 uLaw G 711 aLawand G 729 are enabled by default The
504. s menu Field Description Send Initial Contact Select whether IKE Initial Contact messages are to be sent dur Message ing IKE phase 1 if no SAs with a peer exist The function is activated with Enabled The function is enabled by default Sync SAs with ISP inter Select whether all SAs are to be deleted whose data traffic was face state routed via an interface on which the status has changed from Upto Down Dormant or Blocked The function is activated with Enabled 16 VPN Funkwerk Enterprise Communications GmbH Field Description The function is disabled by default Use Zero Cookies Select whether zeroed ISAKMP Cookies are to be sent These are equivalent to the SPI Security Parameter Index in IKE proposals as they are redundant they are normally set to the value of the negotiation currently in progress Alternatively your device can use zeroes for all values of the cookie In this case choose Enabled Zero Cookie Size Only if Use Zero Cookies activated Enter the length in bytes of the zeroed SPI used in IKE propos als The default value is 32 Dynamic RADIUS Au Select whether RADIUS authentication is to be activated via thentication IPSec The function is activated with Enabled The function is disabled by default Fields in the Advanced Settings PKI Editing Options menu Field Description Ignore Certificate Re Select whether certificate requests received from the remote quest Payloads end dur
505. s of the follow ing fields Fields in the DHCP Pool Basic Parameters menu Field Description Interface Select the interface over which the addresses defined in IP Range are to be assigned to DHCP clients When a DHCP request is received over this Interface one of the addresses from the address pool is assigned R1xxx R3xxx R4xxx 19 Local Services Funkwerk Enterprise Communications GmbH Field Description IP Address Range Enter the first first field and last second field IP address of the IP address pool Pool Usage Specify whether the IP pool is used for DHCP requests in the same subnet or for DHCP requests that have been forwarded to your device from another subnet In this case it is possible to define IP addresses from another network Possible values e Local default value The DHCP pool is only used for DHCP requests in the same subnet e Local Relay The DHCP pool is used for DHCP requests in the same subnet and from other subnets e Relay The DHCP pool is only used for DHCP requests for warded from other subnets The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Gateway Select which IP address is to be transferred to the DHCP client as gateway Possible values e No gateway default value No IP address is sent e Use router as gateway The IP address defined for the Interface is transferred e Specify Enter the correspon
506. s that have been converted to ARP unicasts are forwarded to IP addresses that are known internally Unicasts R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 13 Wireless LAN Field Description are quicker and clients with an enabled power save function are not addressed The function is activated by choosing Enabled The function is disabled by default Make sure that ARP processing cannot be applied in conjunc tion with the MAC bridge function WMM Select whether voice or video prioritisation via WMM Wireless Multimedia is to be activated for the wireless network so that optimum transmission quality is always achieved for time critical applications Data prioritisation is supported in accordance with DSCP Differentiated Services Code Point or IEEE802 1d The function is activated by choosing Enabled The function is enabled by default Max Clients Enter the maximum number of clients that can be connected to this wireless network SSID The maximum number of clients that can register with a wire less module depends on the specifications of the respective WLAN module This number can be shared across all con figured wireless networks If the maximum number of clients is reached no more new wireless networks can be created and a warning message will appear Fields in the Virtual Service Sets Security Settings menu Field Description Security Mode Select the security mode encryption and authentication for
507. s the short hold The default value is 300 Fields in the Users IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Static default value You enter a static IP address e Provide IP Address Only for Connection Type LNS 16 VPN Funkwerk Enterprise Communications GmbH Field Description Your device dynamically assigns an IP address to the remote terminal e Get IP Address Only for Connection Type LAC Your device is dynamically assigned an IP address Default Route Only if IP Address Mode Get IP Address and Static Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is disabled by default Create NAT Policy Only if IP Address Mode Get IP Address and Static Specify whether Network Address Translation NAT is to be ac tivated for this connection The function is activated with Enabled The function is disabled by default IP Assignment Pool Only if IP Address Mode Provide IP Address IPCP Select an IP pool configured in the WAN gt Internet Dialup gt IP Pools menu Local IP Address Only for IP Address Mode Static Enter the WAN IP address of your device Route Entries Only for IP Address Mode Static Enter the Remote IP Address and Netmask of the
508. s the initial ISDN call to peer B which transfers the IP address of peer A and the token as per the callback configuration 4 Peer B extracts the IP address of peer A and the token from the ISDN call and as signs them to peer A based on the calling party number configured the ISDN number used by peer A to send the initial call to peer B 5 The IPSec Daemon at peer B s device can use the transferred IP address to initiate phase 1 negotiation with peer A Here the token is returned to peer A in part of the payload in IKE negotiation 6 Peer A is now able to compare the token returned by peer B with the entries in the MIB and so identify the peer without knowing its IP address As peer A and peer B can now mutually identify each other negotiations can also be con ducted in the ID Protect mode using preshared keys Note In some countries e g Switzerland the call in the D channel can also incur costs An incorrect configuration at the called side can mean that the called side opens the B channel the calling side incurs costs Fields in the Advanced Settings IPSec Callback menu Field Description Mode Select the Callback Mode Funkwerk Enterprise Communications GmbH 16 VPN Field Description Possible values e Inactive default value IPSec callback is deactivated The local device neither reacts to incoming ISDN calls nor initiates ISDN calls to the remote device e Passive The local device only reacts to incomin
509. s they are not protected against unauthorised access until you change the password How to change the passwords is described in chapter Modify system password on page 17 Workshops Step by step instructions for the most important configuration tasks can be found in the separate FEC Application Workshop guide for each application which can be down loaded from the www funkwerk ec com website under Solutions Dime Manager The devices are also designed for use with Dime Manager The Dime Manager manage ment tool can locate your Funkwerk devices within the network quickly and easily The NET based application which is designed for up to 50 devices offers easy to use func tions and a comprehensive overview of devices their parameters and files All devices in the local network including remote devices that can be reached over SNMP are located using SNMP Multicast irrespective of their current IP address A new IP ad dress and password and other parameters can also be assigned A configuration can then be initiated over HTTP or TELNET If using HTTP the Dime Manager automatically logs in to the devices on your behalf System software files and configuration files can be managed individually as required or in logical groups for devices of the same type You can find the Dime Manager on the enclosed product DVD 2 R1xxx R3xxx R4xXxx Funkwerk Enterprise Communications GmbH 2 About this guide Chapter 2 About this guide This docum
510. s to be used as the source address for all L2TP connections based on this profile If this field is left empty your device uses the IP address of the interface used to reach Remote IP Address by the L2TP tun nel Hello Interval Enter the interval in seconds between the sending of two L2TP HELLO messages These messages are used to keep the tun nel open The available values are 0 to 255 the default value is 30 The value 0 means that no L2TP HELLO messages are sent Minimum Time between Enter the minimum time in seconds that your device waits be Retries fore resending a L2TP control packet for which it received no re sponse The wait time is dynamically extended until it reaches the Max imum Time between Retries The available values are 1 to 255 the default value is 7 Maximum Time between Enter the maximum time in seconds that your device waits be Retries fore resending a L2TP control packet for which it received no re sponse The available values are 8 to 255 the default value is 1 6 Maximum Retries Enter the maximum number of times your device is to try to re send the L2TP control packet for which is received no response Field Description The available values are 8 to 255 the default value is 5 Data Packets Sequence Select whether your device is to use sequence numbers for Numbers data packets sent through a tunnel on the basis of this profile The function is not currently used The function is activa
511. s to the Internet gate way B offers all hosts in the LAN the service that gateway A previously performed All the tasks of a virtual router and the switching of services from one gateway to the other are controlled by the BRRP redundancy procedure The BRRP conforms to the specifications in RFC 2338 and the relevant Internet draft You will find the Internet drafts at http www ietf org 1idabstracts html The configuration of the router redundancy procedure is carried out in the following steps e Configuration of the interface via which the BRRP advertisement data packets are sent Note This interface is used to transmit the BRRP advertisement data packets and possibly to transmit keepalive monitoring data packets Another interface must be configured in the next step to transmit the usage data The configuration of the advertisement interface is performed in the Local Services gt BRRP gt Virtual Routers gt New gt Advertisement Interface menu Only the active router in the router group sends advertisement data packets The IPv4 multicast address 224 0 0 18 is used as the destination address for all routers in the group All passive routers in the group must monitor this address so that if the advertise ment data packets are not received that can react according to their priority and BRRP configuration e Configuration of the interface for transmitting usage data configuration of the virtual in terface A virtu
512. sNetmask TS TN Layer 4 Protocol Any Source Por la q Destination Port Any Pon ms to po DSCP TOS Value Ignore Mode Dialup and wait C oK gt C cancel _ Fig 82 Routing gt Routes gt IP Routes gt New with Extended Route Activated R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 14 Routing The Routing gt Routes gt IP Routes gt New menu consists of the following fields Fields in the IP Routes Route Class menu Field Description Extended Route Select whether the route is to be defined with extended para meters If the function is active a route is created with extended routing parameters such as source interface and source IP ad dress as well as protocol source and destination port type of service TOS and the status of the device interface The function is activated by choosing Enabled The function is disabled by default Fields in the IP Routes Route Parameters menu Field Description Route Type Select the type of route Possible values e Network Route default value Route to a network e Default Route ls used if no other suitable route is avail able e Host Route Route to a single host Destination IP Address Only if Route Type Host Route or Network Route Netmask Enter the IP address of the destination host If Route Type Network Route also enter the netmask in the second field If no entry is made your device uses a default net mask Interface If
513. seri al interface of the device The serial interface can also be assigned to Ethernet socket 1 ETH1 Use the serial cable provided and if necessary connect your network to another Ethernet socket However configuration via the serial interface is not provided by default xDSL modem or DMZ Connect the WAN interface ETH5 DMZ of your device to an xDSL modem not sup plied via another Ethernet cable or with the Ethernet connection on your DMZ PRI only R4100 Connect the ISDN PRI interface PRI 0 or PRI 1 of the device to your PRI connection X 21 only R4300 Connect an X 21 interface on your device to your X 21 V 35 or X 21 V 36 connection us ing a suitable cable which you can order as an accessory for your router Make sure that you use an enabled X 21 interface The left X 21 interface on the back of the device is enabled by default ex works The right X 21 interface can also be enabled if licensed UMTS only R1200wu Insert the UMTS card into the CardBus UMTS slot The device is now prepared for configuration using the Funkwerk Configuration Interface 3 2 Cleaning You can clean your device easily Use a damp cloth or antistatic cloth Do not use solvents Never use a dry cloth the electrostatic charge could cause electronic faults Make sure that no moisture can enter the device and cause damage 3 3 Support information If you have questions about your product or are looking for additional information the Fun
514. server The DHCP server then assigns the your device an IP address from its pool which in turn sends this to the client in the local network pintec R120 ar DHCP Pool IP MAC Binding DHCP Relay Settings Basic Parameters Primary DHCP Server 0 0 0 0 Secondary DHCP Server 0 0 0 0 OK JC Cancel DynDNS Client Surveillance ISDH Theft Protection Funkwerk Discovery UPnP HotSpot Gateway Fig 157 Local Services gt DHCP Server gt DHCP Relay Settings The Local Services gt DHCP Server gt DHCP Relay Settings menu consists of the fol lowing fields Fields in the DHCP Relay Settings Basic Parameters menu Field Description Primary DHCP Server Enter the IP address of a server to which BootP or DHCP re quests are to be forwarded Secondary DHCP Serv Enter the IP address of an alternative BootP or DHCP server er R1xxx R3xxx R4xxx 19 5 Web Filter In the Local Services gt Web Filter menu you can configure a URL based Web filter ser vice which accesses the Proventia Web Filter from the company Internet Security Systems www iss net and checks how a requested Internet page is categorised by the Proventia Web Filter The action resulting from the classification is configured on your device 19 5 1 Global Settings This menu contains the configuration of basic parameters for using the Proventia Web Fil ter Global Settings Filter Lis
515. sk Virtual Router IP Address 255 255 2550 aa J Virtual Router ID M HTTPS f in I a aa o aaa Virtual Router Priority 100 DHCP Server E gt Web Filter Advanced Settings CAPI Server i r Scheduling Advertisement send interval 1 DEBER SEE _ _ Surveill to ce A Master down trials 10 ISDH Theft Protection _ UPnP Pre empt mode go back into master state v Enabled HotSpot Gateway _ ITA A 4 gt gt j T A Enable authentication C oK Cancel Fig 178 Local Services gt BRRP gt Virtual Routers gt New The Local Services gt BRRP gt Virtual Routers gt New menu consists of the following fields Fields in the Virtual Routers BRRP Advertisement Interface menu Field Description Ethernet Interface Choose the interface via which BRRP advertisement packets are sent and expected If you edit a Virtual Router the Ethernet interface is displayed and cannot be changed Note The Ethernet interface for sending the advertisements is always up and running and cannot therefore be used as the Vir tual Router Interface IP Address Shows the IP address es of the interface via which BRRP ad vertisement packets are sent and expected Fields in the Virtual Router BRRP Monitored Interface menu R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 19 Local Services Field Description Indicates on which physical interface the virtual inte
516. so take place over the HOSTS file which is available on all PCs Your device offers the following options for name resolution DNS Proxy for forwarding DNS requests sent to your device to a suitable DNS server This also includes specific forwarding of defined domains Forwarded Domains DNS cache for saving the positive and negative results of DNS requests e Static entries static hosts to manually define or prevent assignments of IP addresses to names DNS monitoring for providing an overview of DNS requests on your device Global Name Server The IP addresses of global name servers that are queried if your device is unable to an swer requests itself or by forwarding entries are entered in Local Services gt DNS gt Global Settings gt Basic Parameters 19 Local Services Funkwerk Enterprise Communications GmbH For local applications the IP address of your device or the general loopback address 127 0 0 1 can be entered as the global name server Your device can also receive the global name servers dynamically and transfer them dy namically if necessary Strategy for name resolution on your device A DNS request is handled by your device as follows 1 2 6 If possible the request is answered directly from the static or dynamic cache with IP address or negative response Otherwise if a suitable forwarding entry exists the relevant DNS server is asked de pending on the configuration of
517. splays the related ISDN port STACK Channel Displays the number of the ISDN B channel Status Displays the state of the connection null c initiated ovl send oc procd c deliverd c present c recvd ic procd up discon reg discon ind suspd req re sum req ovl recv R1xxx R3xxx R4xxx 22 3 2 Call History In the Monitoring gt ISDN Modem gt Call History menu a list of the last 20 ISDN con nections incoming and outgoing made since the last system boot is shown bintec R120 EE crn rep Current Calls Call History Automatic Refresh Interval 300 Seconds Apply View feo per page SIL Fierin None vw equal Go ie Service Remote Number Interface Direction Charge Start Time Duration Page 1 Fig 199 Monitoring gt ISDN Modem gt Call History Values in the list Call History Field Description Displays the serial number of the ISDN connection Service Displays the service to or from which the call was connected PPP IPSEC X 25 POTS Remote Number Displays the number that was dialled in the case of outgoing calls or from which the call was made in the case of incoming calls Interface Displays additional information for PPP connections Direction Displays the send direction Incoming Outgoing Charge Displays the costs of the connection Start Time Displays the time at which the call was made or received Duration Displays the d
518. ss and the corresponding netmasks Netmask of the ATM interfaces Add new entries with Add MAC Address Enter a MAC Address for the internal router interface of ATM connection e g 00 a0 9 06 bf 03 An entry is only re quired in special cases For Internet connections it is sufficient to select the Use built in option default setting in which case the MAC address of en1 0 is used Funkwerk Enterprise Communications GmbH 15 WAN Field Description DHCP MAC Address Only if Address Mode DHCP Enter the MAC Address of the internal router interface of ATM connection e g 00 e1 f9 06 bf 03 If your provider has assigned you a MAC Address for DHCP enter this here You can select the Use built in option default setting in which case the MAC address of en1 0 is used DHCP Hostname Only if Address Mode DHCP If necessary enter the host name registered with the provider to be used by your device for DHCP requests The maximum length of the entry is 45 characters Fields in the Settings for Routed Protocols over ATM menu only shown for Type Routed Protocols over ATM Field Description IP Address Netmask Enter the IP addresses IP Address and the corresponding netmasks Netmask of the ATM interface Add new entries with Add Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths
519. ss networks As data can be transmitted over the air in the WLAN this data can in theory be intercepted and read by any attacker with the appropriate resources Particular attention must therefore be paid to protecting the wireless connection There are three security modes WEP WPA PSK and WPA Enterprise WPA Enterprise of fers the highest level of security but this security mode is only really suitable for compan ies because it requires a central authentication server Private users should choose WEP or preferably WPA PSK with higher security as their security mode WEP 13 Wireless LAN Funkwerk Enterprise Communications GmbH 802 11 defines the WEP security standard Wired Equivalent Privacy encryption of data with 40 bits Security Mode WEP 40 or 104 bits Security Mode WEP 104 However this widely used WEP has proven susceptible to failure However a higher degree of se curity can only be achieved through hardware based encryption which required additional configuration for example 3DES or AES This permits even sensitive data from being transferred via a radio path without fear of it being stolen IEEE 802 11 Standard IEEE 802 11i for wireless systems contains basic security specifications for wire less networks in particular with regard to encryption It replaces the insecure WEP Wired Equivalent Privacy with WPA Wi Fi Protected Access It also includes the use of the ad vanced encryption standard AES to enc
520. ss point reported a successful operation or a configuration change has not yet been made with OK e No Response The access point has not responded e Access Denied The access point reported an authorisation error Check the authentication password e Invalid IP Parameters There is a problem with the in tended IP parameters IP address netmask or gateway ad dress e Destination Unreachable The access point cannot be reached for internal reasons e g the interface to which the access point is connected is down A configuration request cannot be sent to the access point e Other AP Error The access point responds to the config uration request with an unexpected or non specific error e Internal Error An internal device problem prevented the configuration option from being carried out R1xxx R38xxx R4xxx 19 10 2 Options In this menu you can grant permission for your device to be discovered by other bintec devices using the funkwerk Discovery protocol and to be configured by means of this Device Discovery Options ESEE Enable Discovery Server C Enabled C oK C Cancel CAPI Server Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP HotSpot Gateway Fig 172 Local Services gt Funkwerk Discovery gt Options The Local Services gt Funkwerk Discovery gt Options menu consists of the following fields Fields in the Options
521. switch on call waiting protection If you are taking a call a second caller hears the engaged tone Performance feature in T ISDN PBXs and T Net A connection is set up automatically as soon as the Busy status on the destination connection ends When the connection is free this is signalled to the caller As soon as the caller lifts the receiver the connection is Glossary Funkwerk Enterprise Communications GmbH set up automatically However Callback must first be activated by the caller on his or her terminal Callback on no reply You call a subscriber who does not pick up With Callback on no reply this is not a problem for you because with this special fea ture you can set up the connection without having to redial If you are not on the telephone yourself a new connection with the sub scriber is set up for a maximum of 180 minutes Called party number Number of the terminal called Caller list Special feature telephones such as the T Concept PX722 system telephone enable call requests to be stored during absence Calling party number Number of the calling terminal CAPI CAST CBC CCITT CD Call Deflection Central speeddial memory Certificate Channel Bundling CHAP Checksum field CLID Common ISDN Application Programming Interface A 128 bit encryption algorithm with similar functionality to DES See Block Cipher Modes Cipher Block Chaining Consultative Committee for International Te
522. t Values in the list VSS lt Connected client gt Field Description Client MAC Address IP Address Up Time Signal dBm Noise dBm SNR dB Data Rate mbps Shows the MAC Address of the associated client Shows the IP address of the client Shows the time in hours minutes and seconds for which the cli ent is logged in Shows the received signal strength in dBm Shows the received noise strength in dBm Signal to Noise Ratio in dB is an indicator of the quality of the wireless connection Values e gt 25 dB excellent e 15 25 dB good e 2 15 dB borderline e 0 2 dB bad Shows the current transmission rate of data received by this cli R1xxx R3xxx R4xxx Field Description ent in mbps The following clock rates are possible IEEE 802 11b 11 5 5 2 and 1 mbps IEEE 802 11g a 54 48 36 24 18 12 9 6 mbps If the 5 GHz frequency band is used the in dication of 11 5 5 2 and 1 mbps is suppressed for IEEE 802 11b Rate Displays the possible data rates on this wireless module Tx Packets Shows the number of sent packets for the data rate Rx Packets Shows the number of received packets for the data rate 22 5 3 WDS In the Monitoring gt WLAN gt WDS menu the current values and activities of the con figured WDS links are shown 7 y F a f E fa See bintec R1200 i Language English v View Standard Online Help A r E L Save configuration p
523. t uses the lowest version it could detect Maximum Groups Version 3 only Only IGMP version 3 is used Enter the maximum number of groups to be permitted both in R1xxx R3xxx R4xxx Field Description ternally and in reports Maximum Sources Enter the maximum number of sources that are specified in ver sion 3 reports and the maximum number of internally managed sources per group IGMP State Limit Enter the maximum permitted total number of incoming queries and messages per second The default value is 0 i e the number of IGMP status mes sages is not limited 14 6 QoS QoS Quality of Service makes it possible to distribute the available bandwidths effectively and intelligently Certain applications can be given preference and bandwidth reserved for them This is an advantage especially for time critical applications such as VoIP The QoS configuration consists of three parts e Creating IP filters e Classifying data e Prioritising data 14 6 1 QoS Filter IP filters are configured in the Routing gt QoS gt QoS Filter menu 14 6 1 1 New Choose the New button to define more IP filters R1xxx R3xxx R4xxx Language English View Standard Online Help QoS Filter 0S Classification 008 Intertaces Policies Basic Parameters Ta Description i Protocol e Connection State ay Load Balancing Destina
524. t Black White List History Web Filter Options Web Filter Status Enabled Filtered Input Interface s C ada Midiriuni tunaben of History Entries Tea 7 o URL Path Depth Jra Action if server not reachable O Allow all O Block all Log all Action iflicense not registered SD Allow all O Block all OLog all DNS HTTPS DynDNS Client DHCP Server Fag Web Filter Licence Status CAPI Server Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP _ HotSpot Gateway RR License Information Licence Key BIBT Activate 30 days demo licence License valid until Not activated 4 PP ly Fig 158 Local Services gt Web Filter gt Global Settings The menu Lokale Dienste gt Web Filter gt Global Settings consists of the following fields Fields in the Global Settings Web Filter Options menu Field Description Web Filter Status Activate or deactivate the filter R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 19 Local Services Field Description The function is activated by choosing Enabled The function is disabled by default Filtered Input Inter Select for which of the existing Ethernet interfaces web filtering face s is to be activated Press the Add button to add more interfaces The requests from http Internet pages that reach your device via these interfaces are then monitored
525. t to help you save costs Block after Connection Failure You use this function to set up a waiting time for outgoing connection attempts after which your device s connection attempt is regarded as having failed Authentication When a call is received on ISDN connections the calling party number is always sent over the ISDN D channel This number enables your device to identify the caller CLID provided the caller is entered on your device After identification with CLID your device can additionally carry out PPP authentication with the connection partner before it accepts the call Your device needs the necessary data for this which you should enter here for all PPP connections Establish the type of authentication process that should be performed then enter a common password and two codes You get this information for example from your Internet Service Provider ISP or the system administrator at your head office If the data R1xxx R3xxx R4xxx 15 WAN Funkwerk Enterprise Communications GmbH you entered on your device is the same as the caller s data the call is accepted The call is rejected if the data is not the same Callback The callback mechanism can be used for every connection over an ISDN or over an AUX interface to obtain additional security regarding the connection partner or to clearly allocate the costs of connections A connection is not set up until the calling party has been clearly identified by calli
526. t Edit New The LAN gt IP Configuration gt Interfaces gt Edit New menu consists of the following fields Fields in the Interfaces Basic Parameters menu Field Description Based on Ethernet Inter This field is only displayed if you are editing a virtual routing in face terface Select the Ethernet interface for which the virtual interface is to be configured Address Mode Select how an IP address is assigned to the interface Possible values e Static default value A static IP address is assigned to the interface in IP Address Netmask DHCP An IP address is assigned to the interface dynamically via DHCP R1xxx R3xxx R4xxx 12 LAN Funkwerk Enterprise Communications GmbH Field Description IP Address Netmask Only if Address Mode Static With Add add a new adress entry and enter the IP Address and corresponding Netmask Interface Mode Only for physical interfaces in routing mode Select the configuration mode of the interface Possible values e Untagged default value The interface is not assigned for a specific purpose e Tagged VLAN This option only applies for routing inter faces You use this option to assign the interface to a VLAN This is done using the VLAN ID which is displayed in this mode and can be configured In this mode the definition of a MAC Ad dress in MAC Address is optional MAC Address Only for virtual interfaces and if Interface Mode Untagged Enter the MAC Addr
527. t Rate V 1 VBR 1 Variable Bit Rate The connection is assigned a guaranteed data rate Sus tained Cell Rate SCR This may be exceeded by the volume configured in Maximum Burst Size Any additional ATM traffic is discarded The Peak Cell Rate PCR repres ents the maximum possible data rate This category is suit able for non critical applications with burst data traffic Variable Bit Rate V 3 VBR 3 Variable Bit Rate The connection is assigned a guaranteed data rate Sus tained Cell Rate SCR This may be exceeded by the volume configured in Maximum Burst Size MBS Additional ATM traffic is marked and handled with low priority based on the utilisation of the destination network i e is discarded if ne cessary The Peak Cell Rate PCR represents the maximum possible data rate This category is suitable for critical applica tions with burst data traffic 15 WAN Funkwerk Enterprise Communications GmbH Field Description Peak Cell Rate PCR Enter a value for the maximum data rate in bits per second Possible values 0 to 10000000 The default value is 0 Sustained Cell Rate Only for ATM Service Category Variable Bit Rate V 1 SCR VBR 1 Of Variable Bit Rate V 3 VBR 3 Enter a value for the minimum available guaranteed data rate in bits per second Possible values 0 to 10000000 The default value is 0 Maximum Burst Size Only for ATM Service Category Variable Bit Rate V 1 MBS VBR 1 Of Variable
528. t entries If the final entry in the list does not enable a connection to be set up successfully the operation is terminated until a new request is made When fall back occurs and all other ISPs can only be reached by dialup connections both B channels may be occupied If channel bundling is used you cannot be reached for the duration of this con nection Abbreviation of telefax In a FHSS system the frequency spread is achieved through con stantly changing frequencies based on certain hopping patterns In contrast to DSSS systems hopping patterns are configured not the frequency The frequency changes very frequently in one second Data transmission from one computer to another e g based on the Eurofile transfer standard A filter comprises a number of criteria e g protocol port number source and destination address These criteria can be used to se lect a packet from the traffic flow Such a packet can then be handled in a specific way For this purpose a certain action is asso ciated with the filter which creates a filter rule Describes the whole range of mechanisms to protect the local net work against external access Your gateway provides protection mechanisms such as NAT CLID PAP CHAP access lists etc Software code containing all a device s functions This code is writ ten to a PROM programmable read only memory and is retained there even after the device is switched off Firmware can be up dated by th
529. t manually e Manual Both the interface and connector type must be set manually Define the interface type of the port used If you select the Detection Mode Interface and Connect oror Interface the interface type is detected automatically The detected value is displayed e g V 35 autodetectea R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 11 Physical Interfaces Field Description If you select the Detection Mode Connector or Manual you must set the interface type field manually Possible values e None The port is not used e X 21 with Termination V 11 on all lines 120 ohm ter minating resistor on critical input lines e v 35 V 35 on critical lines V 28 on uncritical lines e v 36 V 11 on critical lines V 10 on uncritical lines e X 21 bis V 28 on all lines e X 21 without Termination Unterminated V 11 on all lines e RS 449 V 11 on critical lines V 10 on uncritical lines 9 pole or 37 pole sub D plug e RS 530 V 11 on critical lines V 10 on uncritical lines 25 pole sub D plug e RS 530a V 11 on critical lines V 10 on uncritical lines incl DTR and DSR 25 pole sub D plug Connection Type Define the connector type of the port used If you select the Detection Mode Interface and Connect or or Connector the connector type is detected automatically The detected value is displayed e g Unknown Autodetected If you select the Detection Mode Interface or Manual you m
530. t the link plugs for interfaces BRI 1 and BRI 2 as shown in the following figure ISDN Mode Switch ll intern extern e off ses eze 88 OO OO OO 00 OO OO OO Use Internal external switching Internal external switching Power supply for internal connection Power supply for internal connection 100 Ohm terminator Power for internal BRI on eTe eze ete connectors Interface BRI 1 BRI 2 BRI 1 BRI 2 BRI 1 Link plug area JiM J2M J1P J2P JIT Position Internal Internal mM o m Off p Position external external On On On ES Use Interface Link plug Position Position area 100 Ohm terminator BRI 2 J2T Off On You can also switch the interfaces BRI 3 and BRI 4 The link plugs are on the side of the ISDN L module J3M Mode J4M Mode 5 ISDN L Module J3M BRI 3 ISDN Mode Switch intern extern 00 SOB vam BRI 4 off on 5 J3P BRI 3 Power for internal BRI i lt O J4P BRI 4 o Port 3 4 connect o together in powerless o 23 state o J3T BRI 3 terminat i lt i termination O J4T BRI 4 on position ist only allowed if J3M BRI 3 is in int Mode and J4M BRI 4 is in ext Mode R1xxx R3xxx R4xxx on is only permitted if J3M BRI 3 is set to internal mode and J4M BRI 4 is set to extern al mode Use Interface Link plug Position Position area Internal external switching
531. t to set up a connection has failed The de fault value is 60 Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Funkwerk Enterprise Communications GmbH 15 WAN Field Description Authentication Select the authentication protocol for this Internet connection Select the authentication specified by your provider Possible values e paP default value Only run PAP PPP Password Authentica tion Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentica tion Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Run primarily CHAP if denied then the authentication protocol required by the PPTP partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP do
532. ta even remains stored in the flash when your device is switched off RAM The current configuration and all changes you set on your device during operation are 20 Maintenance Funkwerk Enterprise Communications GmbH stored in the working memory RAM The contents of the RAM are lost if the device is switched off So if you modify your configuration and want to keep these changes for the next time you start your device you must save the modified configuration in the flash memory before switching off Save Configuration button in the Funkwerk Configuration Interface navigation area This configuration is then saved in the flash in a file with the name boot When you start your device the boot configuration file is used by default Operations The files in the flash memory can be copied moved erased and newly created It is also possible to transfer configuration files between your device and a host via HTTP Configuration file format The file format of the configuration file allows encryption and ensures compatibility when restoring the configuration on the gateway in various system software versions This is a CSV format which can be read and modified easily In addition you can view the corres ponding file clearly using Microsoft Excel for example The administrator can store encryp ted backup files for the configuration When the configuration is sent by e mail e g for sup port purposes confidential configuration data can be p
533. tants The Wizards menu offers step by step instructions for the following basic configuration tasks e First steps e Internet access e VPN e Wireless LAN e SWYX only with active optional DSP module e VoIP PBX in the LAN Choose the corresponding task from the navigation bar and follow the instructions and ex planations on the separate pages of the Assistant R1xxx R3xxx R4xxx Chapter 10 System Management The System Management menu contains general system information and settings You see a system status overview Global system parameters such as the system name date time passwords and licences are managed and the access and authentication meth ods are configured 10 1 Status If you log into the Funkwerk Configuration Interface your device s status page is dis played which shows the most important system information You see an overview of the following data e System status e Your device s activities Resource utilisation active sessions and tunnels e Status and basic configuration of the LAN WAN ISDN WLAN and ADSL interfaces e Information on plugged add on modules if any e The last 10 system messages You can customise the update interval of the status page by entering the desired period in seconds as Automatic Update Interval and clicking on the Apply button i Caution Under Automatic Refresh Interval do not enter a value of less than 5 seconds other wise the refresh interval of the screen wil
534. te dai rifiuti domestici nei punti di raccolta previsti a tale scopo El s mbolo del contenedor con la cruz que se encuentra en el aparato significa que cuando el equipo haya llegado al final de su vida til deber ser llevado a los centros de recogida previstos y que su tratamiento debe estar separado del de los residuos urbanos Symbolen som sitter p apparaten med den korsade avfallstunnan betydet att ro nar den tj nat ut ska kasseras och l mnas till de f rutsedda sorterg rdarna och skiljas fran normalt hus h llsavfall Tegnet p apparatet som viser en avfallcontainer med et kyss over betyr at apparatet m kastet p hertil egnet avfallssted og ikke sammen med vanlig avfall fra husholdningen To o uBolo nov Ppioxetal otv OVOKEV pe TO otavpwp vo kOVT IVE anoppipp tov onpaiver OTL N ovoxev OTO T AOS TNG StapKetac XPG TNG pe va dtatebei Ae and TA KAVOVIK anoppippata ota yr aut Tov okon npoBhen peva onpeia di Beono Symbolet med gennemkrydset affaldsbeholder p apparatet betyder at apparatet nar det ikke kan bruges l ngere skal bortskaffes adskilt fra normalt husholdningsaffald p et af de dertil be regnede bortskaffelsessteder Znajduj cy sig na urz dzeniu symbol przekreslonego pojemnika na mieci oznacza e po up ywie ywotno ci urz dzenia nale y go odda do odpowiedniej plac wki utylizacyjnej i nie wyrzuca go do normalnych mieci domowych Het doorgehaalde symbool van de afvalcontainer o
535. te Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is disabled by default Local IP Address Enter the IP address you received from your network operator R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 15 WAN Field Description Route Entries Define other routing entries for this connection class Add a new entry with Add The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description LCP Alive Check Select whether the reachability of the remote terminal is to be checked The function is activated with Enabled The function is disabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload The function is activated with Enabled The function is disabled by default Compression If necessary select the type of encryption that should be used for data traffic to the connection partner If encryption is set the remote terminal must also support it otherwise a connection cannot be set up Possible values e None default value Encryption is not used e STAC O MSS INAC e MPPC Microsoft Point to Point Compression Fields in the Advanced Settings IP Options menu Field Description OSPF Mode Specify whether OSPF protocol packets are sent over the inter face Possi
536. ted line identification restriction Activate suppress transmission of called party s telephone number to caller This performance feature Funkwerk Enterprise Communications GmbH Suppress own tele phone number Suppression of the telephone number Switch Switchable dialling method Synchronous Syslog System telephones T DSL TFax T ISDN Glossary suppresses the display of the called subscriber s telephone number If display of the B telephone number is suppressed your telephone number is not transmitted to the caller when you take a call Temporary deactivation of the transmission of your own telephone number Performance feature of a PBX The display of the telephone number can be deactivated on an individual basis LAN switches are network components with a similar function to bridges or even gateways They switch data packets between the in put and output port In contrast to bridges switches have several in put and output ports This increases the bandwidth in the network Switches can also be used for conversion between networks with different speeds e g 100 mbps and 10 mbps networks Option of switching between the pulse dialling method and MFC method by means of a switch or key input on the terminal such as the telephone or fax machine Transmission process in which the sender and receiver operate with exactly the same clock signals in contrast to asynchronous trans mission Spaces are br
537. ted Shows the number of IPSec protected incoming Incoming or outgoing Outgoing packets Errors Shows the number of incoming Incoming or outgoing Outgo ing packets for which the processing led to errors 22 3 ISDN Modem 22 3 1 Current Calls In the Monitoring gt ISDN Modem gt Current Calls menu a list of the existing ISDN con nections incoming and outgoing is shown R1xxx R3xxx R4xxx Standard Online Help Logout Current Calls Call History Automatic Refresh interval 300 Seconds Apply View feo per page LL Fiter in None equal Go Service Remote Number _ Interface Direction _ Charge Duration Stack Channel Status ISDINModem Interfaces wan HotSpot Gateway Oos Fig 198 Monitoring gt ISDN Modem gt Current Calls Values in the list Current Calls Field Description Displays the serial number of the ISDN connection entry Service Displays the service to or from which the call is connected PPP TSEC Lo 2 POTG Remote Number Displays the number that was dialled in the case of outgoing calls or from which the call was made in the case of incoming calls Interface Displays additional information for PPP connections Direction Displays the send direction Incoming Outgoing Charge Displays the costs of the current connection Duration Displays the duration of the current connection Stack Di
538. ted is activated first by the IPSec Daemon If IPSec with DynDNS is configured on the local device the own IP address is propagated first and then the ISDN call is sent to the remote device This ensures that the remote device can actually reach the local device if it initiates the tunnel setup Transfer of IP Address over ISDN Transferring the IP address of a device over ISDN in the D channel and or B channel opens up new possibilities for the configuration of IPSec VPNs This enables restrictions that occur in IPSec configuration with dynamic IP addresses to be avoided Cz Note To use the IP address transfer over ISDN function you must obtain a free of charge extra licence You can obtain the licence data for extra licences via the online licensing pages in the support section at www funkwerk ec com Please follow the online licensing instruc tions Before System Software Release 7 1 4 IPSec ISDN callback only supported tunnel setup if the current IP address of the initiator could be determined by indirect means e g via DynDNS However DynDNS has serious disadvantages such as the latency until the IP address is actually updated in the database This can mean that the IP address propagated via DynDNS is not correct This problem is avoided by transferring the IP address over ISDN This type of transfer of dynamic IP addresses also enables the more secure ID Pro tect mode main mode to be used for tunnel setup Method of operati
539. ted pair connection Fast Ethernet Network connection for 100 mbps networks Twisted pair connection Network connection for 10 mbps networks with RJ45 connector D channel protocol used in the German ISDN Today the more com mon protocol is DSS1 See DES Specified data rates of 54 48 36 24 18 12 9 and 6 mbps anda working frequency in the range of 5 GHz for IEEE802 11a or 2 4 GHz for IEEE802 11g IEEE802 11 g can be configured to run in compliance with 11b or 11b and 11 as well One of the IEEE standards for wireless network hardware Products that meet the same IEEE standard can communicate with each oth er even if they come from different hardware manufacturers The IEEE802 11b standard specifies the data rates of 1 2 5 5 and 11 mbps a working frequency in the range of 2 4 to 2 4835 GHz and WEP encryption IEEE802 11 wireless networks are also known as Wi Fi networks The A subscriber is the caller For connection of an analogue terminal In the case of an ISDN ter minal terminal adapter with a b interface the connected analogue terminal is able to use the supported T ISDN performance features Authentication Authorisation Accounting PIN or password A rule that defines a set of packets that should or should not be transmitted by the device An active component of a network consisting of wireless parts and Glossary Access protection Accounting Active probing Ad hoc network ADSL AH Alp
540. ted with Enabled The function is disabled by default 16 2 2 Users In the VPN gt L2TP gt Users menu a list of all configured L2TP partners is shown 16 2 2 1 New Choose the New button to set up new L2TP partners R1xxx R3xxx R4xxx Language English View Standard Online Help Logout Tunnel Profiles Users Options Basic Parameters am E Description Conhection Type Th uns Oac UserName 7 TI i a Password EX eccscese 5 Always on DEnabled Connection Idle Timeout Foo Seconds IP Mode and Routes ye SSI IP Address Mode static O Provide IP Address DefaultRoute DEnabled create NAT Policy Denabiea Local IP Address I Route Entries Advanced Settings J Block ater connection failure for po Sida Authentication gt WS CHAR2 o i g Encryption Onone Enabled O windows compatible LCP Alive Check E Enabled Prioritize TCP ACKPackets Enabled co OSPF Mode _Opassive Oactve Omactive Proxy ARP Mode inactive O Up or Dormant Up only DNS Negotiation HEnabled oK J 1 Cancel Fig 124 VPN gt L2TP gt Users gt New The VPN gt L2TP gt Users gt New menu consists of the following fields Fields in the Users Basic Parameters menu Field Description Description Enter a name for uniquely ident
541. terfaces default value A list of all interfaces is displayed in which Back Route Verify is only enabled for specific interfaces R1xxx R3xxx R4xxx Field Description e Disable for all interfaces Back Route Verify is dis abled for all interfaces dis Only for Mode Enable for specific interfaces Displays the serial number of the list entry Interface Only for Mode Enable for specific interfaces Displays the name of the interface Back Route Verify Only for Mode Enable for specific interfaces Select whether Return Route Checkingis to be enabled for this interface The function is activated with Enabled By default the function is deactivated for all interfaces Fields in the Options General menu Field Description Allow deleting editing all Define whether all the routes entered on your device can be ed routing entries ited and deleted in the Routing gt Routes gt Routes menu The function is activated with Enabled By default the function is deactivated for all interfaces 14 2 NAT Network Address Translation NAT is a function on your device for defined conversion of source and destination addresses of IP packets If NAT is activated IP connections are still only allowed by default in one direction outgoing forward protective function Excep tions to the rule can be configured in NAT Configuration on page 224 14 2 1 NAT Interfaces In the Routing gt NAT gt NAT Interfaces menu a
542. th a dynamic IP address you can signal to this IPSec peer that you are online and waiting for the setup of an IPSec tunnel over the Internet If the called peer currently has no connection to the Internet the ISDN call causes a connection to be set up The identification of the caller from his or her ISDN number is enough information to initiate setting up a tunnel X 25 PAD X 25 PAD is used to provide a protocol converter which converts non packet oriented protocols to packet oriented communication protocols and vice versa Data terminal equipment sending or receiving data on a non data packet oriented basis can this be adapted in line with Datex P public data packet network based on the prin ciple of a packet switching exchange When a call comes in your device first uses the entries in this menu to check the type of call data or voice call and the called party number whereby only part of the called party number reaches the device which is forwarded from the local exchange or if available the PBX The call is then assigned to the corresponding service er Note If no entry is specified ex works state every incoming ISDN call is accepted by the ISDN Login service To avoid this you should make the necessary entries here As soon as an entry exists the incoming calls not assigned to any entry are forwarded to the CAPI service In the Physical Interfaces gt ISDN Ports gt MSN Configuration menu a list of all MSNs is shown
543. thentication Also define whether the selected mode is used exclusively Strict or the peer can also propose another mode Local ID Type Select the local ID type Possible values e Fully Qualified Domain Name FQDN e E mail Address e IPV4 Address e ASN 1 DN Distinguished Name Local ID Value Enter the ID of your device 16 VPN Funkwerk Enterprise Communications GmbH Field Description For Authentication Method DSA Signature RSA Signa ture of RSA Encryption the Use Subject Name from cer tificate option is shown If you enable the Use Subjectname from Certificate option the first alternative subject name indicated in the certificate is used or if none is specified the subject name of the certificate is used Note If you use certificates for authentication and your certific ate contains alternative subject names see Certificates on page 134 you must make sure your device selects the first al ternative subject name by default Make sure you and your peer both use the same name i e that your local ID and the peer ID your partner configures for you are identical Alive Check During communication between two IPSec peers one of the peers may become unavail able e g due to routing problems or a reboot However this can only be detected when the end of the lifetime of the security connection is reached Up until this point the data packets are lost These are various methods of performing an alive check t
544. ther AT commands if required by separating them with semicolons The entry is limited to 80 characters APN Access Point Only for UMTS HSDPA HSUPA Status Enabled Name If GPRS UMTS is to be used you must enter the so called Ac cess Point Name here that you receive from your provider A maximum of 80 characters can be entered If no APN or an incorrect APN is entered a configured GPRS UMTS connection will not function R1xxx R3xxx R4xxx 12 LAN Funkwerk Enterprise Communications GmbH Chapter 12 LAN In this menu you configure the addresses in your LAN and can structure your local network using VLANs 12 1 IP Configuration In this menu you can edit the IP configuration of the LAN and Ethernet interfaces of your device 12 1 1 Interfaces In the LAN gt IP Configuration gt Interfaces menu the available IP interfaces are listed You can edit the IP configuration of the interfaces or create virtual interfaces for special ap plications Here is a list of all of the interfaces logical Ethernet interfaces and others cre ated in the subsystems configured in the System Management gt Interface Mode Bridge Groups gt Interfaces menu Use the A to edit the settings of an existing interface bridge groups Ethernet interfaces in routing mode You can use the New button to create virtual interfaces However this is only needed in special applications e g BRRP Depending on the option selected differ
545. this menu you specify the IP addresses to which your device is to send the SNMP traps In the External Reporting gt SNMP gt SNMP Trap Hosts menu a list of all configured SNMP trap hosts is shown 21 4 2 1 New Choose the New button to set up new SNMP trap hosts R1xxx R3xxx R4xxx binte R4200 Ven ersed SNMP Trap Options SNMP Trap Hosts Basic Parameters IP Address oK D Cancel Fig 192 External Reporting gt SNMP gt SNMP Trap Hosts gt New The External Reporting gt SNMP gt SNMP Trap Hosts gt New menu consists of the fol lowing fields Fields in the SNMP Trap Hosts Basic Parameters menu Field Description IP Address Enter the IP address of the SNMP trap host 21 5 Activity Monitor This menu contains the settings needed to monitor your device with the Windows tool Activity Monitor part of BRICKware for Windows Purpose The Activity Monitor enables Windows users to monitor the activities of your device Im portant information about the status of physical interfaces e g ISDN line and virtual inter faces is easily obtained with one tool A permanent overview of the utilisation of your device is possible Method of operation A Status Daemon collects information about your device and transfers it as UDP packets to the broadcast address of the first LAN interface default setting or to an explicitly entered R1xxx R3xxx R4xx
546. tics gt Ping Test You can use the ping test to check whether a certain host in the LAN or an internet address can be reached The Output field shows the ping test messages The ping test is started by entering the IP address to be tested in Test Ping Address and clicking on the Go but ton R1xxx R3xxx R4xxx 20 1 2 DNS Test bintec R1200 Language English View Standard Online Help DNS Test DNS Address Output Software amp Configuration Reboot Go Fig 182 Maintenance gt Diagnostics gt DNS Test The DNS test is used to check whether the domain name of a particular host is correctly re solved The Output field shows the DNS test messages The DNS test is started by enter ing the domain name to be tested in DNS Address and clicking on the Go button 20 1 3 Traceroute Test bintes R4200 View Standard mj I IREA ry Ping Test DNS Test Online Help Traceroute Test Traceroute Address Output Fig 183 Maintenance gt Diagnostics gt Traceroute Test R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 20 Maintenance You use the traceroute test to display the route to a particular address IP address or do main name if this can be reached The Output field shows the traceroute test messages The traceroute test is started
547. tion a DMZ ETHS5 interface and two ISDN interfaces and a CardBus slot for connecting a UMTS modem The connections are arranged as follows R1xxx R3xxx R4xxx 5 4 5 ee ee eee ee 1 2 3 5 7 7 4 8 Fig 16 Back of bintec R1200wu Back of bintec R1200wu 1 1 0 Mains switch 2 PWR Socket for plug in power pack 3 DMZ ETHS Ethernetinterface siti lt sS 4 Main and AUX RSMA connection 5 ETH2 ETH4 Ethernet interface 6 ETH1 Console Ethernet interface with serial interface function 7 ISDN 0 ISDN 1 ISDN interface 8 CardBus CardBus slot for UMTS modem bintec R3000 has a 4 port Ethernet switch including a port with serial interface function a DMZ ETH5 interface two ISDN interfaces and an ADSL interface The connections are arranged as follows 1 2 3 5 7 7 8 Fig 17 Back of bintec R3000 Back of bintec R3000 1 1 0 Mains switch 2 PWR Socket for plug in power pack 3 DMZ ETH5 Ethernet interface 5 ETH2 ETH4 Ethernet interface R1xxx R3xxx R4xxx S 6 ETH1 Console Ethernet interface with serial interface function 7 ISDN O ISDN 1 ISDN interface 8 ADSL ADSL interface bintec R3000w has a 4 port Ethernet switch including a port with serial interface function a DMZ ETH5 interface two ISDN interfaces and an ADSL interface The connections are arranged as follows Fig 18 Back of bintec R3000w Back of bintec
548. tion 359 UMTS HSDPA HSUPA Status 173 Index Unchanged for 517 Unicast MPDUs received successfully 519 Unicast MSDUs transmitted successfully 519 up 260 Up Time 521 522 523 524 525 526 Update Interval 433 507 Update Path 433 Update Timer 236 Update URL 450 UPnP Status 469 UPnP TCP Port 469 Upstream 164 Uptime 99 URL 491 URL IP Address 445 URL Path Depth 440 Usage Area 187 Usage Type 280 291 Use key 369 Use PFS Group 339 Use Zero Cookies 347 User Defined Channel Plan 195 User Name 263 268 273 277 285 289 354 361 398 431 448 501 529 Users 344 Vv Value 519 Vendor Mode 125 Virtual Channel Connection VCC 303 305 Virtual Channel Identifier VCI 298 Virtual Path Connection VPC 305 Virtual Path Identifier VPI 298 Virtual Router 477 Virtual Router Backup 477 Virtual Router ID 480 484 485 Virtual Router Interface 480 Virtual Router IP Address 480 Virtual Router Master 477 Virtual Router Priority 480 VLAN ID 177 VLAN Identifier 181 VLAN Members 181 VLAN Name 181 VRRP Advertisement 477 VRRP router 477 WwW Walled Garden 473 Walled Garden URL 473 Walled Network Netmask 473 WDS Description 207 523 524 Web Filter Status 440 WEP Key 1 4 207 WEP Key 1 4 203 210 Whitelisted 445 Wildcard 432 Wildcard MAC Address 116 Wildcard Mode 116 Wire Mode 167 Wireless Mode 191 WMM 202 WPA Cipher 203 210 WPA Mode 203 210 WPA2 Cipher
549. tion IP AddressNetmask y bo CS Jl a E A AAA Destination Por Range FA OPA to N Source IP AddressiNetmask ma r jara e it DSCP TOS filter Layer 3 haz a i COS fiter 802 1 p Layer 2 p C OK Cancel Fig 96 Routing gt QoS gt QoS Filter gt New The Routing gt QoS gt QoS Filter gt New menu consists of the following fields Fields in the QoS Filter Basic Parameters menu Field Description Description Enter the name of the filter Protocol Select a protocol Possible values 12tp ah Chaos dont veri fy egp esp 99p gre hmp icmp igmp IGP igrp IP ipip Hovo IPX in IP ISO IP Kryptolan ospf pim pup ClO SV SURUEE tEcjo MSI velo WIRIRIE 2201 TAR The Do not verify option default value matches any pro tocol Type Only if Protocol icmp Select the type Possible values Any Echo reply Destination unreach able Source quench Redirect Echo Time expired Timestamp Timestamp reply R1xxx R3xxx R4xxx 2 14 Routing Funkwerk Enterprise Communications GmbH Field Description See RFC 792 The default value is Any Connection State If Protocol tcp you can define a filter that takes the status of the TCP connections into account Possible values e Established All TCP packets that would not establish any new TCP session on routing over the gateway match the filter e Any default value The filter is independ ent from the con nection state
550. tion Select one of the preconfigured aliases for the destination of the packet The list includes all WAN LAN interfaces interface groups see Firewall gt Interfaces gt Groups addresses see Firewall gt Addresses gt Address List and address groups see Firewall gt Addresses gt Groups for selection R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 17 Firewall Field Description The value Any means that neither the destination interface nor the destination address is checked Service Select one of the preconfigured services to which the packet to be filtered must be assigned The extensive range of services configured ex works includes the following FTP TELNET e SMTP DNS HTTP e NNTP O Imeeraeic e Netmeeting Other services are set up in Firewall gt Services gt Service List In addition the service groups configured in Firewall gt Ser vices gt Groups can be selected Action Select the action to be applied to a filtered packet Possible values e Access default value The packets are forwarded on the basis of the entries e Deny The packets are rejected e Reject The packets are rejected An error message is is sued to the sender of the packet Apply QoS Only for Action Access Select whether you want to enable QoS for this policy with the priority selected in Data Traffic Priority The function is activated with Enabled The option is
551. tion is disabled by default 15 1 6 AUX In the WAN gt Internet Dialup gt AUX menu a list of all AUX interfaces is shown You can define various settings for communication between the gateway and modem in this menu You require a special cable for the console port of your gateway e g AUX Backup cable to connect an external analogue modem to the AUX port on a bintec gate way 15 1 6 1 New Choose the New button to set up new AUX interfaces DEEE Language Eos View Senders Basic Parameters Description User Name Password eeeeeece Always on Enabled Connection Idle Timeout 600 Seconds IP Mode and Routes IP Address Mode OStatic O Provide IP Address Get IP Address Default Route Enabled Create NAT Policy o Enabled J Advanced Settings Block after connection failure for 50 Seconds Maximum Number of Dialup Retries ag Usage Type standard O Dialin only Multi User Dialin only Authentication PAP DNS Negotiation Enabled l Prioritize TCP ACK Packets j DEnabied LCP Alive Check Enabled Callback Mode Onone active OPassive Dis Numbers E Entries a Add uma Options E Proxy ARP Mode tnactive up or Dormant up only oK JC Cancel Fig 104 WAN gt Internet Dialup gt AUX gt New The WAN gt Internet Di
552. tion or deactivation of interfaces to be carried out on a time dependent basis Note To run the event scheduler the date configured on your device must be 1 1 2000 or later 19 7 1 Schedule In the Local Services gt Scheduling gt Time Schedule menu a list of all scheduled tasks is shown 19 7 1 1 New Choose the New button to set up new tasks R1xxx R3xxx R4xxx bintec R1200 g j 4 Save configuration A DHS HTTPS DynDNS Client _ DHCP Server Web Filter CAPI Server Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP HotSpot Gateway BRRP l TNN Basic Parameters Description Facton Selectaction Select time interval Time Condition Start Time Options Time Schedule Reboot device Y Condition Type Condition Settings f fr sica O Periods m O Day of Month Daily _ _ A pr Hour Minute C Cancel OK Fig 164 Local Services gt Scheduling gt Time Schedule gt New The Local Services gt Scheduling gt Time Schedule gt New menu consists of the fol lowing fields Fields in the Time Schedule Basic Parameters menu Description Description Enter the desired name for the scheduled task Fields in the Time Schedule Action menu Select action Description Select the desired action Possible values e Reboot device default value Your device is rebooted
553. tions GmbH 10 System Management Field Value The function is activated by choosing Enabled The function is enabled by default Group Description Define a new RADIUS group description or assign the new RA DIUS entry to a predefined group The configured RADIUS servers for a group are queried according to priority and policy Possible values New default value Enter a new group description in the text field e Default Group 0 Select this entry for special applications such as Hotspot Server configuration e lt Group Name gt Select a predefined group from the list The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Value Policy Select how your device is to react if a negative response to a re quest is received Possible values e Authoritative default value A negative response to a request is accepted e Non authoritative A negative response to a request is not accepted A request is sent to the next RADIUS server un til your device receives a response from a server configured as authoritative UDP Port Enter the UDP port to be used for RADIUS data RFC 2138 defines the default ports 1812 for authentication 1645 in older RFCs and 1813 for accounting 4 180 84 cm older RFCs You can obtain the port to be used from the docu mentation for your RADIUS server The default value is 1812 10 System Management Funkwerk Enterprise Communications GmbH
554. tions with accounts with different providers e Session based load balancing is achieved e Related dependent sessions are always routed over the same interface e A decision on distribution is only made for outgoing sessions In the Routing gt Load Balancing gt Load Balancing Groups menu a list of all con figured load balancing groups is shown 14 4 1 1 New Choose the New button to set up new groups R1xxx R3xxx R4xxx a bintec R1200 Routes NAT RIP Load Balancing Multicast ill Ll Language Interface Sere Ls s gt gE View Standard Online Help Logout fun Load Balancing Groups English Basic Parameters Session Round Robin Y Group Description Distribution Policy Distribution Mode O always O Only use active interfaces Interface Selection for Distribution Distribution Ratio Add oK J Cancel Fig 91 Routing gt Load Balancing gt Load Balancing Groups gt New The Routing gt Load Balancing gt Load Balancing Groups gt New menu consists of the following fields Fields in the Load Balancing Groups Basic Parameters menu Field Description Consider Enter the desired description of the interface group Select the way the data traffic is to be distributed to the inter faces configured for the group Possible values e Session Round Robin default value A newly added session is assigned to one of t
555. tivated with Enabled The function is disabled by default Proxy ARP Select whether your device is to respond to ARP requests from its own LAN on behalf of the specific connection partner Possible values e Inactive default value Deactivates Proxy ARP for this 16 VPN Funkwerk Enterprise Communications GmbH Field Description IPSec peer e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the IPSec peer is Up active or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up until someone actually wants to use the route e Up Only Your device responds to an ARP request only if the status of the connection to the IPSec peer is Up active i e a connection already exists to the IPSec peer IPSec Callback bintec devices support the DynDNS service to enable hosts without fixed IP addresses to obtain a secure connection over the Internet This service enables a peer to be identified using a host name that can be resolved by DNS You do not need to configure the IP ad dress of the peer The DynDNS service does not signal whether a peer is actually online and cannot cause a peer to set up an Internet connection to enable an IPSec tunnel over the Internet This pos sibility is created with IPSec callback Using a direct ISDN call to a peer you can signal that you are online and waiting for the peer to set up an IPSec tunnel ove
556. to be configured R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 14 Routing Field Description Possible values e Any default value NAT is to be configured for all interfaces e lt interface name gt Select an interface from the list Type of traffic Select the type of data traffic for which NAT is to be configured Possible values e incoming Destination NAT default value The data traffic that comes from outside e outgoing Source NAT The data traffic that goes out side e excluding Without NAT The data traffic that is ex cluded from NAT NAT method Only for Type of traffic outgoing Source NAT Select the NAT method for outgoing data traffic The starting point for choosing the NAT method is a NAT scenario where an internal source host has initialized an IP connection to an ex ternal destination host over a NAT interface and where an in ternal valid source address and an internal valid source port are mapped to an external valid source address and an external valid source port Possible values e full cone only UDP Any external host may send IP pack ets to the initializing source address and the initial source port via external address and external port restricted cone only UDP The same as full cone NAT for the external host howev er the initial external destina tion host must be used e port restricted cone only UDP The same as restric ted cone NAT but
557. to follow the state or state transition defined in Trigger The action is applied to the Interface s selected in Interface Possible values e Enable default value Activation of interface s e Disable Deactivation of interface s Interface Select the interface s for which the action defined in Interface Action is to be performed All the physical and virtual interfaces and the options 411 PPP Interfaces and All IPSec Interfaces Can be selected 19 8 3 Ping Generator In the Local Services gt Surveillance gt Ping Generator menu a list is shown of all pings configured for automatic generation 19 8 3 1 Edit New Choose the i icon to edit existing entries Choose the New button to set up further pings R1xxx R3xxx R4xxx bintec R1200 View Standard Online Help Logout Hosts Interfaces Ping Generator Basic Parameters Destination IP Address Source IP Address Specific zf Interval 10 Seconds OK C__Cancel__ Fig 168 Local Services gt Surveillance gt Ping Generator gt New The Local Services gt Surveillance gt Ping Generator gt New menu consists of the fol lowing fields Fields in the Ping Generator Basic Parameters menu Field Description Destination IP Address Enter the IP address to which the ping is automatically sent Source IP Address Enter the source IP address of the outgoing ICMP echo request packets
558. tory Access Protocol The Lease Time is the time a computer keeps the IP address as signed to it without having to talk to the DHCP server Leased line Link Layer Control Switching node of a public local telephone network that supports the connection of end systems Function on telephones with an integrated loudspeaker You can press a button so that the people present in the room can also hear the telephone call Every device in the network is defined by a fixed hardware address MAC address The network card of a device defines this interna tionally unique address Encryption using public keys requires the public keys to be ex changed first During this exchange the unprotected keys can be in tercepted easily making a man in the middle attack possible The attacker can set a key at an early stage so that a key known to the man in the middle is used instead of the intended key from the real communication partner See HMAC MD5 Multifrequency code dialling method Management Information Base Switch for turning off the microphone The subscriber on the tele phone cannot hear the discussions in the room Mixed mode MLPPP Modem MPDU MPPC MPPE MSDU MSN MSSID MTU Multicast Multiple subscriber number Multiprotocol gate way The access point accepts WPA and WPA2 Multilink PPP Modulator Demodulator MAC Protocol Data Unit every information packet exchanged on the wireless medium includes
559. tries bintee R4100 Ve Sun Extensions se accounts HRW SUD Tanaaton Ca Transito EN Trunk ptos Basic Parameters Description Administrative Status Mente Ao z J Type External v Calling Line Any Y Calling Address fa Media G eslleURadsss ES 1S ma Routing Rules _Priorit ity Line Called Address del Translation gt Status Action n P Eb o ela m C aa Routing Rule Priority fi Administrative Status Menabte Outbound Line bri2 0 o 4 1 Called Address Translation pas a aus PP Apply ME OK YC Cancel Fig 142 VoIP gt Media Gateway gt Call Routing gt Edit New The VoIP gt Media Gateway gt Call Routing gt Edit New menu consists of the following fields R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 18 VoIP Fields in the Call Routing Basic Parameters menu Field Description Description Enter the name of the entry Administrative Status Select whether the entry should be activated The function is activated with Enabled The function is enabled by default Type Specify how calls are to be routed Possible values e External default value For calls that are to be routed as outgoing external calls This can be done using standard SIP accounts or SIP trunking accounts in DDI cli
560. ts from a client will be answered with the current system time This is given as GMT without offset The function is disabled by default Time requests from a client are not answered 10 2 4 System Licences This chapter describes how to activate the functions of the software licences you have pur chased The following licence types exist e Licences already available in the device s ex works state e Free extra licences e Extra licences at additional cost The data sheet for your device tells you which licences are available in the device s ex works state and which can also be obtained free of charge or at additional cost You can access this data sheet at www funkwerk ec com Entering licence data You can obtain the licence data for extra licences via the online licensing pages in the sup port section at www funkwerk ec com Please follow the online licensing instructions Please also note the information on the licence card for licences at additional cost You will then receive an e mail containing the following data e License Key and e Licence Serial Number You enter this data in the System Management gt Global Settings gt System Licenses gt New menu In the System Management gt Global Settings gt System Licenses menu a list of all re gistered licenses is shown Description License Type License Serial Number Status Possible values for Status Licence Meaning OK Subsystem is activated
561. tup Menabiea AAA Result of Autoconfiguration Port Usage Notused ISDN Configuration Type Point to Multipoint Wireless LAN PortUsage pen o A ISDN Configuration Type Point to Multipoint Point to Point E e Advanced Settings oa oou X 31 25 in D Channel enabled Local Service 7 X 31 TEI Value m1 VA Eee Racker Suc Monitoring at ok _1__ganeet Fig 62 Physical Interfaces gt ISDN Ports gt ISDN Configuration gt The Physical Interfaces gt ISDN Ports gt ISDN Configuration gt menu consists of the following fields Fields in the ISDN Configuration Basic Parameters menu Field Description Port Name Shows the name of the ISDN port Autoconfiguration on Select whether the ISDN switch type D channel detection for Bootup switched line is to be automatically identified The function is activated with Enabled The function is enabled by default Result of Autoconfigura Shows the status of the ISDN Auto Config tion Automatic D channel detection runs until a setting is found or until the ISDN protocol is selected manually under Port Usage This field cannot be edited The result of autoconfiguration is displayed for Port Usage and ISDN Configuration Type Possible values e All possible values for Port Usage and ISDN Configtype e Running Detection is still running Port Usage Only if Automatic Configuration on Startup is disabled R1xxx R3xxx R4xxx 11 Physical Interfaces Funkwerk Enterprise Commu
562. ty Monitor e Physical Only information about the physical interfaces is sent e Physical WAN VPN Information about physical and virtual interfaces is sent Send information to Select where your device sends the UDP packets Possible values e All IP Addresses broadcast default value The de fault value 255 255 255 255 means that the broadcast ad dress of the first LAN interface is used e Single Host The UDP packets are sent to the IP address entered in the adjacent input field Update Interval Enter the update interval in seconds Possible values are 0 to 60 The default value is 5 UDP Destination Port Enter the port number for the Windows application Activity Monitor The default value is 2107 registered by IANA Internet As signed Numbers Authority Password Enter the password for the Activity Monitor R1xxx R3xxx R4xxx Chapter 22 Monitoring This menu contains information that enable you to locate problems in your network and monitor activities e g at your device s WAN interface 22 1 Internal Log 22 1 1 System Messages In the Monitoring gt Internal Log gt System Messages menu a list of all internally stored system messages is shown Above the table you will find the configured Maximum Num ber of Syslog Entries and the configured Maximum Message Level of Syslog Entries These values can be changed in the System Management gt Global Settings gt System menu bintec R1200
563. ult value is 180 seconds Garbage Collection Only for RFC 2453 Variable Timer Enabled Timer The Garbage Collection Timer is started as soon as the route timeout has expired After this timeout the invalid route is deleted from the IPROUTETABLE if no update is carried out for the route The default value is 120 seconds Fields in the RIP Options Timer for Triggered RIP RFC 2091 menu Field Description Hold Down Timer Only for RFC 2091 Variable Timer Enabled The hold down timer is activated as soon as your device re ceives an unreachable route metric 16 The route may deleted once this period has elapsed The default value is 120 seconds Retransmission Timer Only for RFC 2091 Variable Timer Enabled After this timeout update request or update response packets are sent again until an update flush or update acknowledge Field Description packet arrives The default value is 5 seconds 14 4 Load Balancing The increasing amount of data traffic over the Internet means it is necessary to send data over different interfaces to increase the total bandwidth available IP load balancing en ables the distribution of data traffic within a certain group of interfaces to be controlled 14 4 1 Load Balancing Groups If interfaces are combined to form groups the data traffic within a group is divided accord ing to the following principles e In contrast to Multilink PPP based solutions load balancing also func
564. umber of bytes received Rx Errors Shows the total number of errors received Status Shows the operating status of the selected interface Unchanged for Shows the length of time for which the operating status of the interface has not changed Action Enables you to change the status of the interface as displayed 22 5 WLAN 22 5 1 WLAN1 In the Monitoring gt WLAN gt WLAN1 menu the current values and activities of the first interface are shown WLANT Statistics mbps Tx Packets Rx Packets 154 lo lo llas lo lo 36 i 0 0 R mogga aa 6 o _ Advanced HotSpot Gateway Qos Fig 201 Monitoring gt WLAN gt WLAN1 Values in the list WLAN1 Field Description mbps Displays the possible data rates on this wireless module Tx Packets Shows the total number of packets sent for the data rate shown in mbps R1xxx R3xxx R4xxx Field Description Rx Packets Shows the total number of packets received for the data rate shown in mbps You can choose the Advanced button to go to an overview of more details Online Help Logout Physicalinterfaces v Automatic Refresh interval 300 Seconds Apply 7 Ple Description Value WirelessLAN v 1 Unicast MSDUS transmitted successfully 0 Routing Y 2 Multicast MSDUs transmitted successfully 0 wan 3 Transmitted MPDUS 0 4 Multicast MSDUs received successfully 0 A 5 Unicast MPDUs received successfully 0 Ea 6
565. unction net 4x2 Function Power consumption of the device max 15 Watt normally 10 Watt max 15 Watt normally 13 Watt Voltage supply 24 V AC 1 A EU PSU 15 V AC 1 3 A EU PSU Environmental require Funkwerk Enterprise Communications GmbH 6 Technical data Product name bintec R4100 bintec R4300 ments Storage temperature 20 to 70 C 20 to 70 C Operating temperature 0 to 40 C 0 to 40 C Relative atmospheric humidity 10 to 90 non condensing in op eration 5 to 95 non condensing when stored 10 to 90 non condensing in op eration 5 to 95 non condensing when stored Room classification Only use in dry rooms Only use in dry rooms Available interfaces Ethernet IEEE 802 3 LAN 4 port switch a port with serial inter face function Permanently installed twisted pair only 10 100 mbps autosensing MDIX supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Permanently installed twisted pair only 10 100 mbps autosensing MDIX supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud ISDN WAN SO 2 Permanently installed Permanently installed ISDN PRI 2 Permanently installed DMZ ETH5 Additional Ethernet switch port Additional Ethernet switch port X 21 interface 2 Permanently installed Available soc
566. unication and control In a network in infrastructure mode all clients communicate with Inquiry Internal call tone Internal calls Internal telephone numbers Internet each other via access points only There is no direct communication between the individual clients A network of this kind is also known as a BSS basic service set and a network that consists of several BSS is known as an ESS extended service set Most wireless net works operate in infrastructure mode to establish a connection with the wired network Makes it possible to put the first call on hold in the event of a call waiting and take a new call Special signal on a PBX to differentiate between internal and extern al calls Free of charge connection between terminals in a PBX Your PBX has a fixed internal telephone number plan The Internet consists of a number of regional local and university networks The IP protocol is used for data transmission on the Inter net Internet time sharing Allows several users to surf the Internet simultaneously over an Intranet IP IP Address IPComP IPCONFIG IPoA ISDN ISDN address ISDN connection The information is requested by the individual computers with a time delay Local computer network within a company based on Internet techno logy providing the same Internet services e g homepages and sending email Internet Protocol The first part of the address by which a device is identi
567. up In this case an alternative interface with a poorer metric is used for routing until the interface is up 14 1 2 Options Back Route Verify The term Back Route Verify describes a very simple but powerful function If a check is ac tivated for an interface incoming data packets are only accepted over this interface if out going response packets are routed over the same interface You can therefore prevent the acceptance of packets with false IP addresses even without using filters View Standard Online Help Logout IP Routes Options TOE TTE STN Back Route Verify Enable for all interfaces Mode Enable for specific interfaces ODisable for all interfaces Iw e ARE R View 20 per page Lil Fiterin None equal y Go No Interface Back Route Verity j1 ent 0 O Enabled 2 ent DEnabled 18 pro Enabled Page 1 tems 1 3 i General Allow deleting editing all routing entries DeEnabled C OK J Cancel Fig 83 Routing gt Routes gt Options The Routing gt Routes gt Options menu consists of the following fields Fields in the Options Return Route Checking menu Field Description Mode Select how the interfaces to be activated for Back Route Verify are to be specified Possible values e Enable for all interfaces Back Route Verify is activ ated for all interfaces e Enable for specific in
568. up to 54 mbps can be used in the 5150 GHz to 5725 MHz range With the higher frequency range 19 non overlapping frequencies are available in Germany This frequency range can also be used without a licence in Germany In Europe transmission power of not just 30 mW but 1000 mW can be used with 802 11h but only if TPC TX Power Control method for controlling transmission power in wireless sys tems to reduce interferences and DFS Dynamic Frequency Selection are used The pur pose of TPC and DFS is to ensure that satellite connections and radar devices are not in terfered with 13 1 WLAN In the Wireless LAN gt WLAN1 menu you can configure the WLAN module of your device Depending on the model one or two WLAN modules WLAN1 and in certain models WLANZ2 available 13 1 1 Radio Settings In the Wireless LAN gt WLAN gt Radio Settings menu an overview of all the configura tion options for the WLAN module is shown Ra ings OPENEN E E a mac Address poperdlion Mes _ Operation Band _ Channel in Use ER _ Transmit Power _ Status 00 0 84 01 ae 50 Off 2 4 GHz 6 Auto 17dBm o a Fig 74 Wireless LAN gt WLAN gt Radio Settings 13 1 1 1 Radio Settings gt Edit In this menu you change the settings for the wireless module Choose the jg button to edit the configuration R1xxx R3xxx R4xxx Language English View Standard Online Help Logout
569. ur device is dynamically assigned an IP address Default Route Only if IP Address Mode Static Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is disabled by default Create NAT Policy Only if IP Address Mode Static When you configure an ISDN connection specify whether Net work Address Translation NAT is to be enabled The function is activated with Enabled The function is disabled by default Local IP Address Only for IP Address Mode Static Assign the IP address from your LAN to the ISDN interface which is to be used as your device s internal source address Route Entries Only if IP Address Mode Static Define routing entries for this connection partner e Remote IP Address P address of the destination host or LAN e Netmask Netmask of Remote IP Address e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 1 IP Assignment Pool IPCP Only if IP Address Mode Provide IP Address Select an IP pool configured in the WAN gt Internet Dialup gt IP Pools menu If an IP pool has not been configured here yet the message Not yet defined appears in this field 16 VPN Funkwerk Enterprise Communications GmbH The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Block after co
570. uration of the connection R1xxx R3xxx R4xxx 22 4 Interfaces 22 4 1 Statistics In the Monitoring gt Interfaces gt Statistics menu the current values and activities of all device interfaces are shown Statisties show Transfer Totals Y Automatic Refresh Interval 300 Seconds Apply view 20 per page E rar in None Yiequal y Go No Description Type TkPackets TxBytes TkEmors RxPackets Rx Bytes RxErrors Status Unchanged for Action Ho lent 0 Ethernet 182k 151M 0 1 47K 253 83K 0 od4htamies EE 0 A e o ti a 12 lenta Ethemet 0 0 0 0 0 0 O od4ht4m20s ele 3 Pert Tunnel 0 lo fo fo 0 lo S odohtamas ME A Page 1 tems 1 3 Fig 200 Monitoring gt Interfaces gt Statistics You change the state of the interface by pressing the e button or 4 button in the Action column Press the E button to display the statistical data for the individual interfaces in de tail Values in the list Statistics Field Description No Shows the serial number of the interface Description Displays the name of the interface Type Displays the interface text Tx Packets Shows the total number of packets sent Tx Bytes Displays the total number of octets sent Tx Errors Shows the total number of errors sent Rx Packets Shows the total number of packets received R1xxx R3xxx R4xxx Field Description Rx Bytes Displays the total n
571. urs License valid until This shows the expiry date of the licence relative to the time set on your device and cannot be edited 19 5 2 Filter List In the Local Services gt Web Filter gt Filter List menu configure which categories of In ternet pages are to be handled and how You configure the relevant filters for this purpose A list of filters already configured is dis played There are basically different approaches for configuring the filters e First a filter list can be created that only contains entries for those addresses that are to be blocked In this case it is necessary to make an entry at the end of the filter list that al lows all accesses that do not match a filter Setting for this Category Default Be havior Action Permit or Permit and Log e If you only create entries for those addresses that are to be allowed or logged it is not necessary to change the default behaviour all other calls are blocked R1xxx R3xxx R4xxx 19 5 2 1 New Choose the New button to set up new filters bintec R1200 Language English Stenderd Online Help Global Settings Filter List Black White List History Fiter Parameters Category Anonymous Proxies m ea e te F Day Everyday y Schedule Start Stop Time From o0 00 to 2359 Action O Allow O Allow and Log Block and Log oK C Cancel DHCP Server Web Filter CAPI Server Schedu
572. ust be marked by start and stop bits in contrast to synchronous transmission Asynchronous transfer mode Superimposing of an acoustic signal during a telephone call e g for call waiting Check on the user s identify Based on the identity authentication the user can access certain services and resources Special feature on telephones By pressing a key or code the caller requests a call back from the engaged terminal If the subscriber you want is not at their desk or cannot take the call they are auto matically connected with the caller as soon as they have used the telephone again and replaced the receiver This function can only be used on telephones that permit suffix dial ling An automatic callback from an inquiry connection is not pos sible You urgently need to contact a business partner or internal sub scriber However when you call you always hear the engaged tone If you were to receive notification that the subscriber had ended the call your chance of reaching them would be very good With Call back on Busy you can reach the engaged subscriber once they have replaced the receiver at the end of the call Your telephone rings When you lift the receiver a connection to the required sub scriber is set up automatically An internal Callback on Busy is de leted automatically after 30 minutes The external Callback on Glossary Automatic callback on no reply CCBS Automatic clearing of Internet c
573. ust not be a number and no special characters or umlauts must be used R1xxx R3xxx R4xxx 15 WAN Funkwerk Enterprise Communications GmbH Field Description Select the GPRS UMTS interface GPRS UMTS Interface User Name Enter the user name Password Enter the password Always on Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Only if Always up is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 300 Fields in the GPRS UMTS IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Get IP Address default value Your device is dynamic ally assigned an IP address e Static You enter a static IP address Default Route Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is enabled by default Funkwerk Enterprise Communications GmbH 15 WAN Field
574. ust set the connector type field manually Possible values e DTE The pins are assigned as DTE interface This setting is necessary for example if the router is connected to a public data network like Datex P in Germany e DCE The pins are assigned as DCE interface Line Speed Only if Connection Type DCE Select which speed should be used Layer 2 Mode Define the value of the HDLC address field in the transmitted command frames Layer 2 Field Description Possible values e Automatic default value The selection made for connect or is applied You can usually accept this setting e g for ac cess to a public data network such as Datex P e DTE The address field has the value for DTE DCE The address field has the value for DCE Interface Leads Define whether the gateway checks the status of the interface lines The same value should be set for both connection part ners Possible values e Enabled The Layer 1 signalling of the remote terminal is checked on the signal line I for X 21 CTS for V 35 The check correspondingly affects the variable L1State e Disabled default value The Layer 1 signalling of the re mote terminal is not checked your gateway assumes that the physical line is always up In this setting you should monitor the interface line in some other way e g with PPP Keepalive 11 7 UMTS HSDPA 11 71 UMTS HSDPA HSUPA In the UMTS HSDPA HSUPA menu configure the connection
575. vice can still be reached after a change to the IP address The following configuration steps are necessary e Registration of a host name at a DynDNS provider e Configuration of your device Registration The registration of a host name means that you define an individual user name for the DynDNS service e g dyn_client The service providers offer various domain names for this so that a unique host name results for your device e g dyn_client provider com The DynDNS provider relieves you of the task of answer ing all DNS requests concerning the host dyn_client provider com with the dynamic IP address of your device To ensure that the provider always knows the current IP address of your device your device contacts the provider when setting up a new connection and propagates its present IP address 19 3 1 DynDNS Update In the Local Services gt DynDNS Client gt DynDNS Update menu a list of all configured DynDNS registrations is shown that are to be updated 19 3 1 1 New Choose the New button to set up further DynDNS registrations to be updated R1xxx R3xxx R4xxx DynDNS Update DynDNs Provider 20 Language English Basic Parameters Host Name ai interface Select one El User Name a a Password eecccces Provider i mins Enable update DEnabled Advanced Settings OTOS CO cres Mail Exchanger Mx E E gt PA
576. ving a better signal This is then used for decoding 6 3 LEDs The device LEDs provide information on certain activities and statuses of the device The LEDs on bintec R1200 are arranged as follows Fig 5 LEDs on bintec R1200 In operation mode the LEDs on bintec R1200 display the following status information for your device LED status display LED Status Information Power on The power supply is connected LED Status Information Status Permanently on or Error off flashing The device is active ETH 1 to5 on The device is connected to the Ethernet Top row flashing Data traffic via the Ethernet interface ETH 1to5 on Data traffic with 100 mbps Bottom row off Data traffic with 10 mbps ISDN 0 B D on ISDN D channel is active Top row ISDN 0 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active ISDN 1 B D on ISDN D channel is active Top row ISDN 1 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active MA HA flashing BRRP packets are received Top row MA HA on A user is logged in to the system e g over Tel net Bottom row R1xxx R3xxx R4xxx 6 Technical data Funkwerk Enterprise Communications GmbH The LEDs on bintec R1200w are arranged as follows Fig 6 LEDs on bintec R1200w In operation mode the LEDs on bintec R1200w display the following status information for your device LED status display 1 D Status I
577. virtual interfaces can be selected For each interface select whether each interface is to be activ ated Enable or deactivated Disable default value reset Reset or if the connection is to be re established Dialup again 19 8 2 Interfaces In the Local Services gt Surveillance gt Interfaces menu a list of all monitored Inter faces is shown 19 8 2 1 Edit New Choose the o icon to edit existing entries Choose the New button to set up monitoring for other interfaces bintec R1200 Language English View Standard Online Help Basic Parameters J Monitored interface Belectone Trigger i interface ques up 7 Interface Action O Enable o Interface E o lTSclectone Al j 4 OK pwr Caneel DHCP Server Web Filter Fig 167 Local Services gt Surveillance gt Interfaces gt New The Local Services gt Surveillance gt Interfaces gt New menu consists of the following fields Fields in the Interfaces Basic Parameters menu Field Description Monitored Interface Select the interface on your device that is to be monitored Trigger Select the state or state transition of Monitored Interfaces that is to trigger a particular Interface Action Possible values e Interface goes up default setting e Interface goes down R1xxx R3xxx R4xxx Field Description Interface Action Select the action that is
578. w ARP requests are to be responded to for the specified connection partner Possible values e Inactive default value Deactivates Proxy ARP for this connection partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the connection partner is Up or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up un til someone actually wants to use the route e Up Only Your device responds to an ARP request only if the status of the connection to the connection partner is Up active i e a connection already exists to the connection partner Choose the pl button to edit the configuration of the corresponding leased line for a serial interface TE bintec R4300 Language a El Interfaces Basic Parameters Description si4 0 IP Mode and Routes Default Route ClEnabiead Local IP Address Real Time Jitter Control HA gt Remote IP Address Netmask Metric nd Route Entries 18 Cada Advanced Settings LCP Alive Check Denabted Prioritize TCP ACK Packets Enabled IP Options OSPF Mode passive O Active Omactive 1 Proy ARP Mode mactive Oupor Dormant Oup only C oK_ _Cancel_ Fig 112 WAN gt Leased Line gt Interfaces gt Autogenerated from Serial gt p The WAN gt Leased Line gt Interfaces gt Autogenerated from Serial gt p menu
579. werk Basic Settings guage Ea Lan WLAN Administration Region 3 E lt nN AE A PLE i o eee Fig 80 Wireless LAN gt Administration gt Basic Settings The Wireless LAN gt Administration gt Basic Settings menu consists of the following fields Field in the Basic Settings WLAN Administration menu Field Description Region Select the country in which the access point is to be run Possible values are all the countries configured on the gate way s wireless module The range of channels available for selection Channel in the R1xxx R3xxx R4xxx Field Description WLAN Wireless Modules menu changes depending on the country setting The default value is Germany R1xxx R3xxx R4xxx Chapter 14 Routing 14 1 Routes Default Route With a default route all data is automatically forwarded to one connection if no other suit able route is available If you set up access to the Internet you must configure the route to your Internet Service Provider ISP as a default route If for example you configure a cor porate network connection only enter the route to the head office or branch office as a de fault route if you do not configure Internet access over your device If for example you configure both Internet access and a corporate network connection enter a default route to the ISP and a network route to the head office You can ent
580. wn bintec R1200 Language English View Standard E Access SSH SNMP Interface Telnet SSH THP HTTPS Ping SNMP ISDN Login 1157 jent 0 la la ica E E es a E E a ja a tC jia ica Y E Ma Fig 47 System Management gt Administrative Access gt Access For the Ethernet interface you can select the access parameters Telnet SSH HTTP HT TPS Ping SNMP and for the ISDN interfaces you can select ISDN Login R1xxx R3xxx R4xxx 10 4 1 1 Add Press the Add button to configure administrative access for additional interfaces bintec R1200 Language English View Standard Online Help Access SSH SNMP interace Selectone Interface Mode Bridge E gt Groups C oK C Cancel i Administrative Access Certificates Fig 48 System Management gt Administrative Access gt Access gt Add The System Management gt Administrative Access gt Access gt Add menu consists of the following fields Fields in the Access menu Field Description Interface Select the interface for which administrative access is to be con figured 10 4 2 SSH Your devices offers encrypted access to the shell You can enable enabled default value or disable this access in the System Management gt Administrat
581. wnload is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default PPTP Address Mode Displays the address mode The value cannot be changed Possible values e Static The IP address of the Ethernet port selected in PPTP Interface will be used Field Description Local PPTP IP Address Assign the PPTP interface an IP address that is used as the source address The default value is 10 0 0 140 Remote PPTP IP Ad Enter the IP address of the PPTP partner dress The default value is 10 0 0 138 LCP Alive Check Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of line faults The function is activated with Enabled The function is disabled by default 15 1 3 PPPoA In the WAN gt Internet Dialup gt PPPoA menu a list of all PPPoA interfaces is shown In this menu you configure a xDSL connection used to set up PPPoA connections With PPPoA the connection is configured so that the PPP data flow is transported directly over an ATM network RFC 2364 This is required by some providers Note your provider s spe cifications When using the internal DSL modem select here a PPPoA interface must be configured for this connect
582. ws to check whether you have installed the protocol 1 Click the Windows Start button and then Settings gt Control Panel gt Network Con nections Windows XP or Control Panel gt Network and Sharing Center gt Change Adapter Settings Windows 7 2 Click on LAN Connection 3 Click on Properties in the status window 4 Look for the Internet Protocol TCP IP entry in the list of network components Installing the TCP IP protocol If you cannot find the Internet Protocol TCP IP entry install the TCP IP protocol as fol lows 1 First click Properties then Install in the status window of the LAN Connection 2 Select the Protocol entry 3 Click Add 4 Select Internet Protocol TCP IP and click on OK 5 Follow the on screen instructions and restart your PC when you have finished Allocating PC IP address R1xxx R3xxx R4xxx Funkwerk Enterprise Communications GmbH 4 Basic configuration Allocate an IP address to your PC as follows 1 Select Internet Protocol TCP IP and click on Properties 2 Choose Use next IP address and enter a suitable IP address Entering the gateway IP address in your PC Then continue by entering the IP address of the gateway in the configuration of your PC as follows 1 In Internet Protocol TCP IP gt Properties under Default gateway enter the IP ad dress of your gateway 2 Enter the IP address of your device under Use next DNS server address 3 Click OK
583. x IP address One packet is sent per time interval which can be adjusted individually to val ues from 1 60 seconds Up to 100 physical and virtual interfaces can be monitored provided the packet size of 4096 bytes is not exceeded The Activity Monitor on your PC receives the packets and can display the information contained in them in various ways ac cording to the configuration Activate the Activity Monitor as follows e configure the relevant device s to be monitored e Start and configure the Windows application on your PC you can download BRICKware for Windows to your PC from the download area at www funkwerk ec com and from there import it to your device 21 5 1 Options TES how EN i Options Basic Parameters as a Monitored Interfaces Onone O Physical O Physical WANVPN Send information to ANP Addresses Broadcast Y Update menat JE se UDP Destination Por faro Password OK _ Cancel Fig 193 External Reporting gt Activity Monitor gt Options The External Reporting gt Activity Monitor gt Options menu consists of the following fields Fields in the Options Basic Parameters menu Field Description Monitored Interfaces Select the type of information to be sent in the UDP packets to the Windows application Possible values R1xxx R3xxx R4xxx Field Description e None default value Deactivates the sending of information to the Activi
584. x R3xxx R4xxx 6 Technical data Funkwerk Enterprise Communications GmbH LED Status Information flashing Data traffic over the SHDSL wire pair 4 5 SHDSL 2 1 on The wire pair 7 8 on the SHDSL line has suc cessfully synchronized with the DSLAM of the Top row SHDSL provider flashing Data traffic over the SHDSL wire pair 7 8 The LEDs on bintec R3800 are arranged as follows Fig 11 LEDs on bintec R3800 In operation mode the LEDs on bintec R3800 display the following status information for your device LED status display LED Status Information Power on The power supply is connected Status Permanently on or Error off flashing The device is active ETH 1 to5 on The device is connected to the Ethernet Top row flashing Data traffic via the Ethernet interface ETH 1 to5 on Data traffic with 100 mbps Bottom row off Data traffic with 10 mbps Funkwerk Enterprise Communications GmbH 6 Technical data E Status Information ISDN 0 B D on ISDN D channel is active Top row ISDN 0 B D on One ISDN B channel is active Bottom row flashing Both ISDN B channels are active MA HA flashing BRRP packets are received Top row MA HA on A user is logged in to the system e g over Tel net Bottom row SHDSL 2 1 on The wire pair 4 5 on the SHDSL line has suc cessfully synchronized with the DSLAM of the Top row SHDSL provider flashing Data traffic over the SHDSL wire pair 4 5 SHDSL 2 1 on The wire pair 7 8 on the SHDSL line
585. y character If the configured address agrees with the signalled address the entry is used In the Routing Rules menu you can define rules to determine how the subscriber number is manipulated before it is used for dialling Use Add to create entries Fields in the Call Routing Routing Rules menu only if Type External Field Description Priority Enter a whole number starting with 1 in ascending order to define the order of filter rules The rules are worked through in the order given in the list If a line or SIP account is not available the next rule is automat ically used Administrative Status Select whether the rule should be activated The rule is activated with Enabled The rule is active by default Outbound Line Choose the ISDN line PRI BRI or SIP account used for the outgoing call Called Address Transla Enter how the subscriber number is manipulated before it is tion used for dialling Notation lt a b gt i e a is replaced by b A number of rules can be chained together using semicolons as separators e g Field Description lt a b gt lt c d gt lt e f gt After confirmation of entry the rule chain is automatically sorted by the best match method Numerical and alphanumerical values are permissible is a placeholder for an arbitrary character Example 18 1 Example of a rule e Rule lt 49911 gt number dialled 96731234 e manipulated number 4991196731234 Fields i
Download Pdf Manuals
Related Search